Computer Security: Principles and Practice

1
Computer Security Principles and Practice
Chapter 1 Overview

• First Edition
• by William Stallings and Lawrie Brown
• Lecturer Ming Hour Yang

2
Overview

• What is Computer Security?
• Computer Security protection afforded to an
  automated information system in order to attain
  the applicable objectives of preserving the
  integrity, availability and confidentiality of
  information system resources (includes hardware,
  software, firmware, information/data, and
  telecommunications).

3
Key Security Concepts
4
Intrusion Activites

• Can you name some intrusion activities?
• ??????(???, ????)
• ????????
• ????????
• ????
• ????
• ??????????
• ?????????

5
Computer Security Challenges

1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. must decide where to deploy mechanisms
5. involve algorithms and secret info
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system

6
Security Terminology
7
Vulnerabilities and Attacks

• system resource vulnerabilities may
• be corrupted (loss of integrity)
• become leaky (loss of confidentiality)
• become unavailable (loss of availability)
• attacks are threats carried out and may be
• passive
• active
• insider
• outsider

8
Who launch attacks

• Can you name some?
• ??
• ?????????????(???????????)
• ????, ????
• ??????
• And?

9
Motivation of an attack

• Try to give me some reason
• ????, ???
• ??
• ?????
• ????
• ??, ?
• ??
• Else?

10
Taxonomy of Attacking

• ??????????
• ????????
• ?????
• ??????, ??????(telnet, ftp, web)???
• ????
• ???????
• ????
• Backdoor, trojan horse, sniffer
• ????
• Rootkit
• ??????
• ??????

11
Target of Attackers

• ???? IP addresses
• ?????
• ??, e-mail, ??????, ?????????(DNS)??,
  ???????????
• ??????
• ??????????
• ?????????

12
Collect Target Information

• ????
• ??????????
• ????(yahoo, google, dogpile, altivista, edgar)
• ????, ?Webferret, Nessus
• ????? 15 ?????
• ??????
• ???????(????, ????,)

13
Password Cracking

• ????
• Brutus, http//www.hoobie.net/brutus/brutus-downlo
  ad.html
• ???

14
Homework

• Use Nessus to scan your computer, and find out
  the vulnerabilities in the computer
• Read the Nessus report, and write a report to me
  to show me what you learned from the Nessus
  report
• Your report needs a cover page which includes
  your name and ID
• Due date 3/16
• Mail your report to me mhyang_at_cycu.edu.tw

15
Countermeasures

• means used to deal with security attacks
• prevent
• detect
• recover
• may result in new vulnerabilities
• will have residual vulnerability
• goal is to minimize risk given constraints

16
Security Mechanisms/Tools

• ????????
• R-scanner
• nessus
• ????
• ?????
• ??????

17
Security Scanner

• ???????
• ?????????
• R-scanner, nessus
• ??????
• NASL (Nessus Attack Scripting Language)

18
Firewall

• ??????????, ????????????????????
• ??
• ????????
• ????????
• ??
• ???????
• ???

19
What the firewall cant

• ?????????????
• ?????????????

20
Intrusion Detection System

• ?????????
• Snort
• ????????
• ?????????
• Agent based IDS
• ??????????

21
Threat Consequences

• unauthorized disclosure
• exposure, interception, inference, intrusion
• deception
• masquerade, falsification, repudiation
• disruption
• incapacitation, corruption, obstruction
• usurpation
• misappropriation, misuse

22
(No Transcript)
23
Scope of Computer Security
24
Network Security Attacks

• classify as passive or active
• passive attacks are eavesdropping
• release of message contents
• traffic analysis
• are hard to detect so aim to prevent
• active attacks modify/fake data
• masquerade
• replay
• modification
• denial of service
• hard to prevent so aim to detect

25
Security Functional Requirements

• technical measures
• access control identification authentication
  system communication protection system
  information integrity
• management controls and procedures
• awareness training audit accountability
  certification, accreditation, security
  assessments contingency planning maintenance
  physical environmental protection planning
  personnel security risk assessment systems
  services acquisition
• overlapping technical and management
• configuration management incident response
  media protection

26
X.800 Security Architecture

• X.800, Security Architecture for OSI
• systematic way of defining requirements for
  security and characterizing approaches to
  satisfying them
• defines
• security attacks - compromise security
• security mechanism - act to detect, prevent,
  recover from attack
• security service - counter security attacks

27
Security Taxonomy
28
Security Trends
29
Computer Security Losses
30
Security Technologies Used
31
Computer Security Strategy

• specification/policy
• what is the security scheme supposed to do?
• codify in policy and procedures
• implementation/mechanisms
• how does it do it?
• prevention, detection, response, recovery
• correctness/assurance
• does it really work?
• assurance, evaluation

32
Summary

• security concepts
• terminology
• functional requirements
• security architecture
• security trends
• security strategy

33
Homework

• Get an exploit
• Attack a target in our testbed.
• Use Snort to detect the attack and Use etheral to
  analyse the communications between the attacking
  and victim hosts.
• Write the analysis report
• Mail your report to nash_at_wns.ice.cycu.edu.tw
• The deadline is 3/30