Introduction to Computer Security

Learning the Lingo and Thinking Like a Hacker

Gregory M. Kapfhammer

September 2, 2024

What is infosec?

Prevent unauthorized access to data on a computer system
Data is both sensitive and valuable and must be protected
Risk management is the focus of information security
Malware often helps an attacker gain access to a system
System failure often occurs during an attack with malware

Key Questions: Have you ever been the subject of an information security attack? What was the attack vector? Could it have been prevented? What strategies would have enabled your defense?

Learning the Lingo: PDR

Key security acronyms describing design principles:
- PDR: Prevention, Detection, Reaction
  - Prevention: Stopping an attack before it starts
  - Detection: Identifying an attack in progress
  - Reaction: Stopping an attack before it causes damage

Key Questions: From your perspective, which of these three is the most important? Should an individual or an organization disclose information about a security breach? Why or why not?

Introduction to Computer Security Learning the Lingo and Thinking Like a Hacker Gregory M. Kapfhammer September 2, 2024

Introduction to Computer Security
What is infosec?
Learning the Lingo: PDR
Learning the Lingo: CIA
Learning the Lingo: DRY
Learning the Lingo: AAA
Key Dilemma: people may have key computer security requirements but limited computer security expertise
Key Trade-off: making a system secure often makes it less usable!
Examples of four programs that may have security flaws! Any ideas?
Overall goals of “security synapse”
Implementation: which languages are reputed to be the most or least secure? Why? Do you agree with consensus?
Let’s Make a Computer Security Synapse
What Does the JSON File Look Like?
Encrypting a File
Showing the Encrypted File
Decrypting a File
Computing a File’s Hash
Computing a Corrupted File’s Hash
Long-Running Process
Memory Leaks Restrict Availability
Getting Started in Computer Security

Introduction to Computer Security

What is infosec?

Learning the Lingo: PDR

Learning the Lingo: CIA

Learning the Lingo: DRY

Learning the Lingo: AAA

Key Dilemma: people may have key computer security requirements but limited computer security expertise

Key Trade-off: making a system secure often makes it less usable!

Examples of four programs that may have security flaws! Any ideas?

Overall goals of “security synapse”

Implementation: which languages are reputed to be the most or least secure? Why? Do you agree with consensus?

Let’s Make a Computer Security Synapse

What Does the JSON File Look Like?

Encrypting a File

Showing the Encrypted File

Decrypting a File

Computing a File’s Hash

Computing a Corrupted File’s Hash

Long-Running Process

Memory Leaks Restrict Availability

Getting Started in Computer Security

Learn the Lingo

Abbreviations

Concepts

Think Like Hacker

Implementation

Prevention