CEG 429: Internet Security Last Lecture Prabhaker Mateti

CEG 429: Internet SecurityCEG 429: Internet SecurityLast LectureLast Lecture

Prabhaker MatetiPrabhaker Mateti

Internet GrowthInternet Growth

MatetiMateti WSU CEG 429/Last LectureWSU CEG 429/Last Lecture 22

Internet host countInternet host count

19811981 213 213

19861986 5,089 5,089

19981998 29,670,000 29,670,000

20002000 93,047,785 93,047,785

20052005 317,646,084317,646,084

20102010 768,913,036768,913,036

20112011 818,374,269818,374,269source: www.isc.orgsource: www.isc.org

33WSU CEG 429/Last LectureWSU CEG 429/Last LectureMatetiMateti


‘‘Computers’?Computers’?

Define `Computer’ System!Define `Computer’ System!Main framesMain framesPCsPCsSmart PhonesSmart PhonesEmbedded systemsEmbedded systemsUsage without Internet?Usage without Internet?


Facts about data theftFacts about data theft

More than 12,000 laptops lost per week in More than 12,000 laptops lost per week in US airports alone;US airports alone;

One laptop is stolen every 53 seconds;One laptop is stolen every 53 seconds; Viruses cost US businesses $55 billion Viruses cost US businesses $55 billion

annually; andannually; and 25% of all PC users suffer from data loss 25% of all PC users suffer from data loss

each year.each year. Source: Source: http://www.technewsworld.com/

01/20/201001/20/201066WSU CEG 429/Last LectureWSU CEG 429/Last LectureMatetiMateti

Top N ListsTop N Lists


Top Ten Web Sites in SecurityTop Ten Web Sites in Security1. www.cert.org/ US funded. Provides cyber alerts, defense and / US funded. Provides cyber alerts, defense and

response to government agencies and industry partners. response to government agencies and industry partners. 2. www.infosyssec.org/ security portal with many tutorials. / security portal with many tutorials. 3. www.phrack.org/ in-depth technical articles on exploits./ in-depth technical articles on exploits.4. defcon.org/ Oldest and one of the largest hacker conventions./ Oldest and one of the largest hacker conventions.5. www.securityfocus.com/ Hosts BUGTRAQ. white-hat site. / Hosts BUGTRAQ. white-hat site. 6. www.packetstormsecurity.org/ security portal. security tools and security portal. security tools and

exploits. exploits. 7. www.schneier.com/ Security blog focused on crypto. Security blog focused on crypto.8. www.infowar.com/ takes a broader view of security and has takes a broader view of security and has

articles about how countries can get affected. articles about how countries can get affected. 9. www.undergroundnews.com/ “… does not restrict or censor”/ “… does not restrict or censor”10. www.microsoft.com/technet/security/default.mspx


Links to OthersLinks to Others

googleonlinesecurity.blogspot.com/2009/06/top-10-malware-sites.html

www.techsupportalert.com/www.techsupportalert.com/best_computer_security_sites.htm best_computer_security_sites.htm

20 useful IT security Web sites informationsecurityhq.com/10-top-website

s-for-information-security/www.secureroot.com/topsites/


Top Internet Security VulnerabilitiesTop Internet Security Vulnerabilities Top Vulnerabilities in Windows SystemsTop Vulnerabilities in Windows Systems

W1. Windows Services W2. Internet Explorer W3. Windows Libraries W4. Microsoft Office and Outlook Express W5. Windows Configuration Weaknesses

Top Vulnerabilities in Cross-Platform ApplicationsTop Vulnerabilities in Cross-Platform Applications C1. Backup Software C2. Anti-virus Software C3. PHP-based Applications C4. Database Software C5. File Sharing Applications C6. DNS Software C7. Media Players C8. Instant Messaging Applications C9. Mozilla and Firefox Browsers C10. Other Cross-platform Applications

Top Vulnerabilities in UNIX SystemsTop Vulnerabilities in UNIX Systems U1. UNIX Configuration Weaknesses U2. Mac OS X

Top Vulnerabilities in Networking ProductsTop Vulnerabilities in Networking Products N1. Cisco IOS and non-IOS Products N2. Juniper, CheckPoint and Symantec Products N3. Cisco Devices Configuration Weaknesses

Source: Source: http://www.sans.org/top20/


Top 100 Security Tools, 2006Top 100 Security Tools, 2006

http://www.insecure.org/tools.htmlEach respondent could list up to 8. Each respondent could list up to 8. No votes for the No votes for the Nmap Security Scanner

were counted.were counted.The list is slightly biased toward "attack" The list is slightly biased toward "attack"

tools rather than defensive ones.tools rather than defensive ones.Top 10 listed in the next three slidesTop 10 listed in the next three slides


Top Ten Security ToolsTop Ten Security Tools

1. Nessus is a remote security scanner for Linux and Windows. is a remote security scanner for Linux and Windows. It performs over 1200 remote security checks. (It was open It performs over 1200 remote security checks. (It was open source for many years, but now $1200/year; free home use.)source for many years, but now $1200/year; free home use.)

2. WireShark/Ethereal is a network protocol analyzer for Linux is a network protocol analyzer for Linux and Windows. You can interactively browse each packet. and Windows. You can interactively browse each packet. Ethereal has several powerful features, including a rich Ethereal has several powerful features, including a rich display filter language and the ability to view the display filter language and the ability to view the reconstructed stream of a TCP session. Free open source.reconstructed stream of a TCP session. Free open source.

3. Snort is an intrusion detection system (IDS) capable of is an intrusion detection system (IDS) capable of performing real-time traffic analysis and packet logging. It performing real-time traffic analysis and packet logging. It can be used to detect buffer overflows, stealth port scans, can be used to detect buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, …. CGI attacks, SMB probes, OS fingerprinting attempts, …. Snort uses a flexible rule based language. Many people also Snort uses a flexible rule based language. Many people also suggested that the Analysis Console for Intrusion Databases suggested that the Analysis Console for Intrusion Databases ((ACID) be used with Snort. Free open source.) be used with Snort. Free open source.


Top Ten Security ToolsTop Ten Security Tools4. Netcat is the network swiss army knife! It reads and writes data is the network swiss army knife! It reads and writes data

across network connections. It is designed to be a reliable "back-across network connections. It is designed to be a reliable "back-end" tool. Free open source.end" tool. Free open source.

5. Metasploit Hack the Planet. It ships with hundreds of exploits, as Hack the Planet. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes you can see in their online exploit building demo. This makes writing your own exploits easier. Free open source.writing your own exploits easier. Free open source.

6. Hping2 is like ping on steroids. hping2 assembles and sends is like ping on steroids. hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It also custom ICMP/UDP/TCP packets and displays any replies. It also has a traceroute mode and supports IP fragmentation. This tool is has a traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. behind a firewall that blocks attempts using the standard utilities. Free open source.Free open source.

7. Kismet A powerful wireless sniffer. It identifies networks by A powerful wireless sniffer. It identifies networks by passively sniffing (as opposed to more active tools such as passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. Free open source.networks if they are in use. Free open source.


Top Ten Security ToolsTop Ten Security Tools

8. TCPDump is the classic Unix sniffer for network is the classic Unix sniffer for network monitoring and data acquisition. Windows port named monitoring and data acquisition. Windows port named WinDump. TCPDump is also the source of the . TCPDump is also the source of the Libpcap//WinPcap packet capture library. Free open source. packet capture library. Free open source.

9. Cain and Abel: Windows only password cracker. : Windows only password cracker. Includes ARP poisoning; can also analyze SSH and Includes ARP poisoning; can also analyze SSH and HTTPS. Free, but not open source.HTTPS. Free, but not open source.

10.John the Ripper: A fast multi-platform password cracker. : A fast multi-platform password cracker. Free open source.Free open source.


Open Web Application SecurityOpen Web Application Security

not-for-profit worldwide charitable not-for-profit worldwide charitable organization focused on improving the organization focused on improving the security of web application software.security of web application software.

free and open software license.free and open software license.www.owasp.org/


Black/? Hat Sites/ConferencesBlack/? Hat Sites/Conferences

Suspend all judgments (other than technical Suspend all judgments (other than technical quality).quality).

defcon.org/ annual conference in Las Vegas. annual conference in Las Vegas. Excellent presentations by “hackers”.Excellent presentations by “hackers”.

blackhat.com/ Conferences and training! Conferences and training! shmoocon.org/ “… refusal to take anything “… refusal to take anything

about the Internet seriously…”about the Internet seriously…” recon.cx/ reverse engineering. annually in reverse engineering. annually in

MontrealMontreal


Top 25 Software Errors, 2010Top 25 Software Errors, 20101.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2.2. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')3.3. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')4.4. Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)5.5. Improper AuthorizationImproper Authorization6.6. Reliance on Untrusted Inputs in a Security DecisionReliance on Untrusted Inputs in a Security Decision7.7. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')8.8. Unrestricted Upload of File with Dangerous TypeUnrestricted Upload of File with Dangerous Type9.9. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')10.10. Missing Encryption of Sensitive DataMissing Encryption of Sensitive Data11.11. Use of Hard-coded CredentialsUse of Hard-coded Credentials12.12. Buffer Access with Incorrect Length ValueBuffer Access with Incorrect Length Value13.13. Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')14.14. Improper Validation of Array IndexImproper Validation of Array Index15.15. Improper Check for Unusual or Exceptional ConditionsImproper Check for Unusual or Exceptional Conditions16.16. Information Exposure Through an Error MessageInformation Exposure Through an Error Message17.17. Integer Overflow or WraparoundInteger Overflow or Wraparound18.18. Incorrect Calculation of Buffer SizeIncorrect Calculation of Buffer Size19.19. Missing Authentication for Critical FunctionMissing Authentication for Critical Function20.20. Download of Code Without Integrity CheckDownload of Code Without Integrity Check21.21. Incorrect Permission Assignment for Critical ResourceIncorrect Permission Assignment for Critical Resource22.22. Allocation of Resources Without Limits or ThrottlingAllocation of Resources Without Limits or Throttling23.23. URL Redirection to Untrusted Site ('Open Redirect')URL Redirection to Untrusted Site ('Open Redirect')24.24. Use of a Broken or Risky Cryptographic AlgorithmUse of a Broken or Risky Cryptographic Algorithm25.25. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') http://cwe.mitre.org/top25/archive/2010/2010_cwe_sans_top25.pdf


Recent AttacksRecent Attacks


Attacks on SonyAttacks on Sony Sony’s PlayStation Network system was hacked, affecting Sony’s PlayStation Network system was hacked, affecting

more than 100 million online accounts worldwide and forcing more than 100 million online accounts worldwide and forcing the company to shut down the popular online gaming service. the company to shut down the popular online gaming service. April 2011.April 2011.

Database at Sony Ericsson’s Eshop, Canada breached. May Database at Sony Ericsson’s Eshop, Canada breached. May 2011.2011.

Sony in Greece.Sony in Greece. Sony in Japan.Sony in Japan. Sued George Hotz, 21. Hacked the fully locked Sony PS3 Sued George Hotz, 21. Hacked the fully locked Sony PS3

console in 2010 to run homebrew applications and released console in 2010 to run homebrew applications and released the method through his website.the method through his website.

Sony lawsuit demanded that social media sites including Sony lawsuit demanded that social media sites including YouTube hand over IP addresses of people who visited YouTube hand over IP addresses of people who visited Hotz’s pages and videos.Hotz’s pages and videos.


Systems of US CongressSystems of US Congress

The Senate’s Sergeant at Arms reported The Senate’s Sergeant at Arms reported last year that computer systems of last year that computer systems of Congress and executive branch agencies Congress and executive branch agencies are probed or attackedare probed or attacked1.8 billion times per month, 1.8 billion times per month, costing about $8 billion annually.costing about $8 billion annually.


Cell Phone MalwareCell Phone Malware Jailbreaking w/ no Jailbreaking w/ no

knowledge of securityknowledge of security ssh Apple's default root ssh Apple's default root

password "alpine"password "alpine"


More mobile phones than More mobile phones than people in many countries.people in many countries.

ZeuS botnet: Using ZeuS botnet: Using infected HTML forms on infected HTML forms on the victim's browser, the victim's browser, obtains cell number, obtains cell number, sends a text message sends a text message containing the new containing the new malware SymbOS/ malware SymbOS/ Zitmo.A!tr designed to Zitmo.A!tr designed to intercept and divert intercept and divert banking transactions. banking transactions. September 2010September 2010

Cell Phone MalwareCell Phone Malware Droid Dream Light, May Droid Dream Light, May

2011, Trojan2011, Trojan invoked on receipt of invoked on receipt of

android.intent.action.PHOandroid.intent.action.PHONE_STATE intent (e.g. NE_STATE intent (e.g. an incoming voice call). an incoming voice call).

contacts remote servers contacts remote servers and supplies the IMEI, and supplies the IMEI, IMSI, Model, SDK IMSI, Model, SDK Version and information Version and information about installed packages.about installed packages.

capable of downloading capable of downloading and prompting installation and prompting installation of new packagesof new packages


Estonia’s infrastructureEstonia’s infrastructure

Baltic republic of Baltic republic of EstoniaEstonia

first country in the world first country in the world to experience cyber to experience cyber war. war.

Government, financial Government, financial and media computer and media computer networks were networks were paralyzed by a series of paralyzed by a series of attacksattacks

April 2007April 2007

Estonia is a heavily Estonia is a heavily wired country: 80 % of wired country: 80 % of Estonians pay their Estonians pay their taxes and do their taxes and do their banking on Internet. banking on Internet.

Decided to relocate a Decided to relocate a Soviet war memorialSoviet war memorial

Russian hackers?Russian hackers? Estonia instituting a Estonia instituting a

real cyber army?real cyber army?


StuxnetStuxnet

Worm targeted at a Worm targeted at a “unique” target in the “unique” target in the worldworld

Target = A nuclear Target = A nuclear facility using specific facility using specific equipment.equipment.

Infects many, but Infects many, but does not hurt any, does not hurt any, except one.except one.

Sohisticated internalsSohisticated internals Developed by Developed by

country-level country-level attackers?attackers?

More details at More details at http://www.cs.wright.ehttp://www.cs.wright.edu/~pmateti/InternetSdu/~pmateti/InternetSecurity/Lectures/Virusecurity/Lectures/Viruses/stuxnet-2011-es/stuxnet-2011-pm.pptxpm.pptx


ControversiesControversies

Being Able to Read the SourceBeing Able to Read the Source

Enables exploitsEnables exploitsReverse Engineering not requiredReverse Engineering not required Internal Structure is understoodInternal Structure is understoodWeaknesses can be seen at the design levelWeaknesses can be seen at the design level

Enables fast fixesEnables fast fixes Intellectual Property Rights and PrivilegesIntellectual Property Rights and Privileges

Not (very) relevant in this courseNot (very) relevant in this courseThink: Why do we make laws that let patents Think: Why do we make laws that let patents

expire?expire?


Security Through Obscurity Security Through Obscurity Use Use secrecy (of design, implementation, etc.) to ensure (of design, implementation, etc.) to ensure

security. security. May have theoretical or actual security vulnerabilities, May have theoretical or actual security vulnerabilities,

but its owners or designers believe that the flaws are not but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. known, and that attackers are unlikely to find them.

We really mean "security implemented solely through We really mean "security implemented solely through obscurity." obscurity."

Obscurity is not always bad. Obscurity is not always bad. Is Obscurity Ever Good?Is Obscurity Ever Good? TBD Read an opinion: TBD Read an opinion:

www.darkreading.com/blog.asp? blog_sectionid=326&WT.svl=blogger1_1


WikiLeaksWikiLeaks

PBS was targeted in retaliation for PBS was targeted in retaliation for broadcasting "Frontline: Wiki Secrets“ in broadcasting "Frontline: Wiki Secrets“ in May 2011May 2011www.pbs.org/wgbh/pages/frontline/wikileaks/ www.pbs.org/wgbh/pages/frontline/wikileaks/

The inside story of Bradley Manning, Julian The inside story of Bradley Manning, Julian Assange and the largest intelligence breach in Assange and the largest intelligence breach in U.S. historyU.S. history


Course Specific ItemsCourse Specific Items

Course Title?Course Title?

Other titles for the CourseOther titles for the Course Internet SecurityInternet SecurityNetwork SecurityNetwork SecurityComputer SecurityComputer SecuritySystem SecuritySystem SecurityCyber SecurityCyber Security

Integrated View of Security IssuesIntegrated View of Security IssuesSelection of Most Relevant TopicsSelection of Most Relevant TopicsNarrowest Title that Covers the TopicsNarrowest Title that Covers the Topics


New or Revised * coursesNew or Revised * courses

CEG 234N Secure Computing PracticesCEG 234N Secure Computing Practices 44 CEG 235N System SecurityCEG 235N System Security 44 CEG 429 * Internet SecurityCEG 429 * Internet Security 44 CEG 430N Security Attacks & Defenses CEG 430N Security Attacks & Defenses 44 CEG 439N Secure Cloud ComputingCEG 439N Secure Cloud Computing 44 CS 419 * Crypto and Data SecurityCS 419 * Crypto and Data Security 33 CEG 433 * Operating SystemsCEG 433 * Operating Systems 44


Ethics: A Personal OpinionEthics: A Personal Opinion

Ethics violations on small scale DOES Ethics violations on small scale DOES NOT NECESSARILY IMPLY violations on NOT NECESSARILY IMPLY violations on large scale.large scale.

Cf. The movie: Crash (2004) - IMDbCf. The movie: Crash (2004) - IMDb


Big IssuesBig Issues

ww.privacyrights.orgww.privacyrights.org

““More than 220 million records containing More than 220 million records containing sensitive personal information have been sensitive personal information have been leaked in security breaches in the United leaked in security breaches in the United States since January 2005. This site States since January 2005. This site tracks every breach and provides links to tracks every breach and provides links to resources businesses should consult if resources businesses should consult if they experience a security breach and they experience a security breach and aren't sure how to respond”aren't sure how to respond”



PrivacyPrivacy

Gov't: We want stored Gov't: We want stored emails, phone emails, phone locations. locations.

The Electronic The Electronic Communication Communication Privacy Act of 1986Privacy Act of 1986 e.g., govt can get past e.g., govt can get past

cell phone geolocation cell phone geolocation data without warrantdata without warrant

www.eff.org/issues/www.eff.org/issues/national-security-national-security-lettersletters

A new bill (May 2011) A new bill (May 2011) proposes requiring a proposes requiring a warrant to seize warrant to seize email, cell phone email, cell phone location, or … stored location, or … stored in the cloud.in the cloud.


Will Internet ever be trustworthy?Will Internet ever be trustworthy?

Non-AnswersNon-AnswersEquate the question with:Equate the question with:

““Will the world ever be trustworthy?”Will the world ever be trustworthy?”

Internet is a man-made entity.Internet is a man-made entity.Trustworthy = … ?Trustworthy = … ?Ok if cost is high?Ok if cost is high?Will users get educated?Will users get educated?


Trustworthy = No Cheating + …Trustworthy = No Cheating + …

User authenticationUser authenticationHost authenticationHost authenticationAccess authenticationAccess authenticationMessage/Transaction authenticationMessage/Transaction authenticationNo repudiationNo repudiation


Trustworthy = … + Reliable + …Trustworthy = … + Reliable + …

Transactions/Operations/Services/…Transactions/Operations/Services/…AvailabilityAvailabilitycorrectly executecorrectly executeTerminateTerminate

SuccessfullySuccessfullyFailuresFailures

Computer Resource consumptionComputer Resource consumptionCPU timeCPU timeMemoryMemory……


Trustworthy = + …?Trustworthy = + …?


Will Internet ever be Will Internet ever be trustworthy?trustworthy?

PredictionsPredictions

Will Internet ever be Will Internet ever be trustworthy?trustworthy?

AnalysisAnalysis

US PreparednessUS Preparedness


DHS' Classified NCCICDHS' Classified NCCIC

National Cybersecurity and Communications National Cybersecurity and Communications Integration Center (NCCIC)Integration Center (NCCIC)

DHS-led inter-agency cybersecurity workDHS-led inter-agency cybersecurity work responding to cyber threats against government responding to cyber threats against government

networksnetworks monitoring network sensors across the monitoring network sensors across the

government and government and coordinating response to cyber attacks against coordinating response to cyber attacks against

power plants or communications networks.power plants or communications networks. unclassified for one day 10/09/2010unclassified for one day 10/09/2010


US-CERT Einstein SensorsUS-CERT Einstein Sensors This screen shows a selection This screen shows a selection

of real-time information from of real-time information from network flow analyzers placed network flow analyzers placed strategically within government strategically within government networks nationwide. networks nationwide.

Einstein sensors is a series of Einstein sensors is a series of technologies being deployed technologies being deployed across the government for across the government for network monitoring, intrusion network monitoring, intrusion detection and intrusion detection and intrusion prevention.prevention.

"We identify not only cyber "We identify not only cyber threats, but also monitor the threats, but also monitor the cyber health of the nation.”cyber health of the nation.”


NCCIC Fly-Away KitNCCIC Fly-Away Kit

NCCIC doesn't do NCCIC doesn't do malware analysis. malware analysis.

However, for demo However, for demo purposes, DHS purposes, DHS brought out some of brought out some of its digital forensics its digital forensics tools for reporters to tools for reporters to see, including these.see, including these.


DOJ report critical of FBIDOJ report critical of FBI

FBI in some cases FBI in some cases lacks the skills to lacks the skills to properly investigate properly investigate national security national security intrusions.intrusions.

justice.gov/oig/justice.gov/oig/reports/FBI/a1122r.pdfreports/FBI/a1122r.pdf

FBI cyber threat FBI cyber threat success: the taking success: the taking down of the CoreFlood down of the CoreFlood botnet.botnet.


““Science of Cyber-Security”Science of Cyber-Security”

Examines the theory and practice of Examines the theory and practice of cyber-security, and evaluates whether cyber-security, and evaluates whether there are underlying fundamental there are underlying fundamental principles that would make it possible to principles that would make it possible to adopt a more scientific approach.adopt a more scientific approach.

November 2010, DoD sponsored reportNovember 2010, DoD sponsored reporthttp://www.fas.org/irp/agency/dod/jason/http://www.fas.org/irp/agency/dod/jason/

cyber.pdfcyber.pdf



Cybersecurity Plan 2011Cybersecurity Plan 2011 International Strategy for CyberspaceInternational Strategy for Cyberspace protecting Web infrastructureprotecting Web infrastructure freedom of expression and commerce via the freedom of expression and commerce via the

InternetInternet denying those benefits to terrorists and denying those benefits to terrorists and

criminalscriminals ““Cybersecurity threats and online Cybersecurity threats and online

technologies change quickly -- so quickly that technologies change quickly -- so quickly that any regulations for cybersecurity could be any regulations for cybersecurity could be outdated before they are finalized.”outdated before they are finalized.”


““Cyber War” A BookCyber War” A Book Current state of cyber Current state of cyber

warfare compares to the warfare compares to the early days of nuclear early days of nuclear weaponry: weaponry: Its enormous power is not Its enormous power is not

yet understood and its use is yet understood and its use is not yet regulated.not yet regulated.

America vulnerable to America vulnerable to electronic attack.electronic attack.

Clark: former White House Clark: former White House terrorism adviser terrorism adviser

washingtonpost.com/ review washingtonpost.com/ review 2010/05/21 2010/05/21

4/5 stars (95 Amazon 4/5 stars (95 Amazon reviews)reviews)


UK cyber weapons programUK cyber weapons program

Cyber weapons as "an integral part of the Cyber weapons as "an integral part of the country's armory"country's armory"

Cyberspace represented "conflict without Cyberspace represented "conflict without borders"borders"

Cybersecurity a tier one priorityCybersecurity a tier one priorityExtra £650mExtra £650mMay 2011May 2011


Random QuoteRandom Quote

“ “ Restrictions of free thought and free Restrictions of free thought and free speech is the most dangerous of all speech is the most dangerous of all subversions. It is the one un-American act subversions. It is the one un-American act that could most easily defeat us.”that could most easily defeat us.”

- William O. Douglas,- William O. Douglas,

US Supreme Court, 1939-1980 US Supreme Court, 1939-1980


Documents

CEG 429: Internet Security Last Lecture Prabhaker Mateti