Вы находитесь на странице: 1из 3

Summary

Access Control • Access control matrix • Access control lists • Capabilities • Access policies
Access Control
• Access control matrix
• Access control lists
• Capabilities
• Access policies
– Discretionary Access
– Mandatory Access
– Identity based Policies
– Group based access control
– Protection rings
– Privileges based access
– Role based access
– Security label
• Multi-level policies
– Bell-LaPadula Model
• Security models - states

Buffer Overrun

• Buffer and Stack

• Overrunning a buffer

– Smashing a buffer

– Launching a buffer overrun attack

• Preventing buffer overrun

Authentication

• Password

– Problems with passwords

– Choosing good passwords

– Protecting passwords

• Salting

• Shadowing

• Encrypting

– One-time passwords

Access Control for Windows

• NTFS security

– Set ACLs up manually

– Set ACLs up by Visual .NET

– EFS

Malicious Code • Types of Malicious Code • How Do Viruses Work? • Classification of
Malicious Code
• Types of Malicious Code
• How Do Viruses Work?
• Classification of Viruses
– Boot sector infectors
– File Infector
– Encrypted Viruses
– Polymorphic Viruses
– Macro Viruses
– Scripting Viruses
– Trojan Horses
– Worms
– Bacteria
– Logic Bombs
• Formal Definition

Malicious Code

• Defence

• Detection

– Detection by Timestamp

– Signature scanning

– Vaccination

– Antibodies

Intrusion Detection • Principles • Basic Intrusion detection • Models – Anomaly Models – Misuse
Intrusion Detection
• Principles
• Basic Intrusion detection
• Models
– Anomaly Models
– Misuse Models
– Specification-Based Models
• Architecture
– Agent-based
• Intrusion response
– Containment of the attack
– Eradication of the attack
– Intrusion Detection and Isolation Protocol
• SNORT

Web System Security

• Threats against Apache

• Apache access control

• Securing Apache server

• IIS access control

Auditing

• Logging

• Anatomy of auditing

– logger, analyser, notifier

• Design of an audit system

– Syntactic issues

– Log sanitisation

• Types of logs

– Application, System, Security

• Windows auditing examples (Application, System, Security)

DOS and DDOS • What is a DoS attack? – CPU Starvation – Memory Starvation
DOS and DDOS
• What is a DoS attack?
– CPU Starvation
– Memory Starvation
– Network bandwidth starvation
• Examples of attacks
– Email Bombing Viruses
– Ping of Death
– CPU Starvation Attack
– TCP SYN Flooding
– Land attack
• Prevention
• DOS Countermeasure
– Using Client Puzzles
Computer Network User Auth Web Security Access Apache Control CGI Attacks: Defence: Buffer overrun DoS
Computer
Network
User
Auth
Web Security
Access
Apache
Control
CGI
Attacks:
Defence:
Buffer overrun
DoS & DDoS
Malicious Code
Sql injection
Phishing
Auditing
IDS
Client puzzle
Etc.

Database Security

• Introduction of SQL

• Database access control

• Statistical database security

• Multi-level database system security

Phishing

– Deceptive attacks

– Malware attacks

– DNS-based attacks

– Defence

• PwdHash

• Digital signature based defence

SQL Injection

– SQL manipulation

– Code injection

– Function call injection

– Buffer overflow attacks

– Defence