CS363Week 15 - Friday

Last time

What did we talk about last time? Reviewed some of the material from

Exam 1 and Exam 2

Questions?

Secret Messages!

Big Ideas in Computer Security

Network Security

Packet switched vs. circuit switched

The Internet is a packet switched system This means that individual pieces of data

(called packets) are sent on the network Each packet knows where it is going A collection of packets going from point A to point B

might not all travel the same route Phone lines are circuit switched

This means that a specific circuit is set up for a specific communication

Operators used to do this by hand Now it is done automatically Only one path for data

Network strength

If a single cut can case a network to go down, that network is vulnerable to a single point of failure

Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city Resilience or fault tolerance

Terminology

A computer network is at least two computers connected together Often one is a server and the other is a

client A computer system in a network is

called a node The processor in a node is called a

host A connection between two hosts is a

link

Communication

Analog or digital A modem converts between the two Portmanteau of “modulator-demodulator”

Copper wire is the main workhorse Twisted pair is a pair of insulated copper wires▪ Limit of about 10 Mbps and about 300 feet without a boost

Coaxial cable has a single wire surrounded by an insulation jacket covered by a grounded braid of wire▪ Ethernet is an example▪ Repeaters or amplifiers are needed periodically to

prevent signal degradation

Transmission media

Copper wire Twisted pair is a pair of insulated copper wires Coaxial cable has a single wire surrounded by an insulation jacket covered by a

grounded braid of wire Repeaters or amplifiers are needed periodically to prevent signal degradation

Optical fiber Carries light instead of electricity Higher bandwidth and less signal degradation than copper Replacing aging copper lines

Wireless Good for short distance Uses radio signals

Microwave Strong signals Requires line of sight

Infrared Similar to microwave but weaker signals

Satellites Need geosynchronous orbits Secure applications need smaller footprints than broadcasts

Layers

Protocols and standards define each layer Not every layer is always used Sometimes user errors are referred to as Layer 8

problemsLayer Name Activity Example

7 Application

User-level data HTTP

6 Presentation

Data appearance, some encryption SSL

5 Session Sessions, sequencing, recovery IPC and part of TCP

4 Transport Flow control, end-to-end error detection

TCP

3 Network Routing, blocking into packets IP

2 Data Link Data delivery, packets into frames, transmission error recovery

Ethernet

1 Physical Physical communication, bit transmission

Electrons in copper

TCP/IP

The OSI model is conceptual Most network communication uses

TCP/IP We can view TCP/IP as four layers:Layer Action Responsibilities Protocol

Application Prepare messages User interaction HTTP, FTP,

etc.

Transport Convert messages to packets

Sequencing, reliability, error correction

TCP or UDP

Internet Convert packets to datagrams Flow control, routing IP

Physical Transmit datagrams as bits Data communication

TCP/IP

Transmission Control Protocol (TCP) Creates a reliable communication session Wraps information into packets Uses port numbers to connect processes to

information streams Internet Protocol (IP)

Allows for unreliable transport Wraps packets into datagrams Uses IP addresses for routing

User Datagram Protocol (UDP) Alternative to TCP that is unreliable but has low

overhead

Reconnaissance

A smart attacker learns everything he or she can about the system before attacking it

Useful methods for reconnaissance of a network include: Port scans Social engineering Dumpster diving OS and application fingerprinting Background research

Eavesdropping and wiretapping Eavesdropping means overhearing private

information without much effort Administrators need to periodically monitor

network traffic Wiretapping implies that more effort is

being used to overhear information Passive wiretapping is only listening to

information Active wiretapping means that you may

adding or changing information in the stream

Wiretapping

If you are on the same LAN, you can use a packet sniffer to analyze packets

Inductance allows you to measure the signals inside of a wire without a direct physical connection

Wireless is broadcast Easy to intercept, but can be protected by WPA or WPA2

encryption (and hardly at all by WEP) Microwave is easy to intercept

Heavy multiplexing makes it hard to untangle individual signals Satellites are similar (unsecure but heavily multiplexed) Optical fiber is very difficult to tap

Cutting a single fiber means recalibrating the network Repeaters and taps that connect the fiber are the best places

to attack

Authentication attacks

Spoofing is when an attacker carries out one end of a networked exchange

A masquerade is spoofing where a host pretends to be another host URL confusion: someone types hotmale.com (don’t go

there!) or gogle.com Phishing is a form of masquerading Session hijacking (or sidejacking) is carrying on

a session started by someone else Login is encrypted, the rest of the data often isn’t Firesheep allows you to log on to other people’s Facebook

and Twitter accounts in, say, the same coffeeshop Man-in-the-middle attacks

Confidentiality threats

Misdelivery Data can have bad addresses, occasionally because of

computer error Human error (e.g. James Hughes (student) instead of

James Hughes (professor)) is more common) Exposure of data can happen because of

wiretapping or unsecure systems anywhere along the network

Traffic flow analysis Data might be encrypted Even so, it is very hard to hide where the data is going

to and where it is coming from Tor and other anonymization networks try to fix this

Integrity threats

Attackers can falsify some or all of a message, using attacks we’ve talked about Parts of messages can be combined Messages can be redirected or deleted Old messages can also be replayed

Noise can degrade the signals All modern network protocols have error

correction built in Malformed packets can crash systems Protocols often have vulnerabilities

Web site vulnerabilities

Web sites are supposed to be up all the time They can be studied and attacked over a long period of time

Known vulnerabilities in web servers allow hackers (even unsophisticated ones) to gain control of web sites and deface them

Buffer overflows can crash web applications URL and SQL injection attacks

If web applications are poorly written, they may blindly execute whatever is passed into the URL

Could point to ../../../sensitive.dat, gaining access to files in other directories

Could give SQL to destroy or publicize the contents of the database Server-side includes can tell the server to do specific

things, but they can be manipulated by attackers who cleverly edit the HTTP requests

Denial of service

Networks are one of the best places to launch an attack on availability

In this setting, these are usually called denial of service (DoS) attacks

Transmission failure can happen because a line is cut or because there is too much noise

Flooding is a common technique Ask for too many connections Request too many of some other service

Denial of service attacks

TCP SYN floods Exploit the three-way handshake

Echo-chargen Chargen sets up a stream of packets for testing Echo packets are supposed to be sent back to the sender If you can trick a server into sending echo packets to itself, it will respond to its

own packets forever Ping of death

A ping packet requests a reply If you can send more pings than a server can handle, it goes down Only works if the attacker has more bandwidth than the victim (DDoS helps)

Smurf A ping packet is broadcast to everyone, with the victim spoofed as the originator All the hosts try to ping the victim The real attacker is hidden

Teardrop A teardrop attack uses badly formed IP datagrams They claim to correspond to overlapping sequences of bytes in a packet There’s no way to put them back together and the system can crash

Distributed denial of service Distributed denial of

service (DDoS) attacks use many machines to perform a DoS attack

Usually, many targets have been compromised with a Trojan horse making them zombies

These zombie machines are controlled by the attacker, performing flooding or other attacks on a victim

The attacker is hard to trace

DNS attacks

The Domain Name System (DNS) uses Domain Name Servers (also DNS) to convert user readable URLs like google.com to IP addresses

Taking control of a server means that you get to say where google.com is

For efficiency, servers cache results from other servers if they didn’t know the IP DNS cache poisoning is when an attacker

gives a good server a bad IP address

Active and mobile code threats Cookies

Small files saved by your browser on your disk Can be per-session or persistent Intercepted cookies can allow impersonation

Server side scripting Includes ASP, JSP, and PHP Again, poorly sanitized inputs can cause arbitrary code to be

executed on the server Active code

Java applets are run in a sandbox, preventing them from accessing most of your system▪ Some JVM implementations had weaknesses allowing them out

ActiveX is Microsoft’s system for running code in a browser▪ It has far too much power and can do anything to your system▪ Usually, you have to click a button to allow the ActiveX control to run

Network encryption

Encryption is important for network security

Link encryption encrypts data just before going through the physical communication layer Each link between two hosts could have

different encryption Message are in plaintext within each host Link encryption is fast and transparent

End-to-end encryption provides security from one end of the transmission to the other Slower Responsibility of the user Better security for the message in transit

Wireless security

A wireless access point has a Service Set Identifier (SSID)

SSIDs are usually broadcast, weakening security Even non-broadcast SSIDs can be discovered whenever someone

connects to them Wired Equivalent Privacy (WEP) was the old standard

for encryption Tools like WEPCrack and AirSnort can break WEP in minutes

because of flaws in the RC4 encryption algorithm WiFi Protected Access (WPA) and later WPA2 have

better security Encryption keys change for each packet Several authentication mechanisms are allowed WPA2 can use AES There are still flaws in some implementations

Firewalls

A firewall filters traffic between an inside network and an outside network The inside is more trusted and needs to be

protected from the outside Kinds of firewalls:

Packet filtering gateway or screening routers Stateful inspection firewalls Application proxies Guards Personal firewalls

Intrusion detection

Firewalls and authentication mechanisms are supposed to prevent malicious attacks

Not all attacks can be prevented It is useful to know when they are happening

An intrusion detection system (IDS) is hardware or software that monitors activity to look for suspicious patterns

A network-based IDS is stand-alone hardware that monitors a whole network

A host-based IDS runs on a host to protect that host

Types of IDSs

Signature-based IDSs do pattern matching, looking for patterns of known malicious behavior Only works for known types of attacks

Heuristic (or anomaly based) IDSs build up a model of acceptable behavior If something doesn’t fit the model, an alarm is raised An example is a particular user who has a characteristic way

of typing that suddenly changes State-based IDSs try to see when the system is in an

unsafe state Model-based IDSs try to model unacceptable activity

and react when activity looks like the model Misuse intrusion detection is like model-based

except that the model is known bad behavior

Security Planning

Security plan

A security plan is a document that describes how your organization will address its security needs

It should address:1. Policy2. Current state3. Requirements4. Recommended controls5. Accountability6. Timetable7. Continuing attention

Parts of a business continuity plan

A business continuity plan covers what will happen if a computer security problem actually happens

These plans cover big problems Catastrophic situations where large portions

of the computer systems don't work They must stop working for a long duration

Assess business impact Develop strategy to control impact Develop and implement a plan

Incident security plans

An incident security plan covers the non-business parts of any security breaches There should be incident security plans even for incidents

that are too small to fall under a business continuity plan Such a plan covers:

The definition of an incident Who is responsible for taking charge What the plan of action is

Such a plan must consider: Legal issues How to preserve evidence How to record the progress in executing the plan How to handle public relations

Risk Analysis

Risk terminology

Risk is the potential for a problem Risk is characterized by three factors

1. Loss associated with the event▪ Risk impact

2. Likelihood that the event will occur▪ A likelihood of 1 means there is a problem

3. The degree to which we can change the outcome ▪ Risk control is reducing the risk

Risk exposure = risk impact x risk probability

We can avoid, transfer, or assume the risk, depending on the tradeoffs

Risk analysis

Risk analysis is examining a system to find vulnerabilities and the harm they could cause

Risk leverage = Steps of a risk analysis:

1. Identify assets2. Determine vulnerabilities3. Estimate likelihood of exploitation4. Compute expected annual loss5. Survey applicable controls and their costs6. Project annual savings of control

Risk analysis pros and cons

Pros Cons

Improve awareness False sense of confidence

Relate security mission to management objectives

Hard to perform

Identify assets, vulnerabilities, and controls

Done once and then forgotten

Improve basis for decisions Lack of accuracy

Justify expenditures for security

Organizational Security Policies

Security policies

A security policy is a high level document informing users of the security goals of the system

Possible purposes: Recognizing sensitive information assets Clarifying security responsibilities Promoting awareness Guiding new users

Focus of a security policy Audience

Users Owners Beneficiaries The needs of all parties should be balanced

Purpose Promote efficient business operation Facilitate information sharing in the organization Safeguard information Ensure accurate information is available Ensure a safe workplace Comply with laws and regulations

The policy should say what is protected and how

Characteristics of a good policy

Coverage should be clear and comprehensive Everything should be covered Except for whatever is explicitly excluded

The policy should be adaptive and last for as long as possible Avoid referring to specific dates or protection

mechanisms The policy needs to be realistic

Possible Affordable Usable

It also needs to be understandable

Physical Security

Physical security

Natural disasters Flood Fire Everything else▪ Insure and backup

Power issues Power loss Uninterruptible power supplies (UPS) Surge suppressor

Human vandals Unauthorized access Theft

Disposing of sensitive information

Shredding paper documents Overwriting magnetic data Degaussing Van Eck phreaking safeguards

Backups

Everything should be backed up, always A complete backup covers the current state of

all data Revolving backups keep the last few complete

backups A selective (or incremental) backup stores only

the files that have changed since the last backup Ideally, you should have an offsite backup of all

your data in case of fire or flood Burning your critical data to a few DVDs and keeping

them at home or school or vice versa is a good idea for you guys

Making a Business Case for Security

Elements of a business case A business case is a proposal that justifies

an expenditure, usually including: A description of the problem you're trying to solve A list of possible solutions Constraints on solving the problem A list of assumptions Analysis of each alternative▪ Risks▪ Costs▪ Benefits

A summary of why your proposal is best

Net present value

Net present value (NPV) of a proposal is the present value of benefits minus the value of the initial investment

NPV looks at the lifetime of a project The rate of return if you were investing your money

typically is called the discount rate or opportunity cost

Business people always think about what their money could be doing other than your project

C0 is the initial investment Bt is the benefit in time period t Ct is the cost in time period t k is the discount rate n is the number of time periods

Privacy Concepts

What is information privacy? Controlled disclosure

Right to control who knows your private data Control is always diminished by sharing data with

another party Sensitive data

Not all data is equally sensitive Different people in different circumstances may

disagree about what should be protected Affected subject

Both people and businesses have private data Increasing privacy (an aspect of confidentiality)

often decreases availability

Computer-related privacy problems

Broad data collection No informed consent Loss of control Ownership of the data

Fair information policies

In 1973, a committee advising the U.S. Department of Human Services proposed a set of principles for fair information practice: Collection limitation Data quality Purpose specification Use limitation Security safeguards Openness Individual participation Accountability

U.S. privacy laws

The 1974 Privacy Act is a broad law that covers all the data collected by the government The law is based on the principles from two slides

earlier Laws for data collected by other organizations are

for specific areas and not necessarily consistent Fair Credit Reporting Act is for consumer credit Health Insurance Portability and Accountability Act

(HIPAA) is for healthcare information Gramm-Leach-Bliley Act (GLBA) is for financial services Children's Online Privacy Protection Act (COPPA) is for

children's web access

Non-US privacy

The European Union adopted the European Privacy Directive that requires that data about individuals be: Processed fairly and lawfully Collected for specified, explicit, and legitimate

purposes Adequate, relevant, and not excessive for the

purposes they were collected Accurate and as up to date as necessary Kept in a form that permits identification of

individuals for no longer than necessary

Authentication

Authentication

We have already discussed authentication from the perspective of how to do it But what are we really authenticating?

We could be authenticating any of the following three things: Individual▪ The physical person▪ Example: you

Identity▪ A string or numerical descriptor▪ Examples: the name "Clarence", the account admin

Attribute▪ A characteristic▪ Examples: being 21, having top secret clearance

Correlation in data mining Correlation is joining databases on

common fields Privacy for correlation can be improved

by making it harder to find links between related fields

Data perturbation randomly swaps fields in records Swapping records indiscriminately can destroy

the value of the research It has to add just enough randomness to the

right fields

Aggregation in data mining Aggregation means reporting sums, medians,

counts or other statistical measures As we discussed in the database chapter, these

can threaten privacy if we have a very small sample size

A corresponding problem happens if we have a sample that includes almost but not quite all of the data

For aggregates, data perturbation means adding small, random positive and negative values to each value, adding noise to the final aggregates If done correctly, the aggregates may still be accurate

enough for research purposes

Privacy on the Web

Payment

Credit cards can easily be defrauded since you provide the critical information to stores

Payment schemes like PayPal give more anonymity but do not have the same consumer protection laws

Site registration

Virtually every site on the Internet allows (if not requires) you to register with a user name and password so that you can log in

For the sake of privacy, you should have a different ID and password for every site This, of course, is impossible

People tend to use one or two IDs (and one or two passwords) for everything Many websites encourage this behavior by forcing you to use

your e-mail address as your ID In this way, it is easy for anyone with access to multiple

databases to aggregate information about you Since your e-mail address is often tied closely to you, they

could find out your true identity

Cookies

A cookie is a small text file kept on your computer that records data related to web browsing

Cookies can only be read by the site that originally stored the cookie

The way to get around this is called third-party cookies Networks of sites can form an alliance in which they cooperate

to track all of your visits to sites in the network Visiting a single page could store cookies from every ad

on the page (and more!) Web bugs are images that are usually 1 x 1 pixels and

clear They make it impossible to know how many sites could be

storing cookies

E-mail

Regular mail cannot be opened under penalty of federal law

Most people do not encrypt their e-mail using PGP or S/MIME

E-mail travels from originating computer to SMTP server through the Internet to a POP server to the destination Anyone can read and collect your e-mail on

the way E-mail provides almost no guarantee of

authenticity

Privacy in emerging technolgies Radio frequency identification (RFID) tags

are usually small, inexpensive transmitters They can be attached to almost anything The infrastructure to track you everywhere may soon

exist Electronic voting has many issues

It's hard to engineer a system that correctly counts votes but cannot report how someone voted

The software and hardware design for these systems are generally not publicized

Internet voting will probably increase VoIP

Privacy is in the hands of Skype

Legal Issues

Summary of copyrights, patents, and trade secrets

Copyright Patent Trade Secret

ProtectsExpression of idea, not idea

itself

Invention, the way something

works

A secret, a competitive advantage

Protected object made

public

Yes, all about promoting publication

Filed at patent office No

Requirement to distribute Yes No No

Ease of filing Easy, do it yourself

Complicated, usually needs

lawyersNo filing

DurationLife of author +

70 years, 95 years for corporations

19 years As long as you can keep it secret

Legal protection

Sue if unauthorized copy

sold

Sue if invention copied

Sue if secret improperly obtained

Criminal vs. civil law

Criminal Law Civil Law

Defined by Statutes ContractsCommon law

Cases brought by Government

GovernmentIndividuals and

companies

Wrong party Society Individuals and companies

Remedy Jail or fine Damages, usually money

Employee and Employer Rights

Who owns what?

If you are paid to develop software, the company owns the software

If you write code in your free time, it is possible that your job can still claim a piece of it (especially if you used any of their hardware or software)

If you are a consultant who writes a program for a client and then further develop it yourself, it's complicated

Often covered by your contract

Patents and copyrights

The inventor is the entity that owns the patent Who is the inventor? It matters whether your employer files the patent or if you

do In general, when you create something, you hold the

copyright The exception is a work for hire situation which

exists when some or all of the following apply: The employer has a supervisory relationship The employer has the right to fire you The employer arranges for the work to be done before it is

created A written contract states that the employer has hired you

to do certain work

Reporting flaws

Researchers and users should report flaws to companies so that they can be fixed, but there is disagreement about how public the reporting is

Developers want the vulnerabilities secret as long as possible so that a small number of patches can fix many vulnerabilities

Users want more pressure on developers to fix problems quickly

Researchers have suggested guidelines to reach a compromise between these two groups

Computer crime

Computer crime needs new definitions for crime Traditional crime focuses on crimes

against people (murder) or crimes against objects (theft)

Copying software is not traditional theft because no tangible object is missing

Computer trespassing has a similar problem

Evidence of computer crime is difficult to authenticate

Computer criminals are hard to catch

Much of the crime is international, and there are no international computer laws Although many countries cooperate to catch

criminals, there are safe havens where they cannot be arrested

Technical problems make them hard to catch Attacks can be bounced through many

intermediaries, each requiring their own search warrant

The right network administrators has to be given the warrant (and he or she might not keep good records)

Cryptography and the law Many countries have controls on the use of cryptography

Governments want cryptography they can break so that they can catch criminals

Laws are hard to enforce for individuals, especially now that the instructions for coding up AES are widely available

Until 1998, export of cryptography in the US was covered under laws preventing the export of weapons of war This definition changed, although there are still export

restrictions There were never any restrictions on the use of cryptography in

the US Absurdly, the government said that object code was subject to

export restriction, but printed source code was an idea and therefore not

Escrowed cryptography

The government made proposals to relax export rules for escrowed encryption With escrowed encryption, the government is

given copies of all the keys used to protect all transmissions, but promises to use them only with court authorization

Three well known proposals for these systems were Clipper, Capstone, and Fortezza

These proposals were not adopted because of public distrust of what the government might do with all the keys

Laws vs. ethics

Laws: Apply to everyone Courts determine which law applies or if one

supersedes another Laws and courts define what is right (legal) and what is

wrong (illegal) Laws are enforced

Ethics: Are personal Ethical positions often come into conflict with each

other There is no universal standard of right and wrong There is no systematic enforcement for ethical decisions

Examining an ethical choice

1. Understand the situation Learn all the facts about the situation first

2. Know several theories of ethical reasoning There may be many ways to justify different

choices3. List the ethical principles involved

What different philosophies could be applied?4. Determine which principles outweigh others

This is the hard part where you have to make a subjective valuation

Ethical breakdown

Teleology(Consequence-

based)Deontology

(Rule-based)

IndividualBased on

consequences to the individual (egoism)

Based on rules acquired by the individual from religion, analysis, or

experience

Universal

Based on consequences to

society (utilitarianism)

Based on universal rules that everyone can agree

on (but there are very few of these)

Upcoming

Next time…

There is no next time!

Reminders

Review for the final exam Monday, May 5, 2014 2:30pm - 5:30pm

Finish Project 3 Final report due before midnight

tonight