Computers and Security by Calder Jones What is Computer Security Computer Security is the protection of computing systems and the data that they store or access Early history s Development of the Tempest Security Standard Organization of the U.S. Communications Security Board 1960s 1967 Spring Joint Computer Conference First comprehensive computer security presentation 1967 Defense Advanced Research Projects Agency (DARPA) established History 1970 Tiger Teams 1973 Robert Metcalfe warns the ARPANET working group that it is far too easy to gain access to the network 1977 Abraham A. Ribicoff introduces the federal computer systems protection act which defines computer crimes and recommends penalties for them Condensed History 1983 The Orange Book 1986 The first pc virus The Brain is created 1988 Morris Worm crashes 600 of the 60,000 computer linked to the internet Robert Tappan Morris is the first person convicted by a jury under the Computer Fraud and Abuse Act Condensed History 1996 hackers find web tools that allow them to take remote control of computers on the internet 2000 new computer worms spread across the internet Condensed History Present Day Many new viruses and malware appear as the internet explodes in popularity New exploits found in smartphones Security researchers publish a guide to hacking automobiles Problems Finding new ways to secure a system encourages hackers to find new ways to break in Goals of hackers STRIDE Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of Privilege Spoofing Attempting to gain access to a system by using a false identity CounterMeasures Use strong authentication Do not store secrets (i.e. passwords) in plain text Tampering Unauthorized modification of data CounterMeasures Use data hashing and signing Use digital signatures Use strong authorization Use tamper-resistant protocols across communication links Repudiation The ability of users to deny that they performed specific actions or transactions. CounterMeasure Create secure audit trails Use digital signatures Information disclosure Unwanted exposure of private data. CounterMeasures Use strong authorization Use Strong encryption Secure communication links with protocols that provide message confidentiality Denial of service The process of making a system or application unavailable CounterMeasures Use resource and bandwidth throttling techniques Validate and filter input Elevation of privilege When a user with limited privileges assumes the identity of a privileged user to gain privileged access to an application CounterMeasures Follow the principle of least privilege Current and Future issues Hackers gain more avenues for entry the more we become connected with technology (i.e. homes,cars,personal devices) Keeping the Cloud secure Sources "Chapter 2 Threats and Countermeasures." Threats and Countermeasures. Microsoft, n.d. Web. 31 Jan "Computer Security Threats: A Brief History - Power More." Power More Computer Security Threats A Brief History Comments. N.p., 28 Aug Web. 31 Jan Gasser, Morrie. Building a Secure Computer System. New York: Van Nostrand Reinhold, Web. Hirose, Shoichi. "Security Analysis of DRBG Using HMAC in NIST SP " Information Security Applications Lecture Notes in Computer Science (n.d.): Web. "Timeline: The U.S. Government and Cybersecurity." Washington Post. The Washington Post, n.d. Web. 31 Jan