Lecture 1, 20-771: The Internet, Fall 2002 1 20-771: Computer Security Lecture 1: Introduction...
Transcript of Lecture 1, 20-771: The Internet, Fall 2002 1 20-771: Computer Security Lecture 1: Introduction...
Lecture 1, 20-771: The Internet, Fall 2002 1
20-771: Computer SecurityLecture 1: Introduction
Robert Thibadeau
School of Computer Science
Carnegie Mellon University
Institute for eCommerce, Fall 2002
Lecture 1, 20-771: The Internet, Fall 2002 2
Today’s lecture
• Class Details
• Basics of Computer Security
• Break (10 min)
• Overview
Lecture 1, 20-771: The Internet, Fall 2002 3
This Week
Chapters 1 & 2 : Stein as a Guide
Class Participation and AnswersMid-Term & Final
Linux and Windows 2000 Tasks
Java Programming : A Watcher (basis for Sniffer)
Read Steven Levy’s Crypto (try, over the long weekend)
Lecture 1, 20-771: The Internet, Fall 2002 4
Computer Security
• Security against Threat
• Threat: a use other than intended
• Source of Intention– Owner/Author
• Target of Intention– Machine, Software, Data, Facility
• Nature of Intention– Almost never clear
– 100% Uptime
– Only Owner/Author can Modify
– Owner/Author can say Who can Modify What
Lecture 1, 20-771: The Internet, Fall 2002 5
What do we secure?• Securing the Server
– Web Server
– Mail Server
– Disk Contents
• Securing the Client– Browser
– Disk Contents
• Securing the Network– Physical Wire
– All the Routers/Gateways
• Securing the Data Objects– Tamperproofing
– Authenticating
– Authorizing Access
• What else?
Lecture 1, 20-771: The Internet, Fall 2002 6
Other Things we Secure
• Privacy is just a special case of data about you that you author
• Opposite of Digital Rights Management
• Others? (Classroom Discussion Invited )
Lecture 1, 20-771: The Internet, Fall 2002 7
How do we manage the security?
• Management of many Programs
• Management of lots of Data
• Management of many Machines
• Management of many People
• Management of many Contracts
• Systems Mgmt, Policy, The Law
Lecture 1, 20-771: The Internet, Fall 2002 8
How do we evaluate Security?
• Security is Never Absolute!– Insiders possible : Social Engineering
– People who can make the box can break the box
» No exceptions! (even cryptography…a cryptographer knows the weak point and can take pictures of you with his girlfriend).
– Here’s your screwdriver!
• Security is always MORE or LESS– Weigh the Incentive to violate your security
» If the incentive is there, the bad guy is thinking
– If Incentive is very high, then Security must be very high
• THE BIGGEST SECURITY MISTAKE PEOPLE MAKE IS PRESUPPOSING SECURITY IS ABSOLUTE
– You forget to monitor your weak points.
Lecture 1, 20-771: The Internet, Fall 2002 9
Purpose of Course
• Become Intelligently Paranoid• Paranoid
– The bad guys are indeed there (especially at CMU!)– The bad guys are stealing from you invisibly– Rarely do the bad guys let you know (they are parasites
not troopers!)– A CMU we just want free interchange of knowledge all
around : don’t steal, give and take…it’s better!– In a Company you can’t have that but you need some.
• Intelligent– Know what they can do if they want to– Know what they can’t do even if they want to– Know what you can do about it– There is a system! (and here it is…)
Lecture 1, 20-771: The Internet, Fall 2002 10
Security Layers
Whole Facility / Internet Security
Path Security Proxy/Router Security
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications
Security Server
Applications
Security Assurance
Applications
Lecture 1, 20-771: The Internet, Fall 2002 11
Our Class
Whole Facility / Internet Security
Path Security Proxy/Router Security
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications
Security Server
Applications
Security Assurance
Applications
Web Server
Security
Web Client
Security
Web Security (WS) by Lincoln SteinOldie but goodie
Lecture 1, 20-771: The Internet, Fall 2002 12
Our Class
Whole Facility / Internet Security
Path Security Proxy/Router Security
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications
Security Server Applications
WINDOWS 2000
Security Assurance
Applications
Web Server
Security
Web Client
Security
Windows 2000 Server Security from MSDN
Lecture 1, 20-771: The Internet, Fall 2002 13
Whole Facility/Internet Security
• Enforcing Protocols– Killer Packets
– www.cert.org www.first.org
• Enforcing Policy– Where Technology Ends and the Law Begins
– Facility Policy
» Security Architecture
– Protocols Allowed and Disallowed
» Rights and Obligations
– Password Policy
• Providing Publicity : www.cert.org www.security.scs.cmu.edu
• Training and Education– Reporting
Lecture 1, 20-771: The Internet, Fall 2002 14
Our Class
Whole Facility / Internet Security – Protocols/Policy/Publicity
Path Security Proxy/Router Security
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications
Security Server Applications
WINDOWS 2000
Security Assurance
Applications
Web Server
Security
Web Client
Security
Lecture 1, 20-771: The Internet, Fall 2002 15
Path Security
• Electricity can be read– I can tap any copper line and you won’t know.
• Electromagnetics can be read– Radio – Frequency Hopping
– Microwave – Straight Line but can put tap in middle
– Terminal – Read screens through windows
» A modern screen is in fact a serial device
» Defeat : block view of light from screens
• Tapping optics (harder electromagnetics)– Laser – Straight Line but smaller – catch scatter
– Repeater (introduces detectable delay)
• Denial of Service (A shovel or Thunder Storm)
• Nearly every path device has a specification that completely delimits the security considerations
Lecture 1, 20-771: The Internet, Fall 2002 16
Proxy/Router Security
• Special Case of Server Security
• Physical Protection is critical
• Can be made very tough by putting all code in hardware.
– You can’t change the code at all.
– Need less physical protection.
– This is just a special case of gaining security by creating a special purpose server.
– Linux is great for this.
Lecture 1, 20-771: The Internet, Fall 2002 17
Our Class
Whole Facility / Internet Security – Protocols/Policy/Publicity
Path Security-
Physical security
Proxy/Router Security- Kind of Server
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications –
Put in Hardware!
(buy CISCO)
Security Server Applications
WINDOWS 2000
Security Assurance
Applications
Web Server
Security
Web Client
Security
Technology The Law
CryptographyHow To
Lecture 1, 20-771: The Internet, Fall 2002 19
Our Class
Whole Facility / Internet Security – Protocols/Policy/Publicity
Path Security-
Physical security
Proxy/Router Security- Kind of Server
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications –
Put in Hardware!
(buy CISCO)
Security Server Applications
WINDOWS 2000
Security Assurance
Applications
Web Server
Security
Web Client
Security
Technology The Law
CryptographyHow To
Lecture 1, 20-771: The Internet, Fall 2002 20
The How-Toof Computer Security
• Integrity – Is it what it represents itself to be?
• Privacy – Is it hidden from those without a right to see it?
• Authentication – Is it from who it pretends to be from?
• Authorization – Is it provided to who it is supposed to be provided to?
• Auditability – Do I have a record of how it was used?
• Availability – Is it there when I need it?
It : the service or the total data, program, machine, facility, network that is secure – whose intention is being protected.
Lecture 1, 20-771: The Internet, Fall 2002 21
IPAAA of Logging In
• Log In is security for the software on a machine.
• Integrity?
• Privacy?
• Authentication?
• Authorization?
• Audit?
• Availability?
• There can be multiple perspectives on IPAAA but there is usually a right answer.
Lecture 1, 20-771: The Internet, Fall 2002 22
IPAAA Solutions
• Integrity, Privacy, Authentication, Authorization, and Audibility are NOT SOLVED PROBLEMS in general!!!
– We don’t know how to fully represent intention
– We don’t know how to enforce these without loss of human productivity
» Loss by user
» Loss by administrator
• Today’s solutions are very imperfect but work OK (the horse gets us across town…maybe we just need powerful enough engines to fly).
• Cryptography has provided technical “solutions” to all the problems
Lecture 1, 20-771: The Internet, Fall 2002 23
Where Cryptography Succeeds and Fails
• Succeeds– If all the assumptions hold, it really works well. Try as you might, you
can’t beat the system.– It has several good alternative solutions to every problem.– This is all very good for ecommerce.
• Fails– It makes assumptions that are not necessarily valid and are hard to
prove » Password guessing just uses “crypt” to create the un-reversible
cypher – you never really have to “decrypt”» somebody says they are Microsoft and another group says they
are Microsoft Corporation… who do you believe is the real Microsoft?
– Usability is REALLY BAD!!!!!!» Buy lots of special hardware» People are constantly frustrated – Huge Untold Productivity
Losses “a constant state of huppliness”» This is all very bad for general ecommerce
– I forgot that password!
• Lots of “dot com” business opportunity
Lecture 1, 20-771: The Internet, Fall 2002 24
Web Security from a Perspective
• User Perspective– Is the site who it pretends to be?
– Is the document returned correct and free from malicious Viruses?
– Is my personal privacy protected?
• Webmaster Perspective– User can’t break into my site?
– User can only see what he is authorized to see?
– User can’t crash my server?
– User is who he claims to be?
• Both– The network isn’t being sniffed
– The data between the browser and server is not tampered
Lecture 1, 20-771: The Internet, Fall 2002 25
Windows 2000 Server SecurityMS Selections from the Catalog of Cryptography!
• User/File/Program Access Control
• Adoption of Kerberos v5 Authentication Standard
• Implementation of Public Key Infrastructure (PKI)
• File Encryption
• IPSec – Cryptography for IP
• Security Management Snap-Ins for System Management across Facility
Lecture 1, 20-771: The Internet, Fall 2002 26
Our Class
Whole Facility / Internet Security – Protocols/Policy/Publicity
Path Security-
Physical security
Proxy/Router Security- Kind of Server
Host Security
Server SecurityClient Security
Server ApplicationsClient Applications
Proxy/Router Applications –
Put in Hardware!
(buy CISCO)
Security Server Applications
WINDOWS 2000
Security Assurance
Applications
Web Server
Security
Web Client
Security
Technology The Law
CryptographyHow To
Integrity/Privacy/Authenticate/
Authorize/Record
Lecture 1, 20-771: The Internet, Fall 2002 27
Wednesday
• Read Chapters 1 & 2 of WS : Be prepared to answer questions orally
• Study IPAAAA from Slides. Be prepared to apply it.