Chapter 1 Background and Introduction 1
Saying The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu 2
What is Security? • Preventing adverse consequences from intentional and unwarranted actions of others (Schneier, 2003) • We want people to act a certain way. – Don’t steal – Don’t kill – Don’t break into our computers! 3
Definitions • Assets: objects of attack • Policy: Set of rules to enforce security (OR statement of what is and what is not allowed ) • Mechanism: The method to implement the policy. 4
Security vs. Safety • Safety: protecting assets from unintentional actions. • Security: protecting assets from intentional acts. 5
Background • Information Security requirements have changed in recent times • Traditionally provided by physical and administrative mechanisms • Computer use requires automated tools to protect files and other stored information • use of networks and communications links requires measures to protect data during transmission 6
Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks 7
Five step process to analyze and evaluate security systems • What assets are you trying to protect? • What are the risks to those assets? • How well does the security solution mitigate those risks? • What other risks does the security solution cause? • What costs and trade-offs does the security solution impose? 8
Basic Components of Security • Abbreviated as CIA – Confidentiality: Protecting data and source of data from unauthorized disclosure (hidden). Only those who should have access to something will actually get that access. Called sometimes Secrecy or Privacy – Integrity: Protecting data from modification by unauthorized users; Also from unauthorized modification from authorized users. – Availability: Enabling access to data and resources. Sometime known by its opposite, denial of service (DOS) 9
Security of Data. 10
Relationship Between Confidentiality, Integrity, and Availability. 11
System State • System State: Values of all variables and memory locations, etc. . At any given time. • Mechanisms → States (R) • Ρ: All possible states • Q: Set of secure states • Then, a security mechanism is secure if R Q. It is precise if R = Q. It is broad if there exists r R such that r P, but r Q 12
Types of Mechanisms secure set of reachable states precise broad set of secure states 13
Vulnerabilities, Threats, and Attacks • A computer-based system has three assets: – Hardware – Software – Data • A vulnerability: is a weakness in the security system (not verifying a user’s identity before allowing data access) • A threat to computing system: is a set of circumstances that has the potential to cause loss or harm (HW design flaw, human errors, SW failures). 14
Continue. . • A human who exploits a vulnerability perpetrates an attack on the system. An attack can be launched by another system. • How do address these problems? – We use Control as a protective measure. – That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability. That is A threat is blocked by control of a vulnerability 15
Threats Classifications • Interception: means that some unauthorized party has gained access to an asset. • Interruption: means that an asset of the system becomes lost, unavailable, or unusable. (Malicious destruction of a hardware device, erasure of a file or a program) • Modification: happens when an unauthorized party not only accesses but tampers with an asset. • Fabrication: happens when an unauthorized party create a fabrication of an object on a computer system. (Adding records to an existing database) 16
System Security Threats 17
Principle of Easiest Penetration An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. And it certainly dos not have to be the way we want the attacker to behave. 18
Method, Opportunity, and Motive • A malicious attacker must have three things: – Method: the skills, knowledge, tools, and other things with which to be able to pull off the attack – Opportunity: the time and access to accomplish the attack – Motive: a reason to want to perform this attack against this system 19
Vulnerabilities • Hardware Vulnerabilities • Software Vulnerabilities • Data Vulnerabilities 20
Hardware Vulnerability • HW is more visible than SW because it is composed of physical objects. • It is easy to attack by: Adding devices Changing devices Removing devices Intercepting the traffic to them Flooding them with traffic until they can no longer function (DOS). – Other physical methods include, burned, drenched with water, etc. – – – 21
Software Vulnerabilities • Software can be: – Replaced – Changed – Destroyed Maliciously – Modified – Deleted – Etc • Whether Intentional or not, these attacks exploit the SW’s vulnerabilities 22
Continue • Obvious VS Subtle attacks (not running VS altered and still runs normally) • Real Example: A bank worker realizes that software truncates the fractional interest on each account. In other words, if the monthly interest on an account is calculated to be $14. 5467, the software credits only $14, 54 and ignores the $. 0067. The worker amended the software so that the throw-away interest ($. 0067) was placed into his account. Since the accounting practices ensured only that all accounts balanced, he built up a large amount of money from the thousands of account throw-aways without detection. (Salami Attack) 23
Software Deletion • SW is easy to delete. • Because of software’s high value, access to SW is usually carefully controlled though a process called Configuration Management so that SW cannot be deleted, destroyed, or replaced accidentally. – Configuration Management uses several techniques to ensure that each version or release retains its integrity. – When Configuration Management is used, an old version or release can be replaced with a newer version only when it has been thoroughly tested to verify that the improvements work correctly without degrading the functionality and performance of other functions and services. 24
Software Modification • SW is vulnerable to modifications that either cause it to fail or cause it to perform an unintended task (changing a bit or two can convert a working program into a failing one) • With some experience, a program works well most of the time but fails in specialized circumstances. – For instance, the program may be maliciously modified to fail when certain conditions are met or when a certain date or time is reached. Because of this delayed effect, such a program is known a logic bomb. • For example, a disgruntled employee may modify a crucial program so that it accesses the system date and halts abruptly after July 1. The employee might quit on May 1 and plan to at a new job miles away by July. 25
Continue • Another type of change can extend the functioning of a program so that an innocous program has a hidden side effect. • Other categories of SW modifications include: – Trojan horse: a program that overtly does one thing while covertly doing another. – Virus: a specific type of Trojan horse that can be used to spread its “infection” from one computer to another – Trapdoor: a program that has a secret entry point – Information leaks in a program: code that makes information accessible to unauthorized people or programs. 26
Software Theft • Unauthorized copying of software 27
Data Vulnerabilities • Printed data can be readily interpreted by the public. Because of its visible nature, a data attack is more widespread and serious problem than either a HW or SW attack. – Data items have greater public value than HW and SW because more people know how to use or interpret data. – Sanitized data VS non-sanitized data 28
Principle of Adequate Protection Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value – Says that things with a short life can be protected by security measures that are effective only for that short time. 29
Methods of Defense OR (Goals of Security) • The possibility for harm to occur is called risk (harm by a threat). • Deal with harm: – Prevent it: by blocking the attack or closing the vulnerability. • Prevent attackers from violating security policy – Deter it: by making the attack harder but not impossible. – Deflect it: by making another target more attractive (honey nets) – Detect it: either as it happens or some time after the fact – Recover: from it effects • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds 30
Principle of Effectiveness Controls must be used – and used properly- to be effective. They must be efficient, easy to use, and appropriate. • Controls should be selective so that they do not exclude legitimate accesses 31
Principle of Weakest Link Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to a security failure. 32
Assurance • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design 33
Operational Issues • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people do them? 34
Tying Together Threats Policy Specification Design Implementation Operation 35
Key Points • Policy defines security, and mechanisms enforce security – Confidentiality – Integrity – Availability • Importance of assurance • The human factor 36
Скачать презентацию Chapter 1 Background and Introduction 1 Saying
371890b9b7ae0108da9e7321e28fdcb8.ppt