Professional Documents
Culture Documents
Introduccion A La Seguridad
Introduccion A La Seguridad
Introduccion A La Seguridad
Information Security
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 1
Information Security:
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 2
Information Security:
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 3
Information Security:
Principles and Management
Notas:
376 bytes
of code
within a
single
packet
moving
through
UDP port
1434
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 4
Information Security:
Principles and Management
Worldwide Security Incidents
(www.cert.org)
140000
120000
100000
137,529 incidents of high
80000 severity reported in 2003
60000
40000
20000
0
1988 1991 1994 1997 2000 2003
Notas:
•3
•3
•3
•3
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 5
Information Security:
Principles and Management
•3
•3
•3
•3
•3
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 6
Information Security:
Principles and Management
Notas:
• Criptografía,
– Firmas digitales,
– XML- DSig, XML-Enc…
• Técnicas biométricas,
• Firewalls,
• IDS,
• Honeypots
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 7
Information Security:
Principles and Management
Security Principles
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 8
Information Security:
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 9
Information Security:
Principles and Management
Two alternative visions for information
security
• Auditor,
– The classical “Doctor No”,
• Technology,
– “FX”,
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 10
Information Security:
Principles and Management
MAIN SHAPES:
MINUTIAE:
SOURCE: C3i
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 11
Information Security:
Principles and Management
Information Security for Technologists (..)
SOURCE: IDEX
Notas:
Daño
causado
Alto
daño 5
1
Poco
daño 4 Chance
de ser
Poco Muy atacado
factible posible
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 12
Information Security:
Principles and Management
PINes y vulnerabilidades
yes/no
Tomado de “Decimalisation table attacks for PIN cracking” Mike Bond et al.
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 13
Information Security:
Principles and Management
Firth of Forth bridge
(construido en 1890)
Notas:
Tomado de http://www.civeng.carleton.ca/Exhibits/Tacoma_Narrows/
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 14
Information Security:
Principles and Management
El ciclo de desarrollo de software
(super-simplificado)
Construir
Probar
“Ad Nauseum”
Arreglar
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 15
Information Security:
Principles and Management
Detalles de Implementación
(buffer overflows)
Notas:
Code Red
(a typical buffer overflow attack)
GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u68
58%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u819
0%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 16
Information Security:
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 17
Information Security:
Principles and Management
Notas:
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 18
Information Security:
Principles and Management
Course Contents
Notas:
Q&A
Notas:
Copyright CyberTech de Colombia, 2002-2009 Pág. 19