An Overview of Computer and Network Security

Security: Definition

• Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable

• Security rests on confidentiality, authenticity, integrity, and availability

Basic Components

• Confidentiality is the concealment of information or resources

• Authenticity is the identification and assurance of the origin of information

• Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes

• Availability refers to the ability to use the information or resource desired

4

Confidentiality

• The concept of Confidentiality in information security pertains to the protection of information and prevention of unauthorized access or disclosure.

• The ability to keep data confidential, or secret, is critical to staying competitive in today’s business environments

• Loss of confidentiality jeopardizes system and corporate integrity.

5

Threats to confidentiality

– Hackers• A hacker is an individual who is skilled at bypassing controls and accessing

data or information that he or she has not been given authorization to do so. – Masqueraders

• Authorized users on the system that have obtained another persons credentials.

– Unauthorized Users• Users that gain access to the system even if “company rules” forbid it.

– Unprotected Downloads• Downloads of files from secure environments to non-secure environments or

media. – Malware

• Virus and worms and other malicious software – Software hooks (Trapdoors)

• During the development phase software developers create “hooks” that allow them to bypass authentication processes and access the internal workings of the program. When the product development phase is over developers do not always remember the hooks and may leave them in place to be exploited by hackers.

6

Integrity

• Integrity deals with prevention of unauthorized modification of intentional or accidental modification.

• This concept further breaks down into authenticity, accountability, and non-repudiation. – Authenticity means that the information is from whomever we

expect it to be and whatever we expect it to be. – Accountability means that the information has an owner or

custodian who will stand by its contents. – Non-repudiation is a property achieved through cryptographic

methods which prevents an individual or entity from denying having performed a particular action related to data

7

Availability• Availability assures that the resources that need to be accessed are

accessible to authorized parties in the ways they are needed. Availability is a natural result of the other two concepts.

• If the confidentiality and integrity of the systems are assured their availability for the purpose they are intended for is a direct consequence.

• Threats to Availability– Availability can be affected by a number of events which break down

into human and non human influenced factors. These further break down to unintentional and intentional acts.

– Examples of unintentional (non-directed) acts can be overwriting, in part or whole, of data, compromising of systems, or network infrastructure by organizational staff.

– Intentional acts can be conventional warfare (bombs and air-strikes), information warfare denial of service (DoS) and distributed denial of service (DDoS).

– Non-human factors include loss of availability due to fires, floods, earthquakes and storms.

8

Authentication• Authentication is the process by which the information system assures that

you are who you say you are; how you prove your identity is authentic.• Methods of performing authentication are:

– user ID and passwords. The system compares the given password with a stored password. If the two passwords match then the user is authentic.

– Swipe card, which has a magnetic strip embedded, which would already contain your details, so that no physical data entry takes place or just a PIN is entered.

– digital certificate, an encrypted piece of data which contains information about its owner, creator, generation and expiration dates, and other data to uniquely identify a user.

– key fob, small electronic devices which generate a new random password synchronized to the main computer

– Biometrics - retinal scanners and fingerprint readers. Parts of the body are considered unique enough to allow authentication to computer systems based one their properties.

• For a very secure environment, it is also possible to combine several of these options, such as by having fingerprint identification along with user ID and key fob.

9

Non-repudiation

• Data flows around the internet at the speed of light, or as close to it as the servers allow. There are hackers, spoofers, sniffers, and worse out there just waiting to steal, alter, and corrupt your information.

• Data consumers need to be able to trust that the data has not been altered, and that its source is authentic.

• Through the use of security related mechanisms, producers and consumers of data can be assured that the data remains trustworthy across untrusted networks such as the internet, and even internal intranets.

10

Assuring data validity• The identity of the data producer

can be assured if the data is signed by its source.

• Data is signed through its encryption using a shared secret such as a numerical crypto key or using a “public/private” key pair

• The consumer of the data can validate the signature of the data and thereby be assured that the data has remained unaltered in transmission.

• Since the data could be decrypted into something intelligible, the content is valid.

11

Authorization• Authorization is the granting or denial of resource access to a

user.

• It is dependent on the access rights to a resource existing on the system.

• Identification and authorization work together to implement the concepts of Confidentiality, Integrity, and Availability.– Confidentiality - A user’s identity is authenticated by the

system. That user is subsequently represented in the system by a token - either character or numerical data. By using this token, access to data and resources can be allowed or denied.

– Integrity - Authorization provides the mechanism to prevent the disruption of data by known users with out the appropriate authority.

– Availability - the ability to touch resources that you are permitted to touch, is backed by the ability to authorize users to resources.

12

Access

• Access is defined as: A means of approaching, entering, exiting, communicating with, or making use of

• In information security, access is requested by a resource manager on behalf of a user’s request to make use of a resource.

• Access is controlled – either granted or denied – partly through the use of Access Control Lists (ACLs).– ACLs contain the user’s identity and the highest allowed level of use.

• Levels of use or Access Levels can be one of:– None No access is granted to the specified resource– Execute Execute access allows users and groups to execute programs

from the library, but they cannot read or write to the library.– Read Read access is the lowest level of permission to a resource. This

allows users and groups to access the resource but not to alter its contents– Update Update access allows users and groups to change the contents of

resource. The user is not authorized to delete the resource.– Control Control access grants users and groups authority to VSAM

datasets that equivalent to the VSAM control password.– Alter Alter access allows users and groups full control over the

resource.

Security Threats and Attacks

• A threat is a potential violation of security– Flaws in design, implementation, and operation

• An attack is any action that violates security– Active vs. passive attacks

Impact of Attacks

• Theft of confidential information• Unauthorized use of

– Network bandwidth– Computing resource

• Spread of false information• Disruption of legitimate services

All attacks can be related and are dangerous!

Security Policy and Mechanism

• Policy: a statement of what is, and is not allowed• Mechanism: a procedure, tool, or method of enforcing a

policy

• Security mechanisms implement functions that help prevent, detect, and respond to recovery from security attacks

• Security functions are typically made available to users as a set of security services through APIs or integrated interfaces

• Cryptography underlies many security mechanisms.

Assumptions and Trust

• A security policy consists of a set of axioms that the policy makers believe can be enforced

• Two assumptions– The policy correctly and unambiguously partitions the

set of system states into secure and nonsecure states• The policy is correct

– The security mechanisms prevent the system from entering a nonsecure state

• The mechanisms are effective

The Security Life Cycle

• Threats• Policy• Specification• Design• Implementation• Operation and maintenance

Apr 21, 2023

Security - The Big Picture

Local Users

Anti-Virus SW

Anti-Virus SW

Anti-Virus SW

Intranet

Internet

Teammate /Telecommuter viaCommercial ISP

VPN

Network Manager Network Management System Vulnerability Scan Intrusion Detection Risk AssessmentMail Server

E-Mail Scan Anti-Virus

Firewall/URL Filtering

Firewall

Web Server Extranet SSL Encryption PKI Authentication (Non-repudiation

of transactions)

Remote Users

PSTN

Remote Connection Server Authentication VPN?

E-Commerce Customer PKI

Network security requires an enterprise-wide perspective and “defense-in-depth” with layers of protection that work together.Network security requires an enterprise-wide perspective and

“defense-in-depth” with layers of protection that work together.

Apr 21, 2023

The Band-Aid Security Strategy

Dial-upmodems

Routers

IDS

Centralized MonitoringTNOCs & RCERTs

DNS/Web

ServersFirewalls

BACKDOORCONNECTIONS

INTERNET

TRADINGPARTNERS

CORPORATENETWORK

LAN

Security Router

Local Node

ID & Authentication

Servers

Common Security Terminology

• Password Cracking• Biometrics• Public Key Cryptography• SSL• Man-in-the-Middle Attack• Zombies• Denial of Service Attack• Key Logging Software• Firewalls• Security Exploit

Terminology

• Password Cracking– Password Cracker

• An application that tries to obtain a password by repeatedly generating and comparing encrypted passwords or by authenticating multiple times to an authentication source.

• Repeatedly trying to access your accounts

– Common methods of Password cracking

• Brute Force

• Dictionary

Terminology

• Password Cracking (cont’d)– Passwords are usually stored in an encrypted form

with a one way encryption algorithm• If this data is compromised, password cracking can

be moved to a standalone system for easier control and speed of cracking.

Terminology

• Biometrics– Science and technology of measuring and statistically

analyzing biological data

– When used in Information Technology it usually refers to the use of human traits for authentication

– This method can include fingerprints, eye retinas and irises, voice patterns, and a host of other consistent biological data

Terminology

• Public Key Cryptography– Two Keys, “certificates”, are available for each

resource, one public and one private– As the names imply, the public key can be shared

freely while the private key is kept secret– Items encrypted using the public key are decrypted

using the private key and conversely anything encrypted with the private key can be decrypted with the public key

– This method of encryption is used to ensure secure communication is only between a valid, “known”, sender and recipient

Terminology

• SSL– “Secure Sockets Layer”– Uses Public Key Cryptography– Negotiates a method to encrypt communication

between a client and server– Allows other network protocols to connect “over top”

of it, such as web browsing and e-mail protocols– “Transport Layer Security” (TLS) is a variant of SSL

used to negotiate encryption within the network protocol being used

TerminologiesTrojan Horse: A piece of code that misuses its environment. The program

seems innocent enough, however when executed, unexpected behavior occurs.

Trap Doors: Inserting a method of breaching security in a system. For instance, some secret set of inputs to a program might provide special privileges.

Threat monitoring: Look for unusual activity. Once access is gained, how do you identify someone acting in an unusual fashion?

Audit Log: Record time, user, and type of access on all objects. Trace problems back to source.

Worms Use spawning mechanism; standalone programs.

Internet Worm: In the Internet worm, Robert Morse exploited UNIX networking features (remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program.

Viruses Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via e-mail or as active components in web pages.

Firewall A mechanism that allows only certain traffic between trusted and un-trusted systems. Often applied to a way to keep unwanted internet traffic away from a system.

Terminology

• Man-in-the-Middle Attack– A system between two hosts that either passively

watches traffic to gain information used to “replay” a session or actively interferes with the connection, potentially imitating the remote system

Terminology

• Zombies– Computer system infected by a virus or Trojan horse

that allows the system to be remotely controlled for future exploits

– These systems may be used to send large amounts of spam e-mail or take part in Distributed Denial of Service (DDoS) attacks

DDoS VulnerabilitiesMultiple Threats and Targets

• Use valid protocols

• Spoof source IP

• Massively distributed

• Variety of attacks

Entire Data Center:• Servers, security devices, routers• Ecommerce, web, DNS, email,…

Provider Infrastructure:• DNS, routers, and links

Access Line

Attack zombies:

Terminology

• Denial of Service Attack (DoS)– Sending large amounts of data and requests to a

remote system in order to inundate the remote computer or network

– A Distributed DoS is a coordinated effort by a number of systems to perform a DoS on a single host

Terminology

• Key Logging Software / Hardware– Software installed on a system to capture and log all

keystrokes– Hardware installed between the keyboard and

computer used to capture and log all keystrokes

• Security Exploit– A software bug, or feature, that allows access to a

computer system beyond what was originally intended by the operator or programmer

Terminology

• Firewall– Network hardware device or software used to filter

traffic to and from the connected resources

– Ranges from simple filters, blocking certain services and protocols, to more complex systems that plot network traffic patterns

– Local operating system firewalls are referred to as “personal firewall software”

E-mail Security

• Secure protocols in place– POPS

• Pop mail over an SSL connection– IMAPS

• IMAP over an SSL connection– SMTP+TLS

• Negotiation of a TLS/SSL connection after connecting

– All popular e-mail clients support the use of these protocols

Web Security

• SSL (Secure Sockets Layer)– Very important on insecure networks such as wireless

– How to verify SSL in a browser• https: -- the web address begins with https

meaning the connection is using HTTP over SSL• Look for a lock icon • Internet Explorer may display a Security Alert that

states “you are about to view pages over a secure connection”

Web Security

• SSL (cont’d)– Certificate Authorities

• A “CA” is an entity that issues certificates

• If you “trust” a CA you will trust the certificates issued by that CA

• Web browsers come with a standard collection of common certificate authorities including Verisign, Geotrust, Thawte, and a number of others

• Be wary of untrusted certificates as it has the potential of being a man-in-the-middle attack

Vulnerabilities + Threats = Trouble

Vulnerabilities:Software flaws• CGI scripts• Bad code• Firewall

misconfiguredHardware flaws• Unsecured PCs• Open modemsWeak policies• Poor passwords• E-mail misusePoor physical

security• Uncontrolled accessUntrained staff

Threats:“Hackers”• Script kiddies• Experimenters“Crackers”• Malicious attackers• ExtortionistsInsiders• Employees• ContractorsCompetitorsTerroristsNatural disasters

Outcome:Data/system

destructionSystem intrusion• Data theft• Data alteration• Unauthorized viewingDenial of service• External interruption• Internal interruptionImpersonation• Intellectual property

theft• FraudSystem faults• Errors/inaccuracies

37

Common security attacks and their countermeasures

• Finding a way into the network– Firewalls

• Exploiting software bugs, buffer overflows– Intrusion Detection Systems

• Denial of Service– Ingress filtering, IDS

• TCP hijacking– IPSec

• Packet sniffing– Encryption (SSH, SSL, HTTPS)

• Social problems– Education

Defense-in-Depth

Using a layered approach:• Increases an attacker’s risk of detection • Reduces an attacker’s chance of success

Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness

Guards, locks, tracking devicesPhysical securityPhysical security

Application hardeningApplication

OS hardening, authentication, update management, antivirus updates, auditing

Host

Network segments, IPSec, NIDSInternal network

Firewalls, boarder routers, VPNs with quarantine procedures

Perimeter

Strong passwords, ACLs, encryption, EFS, backup and restore strategy

Data

Security Framework by Services

Physical

Data Link

Network

Transport

Session

Presentation

Application

Wiring closets, cable plant, building access control, power, HVAC

Security Framework by Services

Physical

Data Link

Network

Transport

Session

Presentation

Application

NIDS, HIDS

Virus Scanning

Security Framework by Services

Physical

Data Link

Network

Transport

Session

Presentation

Application

Firewall, Routers, Access Control Lists (ACLs), IP schemes, E-Mail Attachment Scanning

Security Framework by Services

Physical

Data Link

Network

Transport

Session

Presentation

Application OS Hardening, Security Health Checking, Vulnerability Scanning, Pen-Testing,

Security Framework by Services

Physical

Data Link

Network

Transport

Session

Presentation

Application User Account Management on Systems, Role/Rule Bases Access Control, Application Security, Virus Updates, Virus Signatures