What is Computer Security?
Correctness and efficiency
2/103
What is Computer Security?
Correctness and efficiency against an attacker.
Decide what your assets are, estimate the impact of attacks, likelihood, risks, mitigations
Analyse systems, spot vulnerabilities, build protection.
2/103
What Does Computer Security Protect?
Confidentiality: attacker cannot read your data Integrity: The data I receive is genuine Availability:I can get my data when I need it
3/103
A Threat/Attacker Model
What are we trying to keep our assets safe from?
Before building a security system you must state your assumption about what the attacker might try.
This is known as a threat model or an attacker model.
4/103
Attackers
Lone Hackers, script kiddies.
Probably run known attacks using scripts.
Professional Criminal gangs:
Take control of 100,000s of computers via bugs in
web-browsers
Spam, phishing attacks. DoS attacks
Governments:
Unbelievable computing power
Wiretaps
Lawyers
ISPs, Service providers
Do not break laws.
Do ¡°spy¡± on you.
May sell/loose your data
Insiders
5/103
Examples of successful attacks
Ransomware: Wannacry
Due to unpatched vulnerabilities in Microsoft, attackers could take over computer via exploit stolen from NSA
Attackers encrypted data on the computer and asked for payments in Bitcoin (Ransomware)
Widespread impact worldwide, in the UK eg NHS and Nissan were affected
Phishing: Emotet
E-mails pretending to be from known people (eg bank, colleagues, previous client)
E-mails asks for username and password or asks for software installation or Word macros
Installs malware to spread within networks, downloads further malware as a service (eg ransomware, sending of spam e-mails, crypto miners etc.)
6/103
Examples of successful attacks
Website Attacks: SQL Injection
Wrongly implemented websites allow attackers access to data in backend database
TalkTalk: personal information of more then 150,000 customers was stolen this way.
7/103
Module Outline
Cryptography
Access Control
Introduction into Networking
Security protocols
Web Systems and Attacks
Other Common Attacks and Defences
8/103
Resources
Canvas
Pre-recorded lectures
Lecture slides Exercises Further Reading
Microsoft Teams
9/103
VM based exercises
10/103
Tokens/Flags
When you complete an exercise on the VM you will usually find a token (or flag).
You submit this to a website, to show you have solved the exercise.
Tokens are unique to your VM. You must not share VMs (or tokens).
11/103
DO NOT TRY OUT ANYTHING ON COMPUTERS YOU DO NOT OWN
It is illegal to access computers without the owner¡¯s permission.
Most access is logged, and it¡¯s easy to get caught.
Trying something ¡°just for fun¡± could get you kicked out of the University.
12/103