Introduction to Computer Security - PowerPoint PPT Presentation

1 / 85
About This Presentation
Title:

Introduction to Computer Security

Description:

... documents in filing cabinets. issuing keys to the relevant individuals for the appropriate cabinets. The reference monitor is the set of (locked) filing cabinets ... – PowerPoint PPT presentation

Number of Views:494
Avg rating:3.0/5.0
Slides: 86
Provided by: jasoncr
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Computer Security


1
Introduction to Computer Security
  • Jason Crampton
  • Information Security Group
  • Royal Holloway, University of London

2
Programme
  • Introduction
  • Authentication
  • Access control models
  • Unix security mechanisms
  • Windows 2000 security mechanisms

3
Learning Outcomes
  • Be aware of the objectives of computer security
    and the main techniques for realizing these
    objectives
  • Be able to describe basic authentication
    techniques
  • Be aware of access control models and their
    importance to authorization mechanisms
  • Be able to describe basic authorization techniques

4
Computer Security Goals
  • Confidentiality
  • Unauthorized users cannot read information
  • Integrity
  • Unauthorized users cannot alter information
  • Availability
  • Authorized users can access information

5
Computer Security Reality
  • The only system which is truly secure is one
    which is switched off and unplugged, locked in a
    titanium lined safe, buried in a concrete bunker,
    and is surrounded by nerve gas and very highly
    paid armed guards. Even then, I wouldnt stake my
    life on it.
  • Professor Gene Spafford

6
Why Do We Need Security?
  • Protect sensitive resources
  • Prevent loss
  • Prevent damage
  • In the context of information systems
  • Prevent unauthorized users from reading
    information (loss)
  • Guarantee confidentiality
  • Prevent unauthorized users from tampering with
    information (damage)
  • Guarantee integrity

7
Some Simple Security Questions
  • A human being wants to use or access some
    protected resource
  • How should we decide whether that user is allowed
    to use the resource?
  • What do we need to know about the user?
  • What do we need to know about the resource?
  • How might we prevent that user from using the
    resource?

8
How Do We Implement Security?
  • Add mechanisms to prevent access to sensitive
    resources
  • Locks
  • Guards
  • How do you gain access to protected resources?
  • Locks are opened with keys
  • Keys have to be distributed to users
  • Guards only allow certain people in
  • Guards have to be given a list of trusted users

9
Computer Security Issues
  • How do we control which people can use the
    computer system?
  • How do we control which programs a user can run?
  • How do we control which resources a process can
    access?
  • How do we protect processes that share computer
    resources from each other?

10
Fundamental Techniques
  • Authentication
  • Identifies authorized users
  • Access control (authorization)
  • Limits access by authorized users to programs and
    resources
  • Memory protection
  • Segmented virtual memory model prevents a process
    reading or overwriting memory used by other
    processes

11
Terminology
  • Objects
  • Resources (or passive entities) in the computer
    system
  • Files
  • Directories
  • Printers
  • Sockets
  • Subjects
  • Active entities that access resources
  • Process
  • Thread
  • Principals
  • Entities that represent a user
  • User
  • Group
  • Role
  • Cryptographic key
  • Principals can create subjects

12
Terminology
  • Department of Defense Trusted Computer System
    Evaluation Criteria (TCSEC)
  • http//www.radium.ncsc.mil/tpep/library/rainbow/52
    00.28-STD.html
  • The trusted computing base (TCB) comprises all
    the protection mechanisms within a computer
    system including hardware, firmware and software
  • The TCB is responsible for enforcing the
    enterprise security policy
  • The ability of the TCB to correctly enforce a
    security policy depends on the mechanisms within
    the TCB and on the correct configuration of the
    TCB by administrators
  • Poor software implementation and poor
    configuration can fatally compromise security

13
Terminology
  • The reference monitor is an abstract machine that
    mediates all access requests by subjects
  • The security kernel consists of the hardware,
    firmware and software elements of a TCB that
    implement a reference monitor
  • The security kernel must
  • mediate all accesses
  • be protected from modification
  • be verifiable as correct

14
Authentication
15
What is Authentication?
  • Authentication typically performs two functions
  • Identification
  • Is a principal recognised by the system?
  • A principal that is successfully authenticated is
    said to be an authorized principal
  • Creation of security context
  • An authorized principal is associated with
    certain security information called a security
    context

16
Why Use Authentication?
  • Without identifying and authenticating the user
    logging on to the system, access to objects
    cannot be controlled, user rights and abilities
    cannot be enforced, and accountability cannot be
    maintained via auditing. For these reasons
    Windows 95 and Windows 98 can never be considered
    secure operating systems.
  • Windows 2000 Security Technical Reference
  • Mandatory logon is a fundamental security
    requirement
  • Part of the C2 requirements in TCSEC

17
Authentication Methods (1)
  • Something you know
  • Computer password
  • which can be forgotten!
  • Something you have
  • Identity card ...
  • which can be lost or stolen!
  • A combination
  • ATM card PIN number
  • which can be forgotten, lost or stolen!
  • Biometrics personal characteristics that can be
    measured
  • Fingerprints
  • Iris scan
  • Voice recognition
  • Most methods suffer from false positives and
    false negatives

18
Authentication Methods (2)
  • The most common method of authentication in
    computer systems is for a user to enter a
    username and password
  • The username may be public knowledge
  • The user should keep her password secret
  • Alternative authentication methods are sometimes
    used
  • Windows 2000 can use biometrics or hardware
    tokens for authentication

19
Authentication Process
  • Authentication Storage Data entry
    Comparison
  • Storage
  • Computer system maintains a list of usernames and
    passwords
  • Data entry
  • User enters username
  • User enters password
  • Comparison
  • If ((username is valid) and (entered password
    stored password)) then
  • User is authenticated
  • Else
  • User is asked to re-enter username and password

20
Exercise
  • Suppose we use the following alternative
    authentication process
  • User enters username
  • If (username is valid)
  • Then user is prompted for password
  • If (user password stored password)
  • Then user is authenticated
  • Else
  • User is asked to re-enter password
  • Else
  • User is asked to re-enter username
  • Is this authentication process better than the
    one on the previous slide?
  • Consider the information that is leaked to an
    attacker who is trying to access the system
  • An answer to this question can be found in
    Pfleeger

21
Password Storage
  • To perform authentication a computer system must
    maintain information about usernames and
    passwords
  • Plaintext password file
  • Requires very strong access controls on the file
  • May be stored on backup tapes and therefore may
    be vulnerable
  • Can be circumvented by root user or superuser
  • Encrypted password file

22
Cryptographic Methods
  • Encrypted passwords
  • Stored passwords are encrypted
  • Entered password is encrypted before comparison
    with stored password
  • Why isnt stored password decrypted before
    comparison with entered password?
  • Hashed passwords
  • Stored passwords are hashed
  • Entered password is hashed and compared with
    stored hashed password
  • Cryptographically protected password files are
    still vulnerable to dictionary and brute force
    attacks

23
Access Control
24
Authorization
  • Authorization (access control) assumes the
    existence of an authentication process
  • The decision to grant an access request made by a
    process is based on the security context of the
    process
  • The security context is inherited from the user
    that initiated the process
  • The security context of a user usually identifies
    the user and any security groups to which that
    user belongs

25
What is Access Control?
  • Generic term for the process(es) by which a
    computer system controls the interaction between
    users and system resources
  • May implement (part of) a specific security
    policy that may be determined by
  • organisational requirements
  • statutory requirements (medical records, for
    example)
  • Policy requirements relevant to access control
    include
  • confidentiality (restrictions on read access)
  • integrity (restrictions on write access)

26
Why Use Access Control?
  • Prevent authorised users from having unlimited
    access to system resources
  • Limit access of unauthorised users that manage to
    break in
  • Access control is not required if access to
    resources does not need to be constrained
  • Early stand-alone PCs (DOS, Windows 95) could not
    (and did not need to) enforce access control

27
A Schematic View
  • A user requests access (read, write, print, etc.)
    to a resource in the computer system
  • The reference monitor
  • establishes the validity of the request
  • and returns a decision either granting or
    denying access to the user

Access Request
Reference monitor
Decision
28
Locks and Keys
  • A paper-based office
  • Certain documents should only be read by certain
    individuals
  • We could implement security by
  • storing documents in filing cabinets
  • issuing keys to the relevant individuals for the
    appropriate cabinets
  • The reference monitor is the set of (locked)
    filing cabinets
  • An access request (an attempt to open a filing
    cabinet) is granted if the key fits the lock (and
    denied otherwise)

29
Guest Lists
  • A night club
  • Access to the club is restricted to members
  • We can implement security by
  • employing a bouncer
  • providing the bouncer with a membership list
  • The reference monitor is the security guard the
    membership list
  • An access request is granted only if
  • a clubber can prove her identity (authentication)
  • she is on the membership list

30
Tickets
  • A further analogy is a football match
  • Entry to match is allowed if a ticket has been
    purchased and is presented at the match
  • Seat quality is determined by price of ticket
  • Distributed web services are beginning to adopt
    this kind of model
  • An (encrypted) ticket is used to prove that a
    user is entitled to access a service
  • The ticket will include information that is
    used by the service to determine what access the
    user should have

31
Access Modes
  • There are two basic modes of interaction between
    a subject and an object
  • Observe
  • Alter
  • Accessing an object can be regarded as initiating
    a flow of information
  • A subject may observe (read) an object
  • Information flows from object to subject
  • A subject may alter (write to) an object
  • Information flows from subject to object

32
Execute Access
  • Sometimes an object can be accessed without using
    either observe or alter mode
  • Executable files (programs)
  • Directories
  • Cryptographic keys
  • The execute access right means different things
    in different contexts and in different systems
  • Execute access on a binary executable file grants
    permission to run the program
  • Execute access on a Unix directory grants
    permission to access the directory
  • Read and execute access grants permission to list
    the contents of the directory

33
Access Rights
  • Access rights define particular ways of accessing
    an object
  • The interpretation of an access right may differ
    between operating systems
  • Write access in Multics allows a subject to both
    read and write
  • Append access is write-only (or blind write)
  • The interpretation of an access right may depend
    on the object to which it applies
  • Execute means something different in Unix when
    applied to programs and directories
  • Windows 2000 treats everything as an object (in
    the programming sense)
  • Access rights are dependent on the class to which
    an object (in the access control sense) belongs
  • File access rights are different from directory
    access rights etc.

34
Administrative Access Rights
  • Certain operations are administrative in nature
  • Involve changes to access control data structures
  • Changing the access rights of a user for a
    particular resource
  • Often related to ownership of the resource
  • These operations can be controlled by granting
  • execute access to programs (chmod in Unix)
  • granting control access rights and privileges to
    users (change permission and take ownership
    privilege in Windows 2000)

35
Access Control Models
36
What is an Access Control Model?
  • The model has the ability to represent
    abstractly the elements of computer systems and
    of security that are relevant to a treatment of
    classified information stored in a computer
    system
  • Bell-LaPadula, 1976
  • A model comprises elements that are used to
    represent the system such as sets, relations and
    functions
  • In the context of access control, a model
    typically describes a reference monitor

37
Why Are Models Useful?
  • Formal results can be deduced from the model that
    make statements about the security of the system
  • Specification of security policy
  • Does system maintain security policy?
  • A model may also generate rules that can provide
    a blueprint for an implementation
  • May assist in verifying that an implementation
    meets requirements

38
The Access Control Matrix
  • Introduced by Lampson (1972) and extended by
    Harrison, Ruzzo and Ullman (1976-8)
  • Columns indexed by objects
  • Rows indexed by subjects
  • Matrix entries are (sets of) access operations
  • Foundation of many theoretical security models

Objects
Subjects
39
The Access Control Matrix
  • A request can be regarded as a triple (s, o, a)
  • The subject s wants to access object o where a is
    an access right
  • A request is granted (by the reference monitor)
    if
  • a belongs to the access matrix entry
    corresponding to subject s and object o

40
The Access Control Matrix
  • The request (jason, allfiles.txt, w) is granted
  • The request (mick, allfiles.txt, w) is denied

Objects
Subjects
41
Disadvantages
  • Abstract formulation of access control
  • Not suitable for direct implementation
  • The matrix is likely to be extremely sparse and
    therefore implementation is inefficient
  • Management of the matrix is likely to be
    extremely difficult if there are 0000s of files
    and 00s of users (resulting in 000000s of matrix
    entries)

42
Access Control Lists
  • An ACL corresponds to a column in the access
    control matrix
  • The ACL for a.out would be
  • (jason, r,w,x), (mick, r,x)
  • How would a reference monitor that uses ACLs
    check the validity of the request (jason, a.out,
    r)?

Objects
Subjects
43
Access Control Lists
  • Typically represented internally as a list of
    access control entries
  • Each entry includes a user account identifier and
    an access mask
  • An access mask is a bit pattern in which each bit
    represents a particular access right
  • If the bit is set then access is granted
  • If 111 represents r, w, x then 100 represents
    r etc.
  • If jasons account identifier is 138 and micks
    is 533, the ACL for a.out would be (138, 111),
    (533, 101)

44
Access Control Lists
  • Access control lists focus on the objects
  • Typically implemented at operating system level
  • Windows NT uses ACLs
  • Disadvantage
  • How can we check the access rights of a
    particular subject efficiently (before-the-act
    per-subject review)?

45
Capability Lists
  • A capability list corresponds to a row in the
    access control matrix
  • jasons capability list would be
  • (trash, r,w), (a.out, r,w,x),
    (allfiles.txt, r,w)
  • How would such a reference monitor check the
    validity of the request (jason, a.out, r)?

Objects
Subjects
46
Capability Lists
  • Capability lists focus on the subjects
  • Typically implemented in services and application
    software
  • Database applications often use capability lists
    to implement fine-grained access to tables and
    queries
  • Renewed interest in capability-based access
    control for distributed systems
  • Can be represented using object identifiers and
    access masks
  • Disdavantage
  • How can we check which subjects can access a
    given object (before-the-act per-object review)?

47
Back to the Analogies
  • An ACL is analogous to a membership list
  • The club is the (only) object
  • The members appear on the list
  • A capability list is analogous to the set of keys
    issued to a user
  • The filing cabinets are the objects

48
Access Control Policies
  • Access control mechanisms exist to enforce
    policies
  • Discretionary policies are based on identities
    (or other characteristics of users)
  • Ownership of resources is typically important
  • Unix access control
  • Common in commercial systems
  • Mandatory policies are independent of users
    identities
  • Characteristics of resources are important
  • Access is only allowed if user and object belong
    to same security domain
  • Common in military systems

49
Information Flow
  • Accessing a computer resource can be regarded as
    initiating an information flow
  • Read access causes information to flow from an
    object to a subject
  • Write access causes information to flow from a
    subject to an object

50
An Information Flow Policy
  • The following policy enforces confidentiality
    requirements
  • Every object and subject has a security level
    (security label)
  • The set of security labels is a (partially)
    ordered set
  • Information flow must preserve the partial
    ordering

51
An Information Flow Policy
s1
s2
High
Direction of information flow
?
?
o4
o3
o1
o2
Medium
?
?
s4
s3
Low
  • s2 can read o2
  • s4 can write to o4
  • s1 cannot write to o1
  • s3 cannot read o3

52
An Information Flow Policy
  • What does this policy prevent?
  • Information leaks due to inappropriate read
    actions
  • Prevents unclassified user reading classified
    information
  • Information leaks due to inappropriate write
    actions
  • Prevents Trojan horses downgrading classified
    information
  • Prevents classified information being printed to
    an unclassified printer

53
The Bell-LaPadula Model
  • Implements an information flow policy for
    confidentiality
  • Employs a security lattice (a partially ordered
    set of security labels)
  • Employs a protection matrix
  • Protection matrix refines the information flow
    policy

54
Security Labels
  • Security label has two parts c and K where c is a
    security classification and K is a subset of
    security categories
  • Security classifications
  • unclassified lt classified lt secret lt top secret
  • Set of security (needs-to-know) categories
  • army, navy, air force, marines
  • personnel, finance, marketing, research

55
Partial Ordering of Security Labels
  • (c1, K1) 6 (c2, K2) if
  • c1 6 c2
  • K1 ? K2
  • Examples
  • (u, ) 6 (u, army)
  • (u, ) 6 (c, )
  • (c, army) 6 (t, army, navy, marines)

56
States
  • A state (M, ?, V) is a snapshot of the system
  • Protection matrix M
  • Security function ? associates each object and
    subject with a security label
  • Set of active triples V
  • (s, o, a) 2 V implies that subject s currently
    has access to object o using access right a

57
The Simple Security Property
  • For all (s, o, a) 2 V, if a is a read access
    mode, then
  • ?(s) gt ?(o)
  • In other words, if subject s has been granted
    read-type access to object o, then s must have a
    security label that is at least as high as that
    of o

58
The Simple Security Property
  • Let
  • ?(o) (c, army)
  • ?(s1) (u, army, navy)
  • ?(s2) (s, army, marines)
  • The simple security property would
  • prevent (s1, o, read) from entering V
  • allow (s2, o, read) to enter V

59
The -Property
  • For all (s, o, a) 2 V, if a is a write access
    mode, then
  • ?(s) 6 ?(o)
  • In other words, if subject s has been granted
    write-type access to object o, then s must have a
    security label that is no higher than that of o

60
The Discretionary Property
  • For all (s, o, a) 2 V, (s, o, a) 2 M
  • In other words, access is only granted if
    authorized by the protection matrix
  • The protection matrix can be used to refine the
    information flow policy (enforced by the simple
    security property and -property)

61
Example
  • One subject s three objects o1, o2 and o3
  • ?(s) 2, ?(o1) 1, ?(o2) 2, ?(o3) 3
  • V
  • Three access rights read (r), append (a) and
    write (w)
  • Append is write only access mode
  • Write is a read and write access mode
  • ?(s) 6 ?(o) and ?(s) gt ?(o)
  • In other words ?(s) ?(o)
  • M contains every access right in each entry
  • Every request is authorized

62
Example
  • s requests read access to o3
  • Denied
  • s requests read access to o1
  • Granted
  • V (s, o1, r)
  • s requests append access to o1
  • Denied
  • s requests write access to o2
  • Granted
  • V (s, o1, r), (s, o2, w)
  • s requests write access to o3
  • Denied
  • s requests append access to o3
  • Granted
  • V (s, o1, r), (s, o3, a)

63
BLP disadvantages
  • Lacks relevance to commercial systems
  • Model for confidentiality
  • Designed for military applications
  • Lacks flexibility

64
Unix Security Mechanisms
65
User Accounts
  • Every user has a unique numeric user ID (UID)
  • root user has UID 0
  • Every user account also has one or more group
    identifiers (GID)
  • User accounts are stored in /etc/passwd
  • Unix applications require access to /etc/passwd
    in order to link user names to UIDs
  • /etc/passwd can be read by anybody
  • /etc/passwd cannot contain plaintext passwords
  • In fact /etc/passwd doesnt even contain
    encrypted passwords

66
User Authentication
  • User enters username
  • User enters password
  • Password is encrypted and compared with stored
    value
  • Encrypted password is stored in /etc/shadow
  • /etc/shadow is not world-readable
  • Password is encrypted using MD5 hash function
  • Shell process started for user and associated
    with users ID
  • id command lists users ID and IDs of groups
    assigned to user
  • uid537(jason) 502(webadmin)
  • Any processes spawned by shell will be associated
    with users ID

67
Unix Processes
  • Use ps command
  • e option lists all processes running on machine
  • f option provides more details such as PPID

68
Unix Permissions
  • Three different permissions are supported
  • read (r)
  • write (w)
  • execute (x)
  • To execute a file both r and x must be granted
  • To enter a directory x must be granted
  • To list the contents of a directory r and x must
    be granted
  • To create a file in a directory w and x must be
    granted

69
Unix Files
  • Every file has an owner (identified by UID) and a
    group (identified by GID)
  • Owner need not be a member of the group
  • Devices are treated as files
  • Provides consistent and conceptually elegant
    interface to devices
  • echo hello world
  • echo hello world gt myfile
  • echo hello world gt /dev/lp0
  • Devices must be adequately protected

70
File Protection
  • Each file is associated with three different
    groups of permissions
  • Owner
  • Group
  • World
  • Represented internally as a 9-bit access mask
  • If a bit is set then the corresponding permission
    is granted
  • Represented symbolically using letters for access
    rights
  • 111 101 101 is displayed as rwx r-x r-x by
    commands such as ls l
  • Owner has read, write and execute access
  • Group and world have read and execute access

71
File Protection
  • Applies to most specific group to which user
    belongs
  • Protection mechanism first tries to match
    requesting UID with file owner UID
  • If match then requester has those access rights
  • Else protection mechanism then tries to match
    requesting GID with file GID
  • If match then requester has group access rights
  • Otherwise requester has world access rights

72
File Protection
  • Given the following output from ls l
  • -rwxr-xr-x jason research ... test.exe
  • ----rwxr- jason research ... example.exe
  • jason has full access to test.exe
  • jason has no access to example.exe even if he
    belongs to the research group
  • Any member of the research group (except jason)
    has full access to example.exe

73
Windows 2000 Security Mechanisms
74
Windows 2000 Authentication
  • The Winlogon process initiates the authentication
    procedure by intercepting the user secure
    attention sequence (CtrlAltDel)
  • The user enters a username and password and
    authenticates to a Windows 2000 domain using the
    Kerberos protocol
  • A successful authentication process results in an
    access token being returned to the Winlogon
    process
  • The access token is bound to the authenticated
    user

75
Windows 2000 Authorization
  • When a process makes a file access request the
    access token is presented to the NTFS service
  • The NTFS service forwards the request, the access
    token and the files access control list (ACL) to
    the security reference monitor (SRM)
  • The SRM compares the identities contained in the
    access token with those in the ACL entries

76
Windows 2000 Authorization
Access token
File access request
Object handle
Requested access mask access token and DACL
DACL
Granted access mask
77
Access Masks
  • Windows recognizes several different access
    rights and encodes them in a 32-bit access mask
  • An access request is handled as an access mask
  • The security reference monitor constructs a
    granted access mask
  • If the granted access mask is the same as the
    requested access mask then access is granted

78
Access Control Entries
  • Each file in Windows 2000 has a security
    descriptor
  • The most important item in the security
    descriptor is the discretionary access control
    list (DACL)
  • The DACL is a list of access control entries
    (ACEs)
  • Each ACE contains a security identifier and an
    access mask

79
Building the Granted Access Mask
  • The SRM examines each ACE
  • If the access token contains an SID that matches
    the ACE SID then
  • The matching entries in the requested access mask
    and the ACE access mask are added to the granted
    access mask
  • When the end of the DACL is reached the requested
    and granted access masks are compared

80
Building the Granted Access Mask
  • Requested access mask 0110
  • Initial granted access mask 0000
  • Access token contains SIDs 1, 4 and 5
  • Access denied

DACL
Granted access mask
SID 1 Access mask 1010
0010
SID 2 Access mask 0100
0010
SID 3 Access mask 1100
0010
SID 4 Access mask 0011
0010
81
Bells and Whistles
  • Windows 2000 also has
  • Access-denied ACEs
  • Inherit-only ACEs
  • Restricted SIDs
  • Disabled SIDs
  • Deny-only SIDs
  • Privileges

82
Why Are Operating Systems Insecure?
  • If an attacker can obtain Administrator access in
    Windows 2000 or root access in Unix then the
    security of the system can be fatally compromised
  • Software vulnerabilities
  • Incorrect or inadequate validation of user input
  • Poor design
  • Poor programming practice
  • Poor implementation of standards
  • Configuration vulnerabilities
  • Poor choice of passwords and password policies
  • Lack of control over services running on servers

83
Hardening Operating Systems
  • Remove vulnerabilities
  • Use security controls provided by operating
    system
  • Follow the principle of least privilege
  • Delete all access rights that are not required
  • Remove or disable all services that are not
    required
  • Use dedicated servers
  • Multiple services on a single machine mean more
    avenues of attack and the compromise of all
    services
  • Simpler to manage and defend against attack
  • Rename powerful accounts and use strong passwords
  • Many default accounts are powerful and have
    preset passwords

84
Further Reading
  • C.P. Pfleeger. Security in Computing,
    Prentice-Hall (1997)
  • B. Schneier. Secrets and Lies, Wiley (2000)
  • R. Anderson. Security Engineering, Wiley (2000)
  • D.E. Bell and L. LaPadula. Secure Computer
    Systems Mathematical Foundations, Mitre
    Corporation Technical Report MTR-2547 (1973)
  • D.D. Clark and D.R. Wilson. A comparison of
    military and commercial computer security
    policies, Proceedings of IEEE Symposium on
    Security and Privacy, 184194 (1987)
  • R.S. Sandhu et al. Role-based access control
    models, IEEE Computer, 29(6), 3847 (1996)

85
Information Security Reports
  • CERT (Computer Emergency Response Team)
  • http//www.cert.org/
  • SysAdmin, Audit, Network, Security (SANS)
    Institute
  • http//www.sans.org/
  • Security Tracker
  • http//www.securitytracker.com/
Write a Comment
User Comments (0)
About PowerShow.com