lecture 1.pdf

Full Transcript

University of Science and Technology
Faculty of Computer Science and Information Technology
Department of Information and Communication Technology
Lecture (1)
Instructor: Prof. Noureldien A. Noureldien

Organization Security Requirements
The requirements of information security within an organization have undergone
two major changes in the last several decades. Before the widespread use of data
processing equipment, the security of information felt to be valuable to an
organization was provided primarily by physical and administrative means.
The first major change is the introduction of the computer, the need for
automated tools for protecting files and other information stored on the computer
became evident. This is especially the case for a shared system, such as a timesharing system, and the need is even more acute for systems that can be accessed
over a public telephone network, data network, or the Internet.
The second major change that affected security is the introduction of distributed
systems and the use of networks and communications facilities for carrying data
between terminal user and computer and between computer and computer.
Network security measures are needed to protect data during their
transmission. In fact, the term network security is somewhat misleading, because
virtually all business, government, and academic organizations interconnect their
data processing equipment with a collection of interconnected networks. Such a
collection is often referred to as an internet,and the term internet security is
used.
There are no clear boundaries between these two forms of security.
For example, a computer virus may be introduced into a system physically when it
arrives on a flash drive or an optical disk and is subsequently loaded onto a
computer. Viruses may also arrive over an internet. In either case, once the virus is
1

resident on a computer system, internal computer security tools are needed to
detect and recover from the virus.
This course focuses on internet security, which consists of measures to
prevent, detect, and correct security violations that involve the transmission of
information.

Violation Examples
To give you a feel for the areas covered in this course, consider the following
examples of security violations:
1. User A transmits a file to user B. The file contains sensitive information (e.g.,
payroll records) that is to be protected from disclosure. User C, who is not
authorized to read the file, is able to monitor the transmission and capture a copy
of the file during its transmission.
2. A network manager, D, transmits a message to a computer, E, under its
management. The message instructs computer E to update an authorization file to
include the identities of a number of new users who are to be given access to that
computer. User F intercepts the message, alters its contents to add or delete entries,
and then forwards the message to E, which accepts the message as coming from
manager D and updates its authorization file accordingly.
3. Rather than intercept a message, user F constructs its own message with the
desired entries and transmits that message to E as if it had come from manager D.
Computer E accepts the message as coming from manager D and updates its
authorization file accordingly.
4. An employee is fired without warning. The personnel manager sends a message
to a server system to invalidate the employee’s account. When the invalidation is
accomplished, the server is to post a notice to the employee’s file as confirmation
of the action. The employee is able to intercept the message and delay it long
enough to make a final access to the server to retrieve sensitive information. The
message is then forwarded, the action taken, and the confirmation posted. The
employee’s action may go unnoticed for some considerable time.
5. A message is sent from a customer to a stockbroker with instructions for various
transactions. Subsequently, the investments lose value and the customer denies
sending the message.
Although this list by no means exhausts the possible types of security violations, it
illustrates the range of concerns of network security.
2

Computer Security Concepts
A Definition of Computer Security.
The NIST Computer Security Handbook [NIST95] defines the term computer
security as
Computer Security: The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware, software,
firmware, information/data, and telecommunications).
This definition introduces three key objectives that are at the heart of computer
security.
■ Confidentiality:
This term covers two related concepts:
Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may
be disclosed.
■ Integrity:
This term covers two related concepts:
Data integrity: Assures that data (both stored and in transmitted packets) and
programs are changed only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function in an
unaffected manner, free from deliberate or inadvertent unauthorized manipulation
of the system.
■ Availability:
Assures that systems work promptly and service is not denied to authorize users.

3

CIA Trail
The following three concepts form what is often referred to as the CIA triad. The
three concepts embody the fundamental security objectives for both data and for
information and computing services.
1- Confidentiality: Preserving authorized restrictions on information access
and disclosure, including means for protecting personal privacy and
proprietary information. A loss of confidentiality is the unauthorized
disclosure of information.
2- Integrity: Guarding against improper information modification or
destruction, including ensuring information nonrepudiation and authenticity.
A loss of integrity is the unauthorized modification or destruction of
information.
3- Availability: Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or
an information system
Although the use of the CIA triad to define security objectives is well
established, some in the security field feel that additional concepts are needed to
present a complete picture (Figure 1.1). Two of the most commonly mentioned
are
4- Authenticity: The property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a
message, or message originator. This means verifying that users are who
they say they are and that each input arriving at the system came from a
trusted source.
5- Accountability: The security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity. This supports
nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action. Because truly
secure systems are not yet an achievable goal, we must be able to trace a
security breach to a responsible party. Systems must keep records of
their activities to permit later forensic analysis to trace security breaches
or to aid in transaction disputes.
4

Levels of Security Impact on Organizations
We use three levels of impact on organizations orindividuals when there be a
breach of security (i.e., a loss of confidentiality, integrity,or availability).
■ Low:
The loss could be expected to have a limited adverse effect on
organizationaloperations, organizational assets, or individuals. A limited adverse
effectmeans that, for example, the loss of confidentiality, integrity, or availability
might
(i) cause a degradation in organization capability but theorganization is able to
perform its primary functions, but the effectiveness of thefunctions is noticeably
reduced;
(ii) result in minor damage to organizationalassets;
(iii) result in minor financial loss; or
(iv) result in minor harm to individuals.

5

■ Moderate:
The loss could be expected to have a serious effect on organizationaloperations,
organizational assets, or individuals. A serious adverseeffect means that, for
example, the loss might
(i) cause a significant degradationin organization capability but the organization
isable to perform its primary functions, but the effectiveness of the functions
issignificantly reduced;
(ii) result in significant damage to organizational assets;
(iii) result in significant financial loss; or
(iv) result in significantharm to individualsthat does not involve loss of life or
serious, life-threatening injuries.
■ High:
The loss could be expected to have a severe or catastrophic adverse effecton
organizational operations, organizational assets, or individuals. A severe
orcatastrophic adverse effect means that, for example, the loss might
(i) causea severe degradation in organization capability but the organization is not
able to perform one or more of its primaryfunctions;
(ii) result in major damage to organizational assets;
(iii) result inmajor financial loss; or
(iv) result in severe or catastrophic harm to individualsinvolving loss of life or
serious, life-threatening injuries.

The Challenges of Computer Security
Computer and network security is both interesting and complex. Some of the
reasonsinclude:
1. Security is not as simple as it might first appear to the novice.
The
requirementsseem
to
be
straightforward;
one-word
labels:
Confidentiality,authentication, nonrepudiation, availability, and integrity. But the
mechanisms used tomeet those requirements can be quite complex, and
understanding them mayinvolve rather subtle reasoning.
6

2. In developing a particular security mechanism or algorithm, one must
alwaysconsider potential attacks on those security features.
In many cases, successfulattacks are designed by looking at the problem in a
completely different way,therefore exploiting an unexpected weakness in the
mechanism.
3. Because of point 2, the procedures used to provide particular services
areoften counterintuitive.
Typically, a security mechanism is complex, and it is notobvious from the
statement of a particular requirement. It is only clear when the various aspects of
the threat are considered.
4. Having designed various security mechanisms, it is necessary to decide
whereto use them.
This is true both in terms of physical placement (e.g., at what pointsin a network
the certain security mechanism is needed) and in a logical sense[e.g., at what layer
or layers of an architecture such as TCP/IP (TransmissionControl Protocol/Internet
Protocol) should mechanisms be placed].
5. Security mechanisms typically involve more than a particular algorithm or
protocol.
They also require that participants be in possession of some secret
information(e.g., an encryption key), which raises questions about the
creation,distribution, and protection of that secret information.
6. Computer and network security is essentially a battle between a
perpetratorwho tries to find holes and the designer or administrator who tries
toclose them.
The great advantage that the attacker has is that he or she needonly find a single
weakness, while the designer must find and eliminate allweaknesses to achieve
perfect security.
7

7. There is a natural tendency on the part of users and system managers to
perceivelittle benefit from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult
intoday’sshort-term, overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system
afterthe design is complete rather than being an integral part of the design
process.
10. Many users (and even security administrators) view strong security as an
impediment(obstacle) to efficient and user-friendly operation of an
information system.

8