Basic Security Concepts PDF

CHAPTER 1 Basic Security Concepts Dr. Sayed El- Sayed INTRODUCTION What is computer security? – Computer security is the protection of assets of a computer or computer system (asset means items that has value). – Types of assets: hardware, software, data, processes, storage media, and people. Principle of Easiest Penetration – Intruder must be expected to use any available means 1 of INTRODUCTION Computer systems (hardware, software, and data) have value and deserve security protection. There are 3 classifications of protection: – Prevention: take measures that prevent your assets from being damaged. – Detection: take measures so that you can detect when, how, and by whom an asset has been damaged. – Reaction: take measures that allow you to recover your assets or to recover from damage to your assets. 2 INTRODUCTI ON Example from physical world: – Prevention: locks at the door or window bars, wall around the property – Detection: you detect when something has been stolen if it is no longer there, a burglar alarm goes on when break-in occurs, CCTV cameras provides information that allows you to identify intruders – Reaction: you can call the police, or you may decide to replace the stolen item 3 INTRODUCTION Example from cyber world: consider credit card fraud cases. – Prevention: use encryption when placing an order, rely on the merchant to perform some checks on the caller before accepting a credit card order or don’t use credit card number on the Internet. – Detection: a transaction that you had not authorized appears on your credit card statements. – Reaction: you can ask for new credit card number, the cost of the fraudulent may be recovered by the card holder or the merchant where the fraudster had made the purchase or the credit card issuer. 4 Security Goals – CIA Triad CONFIDENTIALITY: Assets of computing systems are available only to authorized parties (also known as secrecy or privacy). INTEGRITY: Assets can be modified AVAILABILITY : Assets only by authorized are accessible to parties or only in authorized parties when authorized ways. needed without any delay. Security is achieved through a combination of the three characteristics. CIA is from assets point of view; not the user’s point of view. 5 Confidentia Ensures that computer-related assets are lity accessed only by authorized parties Access given only to those who should have access to something. – “access”-not only reading, but also viewing, printing, and knowing that the asset exists Notice the general pattern of the following statement: A person, process, or program is (or is not) authorized to access a data item in a particular way. We call the person, process, or program a subject, the data item an object, the kind of access (such as read, write, or execute) an access mode, and the authorization a policy 6 Integri Assets can be modifiedty only by authorized parties in authorized ways Modification includes writing, changing, changing status, deleting, and creating Integrity – means different things in different contexts. For example; if we say that we have preserved the integrity of an item, we may mean that the item is: – Precise – Accurate – Unmodified – Modified only in acceptable ways – Modified only by authorized people – Modified only by authorized processes – Consistent – Internally consistent – Meaningful and usable 7 Integrity (cont.) Integrity can also mean two or more of these properties [Welke & Mayfield] recognize three particular aspects: 1. Authorized actions 2. Separation and protection of resources 3. Error detection and correction Some forms of integrity are well represented in the real world, and those precise representations can be implemented in computerized environment. 8 – But not all interpretations of integrity are well Availabili Assets are accessiblety to authorized parties at appropriate times Access to particular sets of objects should not be prevented from person/system who has legitimate access. – For this reason, availability is sometimes known by its opposite – denial of service (DoS). Availability applies to both data (info.) and services (info. processing) Definition of availability depends on following: – is present in a usable form – has capacity enough to meet service’s needs 9 – it is making clear progress, and, if it Other Protection Requirements (AAA)CIA is from “assets” point of view. Remember: The AAA system is from the user point of view. It is a three-process framework used to manage user access, enforce user policies and privileges, and measure the consumption of network resources. – Authentication Who the user is? (genuine user) – Authorization What can the user do? (permission to access resources) – Accounting Tracking user activities and events 10 Vulnerabilities and Threats A vulnerability is a weakness in the system (procedures, design, or implementation) that might be exploited to cause loss or harm – For example, a system may be vulnerable to unauthorized data manipulation because the system does not verify user’s identity before allowing data access A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. – To Here, seeis holding a wall the difference water between a threat and a vulnerability, vulnerability that threatens back. The water is a threat to the man’s security. consider the following illustration: the man. The threat of harm If the water rises to or above is the potential for the man the Thelevel smallofcrack the crack, is a it will to get wet, get hurt, or be exploit the vulnerability and drowned harm the man. Temporary solution: the man placing his finger in the hole – controlling the threat of water leaks “A threat is blocked by control of a vulnerability” 11 Computer Network Vulnerabilities 12 SECURITY THREATS The CIA triad can be viewed from a different perspective: the nature of the harm caused to assets. Harm can also be characterized by four acts, called Security Threats: - interception, interruption, modification, and fabrication. INTERRUPTION: An asset of the system is destroyed or become unavailable or unusable – attack on AVAILABILTY INTERCEPTION: An SECURIT unauthorized party (program, Y person, computer) gains access THREAT to an asset – attack on S CONFIDENTIALITY MODIFICATION: An unauthorized party not only gain access to but tampers with an asset – attack on INTEGRITY FABRICATION: An unauthorized party insert counterfeit objects into the system – an attack on INTEGRITY 13 SECURITY THREATS Information Information Information Information source destination source destination INTERRUPTION INTERCEPTION Information Information Information Information source destination source destination MODIFICATION FABRICATION 14 Examples of security threats/attacks: Interruption ~destruction of piece of hardware (hard disk) ~cutting of communication line or ~disabling of the file management system Interception ~wiretapping ~illicit copy of files or programs Modification ~changing values in data file, ~ altering a program so that it performs differently, ~modifying the content of messages Fabrication ~being transmitted addition of recordsinto a file, ~a network. insertion of spurious messages in a network 15 Security Terminology Terms: Asset, Threat, Threat Agent, Vulnerability, Exploit, Risk 16 Vulnerabilities in Computing Systems Interruption Interception (Denial of service) (Theft) HARDWARE SOFTWARE DATA Interruption (Deletion) Interruption (Loss) Modification Interceptio n Interceptio Fabrication (piracy) n Modification 17 Kinds of A threat is a potential cause of harm. Harm can be caused by either nonhuman Threats events or humans. Examples of nonhuman threats include: – natural disasters like fires or floods; – loss of electrical power; – failure of a component such as a communications cable, processor chip, or disk drive. Human threats can be either benign (non-malicious) or malicious. – Non-malicious examples: accidentally spilling a soft drink on a laptop, unintentionally deleting text, mistakably sending an email message to the wrong person, and carelessly typing “12” instead of “21” when entering a number or clicking “Yes” instead of “No” to overwrite a file. – Most computer security activity relates to malicious, human- caused harm. Malicious harm (an attack) can be random or directed. In a random attack the attacker wants to harm any computer or user. Example: malicious code posted on a website that could be visited by anybody. 18 Kinds of Threats 19 Vulnerabilit ies Computer vulnerabilities: Weak authentication Lack of access control Errors in programs Finite or insufficient resources Inadequate physical protection Hardware Vulnerabilities Involuntary machine-slaughter: accidental acts not intended to do serious damage. Voluntary machine-slaughter: intended to do harm Software Vulnerabilities Deletion Modification – trojan horse, virus, trapdoor, logic bomb 20 Vulnerabilities – cont’d Data Vulnerabilities Data confidentiality Data integrity (data are especially vulnerable to modification) Interception and Fabrication/modification of messages; then replay. Other exposed assets Storage media – consider backups Networks – can easily multiply the problems of computer security: very exposed medium, accessible from distant. Access – steal computer time, denial of service, destroy S/W or data. Key people – If only one person knows how to use or maintain a particular program, trouble can arise if that person is ill, suffers an accident, or leaves the organization 21 Methods of Defense ENCRYPTION SOFTWARE/HARDWARE CONTROLS Encryption provides ~confidentiality for data Software controls: ~integrity ~Internal program controls ~basis of protocols that enable us to ~Operating system controls provide security while doing ~independent control programs important system/network tasks. METHODS OF ~Development controls DEFENSE Hardware controls: ~H/W or smart card implement. of POLICIES encryption ~locks or cables to limit access or deter theft ~devices to verify users’ identities ~frequent changes of password ~firewalls ~ training to reinforce the ~Intrusion detection systems importance of security policy and PHYSICAL CONTROLS ~circuit boards to control access to storage to ensure their proper use. ~ legal and ethical controls ~ locks of doors ~ codes of ethics ~ backup copies of important S/W and data ~ physical site planning (reduce natural disasters) 22 Types of Attackers Amateurs: not career criminal but normal people who observe a flaw in a security system – have access to something valuable. Crackers: may be university or high school students who attempt to access computing facilities for which they have not been authorized. Career criminal: understands the targets of computer crime, international groups, electronic spies, information brokers. Hackers: someone with deep knowledge and interest in operating systems or multiple OS. Do not attempt to intentionally break any system (non-malicious). 23 Method-Opportunity- - Motive A malicious attacker must have three things to ensure success: Method, opportunity, and motive. Method is the how; opportunity, the when; and motive, the why of an attack. - Deny the attacker any of those three and the attack will not succeed The negative consequence of an actualized threat is harm To minimize harm: perform risk management to assess likelihood of event occurrence and magnitude of impact The risk that remains uncovered by controls is called residual risk 24 How to make the system secure? There are four methods how computer security provides protection: (1)System Access Control: ensuring that unauthorized users don’t get into the system. (2)Data Access Control: monitoring who can access what data and for what purposes. (3)System and Security Administration: performing certain procedures (system administrator’s responsibilities or training users appropriately) (4) System Design: Taking advantage of 25 basic hardware and software security Contro ls A control or countermeasure is a means to counter threats. Harm occurs when a threat is realized against a vulnerability. To protect against harm, we can neutralize the threat, close the vulnerability, or both. The possibility for harm to occur is called risk. We can deal with harm in several ways: – prevent it, by blocking the attack or closing the vulnerability – deter it, by making the attack harder but not impossible – deflect it, by making another target more attractive (or this one less so) – mitigate it, by making its impact less severe – detect it, either as it happens or some time after the fact – recover from its effects Controls are grouped into three largely independent classes: Physical, procedural and technical. 26 Control Types Physical controls stop or block an attack by using something tangible, such as walls and fences – Locks, walls/fences, (human) guards, sprinklers and/or fire extinguishers Procedural or admin controls use a command or agreement that requires or advises people how to act, – laws, regulations, policies, procedures, guidelines, copyrights, patents, contracts, agreements Technical controls counter threats with technology (H/W or S/W), including: – Passwords, program or operating system access controls, network protocols, firewalls, intrusion detection systems, 27 encryption, network traffic flow regulators System Access The first way in which system provides computer security is by Control controlling access to that system: – Who’s allowed to log in? – How does the system decide whether a user is legitimate? Identification and authentication provide the above. – Identification is the act of asserting who a person is. – Authentication is the act of proving that asserted identity is correct: that the subject (person) is who they say they are. Identities are public or well known. Authentication should be private. There are 3 ways to prove the user (i.e., to confirm user’s identity): – Something the user knows (passwords, PINs, passphrases, mother maiden name) – Something the user is (biometrics, such as face, fingerprints, voice pattern, retina pattern, handprint etc.) – Something the user has. (tokens, keys, smart cards, etc.) 28 System Access Username andControl Password Typical first line of defense User name (Login ID) – identification Password – authentication Login will succeed if you entered a valid username and the corresponding password. 29 System Access User plays anControl important role in password protection – authentication is compromised when you give away your own password by telling others. Common threats on password: – Password guessing: exhaustive search (brute force) and intelligent search – Password spoofing – Compromise of the password file 30 Choosing Strong Passwords Strong password equals strong authentication Use characters other than just a–z Choose long passwords Avoid actual names or words Use a string you can remember Use variants for multiple passwords Change the password regularly Don't write it down Don't share it with others 31 System Access Control How we can defend password security: – Compulsory to set a password – Change default password – Password length – Password format – Avoid obvious passwords How system help to improve password security: – Password checkers – Password generation – Password ageing – Limit login attempts – Inform users 32 Data Access Controllevel, a subject may At the most elementary observe an object or alter an object, therefore the common access modes are defined as below: – Observe: look at the contents of an object – Change: change the contents of an object execute append read write Observe √ √ Change √ √ Access rights in the Bell-LaPadula model bill.do edit.ex fun.co c e m {execute, read} Alice - {execute} Bill {read, write} {execute} {execute, read, write} An access control matrix 33 Effectiveness of Controls Awareness of Problems: people will cooperate with security requirements only if they understand why security is appropriate in each specific situation. Likelihood of use: controls must be used to be effective – therefore it must be easy to use and appropriate. Overlapping controls: combinations of control on one exposure. Periodic review: ongoing task in judging the effectiveness of a control. 34 The End Q&A 35

Basic Security Concepts PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue