Lecture 2
Lecture 2
So do I trust Carol?
I trust Barbara Barbara trust Andy Should I?
The internet is a bad neighborhood now, and it isn't long before some
bonehead will tell the computer to do something like self-destruct, after
which, it isn't terribly useful to you
Computer Security – First Concepts
Security thus depends on the policies we define and the decisions we take
When we get in a car and drive to work, there's a certain risk that we're
taking
It's possible that something completely out of control will cause us to
become part of an accident on the highway
When we get on an airplane, we're accepting the level of risk involved as the
price of convenience
Computer Security – First Concepts
However, we have a mental picture of what an acceptable risk is, and won't
go beyond that in most circumstances
If I happen to be upstairs at home, and want to leave for work, I'm not
going to jump out the window
Yes, it would be more convenient, but the risk of injury outweighs the
advantage of convenience
Computer Security – First Concepts
Every organization needs to decide for itself where between the two
extremes of total security and total access they need to be
A policy needs to articulate this, and then define how that will be enforced
with practices and such
Everything that is done in the name of security, then, must enforce that
policy uniformly
Computer Security – First Concepts
Cost benefit analysis – A use case
A database that provides salary information to a second system that print
checks
Huge financial loss
A company has several branch offices and each downloads the database
copy daily
The branch office uses the database to recommend the salary, but the main
office use the original database for the final calculations
Recoverable !
Computer Security – First Concepts
Some rational thinking!
Consider a company where 10000 documents are processed per month with
no security mechanism
Security breaches occur about twice per month, and almost 100 documents
are compromised per breach
The administrator needs to restart the processing of the breached documents
Each document’s processing worth about 2000, and the documents
compromised tend to be about half processed when they are restarted
If some security mechanism is installed, it will increase the average
processing cost about 1% for all the documents
Confidentiality
Integrity
Availability
Key Security Concepts
Confidentiality: only sender, intended receiver should “understand”
message contents
covers both data confidentiality and privacy
Integrity: sender, receiver want to ensure message not altered (in transit, or
afterwards) without detection, and want to be able to prove that the sender
did, in fact, send the message
covers both data and system integrity
Availability: services must be accessible and available to properly
authorized users
Ensuring timely and reliable access to and use of information
Key Security Concepts
Confidentiality
Data confidentiality
Assures that confidential information is not disclosed to unauthorized individuals
Privacy
Assures that individuals control the information related to them
What may be collected and stored
by whom
To whom that information may be disclosed
Key Security Concepts
Confidentiality
Student grade information is an asset whose confidentiality is considered to
be highly important by students
United States – Family Educational Rights and Privacy Act (FERPA)
Grade information (high rating)
Available to students, their parents, and employees that require the information to do
their job
Student enrollment information (moderate rating)
Less likely to be targeted than grade information, results in less damage if disclosed
Directory information (lists of students/faculty) (low rating)
Typically freely available to the public and published online
Key Security Concepts
Integrity
Data integrity
Assures that information and programs are changed only in a specified and authorized
manner
System integrity
Assures that a system performs its intended function in an unimpaired (perfect) manner
free from deliberate or unauthorized manipulation of the system
Key Security Concepts
Integrity
Hospital patient’s disease information database
High requirement for integrity
The doctor should be able to trust that the information is correct and current
Inaccurate information could result in serious harm or death to a patient
An online forum that allows registered users to discuss some specific topic
Moderate level of integrity
Either a registered user or a hacker could falsify some entries or deface the forum
If the forum exists only for the enjoyment of the users, brings in little or no advertising
revenue, and is not used for something important such as research, then potential
damage is not severe
The web master may experience some data, financial, and time loss
Key Security Concepts
Integrity
An anonymous online poll
Low integrity requirement
Many websites, such as news organizations, offer these polls to their users with very few
safeguards
However, the inaccuracy and unscientific nature of such polls is well understood
Key Security Concepts
Availability
The more critical a component or service, the higher is the level of
availability required
Consider a system that provides authentication services for critical systems, applications,
and devices
An interruption of service results in the inability for customers to access computing
resources and staff to access the resources they need to perform critical tasks
The loss of the service translates into a large financial loss in lost employee productivity
and potential customer loss
Key Security Concepts
Availability
A university's website
Moderate availability requirement
The website provides information for current and prospective students
Such a site is not a critical component of the university’s information system, but its
unavailability will cause some embarrassment
Online telephone directory lookup application
low availability requirement
Although the temporary loss of the application may be an annoyance, there are other
ways to access the information, such as a hardcopy directory or the operator
Key Security Concepts
Networking Basics
Application
------------------
Presentation
------------------
Session
Security
------------------
Transport
------------------
Network
------------------
Data Link
------------------
Physical
Key Security Concepts
The OSI Security Architecture
ITU-T X.800 Security Architecture for OSI
Systematic approach to define requirements for security and approaches to
satisfying those requirements
E
Key Security Concepts
Traffic analysis – Passive Attack
E
Key Security Concepts
Masquerade – Active Attack
E
Key Security Concepts
Replay – Active Attack
E
Key Security Concepts
Modification – Active Attack
E
Key Security Concepts
Denial of service – Active Attack
E
Key Security Concepts
Defining a Security Service
ITU-T X.800 is a service that is provided by a protocol layer of
communicating systems and that ensures adequate security of the systems
or of data transfers
IETF RFC 2828 is a processing or communication service that is provided by
a system to give a specific kind of protection to system resources
Security services implement security policies and are implemented by
security mechanisms
Key Security Concepts
Security Services
Authentication assure that the communicating entity is the one that it
claims to be
Access Control prevent unauthorized use of a resource
Data Confidentiality protect data from unauthorized disclosure
Data Integrity assure data received are exactly as sent by authorized entity
Nonrepudiation protect against denial of one entity involved in
communications of having participated in communications
Availability system is accessible and usable on demand by authorized users
according to intended goal
Key Security Concepts
Security Mechanisms
Techniques designed to prevent, detect or recover from attacks
No single mechanism can provide all services
Cryptographic techniques are most common
Specific security mechanisms from ITU-T X.800:
Encipherment, digital signature, access control, data integrity, authentication exchange,
traffic padding, routing control, notarization
Pervasive security mechanisms from ITU-T X.800:
Trusted functionality, security label, event detection, security audit trail, security recovery
Key Security Concepts
Security Services and Mechanisms
Key Security Concepts
Network Security Model
Model of a system that captures many aspects of security
Key Security Concepts
Network Security Model
Using this model requires us to:
design a suitable algorithm for the security transformation
generate the secret information (keys) used by the algorithm
develop methods to distribute and share the secret information
specify a protocol enabling the principals to use the transformation and secret
information for a security service
Key Security Concepts
Alice and Bob are the two most famous persons in computer security
They are used everywhere
Interruption: Somehow disrupt the service being provided to Alice and Bob
Interception: Eavesdrop on communication meant to be private or
confidential
Modification: Tamper with information or resources
Fabrication: Counterfeit information or resources, insert new services into
the system
Key Security Concepts
How can we protect ourselves from these attacks?
Interruption attacks:
Firewalls, replication, backups, hardware appliances
Interception attacks:
Encryption, traffic padding
Modification attacks:
Encryption, traffic padding, backups, messaging techniques (checksums, sequence
numbers, digests, authentication codes)
Fabrication attacks:
Authentication and authorization, firewalls, digital signatures
Key Security Concepts
Hackers are vandals that break into computer systems
These criminals call themselves hackers, and that is how they got the name
But they do not deserve the name
True hackers are master programmers, incorruptibly honest, unmotivated
by money, and careful not to harm anyone
The criminals termed "hackers" are not brilliant and accomplished
It is really too bad that they not only steal money, people's time, and worse,
but they've also stolen a beautiful word that had been used to describe
some remarkable and wonderful people
A name for a bad guy is intruder, bad guy, and impostor
Key Security Concepts
Hacker Categories