Post on 23-Feb-2016
description
Lecture 1: Overview
modified from slides of Lawrie Brown
OutlineThe focus of this chapter is on three fundamental questions:
• What assets do we need to protect?
• How are those assets threatened?
• What can we do to counter those threats?
Computer Security Overview• The NIST Computer Security Handbook defines
the term Computer Security as: “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” includes hardware, software, firmware, information/data, and telecommunications.
The CIA Triad
Key Security Concepts
Confidentiality
• preserving authorized restrictions on information access and disclosure.
• including means for protecting personal privacy and proprietary information
• guarding against improper information modification or destruction,
• including ensuring information nonrepudiation and authenticity
Availability
• ensuring timely and reliable access to and use of information
Integrity
Is this all?
Levels of Impact
Low
The loss could be expected to have a limited adverse
effect on organizational
operations, organizational
assets, or individuals
Moderate
The loss could be expected to have a serious adverse
effect on organizational
operations, organizational
assets, or individuals
High
The loss could be expected to have
a severe or catastrophic
adverse effect on organizational
operations, organizational
assets, or individuals
Computer Security Challenges• computer security is not as simple as it might
first appear to the novice• potential attacks on the security features must
be considered• procedures used to provide particular services
are often counterintuitive• physical and logical placement needs to be
determined• multiple algorithms or protocols may be
involved
Computer Security Challenges• attackers only need to find a single weakness,
the developer needs to find all weaknesses• users and system managers tend to not see the
benefits of security until a failure occurs• security requires regular and constant
monitoring• is often an afterthought to be incorporated into
a system after the design is complete• thought of as an impediment to efficient and
user-friendly operation
9
Computer Security Terminology• Adversary (threat agent)
– An entity that attacks, or is a threat to, a system.• Attack
– An assault on system security that derives from an intelligent threat; a deliberate attempt to evade security services and violate security policy of a system.
• Countermeasure– An action, device, procedure, or technique that reduces a
threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.
10
Computer Security Terminology
• Risk– An expectation of loss expressed as the probability that a
particular threat will exploit a particular vulnerability with a particular harmful result.
• Security Policy– A set of rules and practices that specify how a system or org
provides security services to protect sensitive and critical system resources.
• System Resource (Asset)– Data; a service provided by a system; a system
capability; an item of system equipment; a facility that houses system operations and equipment.
11
Computer Security Terminology
• Threat– A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could breach security and cause harm.
• Vulnerability– Flaw or weakness in a system's design, implementation,
or operation and management that could be exploited to violate the system's security policy.
12
Security Concepts and Relationships
Assets of a Computer System
Hardware
Software
Data
Communication facilities and networks
14
Vulnerabilities, Threats and Attacks
• vulnerabilities– leaky (loss of confidentiality)– corrupted (loss of integrity)– unavailable or very slow (loss of availability)
• threats– capable of exploiting vulnerabilities– represent potential security harm
• attacks (threats carried out)– passive or active attempt to alter/affect system resources– insider or outsider
15
Countermeasuresmeans used to deal
with security attacks
may introduce new vulnerabilities
Residual vulnerabilities may
remaingoal is to minimize
residual level of risk to the assets
• prevent• detect• recover
Lecture 2: Overview (cont)
modified from slides of Lawrie Brown
by Peter Steiner, New York, July 5, 1993
18
Threat ConsequencesUnauthorized disclosure is a threat to confidentiality
• Exposure: This can be deliberate or be the result of a human, hardware, or software error
• Interception: unauthorized access to data
• Inference: e.g., traffic analysis or use of limited access to get detailed information
• Intrusion: unauthorized access to sensitive data
19
Threat ConsequencesDeception is a threat to either system or data integrity• Masquerade: an attempt by an unauthorized
user to gain access to a system by posing as an authorized user
• Falsification: altering or replacing of valid data or the introduction of false data
• Repudiation: denial of sending, receiving or possessing the data.
20
Threat ConsequencesUsurpation is a threat to system integrity.
• Misappropriation: e.g., theft of service, distributed denial of service attack
• Misuse: security functions can be disabled or thwarted
21
Threat ConsequencesDisruption is a threat to availability or system integrity• Incapacitation: a result of physical destruction
of or damage to system hardware• Corruption: system resources or services
function in an unintended manner; unauthorized modification
• Obstruction: e.g. overload the system or interfere with communications
22
Scope of Computer Security
23
Computer and Network Assets
Jamming
24
Passive and Active Attacks• Passive attacks attempt to learn or make use of information
from the system but does not affect system resources• eavesdropping/monitoring transmissions• difficult to detect• emphasis is on prevention rather than detection• two types:
– message contents– traffic analysis
• Active attacks involve modification of the data stream• goal is to detect them and then recover• categories:
– masquerade– replay– modification of messages– denial of service
25
Security Functional Requirementscomputer security technical measures
• access control• identification &
authentication; • system &
communication protection
• system & information integrity
management controls and procedures
• awareness & training• audit & accountability• certification,
accreditation, & security assessments
• contingency planning• maintenance• physical &
environmental protection
• planning• personnel security• risk assessment• systems & services
acquisition
overlap computer security technical
measures and management controls
• configuration management
• incident response• media protection
26
• assuring a communication is from the source that it claims to be from– interference by a third party
masquerading as one of the two legitimate parties
• Peer Entity Authentication– corroboration of the identity
of a peer entity – confidence that an entity is
not performing • a masquerade or • an unauthorized replay
AuthenticationService
Data Origin Authentication corroboration of the source of
a data supports applications where
there are no prior interactions
27
• limit and control the access to host systems and applications
• each entity trying to gain access must first be identified, or authenticated
Access ControlService
NonrepudiationService
prevents either sender or receiver from denying a transmitted message
28
• protection of transmitted data from passive attacks
• protects user data transmitted over a period of time
– connection confidentiality
– connectionless confidentiality
– selective-field confidentiality
– traffic-flow confidentiality
Data Confidentiality
Service
29
• can apply to a stream of messages, a single message, or selected fields within a message
• with and without recovery
• connectionless integrity service – provides protection against
message modification only
• connection-oriented integrity service – assures that messages are
received as sent• no duplication, insertion
modification, reordering, or replays
Data IntegrityService
30
• a service that protects a system to ensure its availability– being accessible and
usable upon demand by an authorized system entity
• a variety of attacks can result in the loss of or reduction in availability
• some of these attacks are amenable to authentication and encryption
• some attacks require a physical action to prevent or recover from loss of availability
• depends on proper management and control of system resources
AvailabilityService
31
Security Implementation
response
prevention
recovery
detection
complementary courses of
action
Security Mechanism• Feature designed to
– Prevent attackers from violating security policy– Detect attackers’ violation of security policy– Response to mitigate attack– Recover, continue to function correctly even if attack
succeeds
• No single mechanism that will support all services– Authentication, authorization, availability,
confidentiality, integrity, non-repudiation32
Fundamental Security Design Principles
Economy of mechanism
Fail-safe defaults
Complete mediation Open design
Separation of privilege Least privilege Least common
mechanismPsychological acceptability
Isolation Encapsulation Modularity Layering
Least astonishment
Attack Surfaces
Consist of the reachable and exploitable vulnerabilities in a system
Examples:
Open ports on outward facing Web and other
servers, and code listening on those ports
Services available on
the inside of a firewall
Code that processes
incoming data, email, XML,
office documents,
and industry-specific custom data exchange
formats
Interfaces, SQL, and Web forms
An employee with access to
sensitive information
vulnerable to a social
engineering attack
Attack Surface Categories
Network Attack Surface
Vulnerabilities over an enterprise network, wide-
area network, or the Internet
Included in this category are network protocol
vulnerabilities, such as those used for a denial-of-service attack, disruption of communications links,
and various forms of intruder attacks
Software Attack Surface
Vulnerabilities in application, utility, or
operating system code
Particular focus is Web server software
Human Attack Surface
Vulnerabilities created by personnel or outsiders,
such as social engineering, human
error, and trusted insiders
36
Security Technologies Used
37
Types of Attacks Experienced
38
Defense in Depth and Attack Surface
40
Computer Security Strategy
Specification & policy
what is the security scheme supposed to do?
Implementation & mechanisms
how does it do it?
Correctness & assurance
does it really work?
Computer Security StrategySecurity Policy• Formal statement of rules and
practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources
Security Implementation• Involves four complementary
courses of action:• Prevention• Detection• Response• Recovery
Assurance• The degree of confidence one has
that the security measures, both technical and operation, work as intended to protect the system and the information it processes
Evaluation•Process of examining a computer
product or system with respect to certain criteria
42
Security Policy• formal statement of rules and practices that
specify or regulate security services• factors to consider:
– value of the protected assets– vulnerabilities of the system– potential threats and the likelihood of attacks
• trade-offs to consider:– ease of use versus security– cost of security versus cost of failure and recovery
43
Assurance and Evaluation• assurance
– the degree of confidence one has that the security measures work as intended
– both system design and implementation
• evaluation– process of examining a system with respect to
certain criteria– involves testing and formal analytic or
mathematical techniques
Early Hacking – Phreaking• In1957, a blind seven-year old, Joe Engressia
Joybubbles, discovered a whistling tone that resets trunk lines– Blow into receiver – free phone calls
45
Cap’n Crunch cereal prizeGiveaway whistle produces 2600 MHz tone
The Seventies• John Draper
– a.k.a. Captain Crunch– “If I do what I do, it is onlyto explore a system”
• In 1971, built Bluebox– with Steve Jobs and Steve Wozniak
46
The Eighties• Robert Morris worm - 1988
– Developed to measure the size of the Internet• However, a computer could be infected multiple times
– Brought down a large fraction of the Internet • ~ 6K computers
– Academic interest in network security 47
The Nineties• Kevin Mitnick
– First hacker on FBI’s Most Wanted list– Hacked into many networks
• including FBI– Stole intellectual property
• including 20K credit card numbers– In 1995, caught 2nd time
• served five years in prison
48
Code-Red Worm• On July 19, 2001, more than 359,000 computers connected to the
Internet were infected in less than 14 hours
• Spread
49
Sapphire Worm• was the fastest computer worm in history
– doubled in size every 8.5 seconds– infected more than 90 percent of vulnerable hosts
within 10 minutes.
50
DoS attack on SCO
• On Dec 11, 2003– Attack on web and FTP servers of SCO
• a software company focusing on UNIX systems
– SYN flood of 50K packet-per-second
– SCO responded to more than 700 million attack packets over 32 hours
51
Witty Worm
• 25 March 2004– reached its peak activity after approximately 45
minutes– at which point the majority of vulnerable hosts
had been infected• World• USA
52
Nyxem Email Virus
Jan 15, 2006: infected about 1M computers within two weeks– At least 45K of the infected computers were
also compromised by other forms of spyware or botware
• Spread
53
Sipscan Botnet
a botnet-orchestrated stealth scan of the entire IPv4 address space 31 Jan–12 Feb 2011
• probing
54