- 1 -

Information Security

- 2 -

Agenda

• A Brief History of Internet security• What is Security• What I worry about

- 3 -

The Internet

- 4 -

The Internet Worm Incident

• 2 November 1988• Used vulnerabilities in:

• Fingerd

• Sendmail

• ‘r’ commands• Cracked password• Consumed CPU• Aka. ‘The Morris Worm’

- 5 -

Firewalls

- 6 -

Intrusion Detection

- 7 -

DoS and DDoS

- 8 -

Code Red

- 9 -

Broadband

- 10 -

CyberWar and …

- 11 -

… CyberTerrorism

- 12 -

Spy Ware / Ad Ware

- 13 -

CyberCrime

- 14 -

The CIA Triad

ConfidentialitConfidentialityy

IntegritIntegrityy

AvailabiliAvailabilityty

The state of being secretThe state or quality of being entire or complete

Present and ready for use

The state of being secret

The state or quality of being entire or complete

Present and ready for use

= SecuritySecurity

- 15 -

A Definition

Security is a Methodology for Handling Threats to

Confidentiality, Integrity and Availability

- i.e. Risk Management

- 16 -

Things I Worry About

• Users• IT People• IT• Vendors• Nation-State conflict or Terrorists• Email and Web• Mobile Devices• Anyone who thinks that I am responsible for

Information Security

- 17 -

Further Reading

• Bruce Schneier• SANS Internet Storm Centre• SecurityFocus• Titan Rain• Jericho Forum