Difference between revisions of "Team 14 Main"
| Line 34: | Line 34: | ||
---- | ---- | ||
| + | |||
| + | Zaheer/Jared | ||
| + | |||
| + | -The best way to protect against buffer overflow is secure programming, even at the cost of inefficient programming, or using a language that prevents buffer overflow, such as C or C++. http://www-128.ibm.com/developerworks/linux/library/l-sp4.html | ||
| + | |||
| + | -Financial incentives for upgrading protection include protecting sensitive information that can be used against the company | ||
| + | |||
| + | -The President’s Commission on Critical Infrastructure Protection was set up to help companies protect their computers from attacks funded by foreign countries | ||
| + | -Among their changes are tax deductions for purchases of computer security technology, longer jail terms for hackers, a $250 million per year government investment in security technology, and a government-industry security center -http://www.washingtontechnology.com/news/12_12/news/12388-1.html | ||
| + | |||
| + | -BufferShield 1.01g for Windows | ||
| + | -AMD NoExecute | ||
| + | -hp-ux 11i | ||
| + | -Gateway Teros-100 APS (at $25,000, described as “a little steep”) | ||
| + | -CheckPoint VPN-1 | ||
Revision as of 19:11, 22 October 2005
Contact information:
Imran 425-736-6490, iali@microsoft.com Osama 425-241-7464, osamam@microsoft.com Asad ??????, asadj@microsoft.com Jared ??????, jaredsmelser@yahoo.com Zaheer 408-250-7872,zaheerm@uclink.berkeley.edu
Assignments
Programming - IMRAN, ASAD, OSAMA
For each of your assigned sections, write 2-3 pages each and post on the wiki. Each section should be complete by MONDAY morning so that we can review it together as soon as possible. Also, we need to start posting our first drafts on the wiki as soon as possible.
http://www.cs.washington.edu/education/courses/csep590/05au/project.html
Team members should treat each attack as a controlled experiment, recording such variables as time-to-break-in, techniques attempted, success rate, hypothetical defenses, and the feasibility of automating successful attacks. Each engineering member is encouraged to mount his/her own attack separately in order to gain maximum experience with the target. A plain English, no jargon description of attack techniques attempted, vulnerabilities exposed, estimated difficulty, and the estimated cost/feasibility of defending against other, similar attacks in the future. (We encourage the policy members of the team to write this section of the report -- it will ensure that the technical members of the team have helped teach them the technical basics.) - OSAMA
Estimated dollar value of the damage that such an attack could cause 1) to a private home computer, 2) to a corporate computer used for letters and correspondence by Walmart's Corporate VP for Ordering Stuff from China, and 3) to a Charles Schwab computer used to place buy/sell orders on the New York Stock Exchange. Your estimate should consider potential damage to both the computer's owner and third parties. - ASAD
Estimated feasibility and strategic value of the attack technique to a terrorist organization. Teams should consider, at a minimum, 1) scalability of techniques, 2) feasibility of acquiring the required technical and financial resources, and 3) potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5. -IMRAN
Feasibility and cost of defending against such attacks. For each class of target (home, corporate, financial), teams should 1) identify existing financial and non-financial incentives for installing defenses, 2) evaluate the adequacy of these incentives, 3) discuss whether additional protection would be cost-effective, 4) identify the lowest cost provider for upgrading protection (e.g., Microsoft, Norton, AOL, Corporate IT networks, computer owners), and 5) list and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance). - ZAHEER/JARED
Zaheer/Jared
-The best way to protect against buffer overflow is secure programming, even at the cost of inefficient programming, or using a language that prevents buffer overflow, such as C or C++. http://www-128.ibm.com/developerworks/linux/library/l-sp4.html
-Financial incentives for upgrading protection include protecting sensitive information that can be used against the company
-The President’s Commission on Critical Infrastructure Protection was set up to help companies protect their computers from attacks funded by foreign countries -Among their changes are tax deductions for purchases of computer security technology, longer jail terms for hackers, a $250 million per year government investment in security technology, and a government-industry security center -http://www.washingtontechnology.com/news/12_12/news/12388-1.html
-BufferShield 1.01g for Windows -AMD NoExecute -hp-ux 11i -Gateway Teros-100 APS (at $25,000, described as “a little steep”) -CheckPoint VPN-1
