An Overview of Computer and Network Security
Security: Definition
• Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable
• Security rests on confidentiality, authenticity, integrity, and availability
Basic Components
• Confidentiality is the concealment of information or resources
• Authenticity is the identification and assurance of the origin of information
• Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes
• Availability refers to the ability to use the information or resource desired
4
Confidentiality
• The concept of Confidentiality in information security pertains to the protection of information and prevention of unauthorized access or disclosure.
• The ability to keep data confidential, or secret, is critical to staying competitive in today’s business environments
• Loss of confidentiality jeopardizes system and corporate integrity.
5
Threats to confidentiality
– Hackers• A hacker is an individual who is skilled at bypassing controls and accessing
data or information that he or she has not been given authorization to do so. – Masqueraders
• Authorized users on the system that have obtained another persons credentials.
– Unauthorized Users• Users that gain access to the system even if “company rules” forbid it.
– Unprotected Downloads• Downloads of files from secure environments to non-secure environments or
media. – Malware
• Virus and worms and other malicious software – Software hooks (Trapdoors)
• During the development phase software developers create “hooks” that allow them to bypass authentication processes and access the internal workings of the program. When the product development phase is over developers do not always remember the hooks and may leave them in place to be exploited by hackers.
6
Integrity
• Integrity deals with prevention of unauthorized modification of intentional or accidental modification.
• This concept further breaks down into authenticity, accountability, and non-repudiation. – Authenticity means that the information is from whomever we
expect it to be and whatever we expect it to be. – Accountability means that the information has an owner or
custodian who will stand by its contents. – Non-repudiation is a property achieved through cryptographic
methods which prevents an individual or entity from denying having performed a particular action related to data
7
Availability• Availability assures that the resources that need to be accessed are
accessible to authorized parties in the ways they are needed. Availability is a natural result of the other two concepts.
• If the confidentiality and integrity of the systems are assured their availability for the purpose they are intended for is a direct consequence.
• Threats to Availability– Availability can be affected by a number of events which break down
into human and non human influenced factors. These further break down to unintentional and intentional acts.
– Examples of unintentional (non-directed) acts can be overwriting, in part or whole, of data, compromising of systems, or network infrastructure by organizational staff.
– Intentional acts can be conventional warfare (bombs and air-strikes), information warfare denial of service (DoS) and distributed denial of service (DDoS).
– Non-human factors include loss of availability due to fires, floods, earthquakes and storms.
8
Authentication• Authentication is the process by which the information system assures that
you are who you say you are; how you prove your identity is authentic.• Methods of performing authentication are:
– user ID and passwords. The system compares the given password with a stored password. If the two passwords match then the user is authentic.
– Swipe card, which has a magnetic strip embedded, which would already contain your details, so that no physical data entry takes place or just a PIN is entered.
– digital certificate, an encrypted piece of data which contains information about its owner, creator, generation and expiration dates, and other data to uniquely identify a user.
– key fob, small electronic devices which generate a new random password synchronized to the main computer
– Biometrics - retinal scanners and fingerprint readers. Parts of the body are considered unique enough to allow authentication to computer systems based one their properties.
• For a very secure environment, it is also possible to combine several of these options, such as by having fingerprint identification along with user ID and key fob.
9
Non-repudiation
• Data flows around the internet at the speed of light, or as close to it as the servers allow. There are hackers, spoofers, sniffers, and worse out there just waiting to steal, alter, and corrupt your information.
• Data consumers need to be able to trust that the data has not been altered, and that its source is authentic.
• Through the use of security related mechanisms, producers and consumers of data can be assured that the data remains trustworthy across untrusted networks such as the internet, and even internal intranets.
10
Assuring data validity• The identity of the data producer
can be assured if the data is signed by its source.
• Data is signed through its encryption using a shared secret such as a numerical crypto key or using a “public/private” key pair
• The consumer of the data can validate the signature of the data and thereby be assured that the data has remained unaltered in transmission.
• Since the data could be decrypted into something intelligible, the content is valid.
11
Authorization• Authorization is the granting or denial of resource access to a
user.
• It is dependent on the access rights to a resource existing on the system.
• Identification and authorization work together to implement the concepts of Confidentiality, Integrity, and Availability.– Confidentiality - A user’s identity is authenticated by the
system. That user is subsequently represented in the system by a token - either character or numerical data. By using this token, access to data and resources can be allowed or denied.
– Integrity - Authorization provides the mechanism to prevent the disruption of data by known users with out the appropriate authority.
– Availability - the ability to touch resources that you are permitted to touch, is backed by the ability to authorize users to resources.
12
Access
• Access is defined as: A means of approaching, entering, exiting, communicating with, or making use of
• In information security, access is requested by a resource manager on behalf of a user’s request to make use of a resource.
• Access is controlled – either granted or denied – partly through the use of Access Control Lists (ACLs).– ACLs contain the user’s identity and the highest allowed level of use.
• Levels of use or Access Levels can be one of:– None No access is granted to the specified resource– Execute Execute access allows users and groups to execute programs
from the library, but they cannot read or write to the library.– Read Read access is the lowest level of permission to a resource. This
allows users and groups to access the resource but not to alter its contents– Update Update access allows users and groups to change the contents of
resource. The user is not authorized to delete the resource.– Control Control access grants users and groups authority to VSAM
datasets that equivalent to the VSAM control password.– Alter Alter access allows users and groups full control over the
resource.
Security Threats and Attacks
• A threat is a potential violation of security– Flaws in design, implementation, and operation
• An attack is any action that violates security– Active vs. passive attacks
Impact of Attacks
• Theft of confidential information• Unauthorized use of
– Network bandwidth– Computing resource
• Spread of false information• Disruption of legitimate services
All attacks can be related and are dangerous!
Security Policy and Mechanism
• Policy: a statement of what is, and is not allowed• Mechanism: a procedure, tool, or method of enforcing a
policy
• Security mechanisms implement functions that help prevent, detect, and respond to recovery from security attacks
• Security functions are typically made available to users as a set of security services through APIs or integrated interfaces
• Cryptography underlies many security mechanisms.
Assumptions and Trust
• A security policy consists of a set of axioms that the policy makers believe can be enforced
• Two assumptions– The policy correctly and unambiguously partitions the
set of system states into secure and nonsecure states• The policy is correct
– The security mechanisms prevent the system from entering a nonsecure state
• The mechanisms are effective
The Security Life Cycle
• Threats• Policy• Specification• Design• Implementation• Operation and maintenance
Apr 21, 2023
Security - The Big Picture
Local Users
Anti-Virus SW
Anti-Virus SW
Anti-Virus SW
Intranet
Internet
Teammate /Telecommuter viaCommercial ISP
VPN
Network Manager Network Management System Vulnerability Scan Intrusion Detection Risk AssessmentMail Server
E-Mail Scan Anti-Virus
Firewall/URL Filtering
Firewall
Web Server Extranet SSL Encryption PKI Authentication (Non-repudiation
of transactions)
Remote Users
PSTN
Remote Connection Server Authentication VPN?
E-Commerce Customer PKI
Network security requires an enterprise-wide perspective and “defense-in-depth” with layers of protection that work together.Network security requires an enterprise-wide perspective and
“defense-in-depth” with layers of protection that work together.
Apr 21, 2023
The Band-Aid Security Strategy
Dial-upmodems
Routers
IDS
Centralized MonitoringTNOCs & RCERTs
DNS/Web
ServersFirewalls
BACKDOORCONNECTIONS
INTERNET
TRADINGPARTNERS
CORPORATENETWORK
LAN
Security Router
Local Node
ID & Authentication
Servers
Common Security Terminology
• Password Cracking• Biometrics• Public Key Cryptography• SSL• Man-in-the-Middle Attack• Zombies• Denial of Service Attack• Key Logging Software• Firewalls• Security Exploit
Terminology
• Password Cracking– Password Cracker
• An application that tries to obtain a password by repeatedly generating and comparing encrypted passwords or by authenticating multiple times to an authentication source.
• Repeatedly trying to access your accounts
– Common methods of Password cracking
• Brute Force
• Dictionary
Terminology
• Password Cracking (cont’d)– Passwords are usually stored in an encrypted form
with a one way encryption algorithm• If this data is compromised, password cracking can
be moved to a standalone system for easier control and speed of cracking.
Terminology
• Biometrics– Science and technology of measuring and statistically
analyzing biological data
– When used in Information Technology it usually refers to the use of human traits for authentication
– This method can include fingerprints, eye retinas and irises, voice patterns, and a host of other consistent biological data
Terminology
• Public Key Cryptography– Two Keys, “certificates”, are available for each
resource, one public and one private– As the names imply, the public key can be shared
freely while the private key is kept secret– Items encrypted using the public key are decrypted
using the private key and conversely anything encrypted with the private key can be decrypted with the public key
– This method of encryption is used to ensure secure communication is only between a valid, “known”, sender and recipient
Terminology
• SSL– “Secure Sockets Layer”– Uses Public Key Cryptography– Negotiates a method to encrypt communication
between a client and server– Allows other network protocols to connect “over top”
of it, such as web browsing and e-mail protocols– “Transport Layer Security” (TLS) is a variant of SSL
used to negotiate encryption within the network protocol being used
TerminologiesTrojan Horse: A piece of code that misuses its environment. The program
seems innocent enough, however when executed, unexpected behavior occurs.
Trap Doors: Inserting a method of breaching security in a system. For instance, some secret set of inputs to a program might provide special privileges.
Threat monitoring: Look for unusual activity. Once access is gained, how do you identify someone acting in an unusual fashion?
Audit Log: Record time, user, and type of access on all objects. Trace problems back to source.
Worms Use spawning mechanism; standalone programs.
Internet Worm: In the Internet worm, Robert Morse exploited UNIX networking features (remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program.
Viruses Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via e-mail or as active components in web pages.
Firewall A mechanism that allows only certain traffic between trusted and un-trusted systems. Often applied to a way to keep unwanted internet traffic away from a system.
Terminology
• Man-in-the-Middle Attack– A system between two hosts that either passively
watches traffic to gain information used to “replay” a session or actively interferes with the connection, potentially imitating the remote system
Terminology
• Zombies– Computer system infected by a virus or Trojan horse
that allows the system to be remotely controlled for future exploits
– These systems may be used to send large amounts of spam e-mail or take part in Distributed Denial of Service (DDoS) attacks
DDoS VulnerabilitiesMultiple Threats and Targets
• Use valid protocols
• Spoof source IP
• Massively distributed
• Variety of attacks
Entire Data Center:• Servers, security devices, routers• Ecommerce, web, DNS, email,…
Provider Infrastructure:• DNS, routers, and links
Access Line
Attack zombies:
Terminology
• Denial of Service Attack (DoS)– Sending large amounts of data and requests to a
remote system in order to inundate the remote computer or network
– A Distributed DoS is a coordinated effort by a number of systems to perform a DoS on a single host
Terminology
• Key Logging Software / Hardware– Software installed on a system to capture and log all
keystrokes– Hardware installed between the keyboard and
computer used to capture and log all keystrokes
• Security Exploit– A software bug, or feature, that allows access to a
computer system beyond what was originally intended by the operator or programmer
Terminology
• Firewall– Network hardware device or software used to filter
traffic to and from the connected resources
– Ranges from simple filters, blocking certain services and protocols, to more complex systems that plot network traffic patterns
– Local operating system firewalls are referred to as “personal firewall software”
E-mail Security
• Secure protocols in place– POPS
• Pop mail over an SSL connection– IMAPS
• IMAP over an SSL connection– SMTP+TLS
• Negotiation of a TLS/SSL connection after connecting
– All popular e-mail clients support the use of these protocols
Web Security
• SSL (Secure Sockets Layer)– Very important on insecure networks such as wireless
– How to verify SSL in a browser• https: -- the web address begins with https
meaning the connection is using HTTP over SSL• Look for a lock icon • Internet Explorer may display a Security Alert that
states “you are about to view pages over a secure connection”
Web Security
• SSL (cont’d)– Certificate Authorities
• A “CA” is an entity that issues certificates
• If you “trust” a CA you will trust the certificates issued by that CA
• Web browsers come with a standard collection of common certificate authorities including Verisign, Geotrust, Thawte, and a number of others
• Be wary of untrusted certificates as it has the potential of being a man-in-the-middle attack
Vulnerabilities + Threats = Trouble
Vulnerabilities:Software flaws• CGI scripts• Bad code• Firewall
misconfiguredHardware flaws• Unsecured PCs• Open modemsWeak policies• Poor passwords• E-mail misusePoor physical
security• Uncontrolled accessUntrained staff
Threats:“Hackers”• Script kiddies• Experimenters“Crackers”• Malicious attackers• ExtortionistsInsiders• Employees• ContractorsCompetitorsTerroristsNatural disasters
Outcome:Data/system
destructionSystem intrusion• Data theft• Data alteration• Unauthorized viewingDenial of service• External interruption• Internal interruptionImpersonation• Intellectual property
theft• FraudSystem faults• Errors/inaccuracies
37
Common security attacks and their countermeasures
• Finding a way into the network– Firewalls
• Exploiting software bugs, buffer overflows– Intrusion Detection Systems
• Denial of Service– Ingress filtering, IDS
• TCP hijacking– IPSec
• Packet sniffing– Encryption (SSH, SSL, HTTPS)
• Social problems– Education
Defense-in-Depth
Using a layered approach:• Increases an attacker’s risk of detection • Reduces an attacker’s chance of success
Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness
Guards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication
OS hardening, authentication, update management, antivirus updates, auditing
Host
Network segments, IPSec, NIDSInternal network
Firewalls, boarder routers, VPNs with quarantine procedures
Perimeter
Strong passwords, ACLs, encryption, EFS, backup and restore strategy
Data
Security Framework by Services
Physical
Data Link
Network
Transport
Session
Presentation
Application
Wiring closets, cable plant, building access control, power, HVAC
Security Framework by Services
Physical
Data Link
Network
Transport
Session
Presentation
Application
NIDS, HIDS
Virus Scanning
Security Framework by Services
Physical
Data Link
Network
Transport
Session
Presentation
Application
Firewall, Routers, Access Control Lists (ACLs), IP schemes, E-Mail Attachment Scanning
Security Framework by Services
Physical
Data Link
Network
Transport
Session
Presentation
Application OS Hardening, Security Health Checking, Vulnerability Scanning, Pen-Testing,
Security Framework by Services
Physical
Data Link
Network
Transport
Session
Presentation
Application User Account Management on Systems, Role/Rule Bases Access Control, Application Security, Virus Updates, Virus Signatures