Intro to Info Security
Intro to Info Security CS 4235
Popular in Course
verified elite notetaker
Popular in ComputerScienence
This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 4235 at Georgia Institute of Technology - Main Campus taught by Staff in Fall. Since its upload, it has received 8 views. For similar materials see /class/234156/cs-4235-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.
Reviews for Intro to Info Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/02/15
NEXT G EN ERATION N ETVlORKS 2 Causes amp Effects of the Converging Network Trend From the Policy Perspective u I Presented by Corrie Navarro Jennifer Stoll November 21 2005 Jeff Watson Omari Worthy NGN Definition and Description Trend Driver I Technological Developments Trend Driver II US Laws amp International Actors Implications for Information Security Implications for User Privacy Security Frameworks Definition amp Description Trend Driver II Laws amp Int l Actors 0 I Trend Driver I Technological Information Security amp User Privacy Development Suggested Security Frameworks An Always On and always connecteplworld 39W39Irel ss Acc f39 Amss Y quot39Gatewa Media39 Galewa V gt R IS qlAirpcr a ampus Wm 1 s 9 Telema jcs Q Q High speeg mamam Generalized Consistent 8 mobility Ubiquitous Access Definition amp Description Trend Driver II Laws amp Int l Actors n Trend Driver I Technological Information Security amp User Privacy Development Suggested Security Frameworks Enabled by technology existing nets are being converged into an IP environment 5 both fixed and wureles quot1an m e services elwark mmsuum using mulliple networks u Evegmliev Access Transrmn a sw chinn Netwnrks De nilion Blt Description r D ver H 7 Laws amp Inf Actors Descrlptlon Trenanverered1m ogwca mmaaon 3mm User anao Deve opment suggested Seme Frameworks Contrib f 39 chnological gtgt New Mottomils air ow is fzyo ic ig gtgt 1 Trend oDefinition amp Description oTrend Driver II Laws amp Int l Actors Trend Driver I Technological Information Security amp User Privacy Drlver I Development Suggested Security Frameworks Health Ins Portability amp Accountability Act 1996 NGN Trend Driver II Homeland Security Act 2002 Sarbanes Oxley Act 2002 x US Patriot Act 2001 Complian c Trend Driver II Laws amp Int l Actors Information Security amp User Privacy Suggested Security Frameworks Definition amp Description Trend DriverI Technological Development Contributin we I G Working Group on Internet Governance N G N Trend oDefinition amp Description oTrend Driver II Laws amp Int39l Actors oTrend Driver I Technological oInformation Security amp User Privacy Drlver I I Development Suggested Security Frameworks IMPLi for Informtio gt Comparison to PSTN network gt Technical threats gt Eavesdropping gt Hacking gt Denial of service gt Service fraud Information Definition amp Description Trend Driver II Laws amp Int l Actors Trend Driver I Technological Information Security amp User Privacy security Development Suggested Security Frameworks IMPLi for Individal gt Openness of network nomadicity gt Inadequate protection from legislation gt Lack of consensus on NGN policy Definition amp Description Trend Driver II Laws amp Int l Actors user Prlvacy Trend Driver I Technological Information Security amp User Privacy Development Suggested Security Frameworks neszr on Corruptlon Remova Data Integrity Discrasure Nomepudian on interfupnon Communication Security o c a z m g 2 u E m g i ult u lt I frastruct eSenurity m1 Usersecumy ControlSignallng secunry a Security Dimensions anagememsecuriiy Definition amp Description Trend Driver 11 Laws amp Int l Actors Trend Driver I Technological Information Security amp User Hivacy Development Suggested Security Frameworks Security Solution SECUR I USCVerisign De nmon amp Descnpuon Trend mar 11 7 Law amp 1m Actors Trend Dnver I r Techno ogwca 1 nformanon secumy amp User Prwacy Deve opment Suggested Security Frameworks Security Solution Closing gt NGNs are expected to bring sweeping changes gt NGNs are being driven by technologies brought about by user demand gt Policy is playing an enormous role in shaping NGNs gt Pressure from outside of the US pushing the trend gt NGNs magnify existing information security problems gt More work is needed to define and Definition amp Description Trend Driver II Laws amp Int l Actors co n n Trend Driver I Technological Information Security amp User Privacy Development Suggested Security Frameworks SQL Injection Database Security Matt Collins Tony Brown Seth Levy Jason Wallace April 25 2005 Outline Background of SQL Injection Techniques and Examples Preventing SQL Injection Demo Background of SQL Injection Databases Where are they now Fat Server Fat Client Fat Server amp Fat Client Mainframes X Desktop Apps X Web Apps X Why is SQL a standard Relational Database Loose Platform Independence Runtime Interpretation Semantics Flexibility Vulnerability Simple Injection Decoding Error Messages Blind Injection Encoding Exploits Stored Procedures c Programmer Error xx Faulty Logic K SQL Injection Techniques Example Database Schema Table Users Has columns username and password Accessed when users log in Table Customers Has column phone Users can look up other customer phone numbers by name Application does no input validation J Returning Extra Rows with union Query select phone from customers where astname name Input x union select username from users where x x Modifying Records Application has password changing page SQL update users set password newpassword where username username Input newpassword where username like admin MS SQL Server Setup SQL Server with default settings Default system admin account sa enabled No password Supports multiple queries Extended stored procedures CC DLL files Readwrite external files Access command line Exploiting SQL Server Use phone lookup query again select phone from customers where astname name Input Iquot I exec masterxpcmdshel IIsreset Preventing SQL Injection Preventing SQL Injection Input Validation Input Checking Functions Access Rights User Permissions Variable Placeholders Stored Procedures Input Validation Checks Type Size Format Range Replace quotation marks All input is wrong and dangerous Input Checking Functions Built in character rejection Sql SELECT FROM Users WHERE ID III sql SELECT FROM Users WHERE ID mysqlrealescapestringGET id result mysqlquerysql Access Rights Web User vs System Administrator sa User Permissions Limit query access rights SELECT UPDATE DROP Restricted statement access Globalspecific Databasespecific Tablespecific Variable Placeholders Defense from String Concatenation Enforcing database data types Stored Procedures Use error checking variables Buffer direct database access Demonstration Conclusions SQL Injection continues to evolve with new technologies Dangerous Effects Access to critical information Updating data not meant to be updated Exploiting DBMS to directly affect the server and its resources Prevention of SQL Injection Input Validation and Query Building Permissions and Access Rights Variable Placeholders Prepare Stored Procedures