Tom Kelliher, CS 325
Sept. 2, 2011
Perl resources pointed to on class Web site.
2.1-2.4 will be assigned once we finish our Perl introduction.
Write and run a small, standalone Perl program on phoenix, to familiarize
yourself a bit with Perl and re-familiarize yourself with phoenix.
Example: a program that sorts at most 10 numbers read from the keyboard or
from a file.
- Introduction, continued.
Cryptography, Perl CGI and file I/O.
- Prevent. Block attack (firewall) or close vulnerability (load new
- Deter. Make attack harder (use weak encryption).
- Deflect. Make another target more attractive (honeypot).
- Detect. At time of attack or later (intrusion detection).
- Recover. From the attack (backups).
How do these relate to defense mechanisms?
- Encryption. Basic tool. Clear text; cipher text.
- Software controls:
- Internal security controls. Authentication and views within a
DBMS. Apache global and local controls.
- Operating system and network controls. Traditional authentication
and access measures. SE Linux. TCP wrappers.
- Independent control programs. John the Ripper, TripWire,
- Development controls. Software design standards and
- Hardware controls.
- Hardware encryption engines.
- Smart cards for authentication; biometrics.
- Locks and chains.
- Firewalls, bandwidth regulation systems, intrusion detection
systems, network partitioning.
Policies for programmers, administrators, and users.
- Physical controls.
Controlled access to computing systems.
- Awareness of the problem.
- Likelihood of Use.
Principle of effectiveness.
- Overlapping controls.
- Periodic review.
Principle of weakest link.
- Do you currently use any computer security control measures? If so,
what? Against what attacks are you trying to protect?
- When you say that software is of high quality, what do you mean? How
does security fit into your definition of quality? Can an application be
insecure and still be good?
- Cite a recent report of a security failure that exemplifies one or
more of the principles we've discussed: easiest penetration, adequate
protection, effectiveness, weakest link.
Thomas P. Kelliher