amr security lect01
Post on 19-Jul-2016
7 Views
Preview:
DESCRIPTION
TRANSCRIPT
CSEN 1001
Computer and Network SecurityAmr El MougyAmr Osman
Course Details• Instructor:
Amr El MougyEmail: amr.elmougy@guc.edu.egOffice hours: Mon 12:00-1:00
Thursday 3:00-4:00
Office: C7.312
• Assessment:
Assignments5% Quizz
es10%
Class Work
5%
Project20%
Mid-term20%
Final40%
•TA:Amr OsmanEmail: amr.salaheldin@guc.edu.egOffice: C7.220
Course Details• Text book and some lecture slides:
Authors: William Stallings and Lawrie BrownTitle: Computer Security, Principles and PracticePublisher: Pearson Education, Inc., 2008
• Note: These slides are not meant to be comprehensive lecture notes! They are only remarks and pointers. The material presented here is not sufficient for studying for the course. Your main sources for studying are the text and your own lecture notes
Course Details• Security concepts• Cryptographic tools• User authentication• Access control• Security attacks• Prevention systems• Software Security• Cryptographic algorithms• Internet security• Management issues
Lecture (1)
Introduction and Key Security Concepts
Definitions• The US-based National Institute for Standards and Technology (NIST)
defines computer security as follows:
[Computer security is] the protection afforded to an automated information system in order to attain the applicable objectives of preserving integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
Definition (Computer Security)
Key Security Concepts
CIA Triad
ConfidentialityConfidentiality covers two concepts:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals
Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed
IntegrityIntegrity as a security goal also covers two related concepts:
Data integrity: Assures that information and programs are changed only in a specified and authorized manner
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
Availability
Availability ensures that a system works promptly and service is not denied to authorized users. A loss of availability is the disruption of access to or use of information or an information system
Further ConsiderationsSome additional aspects are often mentioned:
Authenticity:• The property of being genuine and able to be verified• Confidence in the validity of a transmission, verifiability of a message originator, inputs
arriving from trusted sources• Verifiability of a user’s identity
Accountability:• Actions can be uniquely traced to their originator• Essential for nonrepudiation, deterrence, fault isolation, intrusion detection, after
action recovery, legal action• Truly secure systems are not achievable, so security breaches must be traceable
DAD Triad• The complement of CIA
Denial
AlternationDi
sclo
sure
Unauthorized individuals gain access to confidential information
Data is modified or destroyed through some unauthorized mechanism
Authorized users can not gain access to a system for legitimate purposes
DAD activities may be malicious or accidental
Levels of Security Breaches
Low
Moderate
High
• Limited adverse effect• System performs its primary functions• Minor damages to assets and individuals
• Serious adverse effect• System performs its primary functions
with lower efficiency• Significant damage to assets and
individuals (no loss of life)
• Catastrophic adverse effect• System unable to perform its
primary functions• Major damage to assets and
individuals
Layered Security AspectsSecurity considerations include:Physical securityOperating system security
Windows, Mac OS, Unix/Linux (Sun OS, Solaris, Open BSD, . . . )Application layer security
Browser, e-mail client, . . .Communication security
• Encryption• Firewalls• Intrusion detection systems
Computer Security Challenges1. not simple2. must consider potential attacks3. procedures used counter-intuitive4. involve algorithms and secret info5. must decide where to deploy mechanisms6. battle of wits between attacker / admin7. not perceived on benefit until fails8. requires regular monitoring9. too often an after-thought10. regarded as impediment to using system
Security Vocabulary System resource: (Asset)
Data, services, capabilities (processing power, communication bandwidth), equipment, etc.Adversary:
An entity that attacks or is a threat to a systemAttack:
An assault from an intelligent threat; an intelligent act manifesting a deliberate attempt to breach securityVulnerability:
A flaw or weakness that could be exploited to violate a system’s securityThreat:
A potential to violate security; a possible danger that might exploit a vulnerabilityRisk:
Probability of a particular threat exploiting a particular vulnerabilitySecurity policy:
A set of rules and practices that regulate how a system provides security for their assetsCountermeasure:
An action or device to reduce a threat/vulnerability/attack by eliminating or preventing it or by minimizing adverse effects
Security Vocabulary
Countermeasures
Owners
Vulnerabilities
Threat Agents
Threats
Risk
Assetsto
to
value
wish to minimize
imposeto reduce
that may possesthat may be
reduced by
may be aware of
Wish to abuse and/or may damage
give rise to
that exploit
leading to
that increase
ExampleThe water flowing to the right is a threat to the man (he might catch a cold)Example: The existence of a particular virus
The crack in the wall is a vulnerabilityExample: Open ports on a computerVulnerability + Threat = Risk! Vulnerability ThreatRisk
Vulnerabilities and AttacksSystem resource vulnerabilities may• be corrupted (loss of integrity)• become leaky (loss of confidentiality)• become unavailable (loss of availability)
Attacks are threats carried out and may be• passive• active• insider• outsider
Typical ThreatsHacker• Anyone who attempts to penetrate the security of an information
system, regardless of intent• Early definition included anyone very proficient in computer useMalicious insider• Someone from within the organization that attempts to go beyond
the rights and permissions that they legitimately hold• Security professionals and system administrators are particularly
dangerous
Typical ThreatsMalicious code objectVirus:
A program that attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels
Worm: A program that takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system (e.g., sending itself to all of the e-mail list in your computer)
Trojan horse: A program that at first glance will appear to be useful software but will actually do damage once installed or run on your computer. It usually appears that is coming from a trusted source
CountermeasuresMeans used to deal with security attacks• prevent• detect• recover
May result in new vulnerabilitiesWill have residual vulnerabilityGoal is to minimize risk given constraints
Threat Consequences
Unauthorized Disclosure
• Exposure• Interception• Inference• Intrusion
Deception
• Masquerade• Falsification• Repudiation
Disruption
• Incapacitation• Corruption• Obstruction
Usurpation
• Misappropriation• Misuses
Attacks on Communication Networks
We distinguish:Passive attacks
• Attempts to learn or make use of information from the system but does not affect system resources• Eavesdropping or monitoring of transmissions
Active attacks• Attempts to alter system resources or affect their operation.
Passive AttacksRelease of message contents / snoopingTraffic analysis / spoofingPassive attacks are hard to detect!
Active Attacks
Masquerade: One entity pretends to be a different entity
Replay attack: Passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Active AttacksModification attack: Some
portion of a legitimate message is altered or messages are reordered to produce an unauthorized effect
Denial of service: Prevents or inhibits the normal use or management of communications facilities
Security Functional Requirements
Technical measures:• Access control; identification & authentication; system & communication
protection; system & information integrityManagement controls and procedures: • Awareness & training; audit & accountability; certification, accreditation, &
security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition
Overlapping technical and management:• Configuration management; incident response; media protection
threat + vulnerability = riskRisk analysis, assessment, and management are
required
Risk AnalysisActions involved in risk analysis:
• Determine which assets are most valuable• Identify risks to assets• Determine the likelihood of each risk occurring• Take action to manage the risk
Security professionals formalize the risk analysis process
Step 1: Asset ValuationStep 1 in risk analysis process: Asset valuation
• Identify the information assets in the organization-Hardware, software, and information/data
•Assign value to those assets using a valuation method
Asset Valuation MethodsReplacement cost valuation
• Replacement cost (also called current cost accounting or CCA) values assets based on what it would cost to replace them if they were acquired today
• For example, if Utility Company were placing this same plant today, the materials would cost $530,000 and the installation would cost $56,000. The replacement cost value is $586,000
Original cost valuation• Original cost (also called historic cost accounting or HCA) values assets based on what the company
actually spent for the assets when they were acquired• Example: In 1990, Utility Company spent $500,000 to purchase the materials for its fixed lines and
$50,000 to install them. The original cost value of these assets is $550,000 before depreciationDepreciated valuation
• Uses the original cost less an allowance for value deterioration (original value – how much drop in its price since purchased)
Qualitative valuation• Assigns priorities to assets without using dollar values
Step 2: Risk Assessment Qualitative Assessment
Quantitative Assessment
Focuses on analyzing intangible properties of an asset rather than financial value
Prioritizes risks to aid in the assignment of security resources
Relatively easy to conduct
Assigns dollar values to each risk based on measures such as: asset value (AV).
Assesses the exposure factor (EF), i.e., the expected portion (%) that can be destroyed by a given risk
Assesses the annualized rate of occurrence (ARO), i.e., the number of times you expect the risk to occur.
Determines the single loss expectancy (SLE), amount of damage each time the risk occur (SLE = AV × EF)
Evaluates the annualized loss expectancy (ALE), i.e., the amount of damage each year from a given risk (ALE = ARO × SLE)
Step 3: Managing RisksRisk avoidance
• Used when a risk overwhelms the benefits gained from having a particular mechanism available
• Avoid any possibility of risk by disabling the mechanism that is vulnerable• Disabling e-mail is an example of risk avoidance
Risk mitigation• Used when a threat poses a great risk to a system• Takes preventative measures to reduce the risk• A firewall is an example of risk mitigation
Risk acceptance• Useful when risk or potential damage is small• Do nothing to prevent or avoid the risk
Risk transference• Ensure that someone else is liable if damage occurs• Buy insurance for example
Security TradeoffsSecurity can be seen as a tradeoff between risks and benefits Cost of implementing the security mechanism vs. the amount
of damage it may preventTradeoff considerations:• user convenience• business goals• expenses
X.800 Security Architecture• X.800, Security Architecture for OSI• Systematic way of defining requirements for security and
characterizing approaches to satisfying them• Defines:• Security attacks - compromise security • Security mechanism - act to detect, prevent, recover from attack• Security service - counter security attacks
Security Taxonomy
top related