Introduction to Security

1
Introduction to Security

• Overview of Computer Security

2
Why is security important?

• Computers and networks are the nerves of the
  basic services and critical infrastructures in
  our society
• Financial services and commerce
• Transportation
• Power grids
• Etc.
• Computers and networks are targets of attacks by
  our adversaries

3
Why is security so hard?

• The complexity of computers and networks
• Increases Internet usage
• User expectation
• Lack of awareness of threats and risks
• Software by peopleware
• Social engineering
• Defense is inherently more expensive
• Offense only needs the weakest link
• Ample cracking tools

4
(No Transcript)
5
Tempset Attack

• Tempest
• is an acronym for Transient ElectroMagnetic Pulse
  Emanation Surveillance.
• This is the science of monitoring at a distance
  electronic signals carried on wires or displayed
  on a monitor.
• It is of enormous importance to serious
  cryptography snoopers.
• To minimize a tempest attack you should screen
  all the cables between your computer and your
  accessories, particularly your monitor.
• A non CRT monitor screen such as those used by
  laptops (or plasma TV) offers a considerable
  reduction in radiated emissions and is
  recommended.

6
Type of Attackers

• Amateurs regular users, who exploit the
  vulnerabilities of the computer system
• aka Smart kiddies
• Less experienced
• Motivation easy access to vulnerable resources
• Hackers/Crackers attempt to access computing
  facilities for which they do not have the
  authorization
• Experts
• Motivation enjoy challenge, curiosity
• Career criminals professionals who understand
  the computer system and its vulnerabilities
• Motivation personal gain (e.g., financial)
• Intruders are all of the above

7
Methods of Defense

• Prevent block attack
• Deter make the attack harder
• Deflect make other targets more attractive
• E.g. is honeypots
• Detect identify misuse
• Tolerate function under attack
• Recover restore to correct state

8
Computer Security Domains

• Physical security -- Controlling the comings and
  goings of people and materials protection
  against the elements and natural disasters
• Operational/procedural security -- Covering
  everything from managerial policy decisions to
  reporting hierarchies
• Personnel security -- Hiring employees,
  background screening, training, security
  briefings, monitoring, and handling departures
• System security -- User access and authentication
  controls, assignment of privilege, maintaining
  file and filesystem integrity, backups,
  monitoring processes, log-keeping, and auditing.
  OS and database systems.
• Network security -- Protecting network and
  telecommunications equipment, protecting network
  servers and transmissions, combating
  eavesdropping, controlling access from untrusted
  networks, firewalls, and detecting intrusions
• Information Security Hiding of information
  (cryptography) and also security of information
  in transit over a network. Examples e-commerce
  transactions, online banking, confidential
  e-mails, file transfers, record transfers,
  authorization messages, etc.

9
What is Security?

• Keeping something (information in our case)
  secure against
• Someone stealing it
• Someone destroying it
• Someone changing it
• Someone preventing me from using it
• More Specifically
• Confidentiality nobody else can see it
• Integrity nobody else can change it
• Availability I can get at it whenever I want

10
Basic Components of Security

• Confidentiality
• Keeping data and resources secret or hidden
• Integrity
• Ensuring authorized modifications
• Includes correctness and trustworthiness
• Availability
• Ensuring authorized access to data and resources
  when desired
• Accountability
• Ensuring that an entitys action is traceable
  uniquely to that entity
• Security assurance
• Assurance that all four objectives are met

11
What secure means
Secure
Confidentiality
Availability
Integrity
12
Information security today

• Emergence of the Internet and distributed systems
• Increasing system complexity
• Digital information needs to be kept secure
• Competitive advantage
• Protection of assets
• Liability and responsibility
• Financial losses
• There are reports that the annual financial loss
  due to information security breaches is between 5
  and 45 billion dollars
• National defense
• Protection of critical infrastructures
• Power Grid
• Air transportation
• Interlinked government agencies
• Severe concerns regarding security management and
  access control measures

13
Terminology
Security Architecture
Security Features or Services
Attackers/Intruders/ Malfeasors
Security Mechanisms
14
Attack Vs Threat

• A threat is a potential violation of security
• The violation does not need actually occur
• The fact that the violation might occur makes it
  a threat
• It is important to guard against threats and be
  prepared for the actual violation
• being paranoid
• The actual violation of security is called an
  attack

15
Common security attacks

• Interruption, delay, denial of receipt or denial
  of service
• System assets or information become unavailable
  or are rendered unavailable
• Interception or snooping
• Unauthorized party gains access to information by
  browsing through files or reading communications
• Modification or alteration
• Unauthorized party changes information in transit
  or information stored for subsequent access
• Fabrication, masquerade, or spoofing
• Spurious information is inserted into the system
  or network by making it appear as if it is from a
  legitimate entity

16
Malicious Code or malware
X Files
Trojan Horses
Bacterium
Trapdoors
Logic Bombs
Worms
Virus
17
DOS and DDOS
18
Trojan/Backdoor Program

• Trojan part masquerades itself as a nice program
• WildAnimals.scr (Any executable can be saved as
  .scr)
• YourDocumnet.doc
  .exe
• 100 spaces followed by .exe
• Backdoor
• Once launced, it opens a communication channel
  (IRC, FTP, telnet, etc) with a certain machine
• Can be used to hijack a machine if running proxy
  communication protocols (ssh or socks4) and
  bypassing firewalls
• Internet traffic would seem to be coming/outgoing
  from infected system and routed to attacker
  machine

19
Goals of Security

• Prevention
• To prevent someone from violating a security
  policy
• Detection
• To detect activities in violation of a security
  policy
• Verify the efficacy of the prevention mechanism
• Recovery
• Stop policy violations (attacks)
• Assess and repair damage
• Ensure availability in presence of an ongoing
  attack
• Fix vulnerabilities for preventing future attack
• Retaliation against the attacker

20
Operational Issues

• Cost-Benefit Analysis
• Benefits vs. total cost
• Is it cheaper to prevent or recover?
• Risk Analysis
• Should we protect something?
• How much should we protect this thing?
• Risk depends on environment and change with time
• Laws and Customs
• Are desired security measures illegal?
• Will people do them?
• Affects availability and use of technology

21
Human Issues

• Organizational Problems
• Power and responsibility
• Financial benefits
• People problems
• Outsiders and insiders
• Which do you think is the real threat?
• Social engineering