210 likes | 223 Vues
This overview delves into the significance of computer security, the complexities and challenges faced in maintaining it, and the various methods of defense against attackers. It covers the types of attackers, defense strategies, computer security domains, and the fundamental components of security such as confidentiality, integrity, and availability. Additionally, it discusses the current landscape of information security, including the emerging threats and the critical need for maintaining secure systems in various sectors like finance, transportation, and national defense.
E N D
Introduction to Security Overview of Computer Security
Why is security important? • Computers and networks are the nerves of the basic services and critical infrastructures in our society • Financial services and commerce • Transportation • Power grids • Etc. • Computers and networks are targets of attacks by our adversaries K. Salah
Why is security so hard? • The complexity of computers and networks • Increases Internet usage • User expectation • Lack of awareness of threats and risks • Software by peopleware • Social engineering • Defense is inherently more expensive • Offense only needs the weakest link • Ample cracking tools K. Salah
Tempset Attack • Tempest • is an acronym for Transient ElectroMagnetic Pulse Emanation Surveillance. • This is the science of monitoring at a distance electronic signals carried on wires or displayed on a monitor. • It is of enormous importance to serious cryptography snoopers. • To minimize a tempest attack you should screen all the cables between your computer and your accessories, particularly your monitor. • A non CRT monitor screen such as those used by laptops (or plasma TV) offers a considerable reduction in radiated emissions and is recommended. K. Salah
Type of Attackers • Amateurs: regular users, who exploit the vulnerabilities of the computer system • aka “Smart kiddies” • Less experienced • Motivation: easy access to vulnerable resources • Hackers/Crackers: attempt to access computing facilities for which they do not have the authorization • Experts • Motivation: enjoy challenge, curiosity • Career criminals: professionals who understand the computer system and its vulnerabilities • Motivation: personal gain (e.g., financial) • Intruders are all of the above K. Salah
Methods of Defense • Prevent: block attack • Deter: make the attack harder • Deflect: make other targets more attractive • E.g. is honeypots • Detect: identify misuse • Tolerate: function under attack • Recover: restore to correct state K. Salah
Computer Security Domains • Physical security -- Controlling the comings and goings of people and materials; protection against the elements and natural disasters • Operational/procedural security -- Covering everything from managerial policy decisions to reporting hierarchies • Personnel security -- Hiring employees, background screening, training, security briefings, monitoring, and handling departures • System security -- User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing. OS and database systems. • Network security -- Protecting network and telecommunications equipment, protecting network servers and transmissions, combating eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions • Information Security – Hiding of information (cryptography) and also security of information in transit over a network. Examples: e-commerce transactions, online banking, confidential e-mails, file transfers, record transfers, authorization messages, etc. K. Salah
What is Security? • Keeping something (information in our case) secure against • Someone stealing it • Someone destroying it • Someone changing it • Someone preventing me from using it • More Specifically • Confidentiality: nobody else can see it • Integrity: nobody else can change it • Availability: I can get at it whenever I want K. Salah
Basic Components of Security • Confidentiality • Keeping data and resources secret or hidden • Integrity • Ensuring authorized modifications; • Includes correctness and trustworthiness • Availability • Ensuring authorized access to data and resources when desired • Accountability • Ensuring that an entity’s action is traceable uniquely to that entity • Security assurance • Assurance that all four objectives are met K. Salah
What “secure” means Secure Confidentiality Availability Integrity K. Salah
Information security today • Emergence of the Internet and distributed systems • Increasing system complexity • Digital information needs to be kept secure • Competitive advantage • Protection of assets • Liability and responsibility • Financial losses • There are reports that the annual financial loss due to information security breaches is between 5 and 45 billion dollars • National defense • Protection of critical infrastructures: • Power Grid; • Air transportation • Interlinked government agencies • Severe concerns regarding security management and access control measures K. Salah
Information Requirements & Policies Terminology Security Architecture Security Features or Services Attackers/Intruders/ Malfeasors Security Mechanisms K. Salah
Attack Vs Threat • A threat is a “potential” violation of security • The violation does not need actually occur • The fact that the violation might occur makes it a threat • It is important to guard against threats and be prepared for the actual violation • “being paranoid” • The actual violation of security is called an attack K. Salah
Common security attacks • Interruption, delay, denial of receipt or denial of service • System assets or information become unavailable or are rendered unavailable • Interception or snooping • Unauthorized party gains access to information by browsing through files or reading communications • Modification or alteration • Unauthorized party changes information in transit or information stored for subsequent access • Fabrication, masquerade, or spoofing • Spurious information is inserted into the system or network by making it appear as if it is from a legitimate entity K. Salah
Malicious Code or malware X Files Trojan Horses Bacterium Trapdoors Logic Bombs Worms Virus K. Salah
DOS and DDOS K. Salah
Trojan/Backdoor Program • Trojan part: masquerades itself as a nice program • WildAnimals.scr (Any executable can be saved as .scr) • YourDocumnet.doc … .exe • 100 spaces followed by .exe • Backdoor • Once launced, it opens a communication channel (IRC, FTP, telnet, etc) with a certain machine • Can be used to hijack a machine if running proxy communication protocols (ssh or socks4) and bypassing firewalls • Internet traffic would seem to be coming/outgoing from infected system and routed to attacker machine K. Salah
Goals of Security • Prevention • To prevent someone from violating a security policy • Detection • To detect activities in violation of a security policy • Verify the efficacy of the prevention mechanism • Recovery • Stop policy violations (attacks) • Assess and repair damage • Ensure availability in presence of an ongoing attack • Fix vulnerabilities for preventing future attack • Retaliation against the attacker K. Salah
Operational Issues • Cost-Benefit Analysis • Benefits vs. total cost • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Risk depends on environment and change with time • Laws and Customs • Are desired security measures illegal? • Will people do them? • Affects availability and use of technology K. Salah
Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Which do you think is the real threat? • Social engineering K. Salah