Computer Security: Principles and

Practice
Fourth Edition

Chapter 1
Overview

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
The NIST Internal/Interagency Report NISTIR 7298
(Glossary of Key Information Security Terms , May 2013)
Defines the Term Computer Security as Follows:

“ Measures and controls that ensure confidentiality,

integrity, and availability of information system assets
including hardware, software, firmware, and information
being processed, stored, and communicated.”

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Figure 1.1 Essential Network and
Computer Security Requirements

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Key Security Concepts
• Confidentiality
– Preserving authorized restrictions on information
access and disclosure, including means for protecting
personal privacy and proprietary information
• Integrity
– Guarding against improper information modification or
destruction, including ensuring information
nonrepudiation and authenticity
• Availability
– Ensuring timely and reliable access to and use of
information
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Levels of Impact
• Low
– The loss could be expected to have a limited adverse effect
on organizational operations, organizational assets, or
individuals
• Moderate
– The loss could be expected to have a serious adverse effect
on organizational operations, organizational assets, or
individuals
• High
– The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational
assets, or individuals

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Computer Security Challenges (1 of 2)
1. Computer security is not as simple as it might first appear to the novice

2. In developing a particular security mechanism or algorithm, one must always

consider potential attacks on those security features

3. Procedures used to provide particular services are often counterintuitive

4. Physical and logical placement needs to be determined

5. Security mechanisms typically involve more than a particular algorithm or

protocol and also require that participants be in possession of some secret
information which raises questions about the creation, distribution, and
protection of that secret information

6. Attackers only need to find a single weakness, while the designer must find
and eliminate all weaknesses to achieve perfect security

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Computer Security Challenges (2 of 2)
7. Security is still too often an afterthought to be incorporated into a system
after the design is complete, rather than being an integral part of the design
process

8. Security requires regular and constant monitoring

9. There is a natural tendency on the part of users and system managers to

perceive little benefit from security investment until a security failure occurs

10. Many users and even security administrators view strong security as an
impediment to efficient and user-friendly operation of an information system
or use of information

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.1 Computer Security Terminology, from R FC
2828, Internet Security Glossary, May 2000 (1 of 2)

Adversary (threat agent)

Individual, group, organization, or government that conducts or has the intent to conduct
detrimental activities.
Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself.
Countermeasure
A device or techniques that has as its objective the impairment of the operational
effectiveness of undesirable or adversarial activity, or the prevention of espionage,
sabotage, theft, or unauthorized access to or use of sensitive information or information
systems.
Risk
A measure of the extent to which an entity is threatened by a potential circumstance or
event, and typically a function of 1) the adverse impacts that would arise if the
circumstance or event occurs; and 2) the likelihood of occurrence.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.1 Computer Security Terminology, from R FC
2828, Internet Security Glossary, May 2000 (2 of 2)

Security Policy
A set of criteria for the provision of security services. It defines and constrains the
activities of a data processing facility in order to maintain a condition of security for
systems and data.
System Resource (Asset)
A major application, general support system, high impact program, physical plant,
mission critical system, personnel, equipment, or a logically related group of systems.
Threat
Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets,
individuals, other organizations, or the Nation through an information system via
unauthorized access, destruction, disclosure, modification of information, and/or denial of
service.
Vulnerability
Weakness in an information system, system security procedures, internal controls, or
implementation that could be exploited or triggered by a threat source.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Figure 1.2 Security Concepts and
Relationships

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Assets of a Computer System
• Hardware
• Software
• Data
• Communication facilities and networks

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Vulnerabilities, Threats and Attacks
• Categories of vulnerabilities
– Corrupted (loss of integrity)
– Leaky (loss of confidentiality)
– Unavailable or very slow (loss of availability)

• Threats
– Capable of exploiting vulnerabilities
– Represent potential security harm to an asset

• Attacks (threats carried out)

– Passive – attempt to learn or make use of information from the system
that does not affect system resources
– Active – attempt to alter system resources or affect their operation
– Insider – initiated by an entity inside the security parameter
– Outsider – initiated from outside the perimeter
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Countermeasures
• Means used to deal with security attacks
– Prevent
– Detect
– Recover
• May itself introduce new vulnerabilities
• Residual vulnerabilities may remain
• Goal is to minimize residual level of risk to the assets

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.2 Threat Consequences, and the Types of
Threat Actions That Cause Each Consequence (1 of 2)

Threat Consequence Threat Action (Attack)

Unauthorized Disclosure Exposure: Sensitive data are directly released to an unauthorized

A circumstance or event
whereby an entity gains
access to data for which the
entity is not authorized.
Deception
A circumstance or event that
may result in an authorized
entity receiving false data and
believing it to be true.
entity.
Interception: An unauthorized entity directly accesses sensitive data
traveling between authorized sources and destinations.
Inference: A threat action whereby an unauthorized entity indirectly
accesses sensitive data (but not necessarily the data contained in the
communication) by reasoning from characteristics or by-products of
communications.
Intrusion: An unauthorized entity gains access to sensitive data by
circumventing a system’s security protections.
Masquerade: An unauthorized entity gains access to a system or
performs a malicious act by posing as an authorized entity.
Falsification: False data deceive an authorized entity.
Repudiation: An entity deceives another by falsely denying
responsibility for an act.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.2 Threat Consequences, and the Types of
Threat Actions That Cause Each Consequence (2 of 2)

Threat Consequence Threat Action (Attack)

Disruption Incapacitation: Prevents or interrupts system operation by disabling a

A circumstance or event that
interrupts or prevents the
correct operation of system
services and functions.
Usurpation
A circumstance or event that
results in control of system
services or functions by an
unauthorized entity.
system component.
Corruption: Undesirably alters system operation by adversely
modifying system functions or data.
Obstruction: A threat action that interrupts delivery of system services
by hindering system operation.
Misappropriation: An entity assumes unauthorized logical or physical
control of a system resource.
Misuse: Causes a system component to perform a function or service
that is detrimental to system security.

Based on RFC 4949

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Figure 1.3 Scope of Computer Security
This figure depicts security concerns other than physical security, including control of
access to computers systems, safeguarding of data transmitted over communications
systems, and safeguarding of stored data.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.3 Computer and Network Assets,
with Examples of Threats
Blank

Availability Confidentiality Integrity

Blank

Hardware Equipment is stolen or An unencrypted USB

disabled, thus denying drive is stolen.
service.
Software Programs are deleted, An unauthorized copy of A working program is
denying access to users. software is made. modified, either to cause it
to fail during execution or
to cause it to do some
unintended task.
Data Files are deleted, denying An unauthorized read of Existing files are modified
access to users. data is performed. An or new files are
analysis of statistical fabricated.
data reveals underlying
data.
Communication Messages are destroyed Messages are read. The Messages are modified,
Lines and or deleted. Communication traffic pattern of delayed, reordered, or
Networks lines or networks are messages is observed. duplicated. False
rendered unavailable. messages are fabricated.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Passive and Active Attacks
Passive Attack Active Attack
• Attempts to learn or make use of • Attempts to alter system
information from the system but resources or affect their
does not affect system resources operation
• Eavesdropping on, or monitoring • Involve some modification of
of, transmissions the data stream or the
creation of a false stream
• Goal of attacker is to obtain
information that is being • Four categories:
transmitted – Replay
• Two types: – Masquerade
– Release of message contents – Modification of messages
– Traffic analysis – Denial of service
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (1 of 7)
Access Control: Limit information system access to authorized users, processes acting
on behalf of authorized users, or devices (including other information systems) and to the
types of transactions and functions that authorized users are permitted to exercise.
Awareness and Training:
(i) Ensure that managers and users of organizational information systems are made
aware of the security risks associated with their activities and of the applicable laws,
regulations, and policies related to the security of organizational information
systems; and
(ii) ensure that personnel are adequately trained to carry out their assigned information
security-related duties and responsibilities.

Audit and Accountability:

(i) Create, protect, and retain information system audit records to the extent needed to
enable the monitoring, analysis, investigation, and reporting of unlawful,
unauthorized, or inappropriate information system activity; and
(ii) ensure that the actions of individual information system users can be uniquely traced
to those users so they can be held accountable for their actions.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (2 of 7)
Certification, Accreditation, and Security Assessments:
(i) Periodically assess the security controls in organizational information systems to
determine if the controls are effective in their application;
(ii) develop and implement plans of action designed to correct deficiencies and reduce
or eliminate vulnerabilities in organizational information systems;
(iii) authorize the operation of organizational information systems and any associated
information system connections; and
(iv) monitor information system security controls on an ongoing basis to ensure the
continued effectiveness of the controls.

Configuration Management:
(i) Establish and maintain baseline configurations and inventories of organizational
information systems (including hardware, software, firmware, and documentation)
throughout the respective system development life cycles; and
(ii) establish and enforce security configuration settings for information technology
products employed in organizational information systems.
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (3 of 7)
Contingency Planning: Establish, maintain, and implement plans for
emergency response, backup operations, and postdisaster recovery for
organizational information systems to ensure the availability of critical
information resources and continuity of operations in emergency situations.

Identification and Authentication: Identify information system users,

processes acting on behalf of users, or devices, and authenticate (or verify) the
identities of those users, processes, or devices, as a prerequisite to allowing
access to organizational information systems.

Incident Response:

(i) Establish an operational incident-handling capability for organizational

information systems that includes adequate preparation, detection,
analysis, containment, recovery, and user-response activities; and

(ii) track, document, and report incidents to appropriate organizational officials

and/or authorities.
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (4 of 7)
Maintenance:
(i) Perform periodic and timely maintenance on organizational information systems; and
(ii) provide effective controls on the tools, techniques, mechanisms, and personnel used
to conduct information system maintenance.

Media Protection:
(i) Protect information system media, both paper and digital;
(ii) limit access to information on information system media to authorized users; and
(iii) sanitize or destroy information system media before disposal or release for reuse.

Physical and Environmental Protection:

(i) Limit physical access to information systems, equipment, and the respective operating
environments to authorized individuals;
(ii) protect the physical plant and support infrastructure for information systems;
(iii) provide supporting utilities for information systems;
(iv) protect information systems against environmental hazards; and
(v) provide appropriate environmental controls in facilities containing information systems.
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (5 of 7)
Planning: Develop, document, periodically update, and implement security plans for
organizational information systems that describe the security controls in place or planned
for the information systems and the rules of behavior for individuals accessing the
information systems.
Personnel Security:
(i) Ensure that individuals occupying positions of responsibility within organizations
(including third-party service providers) are trustworthy and meet established
security criteria for those positions;
(ii) ensure that organizational information and information systems are protected during
and after personnel actions such as terminations and transfers; and
(iii) employ formal sanctions for personnel failing to comply with organizational security
policies and procedures.

Risk Assessment: Periodically assess the risk to organizational operations (including

mission, functions, image, or reputation), organizational assets, and individuals, resulting
from the operation of organizational information systems and the associated processing,
storage, or transmission of organizational information.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (6 of 7)
Systems and Services Acquisition:
(i) Allocate sufficient resources to adequately protect organizational information
systems;
(ii) employ system development life cycle processes that incorporate information
security considerations;
(iii) employ software usage and installation restrictions; and
(iv) ensure that third-party providers employ adequate security measures to protect
information, applications, and/or services outsourced from the organization.

System and Communications Protection:

(i) Monitor, control, and protect organizational communications (i.e., information
transmitted or received by organizational information systems) at the external
boundaries and key internal boundaries of the information systems; and
(ii) employ architectural designs, software development techniques, and systems
engineering principles that promote effective information security within
organizational information systems.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Table 1.4 Security Requirements (7 of 7)
System and Information Integrity:
(i) Identify, report, and correct information and information system
flaws in a timely manner;
(ii) provide protection from malicious code at appropriate locations
within organizational information systems; and
(iii) monitor information system security alerts and advisories and take
appropriate actions in response.

(FIPS 200)

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Fundamental Security Design Principles
• Economy of mechanism • Isolation
• Fail-safe defaults • Encapsulation
• Complete mediation • Modularity
• Open design • Layering
• Separation of privilege • Least astonishment
• Least privilege
• Least common mechanism
• Psychological acceptability

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Attack Surfaces
• Consist of the reachable and exploitable vulnerabilities in a
system
• Examples:
– Open ports on outward facing Web and other servers, and
code listening on those ports
– Services available on the inside of a firewall
– Code that processes incoming data, email, X ML, office
documents, and industry-specific custom data exchange
formats
– Interfaces, SQL, and Web forms
– An employee with access to sensitive information vulnerable
to a social engineering attack
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Attack Surface Categories
• Network Attack Surface
– Vulnerabilities over an
enterprise network,
wide-area network, or
the Internet
– Included in this
category are network
protocol vulnerabilities,
such as those used for
a denial-of-service
attack, disruption of
communications links,
and various forms of
intruder attacks
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
• Software Attack Surface
– Vulnerabilities in application,
utility, or operating system
code
– Particular focus is Web server
software
• Human Attack Surface
– Vulnerabilities created by
personnel or outsiders, such
as social engineering, human
error, and trusted insiders
Figure 1.4 Defense in Depth and Attack
Surface

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Figure 1.5 An Attack Tree for Internet
Banking Authentication

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Computer Security Strategy (1 of 2)
• Security Policy
– Formal statement of rules and practices that specify or
regulate how a system or organization provides security
services to protect sensitive and critical system resources
• Security Implementation
– Involves four complementary courses of action:
▪ Prevention
▪ Detection
▪ Response
▪ Recovery

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Computer Security Strategy (2 of 2)
• Assurance
– Encompassing both system design and system
implementation, assurance is an attribute of an
information system that provides grounds for having
confidence that the system operates such that the
system’s security policy is enforced
• Evaluation
– Process of examining a computer product or system
with respect to certain criteria
– Involves testing and may also involve formal analytic
or mathematical techniques
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Standards (1 of 2)
• Standards have been developed to cover management practices and
the overall architecture of security mechanisms and services
• The most important of these organizations are:
– National Institute of Standards and Technology (N IST)
 NIST is a U.S. federal agency that deals with measurement
science, standards, and technology related to U.S. government
use and to the promotion of U.S. private sector innovation
– Internet Society (ISOC)
 ISOC is a professional membership society that provides
leadership in addressing issues that confront the future of the
Internet, and is the organization home for the groups
responsible for Internet infrastructure standards

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Standards (2 of 2)
– International Telecommunication Union (I TU-T)
 ITU is a United Nations agency in which governments and the
private sector coordinate global telecom networks and
services
– International Organization for Standardization (I SO)
 ISO is a nongovernmental organization whose work results in
international agreements that are published as International
Standards

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Summary
• Computer security concepts • Fundamental security design
– Definition principles
– Challenges • Attack surfaces and attack trees
– Model – Attack surfaces
• Threats, attacks, and assets – Attack trees
– Threats and attacks • Computer security strategy
– Threats and assets – Security policy
• Security functional – Security implementation
requirements – Assurance and evaluation
• Standards

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.

Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved