Computer and Network Security

WEEK 1
 QUOTE

The art of war teaches us to rely not on

the likelihood of the enemy's not coming,
but on our own readiness to receive him;
not on the chance of his not attacking, but
rather on the fact that we have made our
position unassailable.
—The Art of War, Sun Tzu
 Security

There Is No Such Thing as Absolute Security

• Given enough time, tools, skills, and inclination,
a hacker can break through any security
measure
 Security
• Security is not concerned with eliminating all threats within a
system or facility but with eliminating known threats and
minimizing losses if an attacker succeeds in exploiting a
vulnerability
• Risk analysis and risk management are central themes to
securing information systems
• Risk assessment and risk analysis are concerned with placing an
economic value on assets to best determine appropriate
countermeasures that protect them from losses
 Security Objectives
• There are three main aspects of effective IT security:
Confidentiality, Integrity, and Availability
• These three concepts form what is often referred to as the CIA
triad (the goals of security) and embody the fundamental security
objectives for both data and for information and computing
services.
 Security Goals
• Protect the confidentiality of data
– Confidentiality models are primarily intended to assure that no
unauthorized access to information is permitted and that
accidental disclosure of sensitive information is not possible
• A good example is cryptography, which traditionally is used to
protect secret messages. But cryptography is traditionally used to
protect data, not resources. Resources are protected by limiting
information, for example by using firewalls or address translation
mechanisms.
 Security Goals Cont’d
• Preserve the integrity of data
– Integrity models keep data pure and trustworthy by protecting
system data from intentional and accidental changes
• a good example here is that of an interrupted database transaction,
leaving the database in an inconsistent state. Trustworthiness of
both data and origin affects integrity, as noted in the book’s
example. That integrity is tied to trustworthiness makes it much
harder to quantify than confidentiality. Cryptography provides
mechanisms for detecting violations of integrity, but not preventing
them (e.g., a digital signature can be used to determine if data has
changed).
 Security Goals Cont’d
• Promote the availability of data for authorized use
– Availability models keep data and resources available for
authorized use
• This is usually defined in terms of “quality of service,” in which
authorized users are expected to receive a specific level of service
(stated in terms of a metric). Denial of service attacks are attempts
to block availability.
 Security Goals Cont’d
• Although the use of the CIA triad to define security objectives is
well established, some in the security field feel that additional
concepts are needed to present a complete picture. Two of the
most commonly mentioned are:
– Authenticity: The property of being genuine and being able to
be verified and trusted; confidence in the validity of a
transmission, a message, or message originator.
– Accountability: The security goal that generates the
requirement for actions of an entity to be traced uniquely to that
entity.
 Levels of Impact
• We can define three levels of impact on organizations or individuals
should there be a breach of security (i.e., a loss of confidentiality,
integrity, or availability).
– Low
– Moderate
– High
 LOW
• The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or individuals. A
limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might (i) cause a degradation
in mission capability to an extent and duration that the organization
is able to perform its primary functions, but the effectiveness of the
functions is noticeably reduced; (ii) result in minor damage to
organizational assets; (iii) result in minor financial loss; or (iv) result
in minor harm to individuals.
 Moderate
• The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals. A
serious adverse effect means that, for example, the loss might (i)
cause a significant degradation in mission capability to an extent
and duration that the organization is able to perform its primary
functions, but the effectiveness of the functions is significantly
reduced; (ii) result in significant damage to organizational assets;
(iii) result in significant financial loss; or (iv) result in significant
harm to individuals that does not involve loss of life or serious, life-
threatening injuries.
 High
• The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational assets,
or individuals. A severe or catastrophic adverse effect means that,
for example, the loss might (i) cause a severe degradation in or
loss of mission capability to an extent and duration that the
organization is not able to perform one or more of its primary
functions; (ii) result in major damage to organizational assets; (iii)
result in major financial loss; or (iv) result in severe or catastrophic
harm to individuals involving loss of life or serious life threatening
injuries.
 Security Control
• A security mechanism serves a purpose by preventing a
compromise, detecting that a compromise or compromise
attempt is underway, or responding to a compromise while it is
happening or after it has been discovered
 Goals of Security
• Preventative
– Prevent attackers from violating security policy
• Detective
– Detect attackers’ violation of security policy
• Responsive/Recovery
– Stop attack, assess and repair damage
– Continue to function correctly even if attack succeeds
 Goals of Security
• Prevention is ideal, because then there are no successful attacks.
• Detection occurs after someone violates the policy. The
mechanism determines that a violation of the policy has occurred
(or is underway), and reports it. The system (or system security
officer) must then respond appropriately.
• Recovery means that the system continues to function correctly,
possibly after a period during which it fails to function correctly. If
the system functions correctly always, but possibly with degraded
services, it is said to be intrusion tolerant. This is very difficult to do
correctly; usually, recovery means that the attack is stopped, the
system fixed (which may involve shutting down the system for
some time, or making it unavailable to all users except the system
security officers), and then the system resumes correct operations.
 Aspects of Security
• consider 3 aspects of information security:
– security attack: Any action that compromises the security of
information owned by an organization.
– security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or recover
from a security attack.
– security service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are
intended to counter security attacks, and they make use of one
or more security mechanisms to provide the service.
 Aspects of Security
• Threat - A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could
breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
• Attack - An assault on system security that derives from an
intelligent threat; that is, an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
 Aspects of Security
• Vulnerability
– A known problem within a system or program
• Exploit
– A program or a “cookbook” on how to take advantage of a
specific vulnerability
• Attacker
– The link between a vulnerability and an exploit
 Security Attack
• A useful means of classifying security attacks is in terms of passive
attacks and active attacks.
 Passive Attack
• A passive attack attempts to learn or make use of information from
the system but does not affect system resources.
• Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information
that is being transmitted.
• Two types of passive attacks are:
– release of message
– traffic analysis - monitor traffic flow to determine location and
identity of communicating hosts and could observe the frequency
and length of messages being exchanged
• These attacks are difficult to detect because they do not involve any
alteration of the data.
Passive Attacks
 Active Attacks
• Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four
categories: masquerade, replay, modification of messages, and
denial of service:
– masquerade of one entity as some other
– replay previous messages
– modify/alter (part of) messages in transit to produce an
unauthorized effect
– denial of service - prevents or inhibits the normal use or
management of communications facilities
 Active Attacks
• Active attacks present the opposite characteristics of passive
attacks. Whereas passive attacks are difficult to detect, measures
are available to prevent their success. On the other hand, it is quite
difficult to prevent active attacks absolutely, because of the wide
variety of potential physical, software, and network vulnerabilities.
Instead, the goal is to detect active attacks and to recover from any
disruption or delays caused by them.
Active Attacks
 Security Mechanism
• feature designed to detect, prevent, or recover from a security
attack
• no single mechanism that will support all services required
• however one particular element underlies many of the security
mechanisms in use:
– cryptographic techniques
• hence our focus on this topic
 Security Mechanisms (X.800)

• specific security mechanisms:

– encipherment, digital signatures, access controls, data integrity,
authentication exchange, traffic padding, routing control,
notarization

• pervasive security mechanisms:

– trusted functionality, security labels, event detection, security
audit trails, security recovery
 Security Service
• enhance security of data processing systems and information
transfers of an organization
• intended to counter security attacks
• using one or more security mechanisms
• often replicates functions normally associated with physical
document.
• which, for example, have signatures, dates; need protection
from disclosure, tampering, or destruction; be notarized or
witnessed; be recorded or licensed
 Complexity Is The Enemy of Security
• The more complex a system gets, the harder it is to secure
 Computer Security Challenges

1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system