IPICS2004 Information Systems Security (Security of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of Thessaloniki - PowerPoint PPT Presentation

Loading...

PPT – IPICS2004 Information Systems Security (Security of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of Thessaloniki PowerPoint presentation | free to download - id: 6ac48f-ODNmM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

IPICS2004 Information Systems Security (Security of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of Thessaloniki

Description:

IPICS2004 Information Systems Security (Security of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of ... – PowerPoint PPT presentation

Number of Views:491
Avg rating:3.0/5.0
Slides: 108
Provided by: Georg239
Learn more at: http://www.fit.vutbr.cz
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: IPICS2004 Information Systems Security (Security of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of Thessaloniki


1
IPICS2004 Information Systems Security
(Security of Distributed and Internet Based
Information Systems)G. PangalosInformatics
LaboratoryAristotelean University of
Thessaloniki
2
Topics for discussion
  • The security problem - Basic security concepts
  • The security of internet based IS
  • Acceptable approaches to internet security
  • A methodology tool for selecting the
    appropriate security measures / guidelines

3
1. Basic Security Issues
4
the need for security
  • Many I.S. handle sensitive information that
    should be protected.
  • Without an appropriate level of security in
    place, no such a system can be operational.
  • A secure operational environment is thus
    required.
  • Security is therefore an important issue for most
    I.S.s

5
What is Security?
  • Basic concepts
  • Confidentiality
  • The protection of information from unauthorized
    access, or unintended disclosure.
  • Integrity
  • The protection of information from unauthorized
    modification
  • Availability Resources are in the place,
    without unreasonable delay, when the user needs
    them

6
need for security
  • As organizations increase their reliance on the
    information systems and the Internet for daily
    business, they become more vornurable to security
    breaches

7
Several major questions arise, for example
  • How to safeguard the confidentiality of the
    information (i.e. who should be allowed to see
    what and under what conditions),
  • How to safeguard the integrity of the
    information,
  • - How to improve its availability to legitimate
    users, etc..

8
In order to answer those questions it is
necessary to
  • 1. Identify the security requirements / threats /
    vulnerabilities associated to the various
    categories of users and data types
  • 2. Study the related security technology
    available
  • 3. Study the impact of adding security on the
    availability / performance / cost of the system
  • 4. Propose specific measures required to improve
    the security of the system.
  • 5. Define an appropriate security policy for
    accessing the information

9
Some problems to think on...
  • Confidentiality vs Availability vs Integrity (vs
    Accountability)
  • The ease of Attack (e.g. through internet)
  • The emergence of new, internet based,
    applications (electronic commerce, e payments,
    )
  • The Holistic Approach necessary

10
Why is this still a problem?
  • We
  • Have been working on it for 30 years
  • Have A Good Theoretical Foundation
  • Understand the Problem
  • Have Products
  • Continue to Make Progress
  • We have Ethics classes

11
. . . But!
  • Security Controls Have Operational Impact
  • Security costs (security should not cost. It
    should pay)
  • Products Do Not Match Problems
  • Not enough Flexibility
  • Rapidly Evolving Technology
  • No security culture

12
Computer Security Topics
  • Operating Systems Security
  • Database Security
  • Network Security
  • Internet Security
  • Electronic Commerce security
  • Office Automation Security
  • Formal Models of Secure Systems
  • Risk Analysis/Threat Analysis
  • Encryption (symmetric and asymmetric)

13
So, Why Arent Systems Secure?
  • Security is usually an afterthought
  • Security can be expensive
  • Security is fundamentally hard to address
  • False solutions
  • Belief that computers are the problem - not
    people (teach ethics)
  • Technology is oversold

14
Possible Information States ...
  • Processing
  • Storage
  • Transmission

15
What we are trying to do ...
  • The Information Security Objective then becomes
  • To preserve Security Characteristics across all
    three possible states of processing.
  • Maintain the appropriate level of security

16
Security Threats - Risks
17
  • A threat is any circumstance or event with the
    potential to cause harm to an organisation
    (through the disclosure, modification or
    destruction of information, or by the denial of
    critical services).
  • The presence of a threat does not mean that it
    will necessarily cause actual harm.
  • To become a risk a threat must take advantage of
    a vulnerability in the system security controls

18
Why not just Encrypt ?
  • Encryption is likely the most powerful tool
    available - but does not solve all problems.
  • Steganography Encryption ..

19
What Tends to Work ...
  • User Education
  • Strong holistic approach
  • Good Risk Analysis
  • Plans and Procedures Enforcement
  • Strong Identification and Authentication
  • Firewalls on networks
  • Law and Regulation

20
Basic Concepts
  • Access control. There is a need to protect
    resources against unauthorised access. The
    access control components decide whether an
    subject can access a particular resource
    (object). This functionality is related to both
    the secrecy and integrity..
  • Authentication . Verification of the identity of
    users. This is of crucial importance in
    distributed systems due to the inherent ability
    of these systems to allow access to remote
    resources via physically untrusted communication
    environments.
  • Auditing .Users that access resources should be
    accountable The audit components should record
    the identities and actions of them.

21
Basic Concepts
  • Non-repudiation. For some applications it is
    important to provide evidence of actions. Typical
    examples of this are proof of receipt of a
    message or proof of sending a message.
  • Security management . This is the management of
    information related to the security of a system.
    Typically this determines the security
    characteristics of a system.
  • Cryptography. The provision of the above
    mentioned functionality is usualy based on
    cryptography which is essential in distributed
    systems where communication is based on insecure
    links.

22
2.The Internet Security Problem
23
Facts
  • The Internet is the fastest growing
    telecommunications medium in history
  • It provides unprecedented opportunities for
    interaction and data sharing.

24
Advantages of using Internet/Web browsers to
provide access to information
  • Ease of deployment of information
  • No specific network infrastructure is required.
  • Everybody has a navigation program for the WWW
    (Netscape Navigator, Internet Explorer etc.)
  • User-friendly environment
  • Users need not specific knowledge to access data.
  • Everybody knows how to use a Web browser.
  • Ease of administration
  • The Web server handles all of the communications
    and simply passes the data back to the client.

25
The Internet Security problem
26
  • Vulnerable TCP/IP services a number of the
    TCP/IP services are not designed to be secure and
    can be compromised by knowledgeable intruders
  • Ease of eavesdropping and spoofing the majority
    of Internet traffic is not encrypted
  • Lack of policy many sites are configured
    unintentionally for wide-open Internet access
    without regard for the potential for abuse from
    the Internet
  • Complexity of configurationhost security access
    controls are often complex to configure and
    monitor

27
Threats in Internet
  • Information Browsing Unauthorised viewing of
    sensitive information by intruders or legitimate
    users may occur through a variety of mechanisms
  • Misuse The use of information assets for other
    than authorised purposes can result in denial of
    service, increased cost, or damage to
    reputations.
  • Component FailureFailure due to design flaws or
    hardware/software faults can lead to denial of
    service or security compromises through the
    malfunction of a system component.

28
Threats in Internet
  • Unauthorised deletion, modification or disclosure
    Intentional damage to information assets that
    result in the loss of integrity or
    confidentiality of business functions and
    information.
  • Penetration Attacks by unauthorised persons or
    systems that may result in denial of service or
    significant increases in incident handling costs.
  • Misrepresentation Attempts to masquerade as a
    legitimate user to steal services or information,
    or to initiate transactions that result in
    financial loss or embarrassment to the
    organisation.

29
Internet Security Riscs
  • The advantages provided by the Internet come with
    a significantly greater element of risk to the
    confidentiality and integrity of information
    (open environment, uncontrolled
    platforms, etc.).
  • The very nature of the Internet means that
    security risks cannot be totally eliminated.

30
!!!
  • Because of these security risks and the need to
    research security requirements vis-a-vis the
    Internet, in the past some organizations (e.g.
    HCFA) had even prohibited until recently the use
    of the Internet for the transmission of sensitive
    data.

31
On the other hand
  • There is a growing demand for using the Internet
    for fast and inexpensive transmission of
    information.

32
  • It is therefore necessary to accommodate this
    need, provided that it can be assured that proper
    steps are being taken to maintain an acceptable
    level of security for the information involved.

33
Solving the problem requiresA. To activate
the necessary security toolsB. To have an
adequate Internet Security Policy in place
34
A.Activate the necessary security tools
35
Levels of Internet security
  • Security at the Application Layer
  • 2. Security at the Transport Layer
  • 3. Security at the Physical Layer

36
Hierarchical Layers of Internet Security
(Application Layer)
37
Security at level 1 (Aplication Layer)
  • Tools available
  • a. Use of a Secure Transfer Protocol (e.g.
    S-HTTP)
  • b. Use of end-to-end Encryption
  • c. Use of Digital Signatures and user
    Certificates
  • .

38
Security at level 2 (Transport Layer)
  • Method Activate an SSL connection
  • Set up a PKI / TTP infrastructure
  • Provide SERVER / CLIENT / USER certificates
  • Use them to activate an SSL / https connection
    between client / server

39
B.Have an adequate InternetSecurity Policy in
place
40
That is .
  • To establish the basic security requirements that
    must be satisfied in order to use the Internet to
    safely transmit sensitive information.

41
What is needed
  • To define a suitable Internet Security Policy,
  • and
  • To describe the set of technical measures that
    are needed for its implementation.

42
  • A. Development of an
  • Internet Security Policy
  • Acceptable Security Approaches

43
Basic Security Principles for the transmission
of sensitive data over the Internet
44
1. Access and modification of information
  • Sensitive information sent over the Internet
    must be accessed and modified
    only by authorized parties

45
2. Use of Acceptable technologies
  • Appropriate technologies must be used to ensure
    that data travels safely over the Internet and is
    only disclosed to authorised parties.
  • These technologies should
  • allow users to prove they are who they say they
    are (identification and authentication), and
  • allow the organized scrambling of data
    (encryption) to avoid inappropriate disclosure or
    modification  

46
As seen later
  • The Internet can be used for the safe
    transmission of sensitive data, provided that
  • a suitable Internet Security Policy is in place,
  • an acceptable method of encryption is utilized to
    provide for confidentiality and integrity of the
    data, and
  • Suitable identification and authentication
    procedures are employed to assure that both the
    sender and recipient of the data are known to
    each other and are authorized to receive and
    decrypt such information.

47
II. Acceptable Security Methods
48
Acceptable Security Methods
  • In order to safely use the internet for the
    transmission of sensitive data,
    the method(s) employed by all users must come
    under one of the acceptable approaches to
    security described below.

49
These approaches ...
  • Are as generic as possible and as open to
    specific implementations as possible, to provide
    maximum user flexibility within the allowable
    limits of security and manageability
  • Have been based on a detailed study of the
    existing security framework and guidelines in the
    EU countries, USA and Canada.

50
Major sources
  • Development of a H.L. Security Policy for the
    processing and transmission of data through the
    INTERNET, Medical informatics and internet
    applications Journal, 1999.
  • The Intranet Health Clinic project, WP6 report
    security, The IHC project, EU, 2000.
  • European prestandard CEN/TC 251/SEC-COM
    Security for Healthcare Communication, 1999
  • Recommendation No. R (99)5 for the protection of
    privacy on the Internet,1999.
  • Directive 95/46/EC on the protection of
    individuals with regard to the processing of
    personal data and on the free movement of such
    data.

51
  • Recommendation N R(95)4 on the protection of
    personal data in the area of telecommunication
    services.
  • Recommendation N R(97)5 protection of medical
    data. February 1997.
  • CEN/TC 251 technical report N98-110, framework
    for security protection of healthcare
    communication, 1998
  • CSA standard CAN/CSA Q830, Model Code for the
    Protection of Personal Information, 1995
  • Canadian Organisation for the Advancement of
    Computers in Health (COACH), Security and Privacy
    Guidelines for Health Information Systems,
    Canadas Health Informatics Association, 1995.

52
  • TrusthHelath1, Examination of the Implications of
    the EU Data Protection Directive to a TrustHealth
    Information System, Deliverable D6.2,
    INFOSEC/TrustHealth Project, 1996.
  • Department of Health and Human Services,
    Security and electronic Signature standards,
    Federal Register/Vol. 63, No. 155, 1998
  • HCFA, Internet Communications Security and
    Appropriate Use Policy and Guidelines, 1998.
  • Report and Recommendations from the Provincial
    Steering Committee on the Health Information
    protection Act, 1998.
  • FOIP Policy and Practices, USA, 1998.

53
0. Acceptable Approaches to Internet Usage
54
I. General statement
  • It is permissible to use the Internet for the
    transmission of sensitive information, as long
    as
  • an acceptable method of encryption is utilised to
    provide for confidentiality and integrity of this
    data, and
  • adequate identification and authentication
    procedures are employed to assure that both the
    sender and recipient of the data are known to
    each other and are authorised to receive and
    decrypt such information.

55
II. Acceptable Technical Measures (to achieve
those objectives)
56
ACCEPTABLE TECHNICAL MEASURES
  • 1. Acceptable Identification and Authentication
    approaches
  • 2. Acceptable WEB server usage
  • 3. Acceptable mail usage
  • 4. Acceptable protection from virus and
    Interactive software
  • 5. Acceptable Intrusion Detection methods
  • 6. Acceptable Encryption approaches

57
1.Acceptable Identification and Authentication
approaches
58
The problem
  • Authentication over the Internet presents several
    problems.
  • e.g. It is relatively easy to capture
    identification and authentication data
    (or any data) and replay it in order to
    impersonate a user.

59
Acceptable Identification and Authentication
approaches
60
1. use of digital certificates
  • Any site must use digital certificates to
    validate the identity of both the user and the
    server.
  • Certificates at the user end must be used in
    conjunction with standard technologies such as
    Secure Sockets Layer (SSL).

61
  • Only the use of Formal Certificate Authority -
    based digital certificates is acceptable.
  • Certificates can be issued only by the
    organization or by a Trusted Third Party.
  • Access to digital Certificates stored on PCs
    should be protected by passwords.

62
2. Use of passwords
  • Passwords may be sent over the Internet only when
    encrypted
  • Passwords and user logon IDs must be unique to
    each authorized user.
  • Passwords must be changed at a suitable period
    (eg 90 days).

63
3. Logon procedures
  • User accounts will be frozen after 3 failed logon
    attempts.
  • All erroneous password entries will be recorded
    in an audit log for later inspection and action,
    as necessary.
  • Sessions will be suspended after 15 minutes (or
    other specified period) of inactivity and require
    the password to be re-entered.

64
  • Successful logons should display the date and
    time of the last logon and logoff.
  • Logon IDs and passwords should be suspended after
    a specified period of disuse.
  • Each site would be required to be able to prove
    that data in its possession has not been altered
    or destroyed in an unauthorised manner.

65
Acceptable approaches for WEB server usage
66
  • There shall be no remote control of the Web
    server.
  • All administrator operations (e.g., security
    changes) shall be done from the console.
  • Supervisor-level logon shall not be done at any
    device other than the console.
  • The Web server software, and the software of the
    underlying operating system, shall contain all
    manufacturer recommended patches for the version
    in use.

67
  • The Web server must be located internal to the
    firewall.
  • The Web servers shall be configured so that users
    cannot install CGI scripts.
  • All network applications other than HTTP should
    be disabled from the WEB server (e.g., SMTP, ftp,
    etc.)

68
Acceptable usage of UNIX WEB servers
  • Unix Web servers shall not be run as root.
  • The implementation and use of CGI scripts shall
    be monitored and controlled.
  • CGI scripts shall not accept unchecked input.

69
  • Any programs that run externally with arguments
    should not contain metacharacters.
  • The developer is responsible for devising the
    proper regular expression to scan for shell
    metacharacters and shall strip out special
    characters before passing external input to the
    server software or the underlying operating
    system.

70
Acceptable approaches tomail usage
71
Objective
  • Implement suitable policies for e-mail usage to
    help users
  • use electronic mail properly,
  • reduce the risk of intentional or unintentional
    misuse, and
  • assure that sensitive records transferred via
    electronic mail are properly handled.

72
acceptable approaches for e-mail usage
73
  • If confidential or proprietary information must
    be sent via email, it must be encrypted so that
    it is only readable by the intended recipient,
    using digital signatures.

74
  • All incoming messages will be scanned for viruses
    and other malign content.
  • The mail server, or other mail server which is
    servicing users, will be configured to accept
    only encrypted passwords from local machines
    using SSL 3.0 or other encrypted channel.

75
  • e-mail servers shall be configured to refuse
    e-mail addressed to non-organizational systems.
  • E-mail clients will be configured so that every
    message is signed using the digital signature of
    the sender.

76
4. Acceptable approaches for protection from
virus and interactive software
77
The problem
  • Internet provides another channel for virus
    infections, one that can often bypass traditional
    virus controls.

78
  • The security service policy for viruses
  • has to prevent the introduction of viruses into
    a computing environment, and
  • must be able to determine that an executable,
    boot record, or data file is contaminated with a
    virus.

79
i. acceptable approaches for virus protection
80
  • Anti-virus software should be installed in the
    servers to limit the spread of viruses within the
    network.
  • Scanning of all files and executables will occur
    daily (or weekly) on the servers.
  • Workstations will have memory resident anti-virus
    software installed and configured to scan data as
    it enters the computer.
  • Programs will not be executed, nor files opened
    by applications prone to macro viruses without
    prior scanning.

81
  • All incoming mail and files received from the
    Internet must be scanned for viruses as they are
    received.
  • Virus checking will be performed if applicable at
    firewalls that control access to networks.
  • This will allow centralised virus scanning for
    the entire organisation.
  • It also allows for centralised administration of
    the virus scanning software.

82
  • All data imported on a computer (e-mail, or file
    transfer) will be scanned before being used.
  • Use off-the-shelf scanning software should be
    enhanced by state of the art virtual machine
    emulation for polymorphic virus detection.
  • All other new virus detection methods will be
    incorporated into the detection test bed.
  • To keep abreast of the latest viruses which have
    been identified, scanning software will be
    updated monthly or as updates arrive.

83
  • Users will inform the system administrator of any
    virus that is detected, configuration change, or
    different behaviour of a computer or application.
  • When informed that a virus has been detected, the
    system administrator will inform all users that a
    virus may have also infected their system.
  • The users will be informed of the steps necessary
    to determine if their system is infected and the
    steps to take to remove the virus.

84
ii. acceptable approaches for using Interactive
Software
85
Use of Interactive Software
  • In an Interactive Software environment a user
    accesses a server across a network. The server
    downloads an application (applet) onto the users
    computer that is then executed.
  • ?
  • There are significant risks involved in this
    strategy.
  • Fundamentally, one must trust that what is
    downloaded will do what has been promised.

86
?
  • Users should configure their browsers to accept
    applets only from the servers.
  • If this is not possible, then browsers should be
    configured not to accept applets.

87
5.Acceptable Intrusion Detection methods
88
  • Intrusion detection plays an important role in
    implementing the Internet Security Policy.

89
acceptable approaches for Intrusion detection
90
i. Normal logging processes
  • Normal logging processes shall be enabled on all
    systems.
  • Alarm and alert functions, as well as logging, of
    any firewalls and other network perimeter access
    control systems shall be enabled.

91
ii. additional monitoring tools
  • In addition to the activity logging process
    provided by the operating system,
  • All servers shall have additional monitoring
    tools (eg. tripwire or appropriate software
    wrappers) installed.

92
iii. perimeter access control
  • System integrity checks of the firewalls and
    other network perimeter access control systems
    must be performed on a routine basis.

93
iv. Review
  • Audit logs from the perimeter access control
    systems shall be reviewed daily.
  • Audit logs for servers shall be reviewed on a
    daily basis.
  • User education shall be provided in order to
    train users to report any anomalies in system
    performance to their system administration staff.

94
6.Acceptable encryption approaches
95
i. Level of Encryption
  • A level of encryption protection equivalent to
    that provided by an algorithm as follows, is
    recognised as minimally acceptable
  • Triple 56 bit DES (defined as 112 bit
    equivalent) for symmetric encryption,
  • 1024 bit algorithms for asymmetric systems, and
  • 160 bits for the emerging Elliptical Curve systems

96
  • The organization will have however to increase
    these minimum levels when deemed necessary by
    advances in techniques and capabilities
    associated with the processes used by attackers
    to break encryption.

97
ii. Hardware-Based Encryption
  • Hardware encryptors are acceptable
  • (While likely to be reserved for the largest
    traffic volumes to a very limited number of
    Internet sites).
  • symmetric password "private" key devices (such as
    link encryptors)

98
iii. Acceptable Software-Based Encryption
  • Secure Sockets Layer (SSL) implementations at a
    minimum SSL level of Version 3.0,
  • standard commercial implementations of PKI, or
    some variation of, implemented in the SSL.
  • S-MIME - Standard commercial implementations of
    encryption in the e-mail layer

99
Acceptable Software-Based Encryption-2
  • In-stream - Encryption implementations in the
    transport layer, such as pre-agreed passwords
  • Offline - Encryption/decryption of files at the
    user sites before entering the data
  • communications process

100
III. Basic Security Principles for the
transmission of sensitive (database) data over
the Internet
101
Basic Security Principle
  • Sensitive information sent over the Internet
    must be accessed and modified
    only by authorized parties

102
Basic Security Guidelines for the transmission
of sensitive data over the Internet
  • The Internet can be used for the transmission of
    sensitive data, provided that
  • a suitable Internet Security Policy is in place,
  • an acceptable method of encryption is utilized to
    provide for confidentiality and integrity of the
    data, and
  • suitable authentication or identification
    procedures are employed to assure that both the
    sender and recipient of the data are known to
    each other and are authorized to receive and
    decrypt such information.

103
Related Security Guidelines
104
G7.1 Acceptable technologies
  • Appropriate technologies must be used to insure
    that data travels safely over the Internet and is
    only disclosed to authorised parties.
  • These technologies should
  • allow users to prove they are who they say they
    are (identification and authentication), and
  • allow the organized scrambling of data
    (encryption) to avoid inappropriate disclosure or
    modification  

105
G7.2 Encryption
  • In order to make the Internet adequately safe, a
    complete Internet communications implementation
    must include adequate encryption
  • Encryption must be at a sufficient level of
    security to protect against the cipher being
    readily broken and the data compromised.
  • The length of the key and the quality of the
    encryption framework and algorithm must be
    increased over time as new weaknesses are
    discovered and processing power increases.  

106
G7.4 Authentication and Identification
  • In order to make the Internet adequately safe, a
    complete Internet communications implementation
    must include employment of sufficient
    authentication or identification of
    communications partners. 

107
G7.5 Password/key management systems
  • In order to make the Internet adequately safe, a
    complete Internet communications implementation
    must include a management scheme which
    incorporates effective password/key management
    systems
About PowerShow.com