EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law,...

Spring 2001© 2000, 2001, Richard A. Stanley

WPI EE579T/11 #1

EE579TNetwork Security

11: Law, Ethics, Intrusions

Prof. Richard A. Stanley


WPI EE579T/11 #2

Thought for the Day

“Any sufficiently developed technologyis indistinguishable from magic.”

?


WPI EE579T/11 #3

Overview of Tonight’s Class

• Review last week’s lesson

• Look at network security in the news

• Legal and ethical issues


WPI EE579T/11 #4

Last Week in Review

• Running a network makes it necessary to be familiar with the law

• There is both civil and criminal law• Knowing what is illegal is key to tracking and

deterring unauthorized users• Protecting intellectual property is an important

responsibility of network managers• Building a relationship with law enforcement

before an problem is usually wise


WPI EE579T/11 #5

Network Security Last Week- 1

• Social engineering gets hackers and their viruses inside a network with more success than a complicated, technical method

• More security flaws are found in wireless LAN protocol 802.11 by UMd researchers

• One in three UK companies have been hacked

• eBay finds holes in privacy policy


WPI EE579T/11 #6

Network Security Last Week- 2

• Online security key to health care venture

• Too much security holds back e-commerce– So say 40% of blue chip companies surveyed

• ADDR.com customer database stolen

• Cloaked code sneaks by corporate security

• Security industry slams virus reward

• Microsoft updates Windows to combat VeriSign glitch


WPI EE579T/11 #7

Network Security Last Week- 3• War driving -- the latest hacker fad

• KPMG survey – 90 percent of CEOs and CIOs believe most

security breaches will come via the Internet or other external means

– KPMG confirms most breaches are internal, by disgruntled employees and others with immediate knowledge of a company's system


WPI EE579T/11 #8

Tonight:

The Odds and Ends That Tie it All Together


WPI EE579T/11 #9

More About Copyrights

• Fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means :– criticism– comment– news reporting– teaching (including multiple copies for

classroom use)


WPI EE579T/11 #10

Remember...

• A copyright protects the tangible expression of an idea, not the idea itself– Copyright infringement is a crime

• A patent protects an idea (sort of -- more later), not merely its expression– Patent infringement must be contested– Patent infringement is a civil matter, not a

crime


WPI EE579T/11 #11

What Can Be Patented?

“Whoever invents or discovers any new and useful process,

machine, manufacture, or composition of matter, or any new

and useful improvement thereof, may obtain a patent therefor,

subject to the conditions and requirements of this title.”

35 USC § 101


WPI EE579T/11 #12

More to Think About

• Censorship

• Privacy

• Liability– Actions of others

• Responsibility to report crimes

• Public approbation vs. legal action

• Whose laws apply?


WPI EE579T/11 #13

Negligence

• Simple

• Gross

• Contributory

• “The prudent man”

• Due diligence


WPI EE579T/11 #14

More Legal Considerations

• What if…– One of your employees is using your network

to do something illegal?– Someone outside the organization is using your

network resources for illicit purposes?– Your system is broken into and important

information goes missing or becomes public?

Are You Liable?


WPI EE579T/11 #15

What Is Your Responsibility?• For intellectual property?

• For personal data?

• For financial data?

• For proper operation of the network?

• How and where are these things defined?


WPI EE579T/11 #16

The Other “P” Word• Privacy

– What is it?– How to protect it?– What do customers and employees expect?– What do they have a right to expect?– Where is the Constitutional right to privacy

found?


WPI EE579T/11 #17

Ethics

Not a Simple Subject


WPI EE579T/11 #18

Ethics Concerns• Information Management

– Data acquisition– Access– Stewardship

• Information Security– Ownership of intellectual property– Crime– Liability and reliability


WPI EE579T/11 #19

Ethical Issues

• Ethics and the law are not the same

• Ethic is an objectively defined standard of right or wrong

• Ethical standards tend to be idealistic

• Set of ethical principles is an ethical system


WPI EE579T/11 #20

Law Versus Ethics

• Formal, written• Interpreted by courts• Established by

legislature• Applies to everyone• Conflict, “right”

resolved by courts• Enforceable

• Unwritten principles• Interpreted by indiv.• Presented by religions,

philosophers, etc.• Personal choice• No external arbiter of

“right” or conflict• Limited enforcement

LAW ETHICS


WPI EE579T/11 #21

Ethics Overview

• Complex• Ethics and religion• Ethics not universal• Ethics does not provide unique, immutable

answers– Ethical pluralism– Very unlike scientific view of “truth”– Rarely a higher authority


WPI EE579T/11 #22

Ethical Reasoning

• How to approach an ethical issue?– Understand the situation– Know several theories of ethical reasoning– List the ethical principles involved– Determine which principles outweigh the others

• First and third are key

• Easy to go off at half cock


WPI EE579T/11 #23

Ethical Principles--Examples

• Teleology– Focus on consequences

– Egoism: benefits to person taking the action

– Utilitarianism: benefits to entire world

• Deontology– Focus on sense of duty

– Some things are just intrinsically good

– Rule-deontology

– Act-deontology situation ethics


WPI EE579T/11 #24

Some Values Issues

• Ownership of resources

• Effect on others

• Universalism principle

• Possibility of detection, punishment

• Other issues?

• Which are more important than others?


WPI EE579T/11 #25

Some Principles Involved

• Job responsibility

• Use

• Possible misuse

• Confidentiality

• Tacit permission

• Propriety

• Law


WPI EE579T/11 #26

General Moral Imperatives(ACM Code of Ethics and Professional Conduct)

• Contribute to society and human well-being• Avoid harm to others• Be honest and trustworthy• Be fair and take action not to discriminate• Honor property rights including copyrights and

patents• Give proper credit for intellectual property• Respect the privacy of others• Honor confidentiality


WPI EE579T/11 #27

The “P” Word

• Can or should you have an ethics policy?

• Why or why not?

• Are you aware of organizations that do have ethics policies?


WPI EE579T/11 #28

Ethics Case 1Donald works for the county health department as a

computer records clerk, where he has access to files of patient records. For a scientific study, a researcher -- Ethel -- has been granted access to the medical portion, but the corresponding names, of some records.

Ethel finds some information that she would like to use, but she needs the names and addresses in order to contact these people for more information and for permission to do further study.

Should Donald give Ethel the names and addresses?


WPI EE579T/11 #29

Ethics Case 2

The school computer center


WPI EE579T/11 #30

Intrusion Detection

What Is It? How Does It Work?


WPI EE579T/11 #31

What is Intrusion Detection?

• Process

• Identify and respond to malicious activity

• Targeted at – Computing resources– Networking resources

Edward Amoroso


WPI EE579T/11 #32

Process

• Technology

• People

• Tools

• Much interaction among these

• Not amenable to “black-box” solutions


WPI EE579T/11 #33

Identify

• Before

• During

• After


WPI EE579T/11 #34

Respond

• Must first identify

• Nature

• Automatic– Liability--civil and criminal– Casus belli if government?


WPI EE579T/11 #35

Malicious Activity

• Actions by those who intend harm– Includes so-called “innocent” intrusions– Malicious may be in the eye of the beholder

• What about low-probability vulnerabilities?– Don’t worry about them– Worry, but give very low probability– What if the intruder can establish the

conditions that enable these vulnerabilities?


WPI EE579T/11 #36

IDS Methods

• Audit trail processing

• Normal behavior profiling

• Abnormal behavior signatures

• Parameter pattern matching

• Neural network and other approaches to inferring abnormal behavior


WPI EE579T/11 #37

IDS Organization

• Sensor

• System management

• Processing engine and algorithms

• Knowledge base(s)

• Auditing

• Alarms

• User interface


WPI EE579T/11 #38

What is an Intrusion?• Becomes a philosophical question• Intrusions = attacks ?• Stanley’s working definition:

– An intrusion is any entry or attempted into a protected network that is unplanned, unauthorized, or which exceeds the authorization granted to the perpetrator of the entry, even if the entry is without conscious malicious intent.


WPI EE579T/11 #39

How Can Perpetrators Hide?

• We have spent the entire semester dealing with aspects of this question

• In-band techniques

• Out-of-band techniques

• Anonymity muddies authentication


WPI EE579T/11 #40

IDS Information Correlation

• Single vs. multiple session

• Real time vs. after the fact

• In-band vs. all-band

• The basic problem of intelligence analysis obtains:– Is this a new tank that is being reported by the

soldier in his foxhole, or is he seeing the same tank that I already know about?


WPI EE579T/11 #41

Intruder Trapping• Not a major topic of IDS research• Problematic

– Can trap suspicious users in a dedicated system– What if you are wrong?

• Liability?

• Bad press?

– Worse problem: often, the signature of your best customers and the signature of intruders are frighteningly similar


WPI EE579T/11 #42

Incident response

• Critical assets involved?• Has this happened before?• Is it still happening?• Damage, compromise, or DoS?• Laws broken?• Policies violated?• Should we break the connection?• Any traps available?• Should we involve law enforcement?


WPI EE579T/11 #43

Some IDS Thoughts

• This is still an immature area

• Technology cannot solve all problems

• People have problems, too– e.g. humans found only about 1.4% of entries in

audit logs that represented intrusions– People’s loyalties are mobile

• Beware automated responses


WPI EE579T/11 #44

Some IDS’s Out There

• Black Ice Defender (www.networkice.com)

• CyberCop (www.cybercop.co.uk)

• Emerald (www.sdl.sri.com/projects/emerald/index.html)

• NetRanger (www.cisco.com/univercd/cc/td/doc/product/iaabu/netrangr/)

• RealSecure (www.hallogram.com/realsecure/)


WPI EE579T/11 #45

Summary

• Legalities involve much more than what is illegal

• Often, your largest concern is for liability and how to limit it.

• Intrusion detection is a process, not a product, and it is still immature

• We have only scratched the network security surface, as weekly reviews show


WPI EE579T/11 #46

Th…th…that’s all, folks!

Any questions on the overall course?


WPI EE579T/11 #47

Exam Overview

• Roughly 1 1/2 hours long• Please be on time; it is your time you waste• Essay-type exam, involving application of what you

have learned (homework is a good example)• Open book and notes• Please bring pen and/or pencil, and paper on which to

write. A paperclip is also helpful.

• Any other questions?

EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law,...

Documents

Transcript of EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law,...