Tuesday, May 4, 2010
Lecture 24: Secure Communications
Today's lecture focused primarily on the topic of Secure Communications. We started by discussing why hackers generally break into organizations from the outside: because they are seeking a challenge, they are seeking fame, monetary interests, or ideological reasons. However, most hackers are internal to the network they are trying to hack. We were informed of some basic network security threats, including interception, impostors, remotely logging in as the root user, and threats against content. We then were given some detail on a popular type of attack called a "Replay Attack", where an attacker intercepts a message, and then "replays" that message, potentially resending login information and gaining unauthorized access. A simple way to protect against this type of attack is to implement a time stamp into each message. We were also told of some popular denial of service attacks, including transmission failure, connection flooding, and distributed denial of service. VPNs are also a security concern, given the nature of what they do. We went over a few topics on how VPNs work. Also, quite a large portion of this lecture was spent discussing IPsec, which basically is a form of IP security which allows for secure transmission of information over IP networks. This is necessary because normal IP has no security. The lecture concluded with mentioning that network security is only one piece of the puzzle--many other areas of vulnerability should be addressed to achieve the coveted state of being "totally secure".
Monday, May 3, 2010
Saturday, May 1, 2010
Lecture 18: Access Control
This lecture began with Nathan talking about Trojan horse and background insertion. He talked about what a Trojan horse was. It is a secret, undocumented routine embedded within a useful program. Some of the functions of a Trojan are to screen capture, steel data, and file modification. A Trojan horse can’t replicate itself. He then went on to background insertion. Background insertion is when you can bypass normal authentication, security, and access routines.
After Nathan presented we spent most of the class reviewing operating systems. We went over memory and address protection. This is when the so prevents programs from corruption other programs or data. Often the so can exploit hardware support for this protection. We then went over some protection techniques. For example fence register protects operating systems from user programs. Then there is tagged architecture. This is when each memory word has one or more extra bits that identify access rights to words. We then went over segmentation. Segmentation is when each program has multiple address spaces. Some advantages are users can share access to a segment with potentially different access rights, and users cannot access an unpermitted segment. We then went over paging. And how it is done and used in operating systems. Some advantages of paging are users cannot access an unpermitted page and users can share access to a page with potentially different access rights.
After the review we went over Access Control. We did not make it very far into this topic. We only covered 5 slides. We discussed what the three goals of access control are. These goals are to check every access, enforce least privilege, and verify acceptable use. We then talked about the issues with access control. Some issues are the list becomes too large if many shared objects are accessible to all users, another issue is multiple permissions. This is as far as we got on the slides for this day.
After Nathan presented we spent most of the class reviewing operating systems. We went over memory and address protection. This is when the so prevents programs from corruption other programs or data. Often the so can exploit hardware support for this protection. We then went over some protection techniques. For example fence register protects operating systems from user programs. Then there is tagged architecture. This is when each memory word has one or more extra bits that identify access rights to words. We then went over segmentation. Segmentation is when each program has multiple address spaces. Some advantages are users can share access to a segment with potentially different access rights, and users cannot access an unpermitted segment. We then went over paging. And how it is done and used in operating systems. Some advantages of paging are users cannot access an unpermitted page and users can share access to a page with potentially different access rights.
After the review we went over Access Control. We did not make it very far into this topic. We only covered 5 slides. We discussed what the three goals of access control are. These goals are to check every access, enforce least privilege, and verify acceptable use. We then talked about the issues with access control. Some issues are the list becomes too large if many shared objects are accessible to all users, another issue is multiple permissions. This is as far as we got on the slides for this day.
Subscribe to:
Posts (Atom)
