Review/Study for Quiz 1. RFC 2196 1.5 1-5 Basic Approach to developing a Security Plan for your site. Remember also that your reputation is one of your major assets. Litigation for being the source of DoS attacks may come to be also. 1.6 cost effective countermeasures and risk from insiders The three legs of computer security: Availability Confidentiality Integrity 1.6.2 Assets 1.6.3 Threats 2. Security Policies Why do vendors load all programs and servers? and why does this go against all security practices? (Remember that services are the attack point) Be able to give 5 real world examples of a good AUP. (concerning end users) What makes a good security policy? 2.2 Security of the Internet http://www.cert.org/encyc_article/tocencyc.html probe scan account compromise root compromise packet sniffer Denial of Service (DoS) Malicious Code Infrastructure Attacks Poor Passwords well known vulnerabilities automated attacks New systems most likely to be breached Fundamentally insecure infrastructure breakins often occur the same minute that a new system is connected to net Security Policy Recommended practices STOP at the SECURITY TECHNOLOGY section Lecture: Anonymous Enumeration, be able to explain what it is. trojan horse morris worm boot sector virus polymorphic virus Best Practices minimal installs anti-virus up to date keeping up-to-date and patching your systems disallow personal software Standard configurations - checklist Physical security, lock, BIOS password, boot order, locked doors Services should ONLY be provided under professional supervision firewalls Data Ownership Classifications CSC250: Quiz 1 Review Sheet