Seventh Edition, Global Edition

by William Stallings
 Chapter 1
Computer and Network Security
Concepts

© 2017 Pearson Education, Ltd., All rights reserved.

 Cryptographic algorithms and
protocols can be grouped into four
main areas:
Symmetric encryption

• Used to conceal the contents of blocks or streams of data of

any size, including messages, files, encryption keys, and
passwords
Asymmetric encryption

• Used to conceal small blocks of data, such as encryption

keys and hash function values, which are used in digital
signatures
Data integrity algorithms

• Used to protect blocks of data, such as messages, from

alteration
Authentication protocols

• Schemes based on the use of cryptographic algorithms

designed to authenticate the identity of entities

© 2017 Pearson Education, Ltd., All rights reserved.

 The field of network and
Internet security consists of:

measures to deter,
prevent, detect,
and correct security
violations that
involve the
transmission of
information
© 2017 Pearson Education, Ltd., All rights reserved.
 Computer Security
The NIST Computer Security Handbook
defines the term computer security as:

“the protection afforded to an

automated information system in order
to attain the applicable objectives of
preserving the integrity, availability and
confidentiality of information system
resources” (includes hardware,
software, firmware, information/ data,
and telecommunications)
© 2017 Pearson Education, Ltd., All rights reserved.
 Computer Security
Objectives
Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available
or disclosed to unauthorized individuals
• Privacy
• Assures that individuals control or influence what information related
to them may be collected and stored and by whom and to whom that
information may be disclosed

Integrity
• Data integrity
• Assures that information and programs are changed only in a
specified and authorized manner
• System integrity
• Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system
Availability
• Assures that systems work promptly and service is not denied
to authorized users
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Breach of Security
Levels of Impact
• The loss could be expected to have a severe
or catastrophic adverse effect on
organizational operations, organizational
High assets, or individuals

• The loss could be expected to have

Moderat a serious adverse effect on

organizational operations,
organizational assets, or individuals
e
• The loss could be expected
to have a limited adverse
effect on organizational

Low operations, organizational

assets, or individuals

© 2017 Pearson Education, Ltd., All rights reserved.

 Computer Security
Challenges
• Security is not simple
• Potential attacks on the
security features need to
be considered
• Procedures used to
provide particular services
are often counter-intuitive
• Security mechanisms
typically involve more than
a particular algorithm or
protocol
• Security is essentially a
battle of wits between a
perpetrator and the
designer

• It is necessary to decide • Little benefit from security

where to use the various investment is perceived
security mechanisms until a security failure
occurs
• Requires constant
• Strong security is often
monitoring
viewed as an impediment
• Is too often an to efficient and user-friendly
afterthought
© 2017 Pearson Education, Ltd., All rights reserved.
operation
 OSI Security
Architecture
• Security attack
• Any action that compromises the security of information
owned by an organization

• Security mechanism
• A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security
attack

• Security service
• A processing or communication service that enhances
the security of the data processing systems and the
information transfers of an organization
• Intended to counter security attacks, and they make use
of one or more security mechanisms to provide the
service
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 1.1
Threats and Attacks (RFC
4949)

© 2017 Pearson Education, Ltd., All rights reserved.

 Security
Attacks
•A means of classifying
security attacks, used
both in X.800 and RFC
4949, is in terms of
passive attacks and active
attacks

•A passive attack
attempts to learn or make
use of information from
the system but does not
affect system resources

•An active attack attempts

to alter system resources
or affect their operation
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Passive
Attacks

• Are in the nature of

eavesdropping on, or
monitoring of,
transmissions
• Two types of passive
• Goal of the opponent attacks are:
is to obtain information
that is being • The release of
transmitted message contents
• Traffic analysis

© 2017 Pearson Education, Ltd., All rights reserved.

 Active Attacks
• Involve some modification
of the data stream or the
creation of a false stream
Masqu •Takes place when one entity
pretends to be a different entity
•Usually includes one of the
erade other forms of active attack

• Difficult to prevent because

of the wide variety of
potential physical, Repla •Involves the passive capture of
a data unit and its subsequent
software, and network retransmission to produce an

vulnerabilities y unauthorized effect

• Goal is to detect attacks Modificati •Some portion of a legitimate

and to recover from any message is altered, or messages
on of are delayed or reordered to
disruption or delays caused
messages produce an unauthorized effect
by them

Denial of •Prevents or inhibits the

normal use or management
service of communications facilities

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Services

• Defined by X.800 as:

• A service provided by a protocol layer of
communicating open systems and that
ensures adequate security of the systems or
of data transfers

• Defined by RFC 4949 as:

• A processing or communication service
provided by a system to give a specific kind
of protection to system resources
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 1.2

Security
Services
(X.800)

(This table is found on

page 12 in textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
 Authentication
• Concerned with assuring that a communication is
authentic
• In the case of a single message, assures the
recipient that the message is from the source that
it claims to be from
• In the case of ongoing interaction, assures the two
entities are authentic and that the connection is
not interfered with in such a way that a third party
can masquerade as one of the two legitimate
parties
Two specific authentication
services are defined in
X.800:
•Peer entity authentication
© 2017 Pearson Education, Ltd., All rights reserved.
 Access Control

• The ability to limit and control the

access to host systems and
applications via communications links

• To achieve this, each entity trying to

gain access must first be indentified,
or authenticated, so that access rights
can be tailored to the individual

© 2017 Pearson Education, Ltd., All rights reserved.

 Data Confidentiality
• The protection of transmitted data from passive
attacks
• Broadest service protects all user data transmitted
between two users over a period of time
• Narrower forms of service includes the protection
of a single message or even specific fields within a
message

• The protection of traffic flow from analysis

• This requires that an attacker not be able to
observe the source and destination, frequency,
length, or other characteristics of the traffic on a
communications facility
© 2017 Pearson Education, Ltd., All rights reserved.
 Data Integrity

C
A
a
c
n
o
n
n
e
a
c
ti
p
o
n
pl
e
s
sl
y
ni
t
e
gt
orit
y
s
a
e
vr
i
s
c
e
,tr
o
e
n
e
a
m
h t
a
dt
o
e
alf
s
m
w
eit
h
si
s
n
d
ai
v
gi
d
e
u
a
sl
m
e,
s
a
s
a
g
e
s
w i
it
n
h
o
g
u
t
erl
e
g
ar
d
m t
e
o
s
a
n
s
y
al
a
gr
g
e
cr,
o
ot
n
er
x
st,
g
e
n
el
r
el
a
c
y
pt
r
e
o
v
di
d
e
s
f
pri
o
et
e
cl
ti
d
o
n
s
a
g
a
w
n i
sit
t
h
m
e
si
s
n
a
g
e
a
m
o
d
if
m i
c
e
a
ti
s
o
n
s
o
a
n
l
g
y
e

© 2017 Pearson Education, Ltd., All rights reserved.

 Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message

• When a message is sent, the receiver

can prove that the alleged sender in
fact sent the message
• When a message is received, the
sender can prove that the alleged
receiver in fact received the message

© 2017 Pearson Education, Ltd., All rights reserved.

 Availability Service

• Protects a system to ensure its

availability

• This service addresses the security

concerns raised by denial-of-service
attacks

• It depends on proper management and

control of system resources and thus
depends on access control service and
other security services
© 2017 Pearson Education, Ltd., All rights reserved.
 Security Mechanisms
(X.800)
Specific Security Mechanisms
• Encipherment
Pervasive Security Mechanisms
• Digital signatures
• Trusted functionality
• Access controls
• Security labels
• Data integrity
• Event detection
• Authentication exchange
• Security audit trails
• Traffic padding
• Security recovery
• Routing control
• Notarization

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 1.3

Security
Mechanisms
(X.800)

(This table is found on

pages 14-15 in
textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
 Fundamental
Security Design
Principles
• Economy of • Least common
mechanism mechanism
• Fail-safe defaults • Psychological
acceptability
• Complete
• Isolation
meditation
• Open design • Encapsulation
• Separation of • Modularity
privilege • Layering
• Least privilege • Least astonishment

© 2017 Pearson Education, Ltd., All rights reserved.

 Fundamental Security Design
Principles
Economy of
mechanism
• Means that the design of
security measures embodied
in both hardware and software
should be as simple and small
as possible
• Relatively simple, small
design is easier to test and
verify thoroughly
• With a complex design, there
are many more opportunities
for an adversary to discover
subtle weaknesses to exploit
that may be difficult to spot
ahead of time
© 2017 Pearson Education, Ltd., All rights reserved.
Fail-safe defaults
• Means that access decisions
should be based on permission
rather than exclusion
• The default situation is lack of
access, and the protection
scheme identifies conditions
under which access is
permitted
• Most file access systems and
virtually all protected services
on client/server use fail-safe
defaults
 Fundamental Security Design
Principles
Complete
mediation Open design
• Means that every access must
be checked against the access • Means that the design of a
control mechanism security mechanism should be
open rather than secret
• Systems should not rely on
access decisions retrieved
from a cache • Although encryption keys
must be secret, encryption
• To fully implement this, every algorithms should be open to
time a user reads a field or public scrutiny
record in a file, or a data item
in a database, the system
• Is the philosophy behind the
must exercise access control
NIST program of standardizing
• This resource-intensive encryption and hash
approach is rarely used algorithms

© 2017 Pearson Education, Ltd., All rights reserved.

 Fundamental Security
Design Principles
Separation of
privilege Least privilege
• Defined as a practice in • Means that every process and
which multiple privilege every user of the system
attributes are required to should operate using the
achieve access to a least set of privileges
necessary to perform the task
restricted resource
• An example of the use of this
• Multifactor user principle is role-based access
authentication is an control; the system security
example which requires policy can identify and define
the use of multiple the various roles of users or
techniques, such as a processes and each role is
password and a smart assigned only those
card, to authorize a user permissions needed to
perform its functions

© 2017 Pearson Education, Ltd., All rights reserved.

 Fundamental Security
Design Principles
Least common
mechanism
• Means that the design
should minimize the
functions shared by
different users, providing
mutual security
• This principle helps reduce
the number of unintended
communication paths and
reduces the amount of
hardware and software on
which all users depend, thus
making it easier to verify if
there are any undesirable
security implications
© 2017 Pearson Education, Ltd., All rights reserved.
Psychological
acceptability
• Implies that the security
mechanisms should not interfere
unduly with the work of users,
while at the same time meeting
the needs of those who authorize
access
• Where possible, security
mechanisms should be
transparent to the users of the
system or, at most, introduce
minimal obstruction
• In addition to not being intrusive
or burdensome, security
procedures must reflect the
user’s mental model of
protection
 Fundamental Security
Design Principles
Isolation
• Applies in three contexts:
• Public access systems
should be isolated from
critical resources to
prevent disclosure or
tampering
• Processes and files of
individual users should be
isolated from one another
except where it is explicitly
desired
• Security mechanisms
should be isolated in the
sense of preventing access
to those mechanisms
© 2017 Pearson Education, Ltd., All rights reserved.
Encapsulation
• Can be viewed as a specific
form of isolation based on
object-oriented functionality
• Protection is provided by
encapsulating a collection of
procedures and data objects
in a domain of its own so
that the internal structure of
a data object is accessible
only to the procedures of
the protected subsystem,
and the procedures may be
called only at designated
domain entry points
 Fundamental Security
Design Principles
Modularity Layering
• Refers both to the • Refers to the use of
multiple, overlapping
development of
protection approaches
security functions as addressing the people,
separate, protected technology, and
modules and to the operational aspects of
information systems
use of a modular
architecture for • The failure or
mechanism design circumvention of any
and implementation individual protection
approach will not leave the
system unprotected

© 2017 Pearson Education, Ltd., All rights reserved.

 Fundamental Security
Design Principles
Least
astonishment
• Means that a program or user interface
should always respond in the way that is
least likely to astonish the user

• The mechanism for authorization should be

transparent enough to a user that the user
has a good intuitive understanding of how
the security goals map to the provided
security mechanism

© 2017 Pearson Education, Ltd., All rights reserved.

 Attack Surfaces
• An attack surface consists of the reachable and
exploitable vulnerabilities in a system
• Examples:
• Open ports on outward facing Web and other servers,
and code listening on those ports
• Services available on the inside of a firewall
• Code that processes incoming data, email, XML,
office documents, and industry-specific custom data
exchange formats
• Interfaces, SQL, and Web forms
• An employee with access to sensitive information
vulnerable to a social engineering attack

© 2017 Pearson Education, Ltd., All rights reserved.

Attack Surface Categories
• Network attack surface
• Refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet

• Software attack surface

• Refers to vulnerabilities in application,
utility, or operating system code

• Human attack surface

• Refers to vulnerabilities created by
personnel or outsiders
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Attack Tree
• A branching, hierarchical data structure that
represents a set of potential techniques for
exploiting security vulnerabilities
• The security incident that is the goal of the attack
is represented as the root node of the tree, and the
ways that an attacker could reach that goal are
represented as branches and subnodes of the tree
• The final nodes on the paths outward from the root,
(leaf nodes), represent different ways to initiate an
attack
• The motivation for the use of attack trees is to
effectively exploit the information available on
attack
© 2017 Pearson Education, Ltd.,patterns
All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Model for Network
Security

© 2017 Pearson Education, Ltd., All rights reserved.

 Network Access
Security Model

© 2017 Pearson Education, Ltd., All rights reserved.

 Unwanted Access
• Placement in a computer system of logic
that exploits vulnerabilities in the system
and that can affect application programs as
well as utility programs such as editors and
compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
• Service threats
• Exploit service flaws in computers to
inhibit use by legitimate users
© 2017 Pearson Education, Ltd., All rights reserved.
 Standards
National Institute of Standards and Technology

• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the
promotion of U.S. private-sector innovation
• Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have a worldwide impact

Internet Society
• ISOC is a professional membership society with world-wide organizational and individual membership
• Provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible
for Internet infrastructure standards

ITU-T
• The International Telecommunication Union (ITU) is an international organization within the United Nations System in which governments and the private sector coordinate global
telecom networks and services
• The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and whose mission is the development of technical standards covering all fields of
telecommunications

ISO

• The International Organization for Standardization is a world-wide federation of national standards bodies from more than 140 countries
• ISO is a nongovernmental organization that promotes the development of standardization and related activities with a view to facilitating the
international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity
© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
• Computer security • Security services
concepts • Authentication
• Definition • Access control
• Examples • Data confidentiality
• Challenges • Data integrity
• Nonrepudiation
• The OSI security
• Availability service
architecture
• Security mechanisms
• Security attacks
• Passive attacks • Fundamental security
• Active attacks design principles

• Attack surfaces and • Network security

attack trees model
© 2017 Pearson Education, Ltd., All rights reserved.