程序辅导案例 > Program >

代写接单- COMPSCI4062/COMPSCI5063 Cyber Security Fundamentals

欢迎使用51辅导，51作业君孵化低价透明的学长辅导平台，服务保持优质，平均费用压低50%以上！ 51fudao.top

COMPSCI4062/COMPSCI5063 Cyber Security Fundamentals

(CSF)

HOUSE KEEPING AND GROUND RULES

Course Aims

• Course Spec: https://www.gla.ac.uk/coursecatalogue/course/?code=COMPSCI4062

• https://www.gla.ac.uk/coursecatalogue/course/?code=COMPSCI5063

• To provide an overview of Cyber Security, providing broad coverage.

• Explain cyber security fundamentals concepts including Ethical hacking, Digital Forensics and Penetration testing;

• Explain a number of different security protocols;

• Evaluate an existing or proposed system in terms of potential vulnerabilities and recommend the most appropriate security solution to apply in a number of different scenarios;

• Summarise the key vulnerabilities, threats, and attacks with regards to network security and explain approaches to mitigate these issues;

• Implement an aspect of cyber security;

Communications

• Use Moodle Discussion Forum for general questions

• Use Lab Assistants about coding during labs

• Use Moodle Coursework Questions forum for

questions about coursework

• Help each other through “peer support”

• Do not DM or email the course coordinators or the

lab assistants

Unless

• You have a problem that will affect your performance ØPlease find our Office hours on Moodle page

How To Do Well

Ø Attend all the classes and do the small exercises and quizzes.

ü Learn as you go

ü It is too difficult to try and learn the course just before

the exam.

Ø Don’t spent too much time on the assessed exercises for this and other courses trying to get an A.

ü Most marks are in the exam.

ü You do well in the exam by learning the course as you go.

Code of conduct

– Pleaseraiseyourhandsifyouwouldliketoask a question

– Wewillalltreateachotherwithrespectand dignity. Bullying and harassment will not be tolerated.

Schedules

• Lectures Weeks 1-10

• Tutorials

Weeks 2-6 and Week 10

• Lab Sessions Weeks 7-9

*Please check Moodle page for details.

Assessments - COMPSCI5063

• In class Quizzes (10%) (L2-L6)

• Lab report (10%)

• Written Assignment (20%) ?? • Individual Exam (60%)

Deadlines

Quizzes open for 24 hours until 1pm on the next day of the lecture

Due at 4pm 17th March

During April/May

Assessments - COMPSCI4062

• In class Quizzes (10%) (L2-L6)

• Lab report (10%)

• Individual Exam (80%)

Deadlines

Quizzes open for 24 hours until 1pm on the next day of the lecture

Lab report with code in it. Due at 4pm 17th March

During April/May

Plagiarism and Cheating

• If you copy someone else code without contribution and present it as your own work this is plagiarism

• If you cheat on the lab report, your individual coursework mark will be set to 0 (i.e. you automatically lose 20% (for COMPSCI4062) /40% (COMPSCI5063) of your course mark)

INTRO TO CYBER SECURITY

Name some cyber attacks

Phishing attacks

Ransomware

Malware Attacks

Insider Threats

Weak Passwords

Trade secrets and insider data theft

Sensitive data leaks and breaches

Question?

How many cyber attacks are there a day? Please Join at slido.com with #1127946

High-level plan for secure system

Systematic thought is required for successful defense

ØGoal: Protect assets

Øonly legible entity/authorized users could receive a

file or use the system

ØAspects of Cyber Security (asset protection)

ü Confidentiality, Integrity, Availability, Authenticity, Accountability, Non-repudiation

ØThreat model: assumptions about what the attacker can do

ü e.g., can guess the password, cannot physically steal our server

High-level plan for secure system

Systematic thought is required for successful defense

ØPolicy: Some plan (rules) that will get your system to achieve the goal

ü e.g., set permissions on a file so it’s only readable by Alice

ü Policy must include human components (e.g., do not share passwords)

ØMechanism: Software/hardware that your system uses to enforces policy

ü user accounts, passwords, encryption

ØOften layered: mechanism of one layer is policy of next

level down

Why need Cyber Security?

ØTo protect vAssets

• Assets are things that need protection and are usually digital, such as files.

vSome assets, such as keys and passwords, are important for cyber security but are not stored as files.

ØAspects of Cyber Security (asset protection):

ü Confidentiality, Integrity, Availability, Authenticity, Accountability, Non-repudiation

Confidentiality

• The protection of information in the system so that an unauthorized person cannot access it

• This implies an access control mechanism.

– Users must be identified.

– Users are then authenticated.

– Users are then authorised to access various assets. The access can be controlled, for example, with read, write and execute permissions.

Confidentiality

• Privacy is the confidentiality of personal information.

• Examples

– Using a password to control access. – Encrypting files

Integrity

• Ensure nothing is lost or deleted. – Either accidentally or deliberately.

• Make sure nothing is changed. • Examples.

– Use a message digest to detect if a file has been changed.

– Use a public key certificate for network communications.

Availability

• Have capacity to meet demands.

• Resources are allocated fairly.

• Fault tolerance and recovery from failure.

• Examples

– Protect against denial of service attacks.

Authenticity

• The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

• It validates the source or origin of data and other file transfers through proof of identity

– This ensures that the message (email, payment transaction, digital file, etc.) was not corrupted or intercepted during transmission

Accountability

• Accountability

– a crucial element of Building Integrity (BI) initiatives and one of the key principles of Good Governance. A responsible, responsive, and democratic security sector cannot be conceived without accountable personnel, institutions, and procedures.

– an essential part of an information security plan

– Pointed towards who is responsible for each cyber role in an organization

Non- repudiation

• Non-repudiation

– The author / owner of a document cannot say it was

not them.

– Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.

– Non-repudiation provides evidence of data's origin, authenticity, and integrity

– Digital file is properly tracked and users’ action are logged

Case study

• What aspects of security does Gmail

•

Non-repudiation Can you give other examples?

have?

Availability Integrity

Confidentiality Accountability

Threats

• Whatareweprotectingassetsfrom?Threats

• Different types of asset security are subjects to

– A threat against confidentiality will be different from a threat against availability.

• When protecting an asset, we need to consider all possible threats.

• There are many different techniques to make sure we have considered all threats.

– Standard lists of threats.

– Standard techniques for dealing with them.

different threats.

Vulnerabilities

• Different ways of protecting assets lead to different vulnerabilities.

• We can check the security of a system in two different ways.

– From the viewpoint of an attacker. What are the attackers goals? How can they achieve them?

– From the viewpoint of the defender. What are the system’s vulnerabilities?

• All the vulnerabilities collected together are called the attack surface.

– As a defender, we want to reduce the attack surface.

Protection and Risk

• Protecting our assets from threats leads to a discussion of risks.

– Protection has a costs.

– The value of an asset might be less than the cost of

protecting it.

– Some forms of protection may be cheaper than others.

• Risks involve the probability of something happening, together with the effect of the attack succeeding.

Technical Solutions are Essential

• Unbreakable encryption to keep secrets and ensure data is not changed.

– The algorithm can’t be broken without the key.

– Keys must be kept secret.

• Digital signatures to allow legally enforceable contracts.

– So that signatures can’t be forged.

• Secure message digests to provide document fingerprints

without revealing the document content.

– So that two different documents can’t have the same message digest.

• Secure protocols to make sure the basic building blocks of encryption signatures and message digests are used correctly.

– So that it is not possible to bypass the use of a key.

... but Not Enough

• People!

• Users may not comply with security policies.

• Organizations may develop policies that users find very difficult to use.

• Developers may not adhere to security guidelines when building systems.

• Regulatory bodies may not provide appropriate policies and rules and then may not enforce them.

• Need to consider socio-technical systems.

– Consider people as well as the technical aspects of any system.

Questions

1. Explain, with examples, how a system that uses all the best encryption techniques can still be insecure.

2. Explain , with examples, the terms Confidentiality, Integrity and Availability (CIA).

3. Explain with examples how security problems can arise in hardware, software, networks, personnel, site and organization.

• WhatCIAaspectsareaffectedbyeachofyourexamples

4. What is Security Engineering and how is it similar to / different from Software Engineering?

Knowledge survey

• Please vote at Slido.com with the code #2219123

– Do you have experience of using objective- oriented Programming languages, e.g., Java, Python, C++?

– Do you know seven-layer OSI model of computer networking?