Computer Security:

Principles and Practice

Fourth Edition, Global Edition

By: William Stallings and Lawrie Brown

Chapter 1
Overview
The NIST Internal/Interagency Report
NISTIR 7298 (Glossary of Key Information
Security Terms , May 2013) defines the term
computer security as follows:

“ Measures and controls that ensure

confidentiality, integrity, and availability of
information system
assets including hardware, software,
firmware, and information being processed,
stored, and communicated.”
 Key Security Concepts
Confidentiality Integrity Availability

• Preserving • Guarding against • Ensuring timely and

authorized improper reliable access to
restrictions on information and use of
information access modification or information
and disclosure, destruction,
including means for including ensuring
protecting personal information
privacy and nonrepudiation and
proprietary authenticity
information
 Levels of Impact
Moderat
Low High
e
The loss could be
The loss could be The loss could be
expected to have a
expected to have a expected to have a
severe or
limited adverse serious adverse
catastrophic
effect on effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
 Computer Security Challenges
1. Computer security is not as simple as it might first appear to the novice

2. In developing a particular security mechanism or algorithm, one must always consider potential attacks
on those security features

3. Procedures used to provide particular services are often counterintuitive

4. Physical and logical placement needs to be determined

5. Security mechanisms typically involve more than a particular algorithm or protocol and also require that
participants be in possession of some secret information which raises questions about the creation, distribution, and
protection of that secret information
6. Attackers only need to find a single weakness, while the designer must find and eliminate all
weaknesses to achieve perfect security

7. Security is still too often an afterthought to be incorporated into a system after the design is complete,
rather than being an integral part of the design process

8. Security requires regular and constant monitoring

9. There is a natural tendency on the part of users and system managers to perceive little benefit from
security investment until a security failure occurs

10. Many users and even security administrators view strong security as an impediment to efficient and
user-friendly operation of an information system or use of information
 Table 1.1

Computer Security Terminology, from RFC 2828, Internet Security Glossary, May 2000
 
 
Adversary (threat agent)
Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Countermeasure
A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the
prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems.

Risk
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1) the adverse impacts
that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence.
 
Security Policy
A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a
condition of security for systems and data.

System Resource (Asset)

A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically
related group of systems.
 
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation),
organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure,
modification of information, and/or denial of service.

Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a
threat source.

(Table can be found on page 8 in the textbook)

Assets of a Computer
System
Hardware
(computer systems and other data processing, data storage,
and data communications devices)

Software
(operating system, system utilities, and applications)

Data
(files and databases, as well as security-related data, such as
password files.)

Communication facilities and networks

(Local and wide area network
communication links, bridges, routers,……)
 Vulnerabilities, Threats
and Attacks
• Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality)
• Unavailable or very slow (loss of availability)

• Threats
• Capable of exploiting vulnerabilities
• Represent potential security harm to an asset

• Attacks (threats carried out)

• Passive – attempt to learn or make use of information from the system that does
not affect system resources
• Active – attempt to alter system resources or affect their operation
• Insider – initiated by an entity inside the security parameter
• Outsider – initiated from outside the perimeter
Countermeasures
Means used to
deal with security
attacks
• Prevent
• Detect
• Recover

Residual
vulnerabilities
may remain

Goal is to
May itself
minimize residual
introduce new
level of risk to the
vulnerabilities
assets
 Table 1.2

Threat
Consequences,
and the
Types of
Threat Actions
That Cause
Each
Consequence

Based on
RFC 4949

**Table is on page 10 in the textbook.

 Table 1.3
Computer and Network Assets, with Examples of Threats
 Passive and Active
Attacks
Passive Attack
• Attempts to learn or make use of
information from the system but
does not affect system resources
• Eavesdropping on, or monitoring of,
transmissions
• Goal of attacker is to obtain
information that is being transmitted
• Two types:
o Release of message contents
o Traffic analysis
Active Attack
• Attempts to alter system
resources or affect their
operation
• Involve some modification of
the data stream or the creation of
a false stream
• Four categories:
o Replay
o Masquerade
o Modification of messages
o Denial of service
 Attack Surfaces
Consist of the reachable and exploitable vulnerabilities
in a system

Examples:

Code that processes

Open ports on An employee with
incoming data,
outward facing access to sensitive
Services available email, XML, office
Web and other Interfaces, SQL, information
on the inside of a documents, and
servers, and code and Web forms vulnerable to a
firewall industry-specific
listening on those social engineering
custom data
ports attack
exchange formats
Attack Surface Categories
Network Software Human
Attack Attack Attack
Surface Surface Surface
Vulnerabilities over an enterprise
Vulnerabilities in application,
network, wide-area network, or the
utility, or operating system code
Internet

Included in this category are
network protocol vulnerabilities,
such as those used for a denial-of-
service attack, disruption of
communications links, and various
forms of intruder attacks
Vulnerabilities created by
personnel or outsiders, such as
social engineering, human error,
and trusted insiders
Particular focus is Web server
software
Computer Security Strategy
Security Policy Security
• Formal statement of rules and Implementation
practices that specify or • Involves four complementary
regulate how a system or courses of action:
organization provides • Prevention
security services to protect
• Detection
sensitive and critical system
resources • Response
• Recovery

Assurance
• Encompassing both system
design and system
implementation, assurance is
an attribute of an information
system that provides grounds
for having confidence that the
system operates such that the
system’s security policy is
enforced
Evaluation
• Process of examining a
computer product or system
with respect to certain
criteria
• Involves testing and may also
involve formal analytic or
mathematical techniques
 Standards
• Standards have been developed to cover management practices
and the overall architecture of security mechanisms and
services
• The most important of these organizations are:
o National Institute of Standards and Technology (NIST)
• NIST is a U.S. federal agency that deals with measurement science, standards,
and technology related to U.S. government use and to the promotion of U.S.
private sector innovation
o Internet Society (ISOC)
• ISOC is a professional membership society that provides leadership in
addressing issues that confront the future of the Internet, and is the organization
home for the groups responsible for Internet infrastructure standards
o International Telecommunication Union (ITU-T)
• ITU is a United Nations agency in which governments and the private sector
coordinate global telecom networks and services
o International Organization for Standardization (ISO)
• ISO is a nongovernmental organization whose work results in international
agreements that are published as International Standards
 Summary
• Computer security concepts • Fundamental security
o Definition design principles
o Challenges
o Model • Attack surfaces and
• Threats, attacks, and attack trees
o Attack surfaces
assets o Attack trees
o Threats and attacks
o Threats and assets • Computer security
• Security functional strategy
o Security policy
requirements o Security implementation
• Standards o Assurance and evaluation