Date post: | 27-Dec-2015 |
Category: |
Documents |
Upload: | junior-clark |
View: | 218 times |
Download: | 0 times |
Gerhard SteinkeBUS 3620
Steinke 1
According to Internetworldstats.com, there are 2,095,006,005 internet users worldwide
It is now unsafe to turn on your computer...
Steinke 2
Steinke3
Web Defacements
Software Bugs
Buffer Overflows
Backdoors
Viruses
Denial of Service
Worms
“SneakerNet”
Corporate Spies Script Kiddies
Employee Error
War Drivers
Trojans
Password Crackers
“Blended Threats”
Slammed on All Sides
Rogue Insiders
Network vulnerabilities
Confidentiality Protecting information from unauthorized
disclosure Integrity
Protecting information from unauthorized alternation/destruction
Availability Ensuring the availability and access to the
information
4
CConfidentialityonfidentiality IIntegrityntegrity
AAvailabilityvailability
Internal (authorized users (intentional & unintentional), contract worker, etc.)
Hackers (‘script kiddies’ to experts) Industrial Espionage (legal? acceptable in
some countries and sometimes government funded)
Foreign Espionage Criminal (financial or criminal motivation) Other (terrorists, political activists)
Steinke 5
The threat is global The attack sophistication is increasing The skill level required to become a threat is
decreasing We live in a “Target Rich” environment Exposure time and response time are critical
Steinke 6
Corrupting Information Viruses, worms File deletion Data tampering (medical & financial), Web page hacks
Disclosing Information Public release of private data Selling of private or financial data (e.g., stolen charge
card numbers) Stealing Service
Using site as intermediary for attacks Denial of Service (preventing the use of IT
resources) Network flooding Crashing systems or services
Steinke 7
Steinke 8
A system which examines network packets entering/leaving an organization and determines whether the packets are allowed to travel ‘through’ the firewall
Steinke 9
Organization
Steinke 10
MailServer
ExternalFirewall
Internet
InternalFirewall
Client
ClientInternalServer
WebServer
attempts to detect/prevent someone breaking into your system
running in background and notifies you when…
Steinke 11
Match
Alarm
Can you decrypt these?
mfuttubsu
cepninotry
Steinke 12
Disguising message in order to hide its substance Based in logic and mathematics
Confidentiality ◦ Message wasn’t changed
Authentication◦ who really sent message?
Integrity◦ was message altered?
Non-repudiation◦ so sender cannot deny they sent message
Steinke 13
Substitution Cipher (13)ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM Transposition Cipher
Rearranging all characters in the plaintext Attack: frequency of letters Concealment – hide in text Break Encryption by brute force - try all possible
keys key length
Steal, bribe, replace encryption software, flaws in system
Steinke 14
Hiding information http://www.jjtc.com/Steganography/ http://www-users.aston.ac.uk/~papania1/ste
gano.html S-tools demo
Steinke 15
same key for encryption and decryption confidentiality secure key distribution required
◦ otherwise could impersonate sender as well scalability - n users require n*(n-1)/2 keys
Steinke 16
Two keys – one encrypts, the other decrypts
Public and Private keys generated as a pair Private key for user Public key for distribution
Each key decrypts what the other encrypts Confidentiality, integrity, authentication
and non-repudiation Intensive computations, slow
17
18
Create hash value / digital fingerprint Provides integrity checking Shorter than original message
◦ Variable length message to fixed length hash value
One way function, can’t go back Appended to message Examples:
◦ MD5 - 128 bit hash◦ SHA - 160 bit, by NIST, NSA in DSS (Digital
Signature Standard)
19
Create a hash value Encrypt hash value with your private key Attach to message to be sent Encrypt with recipients public key Send
20
Integrity – Message not changed Authentication - Verify sender identity and
message origin Creates non-repudiation Applications:
◦ Used to authenticate software, data, images◦ Used with electronic contracts, purchase orders◦ Protect software against viruses
21
Security policy◦ document security principles
Educate users - what and why of security Physical Security Monitor network Passwords
Steinke 22
gateway to network access to information on PC power on password, screen saver password encryption password protect files, disk drive erase information when deleting a file
Steinke 23
control program change requests require multiple authorizations require full documentation independent testing of changes check with operations before acceptance procedure to handle emergency situations
Steinke 24
investigate error messages, reports, alarms monitor communication lines for failures,
problems monitor network status for operational, out-
of-service stations monitor traffic queues for congestion control tapes, disks and other system
materials to ensure proper labeling and retention
Steinke 25
maintain backup for programs, tapes and other material
examine system printouts, program dumps, recovery printouts
monitor vendor and maintenance personnel control testing during operational hours ensure that changes to hardware and
software are necessary
Steinke 26
Identify people by measuring some aspect of individual anatomy or physiology, some deeply ingrained skill, or other behavioral characteristic or something that is a combination of the two◦ Handwritten signatures◦ Face Recognition◦ Fingerprints◦ Iris Codes◦ Voice◦ Retina Prints◦ DNA Identification◦ Palm Prints◦ Handwriting Analysis
27
All recognition systems are subject to error ‘Fraud’ / ‘false positive’
◦ A client is accepted as authenticated when they should have been rejected
‘Insult’ / ‘false negative’◦ A client is rejected as NOT authenticated when in
fact they should have been accepted.
28
The oldest way There is widespread acceptance (and
requirement!) for photo ID The issuing of other authentication devices
(like passwords, key cards, digital signatures) usually depends on facial recognition by the agents of the issuing authority
Photo-ID is not particularly reliable, but has a very significant deterrent effect
29
Strengths: Database can be built from driver’s license records,
visas, etc. Can be applied covertly (surveillance photos). (Super
Bowl 2001) Few people object to having their photo taken
Weaknesses: No real scientific validation
Attacks: Surgery Facial Hair Hats Turning away from the camera
Defenses: Scanning stations with mandated poses
30
Accounts for the majority of sales of biometric equipment◦ The ridges that cover the fingertips make
patterns, that were classified in the 1800’s◦ These patterns have loops of several distinct
types, branches, and endpoints. Because of the association with criminals,
commercial users are very reluctant to impose fingerprinting systems upon their clients
Fingerprint sensors on laptops
31
32
Iris patterns believed to be unique The patterns are easy enough to detect They do not wear out They are protected by the eyelids and
cornea Easier to capture and process than
fingerprints A processing technique is used to generate
a 256 byte iris code Low false acceptance rates
33
Practical difficulties:◦ Capturing the iris image is intrusive◦ The subject has to be co-operative
34
Strengths:◦ Most systems have audio hardware◦ Works over the telephone◦ Can be done covertly◦ Lack of negative perception
Weaknesses:◦ Background noise ◦ No large database of voice samples
Attacks:◦ Tape recordings◦ Identical twins / soundalikes
35
Typical systems measure 90 different features: Overall hand and finger
width Distance between joints Bone structure
Primarily for access control: Machine rooms Olympics
Strengths: No negative
connotations – non-intrusive
Reasonably robust systems
Weaknesses: Accuracy is limited
36
Retina Scan◦ Very popular in the 1980s military; not used much
anymore. Facial Thermograms Vein identification Scent Detection Gait recognition Handwriting
37
Biometric Approx Template Size
Voice 70k – 80k
Face 84 bytes – 2k
Signature 500 bytes – 1000 bytes
Fingerprint 256 bytes – 1.2k
Hand Geometry 9 bytes
Iris 256 bytes – 512 bytes
Retina 96 bytes
38
39
Awareness and Training
Management Sponsorship
Assessment
Policies &Procedures
Practices and Procedures
Reporting
Service Provider Compliance
impossible to provide complete security match to value of assets provide good security but keep system easy
to useeasy to use, little security <-----> difficult to use, high security
Steinke 40