Venue : BK7, Building FTMK.
Date : 21 - 10 -2009
Time : 9.00 a.m. – 10.50 a.m.
This week we were having the last lecture for this subject, and so this might be the last blog for lecture of this subject. Throughout this semester I have learnt a lot of new things about Internet Security, I’ll miss this subject, and all the memories can be found from the blogs which I have posted. As usual the lecture started at 9a.m. sharp. The last two topics that Mr. Zaki had covered were Intrusion Detection System and Legal And Ethical Issues In Computer Security.
The lecture began with the topic “Intruders”. The examples of intruders are significant issue hostile / unwanted trespass, user trespass and software trespass. The examples of intrusion are:
- remote root compromise
- web server defacement
- guessing / cracking passwords
- copying viewing sensitive data / databases
- running a packet sniffer
- distributing pirated software
- using an unsecured modem to access net
- impersonating a user to reset password
- using an unattended workstation
Intrusion Detection can be classified as Host-based and Network-based. Host-based IDS is to monitor single host activity; whereas Network-based IDS is to monitor the network traffic. The requirements of IDS are:
- run continually
- be fault tolerant
- resist subversion
- impose a minimal overhead on system
- configured according to system security policies
- adapt to changes in systems and users
- scale to monitor large numbers of systems
- provide graceful degradation of service
- allow dynamic reconfiguration
There are three types of Intrusion Detection Techniques, they are signature detection, anomaly detection and when potential detected sensor sends an alert and logs information. The next topic is SNORT, which is the lightweight IDS that is used for real time packet capture and rule analysis. The last topic for this chapter is Honeypot. It is the decoy system that emulates the entire networks.
So the lecture moved on to another chapter – “Legal and Ethical Issues in Computer Security”. What are the differences between law and ethics? They are shown in the table below:
| Law | Ethic |
|---|---|
| Formal, documented | Described by unwritten principles |
| Interpreted by courts | Interpreted by individuals |
| Established by legislature representing everyone | Presented by philosophers, religions, professional group |
| Applicable to everyone | Personal choice |
| Priority determined by courts if two laws conflict | Priority determined by individual if two principles conflict |
| Enforceable by police and courts | Self-practice |
Some examples for the ethics concept in Information Security are ethical differences across cultures, software license infringement, illicit use, misuse of corporate resources, ethics and education and deterrence to unethical and illegal behaviour (ignorance, accident and intent). The three ways protecting programs and data are trade secret, copyrights and patents. Although open-source software are free, they are protected by copyright protection also somehow. For example, one will be sued if he or she sells the copy of the open software.
The issues related to Information are information commerce, electronic publishing and database. On the other hand, employee and employers should know their rights in order to avoid the law problems. Some of the rights are ownership of a patent, ownership of a copyright, work for hire, licenses, trade secret protection and employment contracts. To examine a case for ethical issues, we can use the following methods:
- Understand the situation. Determine the issues involved.
- Know several theories of ethical reasoning
- List the ethical principles involved
- Determine which principles outweigh others.
The lecture ended at here. This was the last lecture for this semester, I’ll be missing this lecture subject in future… …^^
No comments:
Post a Comment