-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 8 months ago
Equation APT Group Attack Platform A Study in Stealth
https://threatpost.com/equation-apt-group-attack-platform-a-study-in-stealth/111550
Facebook’s latest move should be making Cisco very nervous
http://www.businessinsider.com/facebooks-shot-at-cisco-just-got-deadly-2015-3
The Deep Web: Shutdowns, New Sites, New Tools
Uber’s epic DB blunder is hardly an exception. GitHub is awash in passwords
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 8 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 8 months ago
Assignment:
1. Read the following articles:
http://csrc.nist.gov/groups/SNS/rbac/documents/coyne-weil-13.pdfhttp://blog.empowerid.com/Portals/174819/docs/EmpowerID-WhitePaper-RBAC-ABAC-Hybrid-Model.pdf
http://www.slideshare.net/Axiomatics/axio-abac-july2014-38813843 (actually this is a slide show)
2. Draw an architecture diagram with features that supports role-based access control and send it to my greg.senko@temple.edu email by noon on Wednesday 3/11.
3. Write a brief statement of your impressions of the ABAC approach: What is ABAC? How is it used? Send it to my greg.senko@temple.edu email by noon on Wednesday 3/11.
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 8 months ago
Please bring pencils to class on Thursday to mark the exam answer sheets.
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 8 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
Security Risks Posed by Mobile Apps: Do You Have a Vetting Process in Place?
http://www.jdsupra.com/legalnews/security-risks-posed-by-mobile-apps-do-07858/
Best anti-malware solutions
http://www.techrepublic.com/article/10-best-antimalware-products-of-2014-according-to-av-test/?tag=nl.e036&s_cid=e036&ttag=e036&ftag=TREa988f1c -
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
1. The mid-term exam will be given when we meet for our Week 7 session. I recommend that you study the quizzes (see other posts for quizes and quiz solutions).
2. Read this article 3 times:
– the first time just get a sense of what the article is about and what it covers
– the second time, read the article with an eye toward identifying the key security architecture components that are addressed in the article. Write these down and send them in an email by Wednesday at noon to my tue90933@temple.edu email address.
Here’s a hint: the first one that comes to mind for me is “certificate authority.” But, there are at least 2 other topics that are mentioned in the article … maybe more 🙂
– the third time you go through the article, just try to get a sense of how well you understand the topics and if you still have questions, be prepared to ask them in class.
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
Just a reminder: the abstract and outline for your semester project are due this week.
You can do the project on your own or with one partner.
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
Current Trends in the APT
$1 billion banking hack
http://www.securityweek.com/hackers-hit-100-banks-unprecedented-1-billion-cyber-attack-kaspersky-lab
Government Systems Architecture
http://www.fedtechmagazine.com/article/2015/02/former-isc-exec-shares-thoughts-fisma-it-architecture
Trends in Security Architecture
http://www.computerworld.com/article/2877905/your-it-security-infrastructure-rebooted-for-2015.html
Decades old cyber-espionage framework discovered
https://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080 -
Gregory S. Senko commented on the post, ICE 5.1 Telling a Story through Visualization, on the site 9 years, 9 months ago
Yes, a billion here a billion there … pretty soon you are talking serious money 🙂
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
I have posted the “enhanced” version of the syllabus. It specifies that 2 people can form a team for the semester project.
I’d rather not have multiple versions on the blog. So, please use the search feature to find the syllabus if you would like to review.
-
Good Afternoon Class,
I still do not have a team member; if you don’t either and would like to work together, please email me at jeta.gjana@temple.edu
Thank you.
-
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
This week’s topic is Application Security. One of the most exposed application systems in any company is the web site. So, that architecture will be the focus of this week’s assignment.
1. Watch the 12 minute youtube video at the link below. Don’t be put off by the title, this is serious stuff 🙂
N-tier Architecture for Kids
2. Read the article at the link below. This details aspects of Microsoft-specific web architectures and it is something that you will run into in most companies. Don’t worry about the Registry setting details later in the article. But, I want you to be aware that this sort of detail exists.
Application Security in N-tier Applications on Windows Server
http://www.codeproject.com/Articles/218729/Application-Security-in-n-tier-Application-on-Wind
3. Draw a diagram depicting “simple” but secure n-tier architecture. Indicate where YOU would choose to put a firewall or firewalls.-
Hello class,
Just wanted to share today’s highlight on international hackers stealing $1 billion from more than 100 banks in 30 countries, such as Russia, U.S. and China. 1 This goes along with the topic for this week and perhaps banks should adapt a secure n-tier architecture to secure their transactions and mitigate the risk of being hacked again.
1. “Banking hack heist yields up to $1.” USA TODAY. February 16, 2015,
http://www.usatoday.com/story/tech/2015/02/15/hackers-steal-billion-in-banking-breach/23464913-
Yes, a billion here a billion there … pretty soon you are talking serious money 🙂
-
-
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
Since we will not meet as a class this week, I would like you to watch a video (link below) about network basics and read material about sub-nets (link also below). No email report on this assignment is necessary. […]
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
By Wednesday 2/11 at noon
1. Draw a diagram depicting PKI and Certificate Authority (CA) infrastructure in an enterprise WAN and send via email (tue90933@temple.edu)
2. Read and comment on (see details […]
-
Role which CAs play in the Public Key Infrastructure (PKI).
1. A request for a certificate is sent to the CA.
2. The CA authenticates the user, and then issues a digital certificate to the requestor.
3. The CA publishes the certificate in a public certificate store, so that the receiver of messages can authenticate the CA.
4. When the key is used to sign messages, a hashing algorithm is applied to the message. The end result is the message digest.
5. Next, the signing algorithm (with the private key) is applied on the message digest.
6. The encrypted message is then sent.
7. The receiver of the message validates the certificate details using the public certificate repository.
8. The receiver then decrypts the message.
In Step 1 of the above process, the user or computer made itself known to the CA. This process is called registration, and can be performed manually or automatically. The user or computer that sent the request to the CA provides information to the CA, which the CA utilizes to authenticate the entity.
The initial step in implementing a PKI, is to install a CA. The first CA installed, becomes the root CA. The root CA forms the foundation of the PKI because it issues the private and public key pairs used to secure data as it is transmitted over the network.
-
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
-
Gregory S. Senko wrote a new post on the site MIS5214 – Security Architecture 9 years, 9 months ago
SC Magazine>
News>
Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observedReport: From Q3 to Q4, 90 percent increase in global DDoS attacks observed
In Q4 2014, Akamai observed […]
- Load More