Date post: | 16-Dec-2015 |
Category: |
Documents |
Upload: | allyson-rich |
View: | 225 times |
Download: | 4 times |
K. Salah 1
Introduction to SecurityIntroduction to Security
Overview of Computer SecurityOverview of Computer Security
K. Salah 2
Why is security important?Why is security important?
Computers and networks are the nerves of Computers and networks are the nerves of the basic services and critical the basic services and critical infrastructures in our societyinfrastructures in our society Financial services and commerce Transportation Power grids Etc.
Computers and networks are targets of Computers and networks are targets of attacks by our adversariesattacks by our adversaries
K. Salah 3
Why is security so hard?Why is security so hard?
The complexity of computers and networksThe complexity of computers and networks Increases Internet usageIncreases Internet usage User expectationUser expectation Lack of awareness of threats and risksLack of awareness of threats and risks
Software by peopleware Social engineering
Defense is inherently more expensiveDefense is inherently more expensive Offense only needs the weakest link
Ample cracking toolsAmple cracking tools
K. Salah 5
Tempset AttackTempset Attack
TempestTempest is an acronym for Transient ElectroMagnetic Pulse
Emanation Surveillance. This is the science of monitoring at a distance electronic
signals carried on wires or displayed on a monitor. It is of enormous importance to serious cryptography
snoopers. To minimize a tempest attack you should screen all the
cables between your computer and your accessories, particularly your monitor.
A non CRT monitor screen such as those used by laptops (or plasma TV) offers a considerable reduction in radiated emissions and is recommended.
K. Salah 6
Type of AttackersType of Attackers
AmateursAmateurs: regular users, who exploit the vulnerabilities of the computer : regular users, who exploit the vulnerabilities of the computer systemsystem aka “Smart kiddies” Less experienced Motivation: easy access to vulnerable resources
Hackers/CrackersHackers/Crackers: attempt to access computing facilities for which they do : attempt to access computing facilities for which they do not have the authorizationnot have the authorization Experts Motivation: enjoy challenge, curiosity
Career criminalsCareer criminals: professionals who understand the computer system and : professionals who understand the computer system and its vulnerabilitiesits vulnerabilities Motivation: personal gain (e.g., financial)
IntrudersIntruders are all of the above are all of the above
K. Salah 7
Methods of DefenseMethods of Defense
PreventPrevent: block attack: block attackDeterDeter: make the attack harder: make the attack harderDeflectDeflect: make other targets more : make other targets more
attractive attractive E.g. is honeypots
DetectDetect: identify misuse : identify misuse TolerateTolerate: function under attack : function under attack RecoverRecover: restore to correct state: restore to correct state
K. Salah 8
Computer Security DomainsComputer Security Domains Physical securityPhysical security -- Controlling the comings and goings of people and -- Controlling the comings and goings of people and
materials; protection against the elements and natural disasters materials; protection against the elements and natural disasters
Operational/procedural securityOperational/procedural security -- Covering everything from managerial -- Covering everything from managerial policy decisions to reporting hierarchies policy decisions to reporting hierarchies
Personnel securityPersonnel security -- Hiring employees, background screening, training, -- Hiring employees, background screening, training, security briefings, monitoring, and handling departures security briefings, monitoring, and handling departures
System securitySystem security -- User access and authentication controls, assignment of -- User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing. OS and database systems. processes, log-keeping, and auditing. OS and database systems.
Network securityNetwork security -- Protecting network and telecommunications equipment, -- Protecting network and telecommunications equipment, protecting network servers and transmissions, combating eavesdropping, protecting network servers and transmissions, combating eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions controlling access from untrusted networks, firewalls, and detecting intrusions
Information SecurityInformation Security – Hiding of information (cryptography) and also – Hiding of information (cryptography) and also security of information in transit over a network. Examples: e-commerce security of information in transit over a network. Examples: e-commerce transactions, online banking, confidential e-mails, file transfers, record transactions, online banking, confidential e-mails, file transfers, record transfers, authorization messages, etc.transfers, authorization messages, etc.
K. Salah 9
What is Security?What is Security?
Keeping something (information in our case) Keeping something (information in our case) secure againstsecure against Someone stealing it Someone destroying it Someone changing it Someone preventing me from using it
More SpecificallyMore Specifically Confidentiality: nobody else can see it Integrity: nobody else can change it Availability: I can get at it whenever I want
K. Salah 10
Basic Components of SecurityBasic Components of Security
ConfidentialityConfidentiality Keeping data and resources secret or hidden
IntegrityIntegrity Ensuring authorized modifications; Includes correctness and trustworthiness
AvailabilityAvailability Ensuring authorized access to data and resources when desired
AccountabilityAccountability Ensuring that an entity’s action is traceable uniquely to that entity
Security assuranceSecurity assurance Assurance that all four objectives are met
K. Salah 12
Information security todayInformation security today
Emergence of the Internet and distributed systemsEmergence of the Internet and distributed systems Increasing system complexity
Digital information needs to be kept secureDigital information needs to be kept secure Competitive advantage Protection of assets Liability and responsibility
Financial lossesFinancial losses There are reports that the annual financial loss due to information
security breaches is between 5 and 45 billion dollars National defenseNational defense
Protection of critical infrastructures: Power Grid; Air transportation
Interlinked government agencies Severe concerns regarding security management and access control
measures
K. Salah 13
TerminologyTerminology
SecurityFeatures
orServices
InformationInformation
Attackers/Intruders/Malfeasors
Requirements& Policies
SecurityMechanisms
Security Architecture
K. Salah 14
Attack Vs ThreatAttack Vs Threat
A threat is a “potential” violation of securityA threat is a “potential” violation of security The violation does not need actually occur The fact that the violation might occur makes it
a threat It is important to guard against threats and be
prepared for the actual violation “being paranoid”
The actual violation of security is called an The actual violation of security is called an attackattack
K. Salah 15
Common security attacksCommon security attacks
Interruption, delay, denial of receipt or denial of serviceInterruption, delay, denial of receipt or denial of service System assets or information become unavailable or are
rendered unavailable
Interception or snoopingInterception or snooping Unauthorized party gains access to information by browsing
through files or reading communications
Modification or alterationModification or alteration Unauthorized party changes information in transit or information
stored for subsequent access
Fabrication, masquerade, or spoofingFabrication, masquerade, or spoofing Spurious information is inserted into the system or network by
making it appear as if it is from a legitimate entity
K. Salah 16
Malicious Code or malwareMalicious Code or malware
TrapdoorsTrapdoorsTrojan HorsesTrojan Horses BacteriumBacterium
Logic BombsLogic Bombs WormsWorms VirusVirus
XFiles
K. Salah 18
Trojan/Backdoor ProgramTrojan/Backdoor Program
Trojan part: masquerades itself as a nice programTrojan part: masquerades itself as a nice program WildAnimals.scr (Any executable can be saved as .scr) YourDocumnet.doc … .exe
100 spaces followed by .exe
BackdoorBackdoor Once launched, it opens a communication channel (IRC,
FTP, telnet, etc) with a certain machine Can be used to hijack a machine if running proxy
communication protocols (ssh or socks4) and bypassing firewalls
Internet traffic would seem to be coming/outgoing from infected system and routed to attacker machine
K. Salah 19
Goals of SecurityGoals of Security
PreventionPrevention To prevent someone from violating a security policy
DetectionDetection To detect activities in violation of a security policy Verify the efficacy of the prevention mechanism
RecoveryRecovery Stop policy violations (attacks) Assess and repair damage Ensure availability in presence of an ongoing attack Fix vulnerabilities for preventing future attack Retaliation against the attacker
K. Salah 20
Operational IssuesOperational Issues
Cost-Benefit AnalysisCost-Benefit Analysis Benefits vs. total cost Is it cheaper to prevent or recover?
Risk AnalysisRisk Analysis Should we protect something? How much should we protect this thing? Risk depends on environment and change with time
Laws and CustomsLaws and Customs Are desired security measures illegal? Will people do them? Affects availability and use of technology