SECRETS & LIES DIGITAL SECURITY IN A NETWORKED WORLD Bruce Schneier Lanette Dowell November 25, 2009

Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Download PPTX Report

View
217
Download
0

Tags:

Embed Size (px)

Citation preview

Page 1: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

SECRETS & LIESDIGITAL SECURITY IN A NETWORKED

WORLD

Bruce Schneier

Lanette DowellNovember 25, 2009

Introduction

“It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics” – Bruce Schneier in Applied Cryptography 1996

Security is a chainIt's only as secure as the weakest link.

Security is a process, not a product.

Page 3: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 1: The Landscape

Who are the attackers? What do they want? What do we need to deal with threats?

Page 4: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 1: The Landscape

Real life vs Digital World Criminal Attacks

“How can I acquire the maximum financial return by attacking the system?”

Privacy Violations Publicity Attacks Legal Attacks

Page 5: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 1: The Landscape

Who are the bad guys?HackersCriminals / Organized CrimeInsidersIndustrial EspionagePressTerroristsNational Intelligent OrganizationsInfowarriors

Page 6: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 1: The Landscape

What do we need?PrivacyMultilevel securityAnonymityAuthenticationIntegrity

Page 7: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Examples of security technologies and their limitations

Cryptography

Page 8: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Identification and AuthenticationPasswordsBiometricsAccess Tokens

Page 9: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Networked-Computer SecurityMalicious Software

○ Viruses○ Worms○ Trojan Horses

Websites○ URL hacking○ Cookies

Etc…

Page 10: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Network DefencesFirewallsDMZ (Demilitarized Zones)VPN (Virtual Private Networks)Honey Pots and Burglar ZonesVulnerability ScannersEmail Security

Page 11: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Software ReliabilityFaulty codeBuffer overflows“Computers are stupid”

Secure HardwarePutting a $100K lock on a cardboard house

Page 12: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 2: Technologies

Human FactorSocial engineeringRisksInsiders

Page 13: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 3: Strategies

Given the requirements of landscape, and the limitations of the technology, what do we do now?

Page 14: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 3: Strategies

Threat Modeling and Risk AssessmentAttack Trees

Product testingVerification

More software complexity = more security risks (next slide, Windows…)

Page 15: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Part 3: Strategies

Lines of code in Windows: Windows 3.1: 3 million Windows NT: 4 million Windows 95: 15 million Windows NT 4.0: 16.5 million Windows 98: 18 million Windows 2000: 35-60 million

Page 16: Bruce Schneier Lanette Dowell November 25, 2009. Introduction “It is insufficient to protect ourselves with laws; we need to protect ourselves with

Conclusion

Computer bugs, vulnerabilities.Should they be published publically?

Work towards stronger software and hardware

Lanette Sessink , Vice President for Student Development Dr. Peggy Oldham,

Documents

ACCUPLACER - Camosun Collegecamosun.ca/services/assessment-centre/documents/english-sample... · We can protect ourselves during an earthquake. C. Walls can come down during earthquakes

Documents

IDENTITY THEFT EPIDEMIC How can we protect ourselves

Documents

How Can We Protect Ourselves from Natural Disasters?hirakatanow.com/wp-content/uploads/2014/12/disaster-prevention-m… · control in natural disasters1. Furthermore, Kenkyusha’s

Documents

IDENTITY THEFT EPIDEMIC How We Can Protect Ourselves

Documents

Stride Toward Freedom Necessary to Protect Ourselves …leighanneclay2014.weebly.com/uploads/1/3/1/5/13153270/u6_stride... · from Stride Toward Freedom ... the streets of Harlem

Documents

‘Fall’ Hazards - Home | Occupational Safety and Health ... · PDF fileSECTION #1 | Participant Guide 2 “Fall” Hazards How Can We Protect Ourselves From Falls? OSHA says that

Documents

Freezing to Death Frostbite and Hypothermia. Cold injuries result from our inability to properly protect ourselves from the environment. Cold injuries

Documents

Cosmic Awareness 2009-08: How To Protect Ourselves From HAARP Energies (Our Original 12 Strands Of

Documents

Introduction There are many ways we protect ourselves from pathogens. The majority of these ways are preventative (or proactive) measures which thwart

Documents

॥అమృతసిదిధ్యోగ-దేవీ-పారాయణమ॥ · 2020. 6. 10. · us about this via shastram. They have shown the way to protect ourselves for times

Documents

How Can We Protect Ourselves from Natural Disasters? · disaster prevention are established from national level to local level. ... disasters by Fire and Disaster Management Agency

Documents

Certificado de Análisis Crema Lanette - GUINAMA ... · Certificado de Análisis CÓDIGO ARTÍCULO: LOTE: ANÁLISIS: RESULTADOS Crema Lanette QC-00160526 MIN MAX 0047933 MÉTODO 2804

Documents

1 “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.” ---Bruce Schneier in ‘Applied Cryptography’, pp xx

Documents

€¦ · Web view: How do we protect ourselves from germs (taking care of our amazing body)

Documents

INNING - Oakland Athleticsoakland.athletics.mlb.com/oak/downloads/y2014/sciencegame_grade3-5.pdf · 3Rd INNING: baseball is a game of sEnsEs. Our 5 senses allow us to protect ourselves

Documents

A Road Construction Industry Flagger What Should Flaggers ... · How Can We Protect Ourselves? The best way to protect ourselves is to be visible and to wear protective clothing

Documents

Beware of stings Protect ourselves from vector-borne diseases · VECTORS AND VECTOR-BORNE DISEASES Beware of stings - Protect ourselves from vector-borne diseases Vectors are small

Documents

Na groot succes met Koningsdag zal LANETTE Institute …

Documents

How Can We Protect Ourselves from Natural Disasters?

Documents

“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.” Bruce Schneier

Documents

10618 Glenwood Drive • Surrey Lanette Salisbury · 10618 Glenwood Drive • Surrey Please contact Lanette Salisbury, 604-825-2085, for specifications. This communication is not

Documents

GRP Elementary School POWER POINT PRESENTATION The ... · Elementary School POWER POINT PRESENTATION The following presentation is designed for ... to protect ourselves in case of

Documents

The Good Newsletter - stthomasuccbeth.comstthomasuccbeth.com/files/124491412.pdf · can do to stay cool and to protect ourselves from ... Walter Frey, Annabel Huth, ... a tablet and

Documents

Normally I travel round to do my Christmas shopping. This …...shopping locally. WE CAN STILL ENJOY A SAFE CHRISTMAS. JUST DIFFERENTLY. Protect Ourselves. PROTECT OTHERS. Protect

Documents

MODULE 8: How We Protect Ourselves Through Our Group TOOLS Child Protection Drama Protection Pathways Analyzing and Preventing Risks This module helps

Documents

Fighting the Fear: Plagiarism as an Expression of Technophobia Lanette Cadle Missouri State University

Documents

PowerPoint Presentation · 2020-06-18 · PROTECT YOURSELF AND OTHERS Other than not touching your face and washing hands with soap regularly, wearing masks not only protect ourselves,

Documents

Catholic Community / Comunidad Católica · 2020. 7. 31. · Conversely our culture invites us to guard possessions, protect ourselves, and hold grudges. •Our great rationalization:

Documents

WE PROTECT OURSELVES AND OTHERS FROM CORONA VIRUS - WE … · 2020-06-30 · WE PROTECT OURSELVES AND OTHERS FROM CORONA VIRUS - WE STAY RESPONSIBLE! Passengers shall not travel if

Documents