Information Assurance and security

(InTc2116 3CrHr)

Arba Minch University

Arba Minch Institute of Technology
Faculty of Computing and Software Eng.

Getahun Tigistu (Assistant Professor)

 Information Assurance and Security
Security:
The protection of computer assets from unauthorized access, use,
alteration, degradation, destruction, and other threats.
What is information security?
Information security involves the protection of organizational assets
from the disruption of business operations, modification of sensitive
data, or disclosure of sensitive information
The protection of the data usually described as maintaining the
confidentiality, integrity, and availability of organizational assets and
information
Security is not an IT problem; it is a business problem
 Information Assurance and Security

“Information security means protecting information and

information systems from unauthorized access, use disclosure,
modification, or destruction”
Information Assurance and Security
Rough classification of protection measures include:
Prevention: to take measures to prevent the damage
Detection: when, how, and who of the damage
Reaction: to take measures to recover from damage

Information assurance is achieved when information system are protected

against attacks through the application of security services such as
availability, integrity, authentication, confidentiality, and non-repudiation
Three main goal of information security
Confidentiality
Integrity
Availability
 Information Assurance and Security/goal
Confidentiality
Information is available only to the people or systems that need access to it. This is done
by encrypting information that only certain people decrypt
Integrity
Information can be added or updated only by those who need to update the data.
Unauthorized changes to data cause the data to lose integrity , and access to the
information cut off from everyone until the information integrity is restored.
Availability
The information needs to be available in timely manner when requested
 Information Assurance and Security
Security Goals
Prevention of unauthorized
disclosure of information
Confidentiality

Prevention of unauthorized
Prevention of unauthorized
withholding of information or
modification of information
resource

Integrity
Availaibility
 Computer Security and Privacy
Security
Security inin general
general isis about
about protection
protection of
of assets.
assets. This
This implies
implies that
that inin
order
order to
to protect
protect our
our assets,
assets, we
we must
must know
know the
the assets
assets and
and their
their values.
values.
Rough
Roughclassification
classificationofofprotection
protectionmeasures
measuresincludes:
includes:
•• Prevention:
Prevention:tototake
takemeasures
measurestotoprevent
preventthe
thedamage
damage
•• Detection:
Detection:when,
when,how
howand
andwho
whoofofthe
thedamage.
damage.
•• Reaction:
Reaction:tototake
takemeasures
measuresto
torecover
recoverfrom
fromdamage.
damage.

Example
Exampleofofprotecting
protectingvoluble
volubleitems
itemsatathome
homefrom
fromaaburglar:
burglar:
•• Prevention:
Prevention:Locks
Lockson onthe
thedoor,
door,guards,
guards,hidden
hiddenplaces,
places,……
•• Detection: Burglar alarm, guards, CCTV,
Detection: Burglar alarm, guards, CCTV, … …
•• Reaction:
Reaction:Calling
Callingthe
thepolice,
police,replace
replacethe
thestolen
stolenitem,
item,…
…

Example
Exampleofofprotecting
protectingaafraudster
fraudsterfrom
fromusing
usingour
ourcredit
creditcard
cardininInternet
Internetpurchase
purchase
•• Prevention:
Prevention: Encrypt
Encrypt whenwhen placing
placing order,
order, perform
perform somesome check
check before
before
placing order, or don’t use credit card number on
placing order, or don’t use credit card number on internet.internet.
•• Detection:
Detection: AA transaction
transaction that
that you
you had
had not
not authorized
authorized appears
appears onon your
your
credit
creditcard
cardstatement.
statement.
•• Reaction:
Reaction: Ask
Ask forfor new
new card,
card, recover
recover cost
cost ofof the
the transaction
transaction from
from the
the
insurance,
insurance,the
thecard
cardissuer
issuerororthe
themerchant.
merchant.
 Computer Security and Privacy/ Overview
Definitions
Security:
Security: TheThe protection
protection of
of computer
computer assets
assets from
from
unauthorized
unauthorized access,
access, use,
use, alteration,
alteration, degradation,
degradation,
destruction,
destruction,and
andother
otherthreats.
threats.

Privacy:
Privacy: The
The right
right of
of the
the individual
individual to
to be
be protected
protected
against
against intrusion
intrusion into
into his
his personal
personal life
life or
or affairs,
affairs, or
or
those
those of
of his
his family,
family, by
by direct
direct physical
physical means
means oror by
by
publication
publicationofofinformation.
information.

Security/Privacy
Security/Privacy Threat:
Threat: Any
Any person,
person, act,
act, or
or object
object
that
thatposes
posesaadanger
dangerto
tocomputer
computersecurity/privacy.
security/privacy.
 Computer Security and Privacy/ History

Until
Until 1960s
1960s computer
computer security
security was
was limited
limited to
to
physical
physical protection
protection of
of computers
computers
In
In the
the 60s
60s and
and 70s
70s

Evolutions
Evolutions
Computers
Computersbecame
becameinteractive
interactive
Multiuser/Multiprogramming
Multiuser/Multiprogrammingwas wasinvented
invented
More
More and
and more
more data
data started
started toto be
be stored
stored inin computer
computer
databases
databases

Organizations
Organizationsand andindividuals
individualsstarted
startedto worryabout
toworry about
What
What the
the other
otherpersons
persons using
using computers
computers areare doing
doing toto their
their
data
data
What
What isis happening
happening toto their
their private
private data
data stored
stored in in large
large
databases
databases
 Computer Security and Privacy/ History

In
In the
the 80s
80s and
and 90s
90s

Evolutions
Evolutions
Personal
Personalcomputers
computerswere
werepopularized
popularized
LANs
LANsandandInternet
Internetinvaded
invadedthe
theworld
world
Applications
Applicationssuch
suchasasE-commerce,
E-commerce,E-government
E-governmentand
and
E-health
E-healthstarted
startedto
todevelop
develop
Viruses
Virusesbecome
becomemajors
majorsthreats
threats

Organizations
Organizationsand
andindividuals
individualsstarted
startedto
toworry
worryabout
about

Who
Whohas
hasaccess
accessto
totheir
theircomputers
computersand
anddata
data

Whether they can trust a mail, a website, etc.
Whether they can trust a mail, a website, etc.

Whether
Whethertheir
theirprivacy
privacyisisprotected
protectedin
inthe
theconnected
connectedworld
world
 Computer Security and Privacy/ History

Famous
Famous security
security problems
problems

Morris worm––Internet
Morrisworm InternetWorm
Worm
November
November 2,2, 1988 1988 aa worm
worm attacked
attacked more
more than
than 60,000
60,000
computers
computersaround
aroundthe theUSA
USA
The
Theworm
wormattacks
attackscomputers,
computers,and
andwhen
whenitithas
hasinstalled
installeditself,
itself,itit
multiplies
multipliesitself,
itself,freezing
freezingthe
thecomputer
computer
It
Itexploited
exploitedUNIX
UNIXsecurity
securityholes
holesin
inSendmail
SendmailandandFinger
Finger
AA nationwide
nationwide effort
effort enabled
enabled to
to solve
solve the
the problem
problem within
within 1212
hours
hours

Robert
Robert Morris
Morris became
became the the first person to
first person to be
be indicted
indicted
under
underthe
theComputer Fraudand
ComputerFraud andAbuse
AbuseAct.
Act.

He
He was
was sentenced
sentenced to
to three
three years
years of
of probation,
probation, 400
400 hours
hours of
of
community
communityservice
serviceand
andaafine
fineof
of$10,050
$10,050

Until
Until recently,
recently, he
he has
has been
been anan associate professor at
associate professor at the
the
Massachusetts Institute of Technology (MIT)
 Computer Security and Privacy/ History

Famous
Famous security
security problems
problems …
…

NASA shutdown
NASA shutdown

In
In 1990,
1990, an
anAustralian
Australian computer
computerscience
science student
student was
was
charged
charged for
for shutting
shutting down
down NASA’s
NASA’s computer
computer system
system
for
for24
24hours
hours

Airline computers
Airline computers
In
In 1998,
1998, aa major
major travel
travel agency
agency discovered
discovered thatthat
someone
someone penetrated
penetrated itsits ticketing
ticketing system
system and and has
has
printed
printedairline
airlinetickets
ticketsillegally
illegally

Bank theft
Bank theft
In
In 1984,
1984, aa bank
bank manager
manager waswas able
able to
to steal
steal $25
$25million
million
through
throughun-audited
un-auditedcomputer
computertransactions
transactions
 Computer Security and Privacy/ History

Famous
Famous security
security problems
problems …
…
 InEthiopia
In Ethiopia

Employees of
Employees of aa company
company managed
managed to
to change
change their salaries by
their salaries by
fraudulently
fraudulentlymodifying
modifyingthe
thecompany’s
company’sdatabase
database

InIn1990s
1990sInternet
Internetpassword
passwordtheft
theft
Hundreds
Hundreds ofof dial-up
dial-up passwords
passwords were
were stolen
stolen and
and sold
sold to
to
other
otherusers
users
Many
Manyofofthe
theowners
ownerslost
losttens
tensof
ofthousands
thousandsof ofBirr
Birreach
each

AAmajor
major company
company suspended
suspended the
the use
use of
of aa remote login software
remote login software by
by
technicians
technicians who
who were
were looking at the
looking at the computer
computer of
of the
the General
General
Manager
Manager
 InAfrica:
In Africa:Cote
Coted’Ivoire
d’Ivoire

An
Anemployee
employeewho
whohas
hasbeen
beenfired
firedby
byhis
hiscompany
companydeleted
deletedall
allthe
the
data
datain
inhis
hiscompany’s
company’scomputer
computer
 Computer Security and Privacy/ History

Early
Early Efforts
Efforts

1960s:
1960s: Marked
Marked as
as the
the beginning
beginning of
of true
true
computer
computersecurity
security

1970s:
1970s:Tiger
Tigerteams
teams

Government and
Government and industry
industry sponsored
sponsored crackers
crackers who
who
attempted
attempted to
to break
break down
down defenses
defenses ofof computer
computer systems
systems in
in
order
order to
to uncover
uncover vulnerabilities
vulnerabilities so
so that
that patches
patches can
can be
be
developed
developed

1970s:
1970s: Research
Research and
and modeling
modeling

Identifying
Identifyingsecurity
securityrequirements
requirements

Formulating security policy models
Formulating security policy models

Defining
Definingguidelines
guidelinesand
andcontrols
controls

Development
Developmentofofsecure
securesystems
systems
 Computer Security and Privacy/ Legal Issues
In
In the
the US,
US, legislation
legislation was
was enacted
enacted with
with regards
regards toto
computer
computer security
security and
and privacy
privacy starting
starting from
from late
late
1960s.
1960s.
European
European Council
Council adopted
adopted aa convention
convention on
on Cyber-
Cyber-
crime
crime in
in 2001.
2001.
The
The World
World Summit
Summit for for Information
Information Society
Society
considered
considered computer
computer security
security and
and privacy
privacy as
as aa
subject
subject of
of discussion
discussion in
in 2003
2003 and
and 2005.
2005.
The
The Ethiopian
Ethiopian Penal
Penal Code
Code ofof 2005
2005 has
has articles
articles on
on
data
data and
and computer
computerrelated
related crimes.
crimes.
 Computer Security and Privacy/Attacks

Categories
Categoriesof
ofAttacks
Attacks

Interruption:
Interruption: An
An attack
attack on
on availability
availability

Interception:
Interception: An
An attack
attack on
on confidentiality
confidentiality

Modification:
Modification: An
An attack
attack on
on integrity
integrity

Fabrication:
Fabrication: An
An attack
attack on
on authenticity
authenticity
 Computer Security and Privacy/Attacks

Categories
Categoriesof
ofAttacks/Threats
Attacks/Threats(W.
(W.Stallings)
Stallings)
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication
 Computer Security and Privacy/Vulnerabilities
Types
Typesof
ofVulnerabilities
Vulnerabilities

Physical
Physicalvulnerabilities
vulnerabilities(Ex.
(Ex.Buildings)
Buildings)

Natural
Naturalvulnerabilities
vulnerabilities(Ex.
(Ex.Earthquake)
Earthquake)

Hardware
Hardwareand
andSoftware
Softwarevulnerabilities
vulnerabilities(Ex.
(Ex.Failures)
Failures)

Media
Mediavulnerabilities
vulnerabilities(Ex.
(Ex.Disks
Diskscan
canbe
bestolen)
stolen)

Communication
Communicationvulnerabilities
vulnerabilities(Ex.
(Ex.Wires
Wirescan
canbe
betapped)
tapped)

Human
Humanvulnerabilities
vulnerabilities(Ex.
(Ex.Insiders)
Insiders)
 Computer Security and Privacy/ Countermeasures

Computer
Computer security
security controls
controls

Authentication
Authentication (Password,
(Password, Cards,
Cards,
Biometrics)
Biometrics)
(What
(What we
we know,
know, have,
have, are!)
are!)

Encryption
Encryption

Auditing
Auditing

Administrative
Administrative procedures
procedures

Standards
Standards

Certifications
Certifications

Physical
Physical Security
Security

Laws
Computer Security and Privacy/ The Human Factor

The
The human factor is
human factor is an
an important
important component
component of of
computer
computersecurity
security
Some
Some organizations
organizations view
view technical solutions as
technical solutions as
“their
“theirsolutions”
solutions” for
forcomputer
computersecurity.
security. However:
However:

Technologyisisfallible
Technology fallible(imperfect)
(imperfect)

Ex.
Ex.UNIX
UNIXholes
holesthat
thatopened
openedthe
thedoor
doorfor
forMorris
Morrisworm
worm

The
Thetechnology
technologymay notbe
maynot beappropriate
appropriate

Ex.
Ex.ItItisisdifficult
difficultto
todefine
defineall
allthe
thesecurity
securityrequirements
requirementsand
andfind
find
aasolution
solutionthat
thatsatisfies
satisfiesthose
thoserequirements
requirements

Technical
Technicalsolutions
solutionsare
areusually
usually(very)
(very)expensive
expensive

Ex.
Ex.Antivirus
Antiviruspurchased
purchasedby byETC
ETCtotoprotect
protectits
itsInternet
Internetservices
services
Given
Given all
all these,
these, someone,
someone, aa human
human,, has
has to
to implement
implement
the
the solution
solution
Computer Security and Privacy/ The Human Factor

Competence of
Competence of the
the security
security staff
staff

Ex.
Ex.Crackers
Crackersmay
mayknow
knowmore
morethan
thanthe
thesecurity
securityteam
team
Understanding
Understanding and support of
and support of management
management

Ex.
Ex. Management
Management does
does not
not want
want to
to spend
spend money
money on
on
security
security
Staff’s discipline to
Staff’s discipline to follow
follow procedures
procedures

Ex.
Ex.Staff
Staffmembers
memberschoose
choosesimple
simplepasswords
passwords
Staff
Staff members
members may not be
may not be trustworthy
trustworthy

Ex.
Ex.Bank
Banktheft
theft
Computer Security and Privacy/ Physical Security

“The most robustly secured

computer that is left sitting
unattended in an unlocked room
is not at all secure !!”
[Chuck Easttom]
Computer Security and Privacy/ Physical Security

Physical
Physical security
security isis the
the use
use ofof physical controls to
physical controls to
protect
protect premises,
premises, site,
site, facility,
facility, building
building or or other
other
physical
physical asset
asset of
of an
an organization
organization [Lawrence
[LawrenceFennelly]
Fennelly]

Physical
Physical security
security protects
protects your
your physical
physical computer
computer
facility (your
facility (your building,
building, your
your computer
computer room,
room, your
your
computer,
computer, your your disks
disks and
and other
other media)
media) [Chuck
[Chuck
Easttom].
Easttom].
Computer Security and Privacy/ Physical Security

In
In the
the early
early days
days of
of computing
computing physical
physical security
security
was simple
was simple because
because computers
computers were
were big,
big,
standalone,
standalone, expensive
expensive machines
machines

It
It almost impossible
isis almost impossible to to move
move themthem (not
(not
portable)
portable)

They
They were were very
very few and itit isis affordable
few and affordable to to
spend
spend on on physical
physical security
security for
forthem
them

Management
Management was was willing
willing to
to spend
spend money
money

Everybody understands
Everybody understands and and accepts
accepts that
that there
there
isis restriction
restriction
 Computer Security and Privacy/ Physical Security

Today
Today

Computers
Computers are
are more
more and
and more portable (PC,
more portable (PC, laptop,
laptop,
PDA,
PDA,Smartphone)
Smartphone)

There
There are
are too many of
too many of them
them to to have
have good
good physical
physical
security
securityfor
foreach
eachof
ofthem
them

They
They are
are not
not “too
“too expensive”
expensive” to justify spending
to justify spending more
more
money
moneyononphysical
physicalsecurity
securityuntil
untilaamajor
majorcrisis
crisisoccurs
occurs

Users
Usersdon’t
don’taccept restrictions easily
acceptrestrictions easily

Accessories
Accessories (ex.
(ex. Network
Network components)
components) are are notnot
considered
considered as important for
as important for security
security until
until there
there is
is aa
problem
problem

Access
Access to
to aa single
single computer
computer may
may endanger many more
endanger many more
computersconnected
computers connectedthrough
throughaanetwork
network
 Computer Security and Privacy/ Physical Security

=>
=>
Physical
Physical security
security is
is much
much more
more
difficult
difficult to
to achieve
achieve today
today than
than some
some
decades
decades agoago
 Computer Security and Privacy/ Physical Security

Threats and vulnerabilities

Natural
NaturalDisasters
Disasters

Fire
Fireand
andsmoke
smoke

Fire
Firecan
canoccur
occuranywhere
anywhere

Solution – Minimize risk
Solution – Minimize risk
Good
Goodpolicies:
policies:NO SMOKING,,etc..
NOSMOKING etc..
Fire
Fireextinguisher,
extinguisher,good
goodprocedure
procedureand
andtraining
training
Fireproof
Fireproof cases
cases (and
(and other
other techniques)
techniques) for
for backup
backup
tapes
tapes
Fireproof
Fireproofdoors
doors

Climate
Climate

Heat
Heat

Direct
Directsun
sun

Humidity
Humidity
 Computer Security and Privacy/ Physical Security
Threats and vulnerabilities …
Natural
NaturalDisasters
Disasters…
…

Hurricane,
Hurricane,storm,
storm,cyclone
cyclone

Earthquakes
Earthquakes

Water
Water

Flooding
Floodingcan
canoccur
occureven
evenwhen
whenaawater
watertab
tabisisnot
notproperly
properlyclosed
closed

Electric
Electricsupply
supply

Voltage
Voltagefluctuation
fluctuation
Solution:
Solution:Voltage
Voltageregulator
regulator

Lightning
Lightning

Solution
Solution

 Avoid
Avoidhaving
havingservers
serversin
inareas
areasoften
oftenhit
hitby
byNatural
NaturalDisasters!
Disasters!
 Computer Security and Privacy/ Physical Security

Threats and vulnerabilities …

People
People

Intruders
Intruders

Thieves
Thieves

People who
People who have
have been
been given
given access
access unintentionally
unintentionally by
by the
the
insiders
insiders

Employees,
Employees,contractors,
contractors,etc.
etc.who
whohave
haveaccess
accessto
tothe
thefacilities
facilities

 External
Externalthieves
thieves

Portable computing
Portable computing devices
devices can
can be
be stolen
stolen outside
outside the
the
organization’s
organization’spremises
premises
Loss
Loss of
of aa computing
computing device
device

Mainly
Mainlylaptop
laptop
 Computer Security and Privacy/ Physical Security

Safe area

Safe
Safe area
area often
often isis aa locked
locked place
place where
where
only
only authorized
authorized personnel
personnel can can have
have
access
access
Organizations
Organizations usually
usually havehave safe
safe area
area for
for
keeping
keeping computers
computers and and related
related devices
devices
 Computer Security and Privacy/ Physical Security
Safe area … Challenges

Is
Is the
the area
area inaccessible
inaccessible through
through other
other openings
openings
(window,
(window, roof-ceilings,
roof-ceilings, ventilation
ventilation hole,
hole, etc.)?
etc.)?

Design
Designof
ofthe
thebuilding
buildingwith
withsecurity
securityin
inmind
mind

Know the architecture of your building
Know the architecture of your building

During
During opening
opening hours,
hours, isis itit always
always possible
possible to to
detect
detect when
when unauthorized
unauthorized person
person tries
tries to
to get
get to
to the
the
safe
safe area?
area?

Surveillance/guards,
Surveillance/guards, video-surveillance,
video-surveillance, automatic-
automatic-
doors
doorswith
withsecurity
securitycode
codelocks,
locks,alarms,
alarms,etc.
etc.

Put
Putsigns
signsso
sothat
thateverybody
everybodysees
seesthe
thesafe
safearea
area
 Computer Security and Privacy/ Physical Security
Safe area…Locks
Are
Arethe
thelocks
locksreliable?
reliable?

The
Theeffectiveness
effectivenessof
oflocks
locksdepends
dependson
onthe
thedesign,
design,manufacture,
manufacture,
installation
installationand
andmaintenance
maintenanceofofthe
thekeys!
keys!

Among
Amongthe theattacks
attackson
onlocks
locksare:
are:

Illicit
Illicitkeys
keys
Duplicate
Duplicatekeys
keys
Avoid
Avoidaccess
accesstotothe
thekey
keyby
byunauthorized
unauthorizedpersons
personseven
evenfor
foraafew
fewseconds
seconds
Change
Changelocks/keys
locks/keysfrequently
frequently
Key
Keymanagement
managementprocedure
procedure
Lost
Lostkeys
keys
Notify
Notifyresponsible
responsibleperson
personwhen
whenaakey
keyisislost
lost
There
Thereshould
shouldbe
beno
nolabel
labelon
onkeys
keys

Circumventing
Circumventingof
ofthe
theinternal
internalbarriers
barriersof
ofthe
thelock
lock
Directly
Directly operating
operating the
the bolt
bolt completely
completely bypassing
bypassing the
the locking
locking mechanism
mechanism
which remains locked
which remains locked

Forceful
Forcefulattacks:
attacks:
Punching,
Punching,Drilling,
Drilling,Hammering,
Hammering,etc.
etc.
 Computer Security and Privacy/ Physical Security

Safe area… Surveillance with Guards

Surveillance
Surveillance with
with guards
guards

The
The most
most common
common in in Ethiopia
Ethiopia

Not
Not always
always the
the most
most reliable
reliable since
since itit adds
adds aa
lot
lot of
of human
human factor
factor

Not
Not always
always practical
practical forfor users
users (employees
(employees
don’t
don’t like
like toto bebe questioned
questioned by by guards
guards
wherever
wherever they
they go)
go)
 Computer Security and Privacy/ Physical Security
Safe area… Surveillance with Video
Surveillance
Surveillancewith
withvideo
video

Uses
UsesClosed
ClosedCircuit
CircuitTelevision
Television(CCTV)
(CCTV)

Started in the 1960s
Started in the 1960s

Become
Become more
more and
and more
more popular
popular with
with the
the worldwide
worldwide increase
increase of
of
theft
theftand
andterrorism
terrorism

Advantages
Advantages

AAsingle
singleperson
personcan
canmonitor
monitormore
morethan
thanone
onelocation
location

The intruder doesn’t see the security personnel
The intruder doesn’t see the security personnel

ItItisischeaper
cheaperafter
afterthe
theinitial
initialinvestment
investment

ItItcan
canbeberecorded
recordedandandbe
beused
usedfor
forinvestigation
investigation

Since
Sinceititcan
canbeberecorded
recordedthethesecurity
securitypersonnel
personnelisismore
morecareful
careful

Today’s
Today’sdigital
digitalvideo-surveillance
video-surveillancecan canuse
useadvanced
advancedtechniques
techniquessuch
such
as
asface
facerecognition
recognitionto todetect
detectterrorists,
terrorists,wanted
wantedpeople,
people,etc.
etc.

Drawback
Drawback
Privacy
Privacyconcerns
concerns
 Computer Security and Privacy/ Physical Security
Internal Human factor - Personnel

Choose
Choose employees
employees carefully
carefully

Personal
Personal integrity
integrity should
should be
be as
as important
important aa
factor
factorin
in the
the hiring
hiring process
process as
as technical
technical skills
skills
Create
Create an
an atmosphere
atmosphere in in which
which the
the levels
levels of
of
employee
employee loyalty,
loyalty, morale,
morale, andand job
job
satisfaction
satisfaction are
are high
high
Remind
Remind employees,
employees, on on aa regular
regular basis,
basis, of
of
their
their continuous
continuous responsibilities
responsibilities to to protect
protect
the
the organization’s
organization’s information
information
 Computer Security and Privacy/ Physical Security

Internal Human factor – Personnel …

Establish
Establish procedures
procedures for for proper
proper destruction
destruction andand
disposal
disposal of
of obsolete
obsolete programs,
programs, reports,
reports, and
and data
data
Act
Act defensively
defensively when when anan employee
employee mustmust be be
discharged,
discharged, either
either for
for cause
cause or
or as
as part
part of
of aa cost
cost
reduction
reduction program
program
Such
Such anan employee
employee should
should not
not be
be allowed
allowed access
access to
to
the
the system
system andand should
should be
be carefully
carefully watched
watched until
until
he
he or
orshe
she leaves
leaves the
the premises
premises
Any
Any passwords
passwords used used by
by the
the former
former employee
employee
should
should be
be immediately
immediately disabled
disabled
 Information Assurance and Security
1. Blackout 19. Spike
Assignment
Assignment(10%):
(10%): 2. Brownout 20. Server Spoofing
•• Read
Readabout
aboutthese
thesesecurity
securityattack
attackrelated
related 3. Brute Force Attack 21. Session Hijacking
keywords. 4. Buffer Overflow 22. Smurf Attack
keywords.Study
Studyabout
aboutone
oneofofthese
thesekeywords
keywords
and 5. Cookie Injection 23. SNMP Community
andwrite
writeaaone
onepage
page(maximum)
(maximum)summarysummaryof of 6. Cookie Poisoning Strings
your
yourfindings
findingsincluding
includingany
anyrecorded
recordedhistory
history 7. Cracking 24. Spamming
of
ofsignificant
significantdamages
damagescreated
createdby bythese
these 8. DNS Poisoning 25. Scam and Phishing
attacks. 9. DoS Attack 26. Spoofing Attack
attacks.
10. DDoS Attack 27. SQL Injection
•• Send
Sendyour
yourreport
reportbybyemail
emailin inword
wordformat
formatoneone 11. Eavesdropping 28. SYN Attack
day
daybefore
beforethe
thenext
nextclass
class(Use
(Useyour
yournames
namesas as 12. HTTP Tunnel Exploit 29. Teardrop
the 13. ICMP Flood 30. Traffic Analysis
thefile
filename).
name).We Wewill
willuse
usethe
thelast
last15
15minutes
minutes
of 14. Logic Bomb 31. Trojan Horses
ofeach
eachclass
classtotohear
hearthree
threeofofyou
youononthethetopic,
topic, 15. Malware Attack 32. UDP Flood
you
youwill
willbe
begiven
given3+2
3+2minutes.
minutes. 16. Packet Sniffing 33. Viruses
•• Bonus:
Bonus:While
Whilereading,
reading,ififyou
youfind
findsecurity
security 17. Ping of Death
18. Serge
34. Worms
35. War Dialing
attack
attackrelated
relatedkeywords
keywordsother
otherthan
thanthese,
these, 19. Rootkit 36. Wire Tapping
send
sendthem
themon onthe
thesecond
secondpage
pageofofyour
yourreport.
report.