Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Southern Tier
Library System
Funded through Federal Library Services and Technology Act Funds,
Funds, Awarded
to the New York State Library by the Federal Institute of Museum
Museum and Library
Services. Administered by the Southern Tier Library System.
Headlines, Paradox
and Challenges
z Sniffing
– Data packets are intercepted in transit by various
software programs that are free
– Attackers are normally undetected
– Typical services that are sniffed are: TELNET, FTP,
SMTP (E-mail) packets if unencrypted
z Spoofing
– Acting on behalf of another person or entity
– Data packets can be actively sniffed and modified to
include a random source
– Attacks routinely occur from spoofed sources to hide the
original identity
z Malicious Code
– Can take many forms
– Unauthorized code that has been introduced
to an Operating System (OS)
– Programs that outwardly appear harmless,
however, have a hostile code built-in
z Trojans (Backdoors)
– Users may install programs that contain Trojans
embedded within the code / Hidden from user
– Many well-known computer games contain Trojans
that allow remote users to gain access
– Permit an attacker to access resources on target –
i.e. computer or server
z Port-scanning
– Technique that identifies vulnerable network ports or
services (i.e. TELNET, FTP, E-mail, Web, etc)
– Works by identifying as many targets as possible and
tracking the ones that are receptive
– Scanning software is free and commonly accessible via
the web
z Probing
– Once vulnerable ports are identified, the port can be
probed with malicious intent
– Probing software is free and commonly accessible via
the web
Countermeasures –
Personnel and Technology
z Personnel
– Security Policy and Procedures
– Training and Awareness
– Physical Security
– Dedicated Management
z Technology
– Firewalls
– Intrusion Detection
– Virus Protection
– Authentication and Authorization
– Encryption
– Auditing and Assessment (Third Party)
– Data and Information Backup
z Authentication
– Comes in (3) forms: What you have, know, or are
– Have – Smartcard, token
– Know – Password or PIN
– Are – Fingerprint, Retina scan
– Two factor authentication is the strongest – (2) out of
the (3) listed means (i.e. ATM card)
– Password (most common)
z Should be at least (8) mixed characters and numbers
z Should be changed at least every (90) days
z Should have a timeout of (3) attempts
z Authorization
– What an individual has access to once authenticated
z Will mitigate the following attacks:
– Unauthorized access
Miscellaneous Tips
Discussion and
Conclusion