Recent Changes

Cybersecurity as a Public Good
What is a public good?
· A public good is non-rivalrious, meaning use of the good does not reduce the amount available.
· Public goods are non-excludable, there is no way to stop other people from receiving them.
· Cost/benefit can be incurred without a transaction. You can have the benefit without the cost or vice versa.
· Free-riding : occurrance without the transaction. Consuming more than the fair share of a public resources, or shoulder less than a fair share of the cost of its production.
Whate are private good?
· Private goods are rivalrous. Consumption reduces the amount of the good left for others.
· Private goods are excludable, you can stop others from receiving them.
Is Cybersecurity a public good?
No.
Is Cybersecurity as a condition?
· Cybersecurity should be a condition available to everyone.
· Major goal is to avoid cyber terrorism.
Externalities
· If financial institutions were attack that would have ripple effect on the nation. (Cyberterrorism)
Reasons why it is not a public good?
· If it is a public good, we will observer a market failure if they the private does not invest in cybersecurity.
· Do companies invest in cybersecurity? Yes
· Is to their beneift to invest in cybersecuirty? Yes
Policy
· Security events tend to be rare and castostroprophic.
· Government regulation would be the solution to marketfailure.
· Torte law (common law) – allowing for civil suites
· Liability (which is favored) – holding the companies liable for damage
· Market discover : you want to market test for threats and responds accordingly
· Over regulation is reactive

Bruce Schneier – Implementation
PGP example: PKI needs 2 prime #s
{http://securitycerts.org/images/symmetric-alice-bob.jpg}
{ex2bobandalice.jpg}
{ex2bobandalice.jpg}

· Redundancy: fail safe systems
· Safe from DDS attacks
D.O.L.L.S.
Diversity – Don’t run 1 kind of protection. Example: Different password types, SW OS, mix up servers
Obscurity- Hide your information! Ex: OS, Apps, Internal Addresses (NAT/PAT)
Limiting – Limit physical access. Ex: Role Based Access Controls (RBAC)/IBAC, privileges
Layering – Have multiple obstacles
Simplicity- Usability built into the system Ex. Biometrics, management tools
· Security Increase, Productivity Decreases
7 Fundamental Principles of Cyber security
1. All security measures of defeatable.
2. Today’s defenses are obsolete tomorrow.
3. Any security measure/technology is only as good as its implementation.
4. Treat security as if the law enforcement did not exist.
5. Black hats cannot be deterred.
6. Any new technology is a new attack vector.
7. Information security is an evolutionary arms race.

3 Characteristics of Information Protection (CIA)
1. Confidentiality
· Authorization i.e login & password
· Access Controls
o Privileges : things you are allowed to do on the computer
o Privilege escalation: coming in under a restriction set and gaining higher privileges (“pwn” or own)
o Mandatory Access Control: To set up Control
o Identity Based Access Controls (IBAC) : controls set for individual users
o Role Based Access Controls (RBAC): Taking the identity controls and adding them to the group
· Authenticate
o Single Factor (i.e. only have a password)
o Two factors (card + code)
o Multiple Factors
o Token cards
o Dongles
o Biometrics (finger prints, facial markers, retina scan)
2. Integrity : Making sure Information is correct
· Entered Correctly
· Processed Correctly (software bugs)
· Stored Correctly
· Not modified without authentication
3. Availability : Information is where it’s needed so when it is needs you can get to it in the form you need it.
· Redundancy: fail safe systems
· Safe from DDS attacks

Data exists in three states]: 1) stored, 2) transmitted, 3) processed
{Network.jpg}
a client.
Packet sniffers intercept and log traffic passing over a network. Packet switching is a method that groups all transmitted data: Transmission Control Protocol (TCP)- corrects the errors and Internet Protocol (IP) finds the address.
Tracert (tracing route) is used to show the route taken by packets across an IP network.

· Security Increase, Productivity Decreases
{cryp_I.jpg}
{http://ghaza.li/wp-content/uploads/2008/12/firewall.jpg}
Passwords
Formula = (symbol)Length

· Security Increase, Productivity Decreases
{cryp_I.jpg}
{http://ghaza.li/wp-content/uploads/2008/12/firewall.jpg}
Passwords
Formula = (symbol)Length

Access Point (AP)
MAC Address – A unique number that belongs to the NIC
DHCP server gives the IP address
Online, a hacker on the Internet is the MAC or his IP address
Where am I? IP Address
Firewalls →SW/HW
IP Filter (content filter) → filter ports
Who Am I connected to? SRC/DST
What services Am I connected to? Ports/ Software (remote)
What ports am I using? PIDs

Air Gap
a security measure often taken for computers and computer networks that must be extraordinarily secure
Antispyware
Software used to detect spyware
Asymmetric Key
2 keys (1 is public and 1 is private). They are nonreversable. The public key only to enrypt. ( 1 way) The private key decrypts the data. Protect the private key!!!!
Authentication
The act of establishing or confirming something
Authenticity
Ensuring that data, transaction, communications, or documents are genuine
Availability
The information must be available when it is needed.
Backdoor
A longon not using normal program
Biometrics
Methods used to uniquly recognize people (fingerpringts)
BIOS
Basic Input Output System
Boot Sector Virus
A virus that affects the boot sector (a portion of storage set aside for start up)
Botnet
A collection of zombies which launch a DDOS
Brute Force
Trying to hack a password by trying every possible combination of symbols
Certificate Authority
An entity that issues digital certificates
Chain of custody
documentation showing a seizure, custody, control, transfer, analysis, and disposition of evidence
Chief Information Security Officer (CISO)
a high level security officer
Cipher
transformations of plaintext.A cipher is a an algorithm for performing encryption or decryption.
Confdentiality
Term used to prevent the disclosure of information to unauthorize individuals or systems/
cookie
A piece of text stored by a user's web browser
crawler
Goes and checks every web server. It is an automatci software.
Cryptography
the practing and stuyd of hiding information
Data Encryption Standard (DES)
A block cipher that uses shared secret encryption
Data Leakage
the loss or control over data
Data Theft
stealing data
DHCP
Assigns the IP address
Distrubted Denial of Service Attacks (DDOS)
When hackers send tons of pings to a server so that legitimate users can not access the service (website)
Ditigal Certificates
An electronic document which uses a digital signature to bind together a public key with an identity
Domain Name System (DNS)
A naming system for computer services
Dongle
Hardware that connects to for copy protection
DOS (Disk Operating System)
An Operating System
Dynamic Host Configuration Protocol (DHCP)
An auto configuration protocol used on IP networks
End-to end
Information can go from client to webserver securely
Exploit
The means of the attack
Failover
the capability to switch over automatically to redudant or standby computer server, system,or nework upon failure
Failsafe
In the event of failure, the minimal amount of harm is done
Filter
A computer program to process a data stream
firewall
A part of a computer or network that is desigend dto bloc unauthorized access while permitting authorized communications
handshaking
the process of establishes the parameters of communications between two devices
Hardware
The physical components of a computers
Hash
values used in computer security in order to encrypt text.
Hypertext Transfer Protocol
A networking protocol for distibuted, collaborative, hypermedia information
Hypertext Transfer Protocol Secure (HTTPS)
A combination of HTTP with the SSL/TLS protocol to provide encrypted communication and secure indentification of a network web server
Identity Based Access Controls (IBAC)
cotnrols set up for individual users
Identity Theft
stealing personal identifiers
Information System
Hardware, Software, Information, People, Procedure
Integrity
Data cannot be modified undetectably
Internet Protcol
The principla communications protocol used for relaying packets across an intenetwork.
Intrusion Detection System
software and/or hardward design to detect unwanted attempts at accessing, manipulating, and/or disabling of a computer system, mainly through a newtwork, such as the Internet
IP address
A numerical label assigned to each device participating in network
Keylogger
the action of tracking (or loggin) he key struck on a keyboard, typically in a covert manner
Logic Bombs
Malware executed under a given condition
MAC Address
A unique number that belongs to the NIC
Malware
software designed to secretly access your computer. Malware includes viruses, worms, Trojans, rootkits, spyware, ect.
Man in the middle Attack
An attack in which the hacker obtains information when it is being transmitted
Mandatory Access Controls
Set up controls
MD5
Hashes are numerical code that encrypts data.
Media Access Control (MAC)
A Unique identifier assigned to network interfaces for communciation on the physical network segment
NAT
Network Address Translation
netstat
a command line tool that displace network connections
networks
A collection of coputers
Non-repudiation
One party cannot deny having received a transaction or can they deny the other party having sent the transaction.
Operating System
Programs of data that runs on computers and manages the computer hardware and provides common services for efficient execution of various application software
Packet sniffers
intercept and log traffic passing over a network
Packet switching
a method that groups all transmitted da
Passive Scanning
War driving is an example of war driving
Passphrase
A sequence that makes sense to you and no one else
PAT
Port Address Translation (share 1 external IP)
payload
malware caused by a virus or other malicious code executed by the exploit on the target computer. It may move, alter, overwrite, delete file, or commit othe destructive activity.
Personal Identifiers
DOB, SSN, DL #, unique identifiers for people
PGP (Pretty Good Privacy)
Sottware for encryption
Phishing
The act of getting data by asking for it
Ports
a physical interface between a computer and other computers or device
Privledge Escalation
Coming into a network under a restriction and gaining higher priviledges
Public Key Encryption
Scrabbles the algorithm with RSA. It is a key
Public Key Infrastructure (PKI)
A set of hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
Rainbow Table
list of passwords up to a certain length
Redundancy
Saving the same information in multiple places
Risk Management
The identification, assesment, and priotitization of risks
Role Bases Access Controls (RBAC)
controls set up for user groups
Root Kits
Change the system software, making the attack invisible
Router
An electronic device that interconnects two or more computer networks
Safe Mode
Booting up a computer in a minimal amount of devices
Sandboxing
A security mechanism for separatingi running programs
script
Program language that allows control of one or more software application
SDK (software development kit)
Used to write software
Secure Sockets Layer (SSL)
cryptographic protolcol that provides secure communication
Sidejacking
An attack in which an attacker uses packet sniffing to read networking between two parties to steal the session cokies
SMS
Short Message Service
Social Engineering
Talking people into giving away information
Software
Collection of computer programs and related data that provides the instructions telling a computer what to do
Spam
Unwanted emails sent to solicated information indiscriminately
Spoofing
falsying network information
Spyware
A type of malware that can be installed on computers and collects little bits of information at a time about the users without their knowledge
SSID
The beacon broadcast by public service providers (a public establishment)
Standard Operating Procedures(SOP)
Establishes guidelines to follow
Symmetric key cipher
Can be hacked by brute force attacks. To make is safe, make it a long number. Good for stored information.
System Analysis
Solving a problem for business with IT
Telnet
A network protocol used on the internet
Threat Agents
Cause of the threat (attack)
Time Bombs
Malware triggered by a date
Time to Live (TTL)
packets is a limit on the period of time or number of iterations or transmissions in a computer and computer network technology that a unit of data (a packet) can experience before it should be discarded.
Tokens
A device that authorizes a user
Tracert (tracing route)
used to show the route taken by packets across an IP network.
Transmission Control Protocol (TCP)
corrects the errors and Internet Protocol (IP) finds the address
Trojans
malware, often sent through email/web links that offer attractive objects, then infect the computer with a virus (software)
Virtual Private Network
Made private by encryption (tunnel)
Virus
A self-copying program that overwrites storage
War Driving
Roaming around looking for vulnerable access points
Web browser
A software application fro retrieving, presenting, and traversing information resources on the world wide web
Web Server
Hardware or softear that helps to deliver content that can be accessed through the internet
Whalling
The target (phising) of a CISO
Wired Equivelent Privacy (WEP
an attempt to make a private network
Wireless Access Point (WAP)
A device that allows wired communication devices to connect to a wireless network using Wi-Fi.
Worm
Spreads across networks automatically
Zero-Day Exploit
Brand new, signiture of that has not been detected
Zombie
Takes remote control of a victim PC