DSC 101: Security

44
DSC 101: Security

description

DSC 101: Security. Topics. Components of Security States of Information Threats Attacks Malware Vulnerabilities. What is Security?. Security is the prevention of certain types of intentional actions from occurring in a system. The actors who might attack a system are threats . - PowerPoint PPT Presentation

Transcript of DSC 101: Security

Page 1: DSC 101: Security

DSC 101: Security

Page 2: DSC 101: Security

Topics

1. Components of Security2. States of Information3. Threats4. Attacks5. Malware6. Vulnerabilities

Page 3: DSC 101: Security

What is Security?

Security is the prevention of certain types of intentional actions from occurring in a system.– The actors who might attack a system are threats.

– Threats carry out attacks to compromise a system.

– Objects of attacks are assets.

Page 4: DSC 101: Security

Components of Security

Integrity

Confidentiality Availability

Page 5: DSC 101: Security

Confidentiality

Confidentiality is the avoidance of the unauthorized disclosure of information.

Examples where confidentiality is critical:– Personal information– Trade secrets– Military plans

Page 6: DSC 101: Security

Security Controls for Confidentiality

Access Control: rules and policies that limit access to certain people and/or systems.

– File permissions (which users can access)– Firewall settings (which IP addresses can access)

Encryption: transforming information so that it can only be read using a secret key.

– AES– SSL

Page 7: DSC 101: Security

Integrity

Integrity is the property that information has not be altered in an unauthorized way.

Examples where integrity is critical:– Operating system files– Software updates and downloads– Bank account records

Page 8: DSC 101: Security

Security Controls for Integrity

• Backups: periodic archiving of data. • Checksums: the computation of a function

that maps the contents of a file to a numerical value.

• Data correcting codes: methods for storing data in such a way that small changes can be easily detected and automatically corrected.

Page 9: DSC 101: Security

Availability

Availability is the property that information is accessible and modifiable in a timely fashion by those authorized to do so.

Examples where availability is critical:– E-commerce site– Authentication server for your network– Current stock quotes

Page 10: DSC 101: Security

Security Controls for Availability

Physical protections: infrastructure meant to keep information available even in the event of physical challenges.

– Backup generators– Disaster recovery site

Computational redundancies: computers and storage devices that serve as fallbacks in the case of failures.

– Backup tapes– RAID

Page 11: DSC 101: Security

States of Information

1. Storage: information in memory or disk that is not currently being accessed.

2. Processing: information currently being used by processor.

3. Transmission: information in transit between one node and another on a network.

Is your information protected in all three states?

Page 12: DSC 101: Security

Threats, Attacks, and VulnerabilitiesThreats are people who are able to take advantage of security vulnerabilities to attack systems.

– Criminals, hacktivists, spies, disgruntled employees.

Attacks are tools, programs, and methods used by threats to obtain assets from systems in violation of the security policy.

– Stuxnet, Dark Comet, AirCrack, John the Ripper

Vulnerabilities are weaknesses in a system that allow a threat to obtain access to information assets in violation of a system’s security policy.

(2719662)Vulnerabilities in Gadgets Could Allow Remote Code Execution

Page 13: DSC 101: Security

How are Digital Threats Different?

Automation– Salami Attack from Office Space.

Action at a Distance– Volodya Levin, from St. Petersburg, Russia, stole

over $10million from US Citibank. Arrested in London.

Technique Propagation– Criminals share attacks rapidly and globally.

Page 14: DSC 101: Security

Who are the threats?

IBM X-Force 2012 Trend and Risk Report

Page 15: DSC 101: Security

Threat Model

A threat model describes which threats exist to a system, their capabilities, history, intentions, and likely targets.

– Are you worried about broad or targeted threats?

– Are your threats able to develop their own tools or just use off the shelf tools?

– Do you keep enough data about historical incidents to know what your threats are?

Page 16: DSC 101: Security

Threat Model Examples

Example 1: Disgruntled Insider– Targeted attack on organization– Knows systems and information assets already– Attacks more likely to focus on DoS than theft

Example 2: Outsider, broad attack– Broad attack, looking for any vulnerable system.– Looking for one particular type of asset, which

your organization may or may not have.

Page 17: DSC 101: Security

Attacks and ExploitsAn attack is an action taken by a threat to gain unauthorized access or to create unauthorized modification of assets.

– Spam– Phishing– Malware– Denial of Service

An exploit is a piece of software or a scripted set of actions that carry out an attack. Threats often turn attacks into exploits to automate compromising of systems.

Page 18: DSC 101: Security

Spam

Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.

– Mostly e-mail, but also– Blog and webforum comment spam,– Wiki spam,– IM spam, etc.

Page 19: DSC 101: Security

Over 90% of e-mail is spam!

Page 20: DSC 101: Security

Phishing E-mail

Page 21: DSC 101: Security

Phishing Site

Page 22: DSC 101: Security

Denial of Service

Page 23: DSC 101: Security

MalwareMalware, short for malicious software, is software designed to gain access to confidential information, disrupt computer operations, and/or gain access to private computer systems. Malware can be classified by how it infects systems:

– Trojan Horses – Viruses – Worms

Or by what assets it targets:– Ransomware– Spyware and adware– Backdoors– Rootkits– Botnets

Page 24: DSC 101: Security

How much malware is out there?

Page 25: DSC 101: Security

Trojan Horses

Page 26: DSC 101: Security

Trojan Horse Examples

Page 27: DSC 101: Security

Viruses

A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other files. This process is called infecting.

Page 28: DSC 101: Security

WormsA worm is a type of malware that spreads itself to other computers.

Page 29: DSC 101: Security

Ransomware

Page 30: DSC 101: Security

Spyware and Adware

Page 31: DSC 101: Security

Backdoors

Page 32: DSC 101: Security

Backdoor Example: Dark Comet

Page 33: DSC 101: Security

Rootkits• Execution Redirection• File Hiding• Process Hiding• Network Hiding• Backdoor

User Program

Rootkit

Operating System

Page 34: DSC 101: Security

Botnets

Page 35: DSC 101: Security

Vulnerabilities

Vulnerabilities can be found in any software:– PC: Office, Adobe Reader, web browsers– Server: Databases, DNS, mail server software,

web servers, web applications, etc.– Mobile: Mobile phone OS, mobile applications– Embedded: printers, routers, switches, VoIP

phones, cars, medical devices, TVs, etc.– Third party software: Web browser plugins, Ad

affiliate network JavaScript include files, Mobile ad libraries

Page 36: DSC 101: Security

Document Format Vulnerabilities

IBM X-Force 2012 Trend and Risk Report

Page 37: DSC 101: Security

Web Browser Vulnerabilities

IBM X-Force 2012 Trend and Risk Report

Page 38: DSC 101: Security

Embedded Vulnerabilities

Page 39: DSC 101: Security

Patches

A patch is a piece of data or software designed to fix a security vulnerability or bug.

– Administrator may have to apply manually.– Some vendors specify certain days to patch,

such as “Patch Tuesday,” the 2nd Tuesday of the month when MS releases updates.

– Increasingly software auto updates itself with current patches.

Page 40: DSC 101: Security

Vulnerability Timeline

Page 41: DSC 101: Security

Vulnerability Markets

Page 42: DSC 101: Security

Vulnerability Databases

Page 43: DSC 101: Security

Key Points

1. Components: confidentiality, integrity, availability2. States of Info: storage, communication, processing3. Definitions: threat, attack, and vulnerability4. Attacks: spam, phishing, DoS, and malware5. Vulnerabilities affect all software

– Not just PC or mobile software– Lifecycle: 0day, exploit, then patch and signatures

Page 44: DSC 101: Security

References1. Nate Anderson, Meet the men who spy on women through their webcams: The Remote

Administration Tool is the revolver of the Internet's Wild West. Ars Technica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/, 2013.

2. Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. 3. IBM, X-Force 2012 Risk and Trends Report, 2013.4. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-

Hill, 2005. 5. Norton, Fake Antivirus,

http://www.nortonantiviruscenter.com/security-resource-center/fake-antivirus.html6. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006.7. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your

Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.