代写代考 FIT2093 INTRODUCTION TO CYBERSECURITY

to cyber security
Week Introduction
FIT2093 INTRODUCTION TO CYBERSECURITY
www.monash.edu.au

Copyright By PowCoder代写 加微信 powcoder

Intro to Cyber Security
● WhatisCyberSecurity?
○ the Security Problem: Alice & Bob ++
● Security Goals: C,I,A + A
● Types of attacks on Security Goals
● Approaches for how to achieve Security Goals
● Security principles
● Brief Overview of this unit

Cyber Security: What?
Intro to Cyber Security
● Multipleparties
○ differentownership/values/sides ○ yethumanshavetointeract
○ protectindividualinterests/rights
○ somepartiesmalicious→misbehave ● Misbehaviour negatively affects
○ individualinterests/assets/thingsyoufeelareimportant 3

# Cyber Security: What? #
Intro to Cyber Security
● Multipleparties
○ differentownership/sides ○ I/me/mine/my
“my phone, I lend to you, but still my phone”
“my money I give you, need proof I did it”
“only do it if I’m there”

# Assets? #
Intro to Cyber Security
● Q: what things are important to individuals? ○ …

Q: What type of asset is most valuable to you? One which you don’t want compromised
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

# Assets #
Intro to Cyber Security
Assets that may need protection:
● Data/Information
● Hardware
■ Computer: process data
■ Network: transfer data
■ Infrastructure: store/transfer/process data
■ Sensors (IoT): sense data
● Software:processdata
● Communicationfacilities&networks:transferdata
i.e. what you own (data) or things that act on them

# How are Assets Attacked? # Intro to Cyber Security
● Q: What bad thing (attack) could happen to what you value the most (asset)? i.e. what attacks could apply to assets?

Q: How could your asset be attacked?
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets
■ malicious→misbehave/attacks
● TheSolution: ○ Cybersecurity

Cyber Security: What? Intro to Cyber Security
● systemsdesignedtoprotectassetsagainstattacks
● i.e.howtodesignsystemsthatworkeveninthepresenceofmalicious
(adversarial) entities ● systems?
○ technologies,processes,practices ● assets?
○ data,networks,computers,programs 11

# Example Scenario # Intro to Cyber Security

# Example Scenario # Intro to Cyber Security
● Monash’s2-factorAUTHsystem

Q: Example point of attack on Monash’s 2-factor Auth system?
Would it be enough to break the system?
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets
■ malicious→misbehave/attacks→atdifferentpoints
● TheSolution: ○ Cybersecurity

Principle #1
Intro to Cyber Security
● TheProblem:
○ attacks→atdifferentpoints
● TheSolution:
○ Cybersecurity
○ WeakestLinkPrinciple
■ Bydefault,“systemisonlyassecureastheweakestlink” ● defender:howmanypointstodefend?
● attacker:howmanypointstoattack?
● Q:exampleofweakestlink?
● Motivationformulti-factorsecuritymechanisms!

Security Goals

Attacks on …
Intro to Cyber Security
● Attacks aimed at some aspect of your assets: ○ Note:securityaimstopreventthese
● Secrecy / Confidentiality (C) ● Integrity (I)
● Authentication(A)
● Availability (A)

Q: How can you break confidentiality? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

# Attacks on CONFidentiality #
Intro to Cyber Security

Q: How can you break integrity? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

# Attacks on INTegrity #
Intro to Cyber Security

Q: How can you break authentication of the source? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

# Attacks on AUTHentication #
Intro to Cyber Security

Q: How can you break availability? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum

# Attacks on AVaiLability #
Intro to Cyber Security

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets
■ malicious→attacksatdifferentpoints→ondifferentaspects:C,I,A,…
● Note:attacker’sgoal:breakC,I,A,…
● TheSolution: ○ Cybersecurity
■ Weakestlinkprinciple
■ aimtopreventattacksondifferentaspects
● Note:security’sgoal:preventattacker’sgoals,wantC,I,A,…

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets
■ malicious→attacksatdifferentpoints→breakC,I,A,…
● TheSolution: ○ Cybersecurity
■ Weakestlinkprinciple ■ Securitygoal:C,I,A,…

… some Terms … Intro to Cyber Security
○ circumstancesthathavethepotentialtocauselossorharm
● Vulnerability
○ aweaknessinacomputersystemthatmightbeexploitedtocauseloss (of information) or harm (the contents)
○ anactionthatexploitsavulnerability
○ anyactionthatcompromisesthesecurityofsystem/informationowned by organisation/individual
● Control(a.k.a.countermeasure)
○ Atechniqueorproceduretoremoveorreduceavulnerability.

# Example Threats #
Intro to Cyber Security
● infodisclosure
○ vs … what security goal?
● deception ○ vs…
● alteration ○ vs…

Vulnerability Types Intro to Cyber Security
● Designlevelvulnerabilities
○ Flawinlogicofhowsystem/protocolswork
■ either hardware, software, human protocol flaw
■ e.g.1.(softwareprotocolflaw):storeprivateinfoinclearformona publicly accessible company website
■ e.g.2.(humanprotocolflaw):lackoftrainingpolicyforall employees to verify credentials of caller before giving out private company information … e.g. banks
○ Maybeduetolackoforincorrectuseofsecuritycontrols/mechanisms ○ Shouldbefound&fixedatdesignstagebyasecuritydesignreview

Vulnerability Types Intro to Cyber Security
● Implementationlevelvulnerabilities
○ Flawindetailsofhowdesignisrealised
■ either hardware, software, human implementation flaw
■ e.g.1.(softwareimplementationflaw):bugincodeofasecurity mechanism that allows attacker to reveal private info
■ e.g.2.(humanpolicyimplementationflaw):employeesdon’t follow company security policy correctly, and reveal info to a caller without checking the latter’s credentials
○ Shouldbefoundinimplementationsecuritytesting/reviewstage 32

# Example Attacks: How #
Intro to Cyber Security
○ Exposure(leakageofsecrets)
○ Interception/Eavesdropping(oncommunication)
○ Inference,Observation(ofbehavior,patterns) ○ Intrusion(accesstosecrets)

# Example Attacks: How #
Intro to Cyber Security
○ Exposure(leakageofsecrets)
○ Interception/Eavesdropping(oncommunication)
○ Inference,Observation(ofbehavior,patterns)
○ hardtotrace/detect
○ besttoprevent
○ Intrusion(accesstosecrets)

Example Attack on CONF
Intro to Cyber Security
Vulnerability: incorrect use of password protection cryptographic mechanism (We’ll revisit this in user authentication lecture)

# Example Attacks: How #
Intro to Cyber Security
○ Fabrication(inject/insert/generatefakes/counterfeitsasvalid)
○ Modification(change/tamper,man-in-the-middle)

Example Attack on INT: Wannacry Ransomware
Intro to Cyber Security
Vulnerability: Operating System bug

# Example Attacks: How #
Intro to Cyber Security
○ Impersonation/Masquerade(pretendtobeanother)
○ Repudiation(denybeingthere/involved)

Example Attack on AUTH
Intro to Cyber Security
Vulnerability: command injection vulnerability in Java log4j logging library (We’ll revisit this kind of vulnerability in software/web app security lecture)

# Example Attacks: How #
Intro to Cyber Security
○ Interruption/Disruptiona.k.a.denialofservice(DoS)
■ e.g. unavailable/unusable/inaccessible/super slow

Example Attack on AVL
Intro to Cyber Security
Vulnerability: insufficient DoS mitigation mechanisms

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets,vs ■ malicious→attacks:
● atdifferentpoints→breakC,I,A,…
● how?by…interception,fabrication,…
● TheSolution: ○ Cybersecurity
■ Weakestlinkprinciple ■ Securitygoal:C,I,A,…

General Attack Types Intro to Cyber Security
○ e.g. eavesdrop, observe, infer, leak, sniff, traffic analysis, wiretap, …
○ hard to detect, best to prevent
○ e.g. replay, modify, delete, masquerade, …
○ hard to prevent, next best is to detect

Security Goals & How

General Security Approaches Intro to Cyber Security
● prevent:letitnothappen(pre-emptive)
● detect:knowifithappens
● recover:getbackthesecurity(postincident) detect
…recover…
… prevent…

Q: How to achieve CONFidentiality? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum
3) Add your “hearts” to your favourite responses

Confidentiality (C): How?
Intro to Cyber Security
● Gist of the Goal: secret data remains CONFidential
○ gist:hardtodetectattacksonCONF,trytoprevent ○ notallcanaccess
○ onlysomecanaccess:beselective
● Q:howtoenforcethis?
○ accesscontrol:checkwho,&grantaccess ○ encryption:lock,onlysomehavekey

Q: How to achieve INTegrity? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum
3) Add your “hearts” to your favourite responses

Integrity (I): How?
Intro to Cyber Security
● Preventmodifications?
○ For physically protected system: yes, use access control ○ E.g. remote login to physically protected server
○ For physically exposed communication & systems: no!
○ e.g. Internet communications, cloud storage
○ don’t own the channel/system, no control, can’t prevent
● Detect modifications
○ next best option
○ use something like checksum, check if data unchanged
○ Q: if data changed, can’t we change the checksum ?
○ Q: how to enforce? make it selective
■ onlygoodguyscancomputecorrectchecksum

Q: How to achieve AUTHenticity? Give an example.
Activity (5 mins)
1) Click the latest link in the Zoom chat
2) Add your question response to the Ed forum
3) Add your “hearts” to your favourite responses

Authentication (A): How?
Intro to Cyber Security
● checkwho/identity
● Q:howtocheck?
○ uniquefeaturethes/he
■ knows:e.g.password
■ has:e.g.passport ■ is:e.g.biometrics

Principle #2
Intro to Cyber Security
● TheProblem:
○ dilemma:securityvscost/performance
● TheSolution:
○ TimelinessPrinciple
■ onlyneedtoprotectuntilassetlosesvalue
○ EffectivenessPrinciple
■ correct,efficient,easytouse,appropriate ■ won’tcostmorethanasset’svalue

Recap: Keywords so far
Intro to Cyber Security
● TheProblem:
○ Multipleparties
■ individual→assets,vs ■ malicious→attacks:
● atdifferentpoints→breakC,I,A,… ● how?by…interception,,…
● TheSolution: ○ Cybersecurity
■ Principles:Weakestlink,timeliness,effectiveness ■ Securitygoals:C,I,A,…+How?

Topics covered in this Unit

Topics Plan
Intro to Cyber Security
Part I: Basic Techniques for Cybersecurity
● Wk2:Cryptography:SymmetricKey:mechanismsforCONFsecurity
● Wk3:Cryptography:PublicKeyI:mechanismsforCONFsecurity
● Wk4:Cryptography:PublicKeyII
● Wk5:CryptographytechniquesforInformationINTegrity&AUTH
● Wk6:SecurityProtocols
● Wk7:Software&SystemSecurityI:vulnerabilities&defences(+in-semtest) …mid-sem break…
● Wk8:Software&SystemSecurityII:entityAUTH&accesscontrol(+
Assignment 1 due)

Topics Plan
Intro to Cyber Security
Part II: Applications & Emerging Topics
● Wk9:WebApplicationSecurity
● Wk10:DatabaseSecurity,Privacy&Blockchain
● Wk11:Machinelearning/AIincybersecurity(+Assignment2due) ● Wk12:InvitedIndustrylecture/EmergingtopicsinCybersecurity

Further Reading
• Chapter 1 of the textbook: Computer Security: Principles and Practice” by & , , 2015

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com