Introduction to Computer and Network Security

In addition to the material we have covered in class, there are a number of incident response components that transcend the abstract process we have outlined. These references speak to some of these details:

Sensitive Datahttps://wiki.internet2.edu/confluence/display/secguide/Confidential+Data+Handling+Blueprint 

PCI-DSS

https://www.pcisecuritystandards.org/

Data Incident Notification

https://wiki.internet2.edu/confluence/display/secguide/Data+Incident+Notification+Toolkit

Responding to Lega Requests

https://wiki.internet2.edu/confluence/display/secguide/Protocol+for+Law+Enforcement+Requests

Security Architectures

https://wiki.internet2.edu/confluence/display/secguide/Security+Architecture+and+Models

Below are some links that should help to clarify the material we discussed in class today.

Session Hijacking is well explained here:

http://staff.washington.edu/dittrich/talks/qsm-sec/script.html

An explanation of why keeping up TCP/IP skills matters is presented below:

http://www.securityfocus.com/infocus/1779

In terms of ARP spoofing and related attacks, two tools that excel at this are:

http://ettercap.sourceforge.net/ 

http://monkey.org/~dugsong/dsniff/ 

In class we will cover both hardening Linux/Unix systems and Windows systems. Many of the tasks are similar for each system, but with different implementations.

Make sure to take a look at the NSA security configuration guides at:
http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1

We will go over relevant components of these in class on Tuesday. Note that hardening refers to a combination of approaches improving the security at different layers. Primarily we will focus on the necessary configurations to improve the security of an infrastructure, and then move to the active defense, response and reaction tools and processes.

For specific implementations it is also worth looking at:

http://www.ibm.com/developerworks/linux/library/l-seclnx3/

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

http://www.bastille-linux.org/

http://www.nsa.gov/selinux/

Recall from the Policy lecture that we reviewed the policy structure of the University. Specifically it referenced a number of laws that we alluded to, but didn’t investigate.

http://www.massachusetts.edu/SecurityAwareness/datasecuritylaws.html

A good resource for computer policy and law for Universities is ICPL Recommended Links.

For federal law, the Department of Justice maintains a good reference at: http://www.cybercrime.gov/cclaws.html

However, more interesting is material aimed at prosecutors working in the field. We will review this in class:

http://www.cybercrime.gov/ccmanual/index.html

For a reasonable summary on Information Security law, it is worth looking at the security focus four part series:

Part 1, Part 2, Part 3, Part 4.

To find the actual text of US Federal Law, a helpful resource is THOMAS.

Note that all the above references federal law. There is also an extensive body of state law concerning information security. A good reference on state law for Massachusetts is available from http://www.lawlib.state.ma.us/ . We will review a small amount of the state material, but the focus will be on federal law. Recall that the protections afforded under state law vary greatly.

The following are references to the materials that were presented in class last Thursday. We will go over these again in class on Tuesday.

Recall that we started with the definitions of risk at:

http://www.answers.com/risk?cat=biz-fin&gwp=13

Please ensure that you review the sections that we reviewed in class. Remember that this material is targeted for Information Security Managers in federal government.

Information Security Risk Assessment GAO Practices of Leading …

Other things worth looking at to provide further background include:

OCTAVE® Information Security Risk Evaluation

Also compare information security practices at other institutions of higher education

Information Technology Risk Management