Computer Security - Chapter 1 PDF

1 COMPUTER SECURITY Chapter 1: Introduction 2 Objectives for Chapter 1 Define computer security as well as basic computer security terms Introduce the C-I-A Triad Introduce basic access control terminology Explain basic threats, vulnerabilities, and attacks Show how controls map to threats 3 What Is Computer Security? The protection of the assets of a computer system Hardware Software Data 4 Assets Hardware: Software: Data: Computer Operating system Documents Devices (disk Utilities (antivirus) Photos drives, memory, Commercial Music, videos printer) applications (word Email Network gear processing, photo Class projects editing) Individual applications 5 Values of Assets Off the shelf; easily replaceable Hardware: Software: Data: Computer Operating system Documents Devices (disk Utilities (antivirus) Photos drives, memory, Commercial Music, videos printer) applications (word Email Network gear processing, photo Class projects editing) Individual Unique; irreplaceable applications 6 Basic Terms Vulnerability Threat Attack Countermeasure or control 7 Vulnerabilities, Threats, Attacks, Controls Vulnerability is a weakness in the security system (i.e., in procedures, design, or implementation), that might be exploited to cause loss or harm. Threat to a computing system is a set of circumstances that has the potential to cause loss or harm. a potential violation of security A human (criminal) who exploits a vulnerability perpetrates an attack on the system. How do we address these problems? We use a control as a protective measure. That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability. 8 Threat and Vulnerability Relationship among threats, controls, and vulnerabilities: A threat is blocked by control of a vulnerability. To devise controls, we must know as much about threats as possible. The fact that the violation might occur means that the actions that might cause it should be guarder against. 9 C-I-A Triad Confidentiality Integrity Availability Sometimes two other desirable characteristics: Authentication the process or action of proving or showing something to be true, genuine, or valid. Nonrepudiation is the assurance that someone cannot deny something. i.e. nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated 10 Access Control Policy: Who + What + How = Yes/No Object Mode of access (what) Subject (how) (who) 11 Types of Threats Threats Natural Human causes causes Examples: Fire, Benign Malicious power failure intent intent Example: Human error Random Directed Example: Malicious Example: code on a general Impersonation web site 12 Advanced Persistent Threat (APT) Organized Directed Well financed Patient Silent 13 Types of Attackers Terrorist Criminal- Hacker for-hire Loosely Individual connected group Organized crime member 14 Types of Harm Interception Interruption Modification Fabrication 15 Threats In an interception means that some unauthorized party has gained access to an asset. In an interruption, an asset of the system becomes lost, unavailable, or unusable. If an unauthorized party not only accesses but tampers (forges) with an asset, the threat is a modification. Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. 16 Method—Opportunity—Motive (MOM) Opportunity Motive Method 17 Method, Opportunity, and Motive A malicious attacker must have three things (MOM): method: the skills, knowledge, tools, and other things with which to be able to pull off the attack Knowledge of systems are widely available opportunity: the time and access to accomplish the attack Systems available to the public are accessible to them motive: a reason to want to perform this attack against this system 18 Controls/Countermeasures Kind of Threat ot t ot no /n /n us d/ an te io um c ic ire al H D Physical M Procedural Confidentiality Technical Protects Integrity e yp Availability lT ntro Co 19 Security Goals When we talk about computer security, we mean that we are addressing three important aspects of any computer-related system: confidentiality, integrity, & availability (CIA) Confidentiality ensures that computer-related assets are accessed only by authorized parties. i.e. reading, viewing, printing, or even knowing their existence Secrecy or privacy Integrity means that assets can be modified only by authorized parties or only in authorized ways. i.e. writing, changing, deleting, creating Availability means that assets are accessible to authorized parties at appropriate times. i.e. often, availability is known by its opposite, denial of service. 20 Relationship between Confidentiality Integrity and Availability In fact, these three characteristics can be independent, can overlap, and can even be mutually exclusive. Confidentiality Secure Integrity Availability Slide #1-21 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds Slide #1-22 Trust and Assumptions Trust underlies all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly 23 Different Types of Controls Deterrence: These controls are designed to discourage potential attackers. It’s about creating a perception that the cost of an attack is greater than the benefit. Examples include legal consequences and sanctions. Deflection: This involves redirecting potential threats to less critical parts of the system or to decoy systems. It’s like having a scarecrow in a field; it doesn’t stop the birds but encourages them to land elsewhere. Response: Response controls are activated after an attack is detected. They aim to minimize damage, restore services, and gather information about the attack to improve future defenses. Prevention: Preventive measures are the first line of defense, aiming to stop attacks before they occur. This includes firewalls, antivirus software, and intrusion prevention systems. 24 Different Types of Controls 25 Controls Available Encryption We take data in their normal, unscrambled state, called: cleartext or plaintext, and transform them so that they are unintelligible to the outside observer; the transformed data are called enciphered text or ciphertext. Encryption clearly addresses the need for confidentiality of data. Additionally, it can be used to ensure integrity; data that cannot be read generally cannot easily be changed in a meaningful manner. Lock Sign on URL browser 26 Controls Available Encryption does not solve all computer security problems, and other tools must complement its use. if encryption is not used properly, it may have no effect on security or could even degrade the performance of the entire system. Weak encryption can actually be worse than no encryption at all, because it gives users an unwarranted sense of protection. Therefore, we must understand those situations in which encryption is most useful as well as ways to use it effectively. 27 Controls Available Software/Program Controls Programs must be secure enough to prevent outside attack They must also be developed and maintained so that we can be confident of the programs' dependability. Program controls include the following: Internal program controls: parts of the program that enforce security restrictions, i.e. access limitations in a database management program Operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users i.e. chmod on UNIX: (Read, Write, Execute) vs. (Owner, Group, Other) Independent control programs: application programs, i.e. password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities 28 Controls Available Hardware Controls Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as hardware or smart card implementations of encryption locks or cables limiting access or deterring theft devices to verify users' identities firewalls intrusion detection systems circuit boards that control access to storage media 29 Controls Available Policies and Procedures Sometimes, we can rely on agreed-on procedures or policies among users rather than enforcing security through hardware or software means i.e. frequent changes of passwords We must not forget the value of community standards and expectations when we consider how to enforce security. Physical Controls i.e. locks on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters. 30 Effectiveness of Controls Awareness of Problem People using controls must be convinced of the need for security. That is, people will willingly cooperate with security requirements only if they understand why security is appropriate in a given situation. 31 Let us visit… https://www.virustotal.com/ VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services and threat hunting and malware analysis. 32 Summary Vulnerabilities are weaknesses in a system; threats exploit those weaknesses; controls protect those weaknesses from exploitation Confidentiality, integrity, and availability are the three basic security primitives Different attackers pose different kinds of threats based on their capabilities and motivations Different controls address different threats; controls come in many flavors and can exist at various points in the system THANK YOU

Computer Security - Chapter 1 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue