| title | author | date | output |
|---|---|---|---|
Security_In_Class |
Jim Hogan |
4/2/2015 |
html_document |
This is an R Markdown document. Markdown is a simple formatting syntax for authoring HTML, PDF, and MS Word documents. For more details on using R Markdown see http://rmarkdown.rstudio.com.
When you click the Knit button a document will be generated that includes both content as well as the output of any embedded R code chunks within the document. You can embed an R code chunk like this:
summary(cars)
You can also embed plots, for example:
plot(cars)
Note that the echo = FALSE parameter was added to the code chunk to prevent printing of the R code that generated the plot.
Privilege escalation can take place in so many different patterns that it can be hard to discuss. So let us attack the subject by analogy and example. Security people use the term "The Keys to the Kingdom" to refer to the highest level of security privileges, rights and clearances in an organization. So, for example, you are the top computer administrator at the (fictitious) King Despot Bank, you can be said to possess the "Keys to the Kingdom". Keys that let you get access to KDB's main vaults so you can make off with precious gems and gold and other loot.
King Despot's main vault is in the fortified city of Cruelty, protected by concentric security rings and said to be unbreachable. But a burglar from a far-off land named Simon is determined to reach the vault, seize the keys, and empty the main vault (and all of the branch bancks and ATMs, too!) How does he go about this? He takes a number of steps.
-
Simon reconnoiters Cruelty and plans which gate he'll try to enter and when. He picks a market day when thousands of farmers will enter Cruelty.
-
Pulling a cart full of potatoes, he enters the city as part of the throng and without notice.
-
Simon dons fancy dress and manages to enter the Royalty Precinct by convincing the somewhat dim-witted guard that he is a prince. Social engineering.
-
Simon enters the castle through the Sherriff's gate. How? He hides behind a dumpster for a week until he can get a good view of the sherriff entering his password on a keypad. After dark he sneaks to the gate and enters the secret password. He's in with stolen credentials!
-
Simon now dons the Sherriff's uniform he has brought along and walks right through into the Castle Keep as guards call out "Hi, Sherriff!"
http://en.wikipedia.org/wiki/Single_loss_expectancy
"DDoS on GitHub":http://arstechnica.com/security/2015/03/massive-denial-of-service-attack-on-github-tied-to-chinese-government/ "Purchase Uber Logins Online!"http://arstechnica.com/tech-policy/2015/03/dark-web-vendors-offer-up-thousands-of-uber-logins-starting-at-1-each/ "UW Professor encounters Ransomwear" (in class)
Are surveillance cameras a preventative control? A corrective/mitigating control? A restorative control?
Is the data on my laptop secure?
What is a Botnet?
What is a blacklist and what is a whitelist? Which is better?
Can encryption be a risk?