computer security prevention and detection of unauthorized actions by users of a computer system...

Computer Security

Prevention and detection of unauthorized actions by users of a computer system

• Confidentiality• Integrity• Availability

Access Control

• Limiting and controlling access to a shared resource

• Two approaches – 1) define what different subjects are allowed to do and 2) define what can be done to different objects

• Access permissions – Unix has read, write, and execute; Windows NT has read, write, execute, delete, change permission, and change ownership

Software Reliability

• How buggy software provides security vulnerability

• Why these problems are so common

The Ubiquity of Faulty Code

• Estimates from SEI are 5-15 errors/1000 LOC

• WIN2000 has 35-60 million LOC• Capers Jones study of errors in

COBOL programs• Problem of getting people to install

bug fixes

Risk

• What is risk?– Magnitude of loss– Likelihood of loss– Exposure to loss

• How well do people understand probability?

Vulnerabilities

Five steps to an attack1) Identify the specific target to be attacked and

gather information about the target2) Analyze the information and identify a

vulnerability in the target that will accomplish the attack objectives

3) Gain the appropriate level of access to the target4) Perform the attack on the target5) Complete the attack, which may include erasing

evidence of the attack, and avoid retaliation

The Vulnerability Landscape

• Physical• Virtual• Trust Model• System Life Cycle

Countermeasures

• Protection• Detection• Reaction

Threat Modeling

• What are the threats?• How would a hacker think about

attacking this system?

Use of Threat Modeling

• Risk Assessment• Security Design

1) Understand the real threats to the system and assess the risk of these threats

2) Describe the security policy necessary to defend against the threats

3) Describe the countermeasures that enforce the policy

Security Policies

• Good policies are appropriate for real threats

• Security policies should be written• Security policies should specify

security measures and who is responsible for their implementation, enforcement, audit, and review

Network

The Internet

Browser

Packet

Router

PacketRouter

Packet

Route

WebserverSoftware

Router

The globalInternet has

thousands of networks

Frames and Packets

ServerSwitch

Switch

RouterA

Router B

Client PC

Packet

Packet

Frame 1Carrying Packet

in Network 1

Frame 2Carrying Packet

in Network 2Frame 3Carrying Packet

in Network 3

Frames and Packets• Like passing a shipment (the packet) from

a truck (frame) to an airplane (frame) at an airport.

Truck

SameShipment

Airplane

Airport AirportTruck

Shipper Receiver

Network Layered Architecture

TCP/IP

Application

Transport

Internet

OSI

Subnet Access: UseOSI Standards Here

Hybrid TCP/IP-OSI

Application

Presentation

Session

Application

Transport Transport

Network Internet

Data Link Data Link

Physical Physical

Physical and Data Link Layers

• Physical (Layer 1): defines electrical signaling and media between adjacent devices

• Data link (Layer 2): control of a frame through a single network, across multiple switches

SwitchedNetwork 1

Data Link

Physical Link Frame

Internet Layer• Governs the transmission of a packet

across an entire internet. Path of the packet is its route

SwitchedNetwork 1

SwitchedNetwork 2

Switched Network 3 RouterRoute

Packet

Internet and Transport Layers

Transport LayerEnd-to-End (Host-to-Host)

Client PC ServerInternet Layer(Usually IP)

Hop-by-Hop (Host-Router or Router-Router)

Router 1 Router 2 Router 3

Hierarchical IP AddressNetwork Part (not always 16 bits)

Subnet Part (not always 8 bits)

Host Part (not always 8 bits)

Total always is 32 bits.

128.171.17.13

Host 13128.171.17.13

CBASubnet (17)

UH Network (128.171)The Internet

Domain Name Service

• Domain names and physical addresses

• The DNS is a database that shows domain names and physical addresses

IP Address Spoofing

Trusted Server60.168.4.6

Victim Server60.168.47.47

1. Trust Relationship

2. Attack Packet

Spoofed Source IP Address60.168.4.6

Attacker’s Identity is Not Revealed

Attacker’s Client PC1.34.150.37

3. Server Accepts Attack Packet

Internet Protocol (IP)

• IP Addresses and Security

– IP address spoofing: Sending a message with a false IP address

– Gives sender anonymity so that attacker cannot be identified

– Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts

Transmission Control Protocol (TCP)

• TCP Messages are TCP Segments– Flags field has several one-bit flags:

ACK, SYN, FIN, RST, etc.

Window Size(16 bits)

Flag Fields(6 bits)

Reserved(6 bits)

HeaderLength(4 bits)

Communication During a TCP Session

PCTransport Process

WebserverTransport Process

1. SYN (Open)

2. SYN, ACK (1) (Acknowledgement of 1)

3. ACK (2)

Open(3)

3-Way Open

Communication During a TCP Session

PCTransport Process

WebserverTransport Process

Close(4)

13. FIN (Close)

14. ACK (13)

15. FIN

16. ACK (15)

Note: An ACK may be combined with the next message if the next messageis sent quickly enough

Normal Four-Way Close

Targeted System Penetration

• Unobtrusive Information Collection– Whois database Information about

responsible person

• Information about IP addresses of DNS servers, to find firm’s IP address block

Targeted System Penetration

• IP Address Spoofing Put false IP addresses in outgoing attack packets

• Attacker is blind to replies

– Use series of attack platforms

Using a Chain of Attack Hosts

Attacker1.4.5.6 Victim

60.77.8.32

CompromisedHost

123.67.8.23

CompromisedHost

123.67.33.4

Attack

Replies

Allows Reading of RepliesWithout Exposing Attacker

Using a Chain of Attack Hosts

Subsequent Trace Back

Successful

ConnectionBroken

ConnectionBroken

CompromisedHost

123.67.8.23

CompromisedHost

123.67.33.4

Attacker1.4.5.6

Victim60.77.8.32

Denial-of-Service (DoS) Attacks

• Flooding Denial-of-Service Attacks– SYN flooding

• Try to open many connections with SYN segments

• Victim must prepare to work with many connections

• Victim crashes if runs out of resources; at least slows down

• More expensive for the victim than the attacker

SYN Flooding DoS Attack

SYN SYN SYN SYN SYN

Attacker 1.34.150.37

Victim 60.168.47.47

Attacker Sends Flood of SYN Segments Victim Sets Aside Resources for Each Victim Crashes or Victim Becomes Too

Overloaded to Respond to the SYNs from Legitimate Uses

Distributed Denial-of-Service (DDoS)

Attacker 1.34.150.37

Attack Command

Handler Attack Command

Zombie

Attack Packet

Victim 60.168.47.47Attack Packet

Attack Packet

Zombie

ZombieHandler

Attack Command

Attack Command

Attack Command

Types of Firewall Inspection

• Packet Inspection

– Examines IP, TCP,UDP, and ICMP header contents

– Static packet filtering looks at individual packets in isolation. Misses many attacks

– Stateful inspection inspects packets in the context of the packet’s role in an ongoing or incipient conversation

• Stateful inspection is the preferred packet inspection method today

Types of Firewall Inspection

• Denial-of-Service Inspection

– Recognizes incipient DoS attacks and takes steps to stop them

– Limited to a few common types of attacks

Drivers of Performance Requirements: Traffic Volume and

Complexity of Filtering

PerformanceRequirements

Traffic Volume (Packets per Second)

Complexityof Filtering:Number of

FilteringRules,

ComplexityOf rules, etc.

Stateful Inspection Firewalls

• State of Connection: Open or Closed

– State: Order of packet within a dialog

– Often simply whether the packet is part of an open connection

Stateful Inspection Firewalls

• Static Packet Filter Firewalls are Stateless

– Filter one packet at a time, in isolation

– If a TCP SYN/ACK segment is sent, cannot tell if there was a previous SYN to open a connection

– But stateful firewalls can

DMZ

• Demilitarized Zone - Space between two firewalls

• For Servers That Must be Accessed From the Outside

Configuring, Testing, and Maintaining Firewalls

• Must test Firewalls with Security Audits

– Only way to tell if policies are being supported

– Must be driven by policies

• Maintaining Firewalls

– New threats appear constantly

– ACLs must be updated constantly if firewall is to be effective

Hardening Host Computers

• The Problem– Computers installed out of the box

have known vulnerabilities• Not just Windows computers

– Hackers can take them over easily

– They must be hardened—a complex process that involves many actions

Hardening Host Computers

• Elements of Hardening– Physical security– Secure installation and configuration– Fix known vulnerabilities– Turn off unnecessary services– Harden all remaining applications