UC 3: LO3 - Test Security and internet access

Test Security and internet access

 Complete computer security is impossible, it is a cat and mouse game
 Similar to crime vs. law enforcement
 Security Capabilities are what a product is supposed to do for security
Goals of Computer Security
 Integrity:
 Guarantee that the data is what we expect
 Confidentiality
 The information must just be accessible to the authorized people
 Reliability
 Computers should work without having unexpected problems
 Authentication
 Guarantee that only authorized persons can access to the resources
Types of Security
 Network Security
 System and software security
 Physical Security
 Network layer security
 Internet Protocol Security (IPsec)
 Security token
 Electronic mail security (E-mail)
Virus
 Piece of code that automatically reproduces itself. It’s attached to other programs or
files, but requires user intervention to propagate.
Worm
 Piece of code that automatically reproduces itself over the network. It doesn’t need
the user intervention to propagate (autonomous).
Trojan
 A Trojan is software that seems useful or benign, but is actually hiding a malicious
functionality
Cryptography
 Simply – secret codes
 Encryption
 Converting data to unreadable codes to prevent anyone form accessing this
information
  Need a “key” to find the original data – keys take a few million-trillion years
to guess
 Public keys
 An ingenious system of proving you know your password without disclosing
your password. Also used for digital signatures
 Hashing
 Creating fingerprints of documents
Security Issues (Summary)
 Trojan Horse: A piece of code that misuses its
environment. The program
seems innocent enough,
however when executed,
unexpected behavior occurs.
Trap Doors: Inserting a method of breaching
security in a system. For
instance, some secret set of
inputs to a program might
provide special privileges.
Threat monitoring: Look for unusual activity. Once
access is gained, how do you
identify someone acting in an
unusual fashion?
Audit Log: Record time, user, and type of
access on all objects. Trace
problems back to source.
Worms Use spawning mechanism;
standalone programs.
Internet Worm: In the Internet worm, Robert
Morse exploited UNIX
networking features (remote
access) as well as bugs in finger
and sendmail programs.
Grappling hook program
uploaded main worm program.
Viruses Fragment of code embedded in
a legitimate program. Mainly
effects personal PC systems.
These are often downloaded via
e-mail or as active components
in web pages.
Firewall A mechanism that allows only
certain traffic between trusted
and un-trusted systems. Often
applied to a way to keep
unwanted internet traffic away
from a system.
Evaluating security
  Methodologies provide combination of
 Functional requirements
 Business requirements
 Assurance requirements
 Levels of trust
 Business requirements?
 Contextual
 Conceptual
 Logical
 Physical
 Component
Trusted Computing Base (TCB)
 Enforces security policy
 Monitors four basic functions
 Process activation
 Execution domain switching
 Memory protection
 Input/output operations
Internet Access Methods
 Dial-Up - This method uses a modem and standard telephone line. The connection
is made as necessary and the maximum speed does not exceed 56Kbps.
 ISDN (Integrated Services Digital Network) - utilizing existing telephone lines, ISDN
allows 64Kbps on a single channel. Two channels can be combined for a maximum
of 128Kbps.
 DSL (Digital Subscriber Line) - utilizing existing telephone lines, DSL integrates
regular phone service and Internet access utilizing a DSL hub. Speeds can vary
between 256Kbps and 640Kbps.
 Cable Modem - Utilizing existing cable TV coaxial cables, this service is provided by
your cable TV provider.