Ethical Hacking. Course Overview Email: [email protected]@scottstreit.com Course Content .

Ethical Hacking

Course Overview

Email: [email protected] Content

http://content.scottstreit.com

Rules Address me as “Scott” Being able to do something is more

important than memorizing. I will not ask you to memorize. My tests ask you to think and explain. I ask you to take a position.

Your grade on a test (mid-term, final) is not the final grade.

You must successfully complete all projects to pass the course.

You pick your grade – I'll explain.

Goals

Einstein said, As simple as possible, but no simpler.

If you cannot explain it simply, you do not understand it well enough.

Any fool can make things more complex it takes genius to find the simplicity.

Great science is simple.

How did we get here?

Turing MachineP-V Semaphore – Unix – Flat Files1972, Dr. E. F. Codd invented Relational Database, Linear Algebra → Data Storage.RDBMS – Transactions – Bob Epstein1988 --- 1995 --- Databases fault tolerant and load balanced. They were tightly coupled.Startup and you want to do load balancing...Larger than anyone ever has..... What do you do.?

Class Overview It is Good to be Smart, It is better to be

funny. 90% of the Material, how? Projects – 2 Adjudicators Everything is negotiable This is supposed to be fun.

Overview

Ethical Hacking Issues in Security Trusted Computer System Evaluation

Criteria (TCSEC) - Orange Book Measure Security Implementation Assurance

Overview

Ethical Hacking Issues in Security Trusted Computer System Evaluation

Criteria (TCSEC) - Orange Book Measure Security Implementation Assurance

5 Rules of Software Development

1. W3C specifications ahead of JSR specifications. 2. JSR ahead of defacto standards. 3. Defacto standards ahead of custom development. 4. Compositional patterns to create software systems. 5. Use design patterns when creating custom code.

LAMP vs. WAR

Where is LAMP best. Linux, Apache, MySQL, Php

1) Your views closely model your database design.

2) Security requirements are not excessive.

Where is War best.

1) You views do not closely model your database

Design. In fact there probably is not RDBMS.

Elastic.

2) Serious Security Requirements (Underwriting).

RDBMS

Row

½ data on the row is Secret and ½ is Top Secret? What do you do?

Label it, Row? By columns. So this drives the query and the data nuts.

Typically in an RDBMS we do Row Level Labeling. So it is not granular enough for MLS.

Security Labels

Semantic Web, Web 2.0????

Databases there are two forms of storing Data.

1) is Normalized... Customer has many Accounts and a Account participates in many Transactions.

2) vs. Constantly Changing structures.

Relational vs. Semantic

Customer Accounts

Transactions

Row Wise Model - Normalized

So in the previous example... the structure was Stable. Jesus, Luke, Quickbooks does it. Not likely to change. What happens if the structure is morphing constantly. What is an example.

Threats in the war on Terror.

Human Genome Project

Row Wise vs. Column Wise

Label at Data Items

So all data is represented as

Subject Predicate Object …. and Provenance

Therefore, we label every piece of data … and therefore …. make it MLS.

Semantic Web Logical Representation

The entire field of E-Commerce is defined by two sets of Ontologies - Good Relations and Schema.org. Google says …. Google says... if the world was structured and not unstructured, boy could searches be accurate.

Structure... S P O.... and Provenance... What can you do easily.... MLS...

Examples