1 / 70

Defining Computer Security

Defining Computer Security. As applied to cybertechnology, security can be thought of in terms of various measures designed to protect against: (i) unauthorized access to computer systems (ii) alteration of data that resides in and is transmitted between computer systems

rcarreon
Télécharger la présentation

Defining Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defining Computer Security • As applied to cybertechnology, security can be thought of in terms of various measures designed to protect against: • (i) unauthorized access to computer systems • (ii) alteration of data that resides in and is transmitted between computer systems • (iii) disruption, vandalism, and sabotage of computers systems and networks. • One way to overcome cybercrimes

  2. Defining Computer Security (continued) • A computer is secure • "if you can depend on it and its software behaves as you expect."   • According to this definition, at least two conditions must be satisfied: • (a) you can depend on your computer (i.e., it is reliable and available) • (b) your computer system's software does what it is supposed to do.

  3. Defining Computer Security (continued) • Kizza (1998) argues that computer security involves three elements: • Confidentiality; • Integrity; • Availability. • Confidentiality focuses on protecting against un- authorized disclosure of information to third parties. • Integrity can be understood aspreventing unauthorized modification of files. • Availability means preventing unauthorized withholding of information from those who need it when they need it.

  4. Cont…… • Reliability • Safety

  5. Two Distinct Aspects of Computer Security • The expression “computer security" is sometimes used ambiguously. • In one sense, "computer security" refers to concerns related to a computer system's vulnerability to attacks involving system hardware and software resources from "malicious programs" (viruses and worms). • This aspect of computer security can be referred to as system security.

  6. Two Distinct Aspects of Computer Security • Another sense of "computer security" is concerned with vulnerability to unauthorized access and modification of data. • The data can be either: • (a)resident in one or more disk drives or databases in a computer system; • (b)transmitted between two or more computer systems. •  We call this “data security.”

  7. Computer Security Computer Security System Security Data Security Resident Data Transmitted Data

  8. Access/availability Scene Characteristics Normal Flow Code Blue – Security Controls Red – Threats Goal Information Source Information Destination Identity Theft Masquerade Capture Interception Identification Authenticity Non-Repudiation Confidentially Modification Interruption Escalation Covering Tracks Integrity Accountability Authorization Availability

  9. Computer Security and Computer Crime • Computer security issues often overlap with issues analyzed under the topic of computer crime. • Virtually every violation of security involving cybertechnology is also criminal in nature. • So only cyber specific crimes are involved in cyber security not cyber related crimes. • But not every instance of crime in cyberspace necessarily involves a breach or violation of security.

  10. Computer Security Issues as Distinct from Computer Crime • Some computer-related crimes have no direct implications for computer security. • An individual can use a personal computer to: • Make unauthorized copies of software programs; • Stalk a victim in cyberspace; • Elicit sex with young children; • Distribute child pornography; • Engage in illegal gambling activities. • None of these kinds of crimes are a direct result of insecure computer systems.

  11. Security as Related to Privacy • Cyber-related issues involving privacy and security often overlap. • Some important distinctions can be drawn. • Privacy concerns often arise because on-line users are concerned about losing control over ways in which personal information about them can be accessed by organizations (especially by businesses and government agencies). • Securing personal information stored in computer databases is an important element in helping individuals to achieve and maintain their privacy. • The objectives of privacy would seem compatible with, and even complementary to, security.

  12. Security as Related to Privacy (continued) • Privacy and security concerns can be thought of as two sides of a single coin, where each side complements and completes the other. • Many people wish to control who has information about them, and how that information is accessed by others. • Who is doing and what is doing ,How is doing

  13. How Do Security Issues Raise Ethical Concerns? • To realize autonomy, individuals need to be able to have some access control over how information about them is gathered and used. • Computer security can help users realize this goal. Disclosing privacy is unethical. • Personal privacy also requires that certain kinds of information stored in electronic databases be kept confidential. • Secure computers are needed to ensure this.

  14. BACK DOORS …. • Are accounts left by manufacturers and vendors on devices that allow them to bypass a locked-out or clueless system administrator in case of emergency.  Every network device comes shipped with more than one default username and password, and these built-in accounts offer administrative privileges to anyone who finds them.

  15. Virus spread A small malicious executable program. The definition of virus is a program that can be broken into 3 functional parts • Replication • Concealment • Bomb • The combination of these three attributes makes the collective program a virus

  16. Cont…. • A virus adds a small piece of code to the beginning of the file so that when file is executed, the virus is loaded into to memory before the actual application

  17. Replication • A virus must include some method of replication, I.e., some way to reproduce or duplicate itself. • When a virus reproduces itself in a file, the result is sometimes referred as an “Infection” • Replication occurs when the virus is loaded into memory and has access to CPU cycles • A virus cant spread by existing on a hard disk and an infected file must be executed in order for a virus to become active

  18. Method of Replicating • Resident replicating virus: A resident replicating virus, once loaded into memory, waits for other programs to be executed and then infects them. • Nonresident replicating virus: A nonresident replicating virus selects one or more executable files on disk and directly infects them without waiting for them to be processed in memory. • Companion virus: A virus which facilities the loading of the virus code without actually infecting the existing file. • It makes advantage of default OS order of executing file e.g., windows first tries to execute a file with .com extension, then .exe extension, and the finally a .bat extension

  19. File Infection • The method of replication can be the result of file infection or boot sector replication. • File infection relies on the virus’s ability to attach itself to a file. In theory, any type of file is vulnerable to attack. • Attackers tend to focus, however, on files that provide some form of access to CPU cycles. This access can be through direct execution or through some secondary application processing the code.

  20. Contd.. • Some viruses have even embedded themselves in raw source-code files. When the code is eventually compiled, the virus becomes capable of accessing CPU cycles, thus replicating even further. • The most popular type of infection affects direct executable files like .com, .exe, .pif, or .bat file extensions

  21. Boot Sector Replication • Boot sector virus infect the system area of the disk that is read when the disk is initially accessed or booted. • This area can include the MBR, the OS boot sector or both.

  22. Concealment • To facilitate replication, a virus must have one or more methods of masking its existence. If a running virus simply show up on your Windows Taskbar, you’d see a problem right away. • Stealth allows a virus t hide the modifications made to a file or boot sector.

  23. Small Footprint • Viruses tend to be small. Even a large virus can be less than 2KB in size.This small footprint makes it far easier for the virus to conceal itself on the local storage media and while it is running in memory. Resides in space between two stored files • To ensure that a virus is as small as possible, most virus are coded in assembly language.

  24. Polymorphic Virus • A polymorphic virus can change its virus signature from infected file to infected while still remaining operational. • Many virus scanners detect a virus by searching for signature code. • Since a polymorphic virus can change its appearance between infections, it is far more difficult to detect. • One way to produce a polymorphic virus is to include a variety of encryption schemes that use different decryption routines

  25. Social engineering viruses • Social-engineering viruses meet all the criteria of a normal virus, except they rely on people to spread the infection, not a computer. A good example of a social engineering virus is the Good Times virus hoax that has circulated on the Internet for many years. This e-mail message announces that a dangerous virus is being circulated via e-mail and has the ability to wipe out all the files on your computer. This message even claims that the virus’s existence has been confirmed. People concerned that their friends may be attacked by this virus then forward the hoax to every person in their address books

  26. Bomb • Our virus has successfully replicated itself and avoided detection. The question now becomes, What will the virus do next? Most viruses are programmed to wait for a specific event. This event can be almost anything…….including the arrival of a specific date, the infection of a specific number of files, or even he detection of a predetermined activity.

  27. Worms • Traditionally, a computer worm was considered an application that could replicate itself via a permanent or a dial-up network connection. • Unlike a virus, which seeds itself within the computer’s hard disk or file system, a worm is a self-supporting program. Not need to attach it with some file. • A typical worm maintains only a functional copy of itself in active memory; it does not even write itself to disk. • The Vampire Worm, The Great Internet Worm, The Wank Worm

  28. Trojan Horse • An application that hides a nasty surprise • Process or Function that Performs an activity that user is unaware of • TROJANS are programs that look like ordinary software, but actually perform unintended (and sometimes malicious) actions behind the scenes when launched.  • Replace network services. Does not replicates • An E-mail virus I LOVE YOU are considered to be Trojan Horse

  29. How Trojan Horses are Different From Viruses • Does not replicate or attach itself to a file • Is a stand alone application that had its bomb included from the original source code • Unix Trojan can replace Telnet Server process (Telnetd) • Quietly records all logon names and passwords that authenticate to the system • Are immediately destructive

  30. Dos Attack • On the Internet, a denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a Denial of Service (DoS) attack, the attacker sends a stream of requests to a service on the server machine in the hope of exhausting all resources like "memory" or consuming all processor capacity. • E.g. Ping of broad cast, Smurf ,Ping of death, Teardrop attack

  31. Other Dos Attacks are • FTP Bounce Attacks • Port Scanning Attack • Ping Flooding Attack • Smurf Attack • SYN Flooding Attack • IP Fragmentation/Overlapping Fragment Attack • IP Sequence Prediction Attack • DNS Cache Poisoning • SNMP Attack • Send Mail Attack

  32. Ping broadcast • - A ping request packet is sent to a broadcast network address where there are many hosts. The source address is shown in the packet to be the IP address of the computer to be attacked. If the router to the network passes the ping broadcast, all computers on the network will respond with a ping reply to the attacked system. The attacked system will be flooded with ping responses which will cause it to be unable to operate on the network for some time, and may even cause it to lock up.

  33. Cont….. • Ping of death - An oversized ICMP datagram can crash IP devices that were made before 1996. • Smurf - An attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.

  34. Teardrop Attack • This type of denial of service attack exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. The fragment packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash

  35. Brute force • Attack on encryption • Exhaustive encryption key search

  36. Session hijacking • An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. • By lunching ICMP flood on server and then acting like a server.

  37. DNS Poisoning • DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information eg incorrect IP address which can cause traffic to be diverted.

  38. SNIFFING • Is the interception of data packets traversing a network . An example of active intrusion is when PACKET SNIFFING is used for IP SPOOFING • IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. This may cause some operating systems such as Windows to crash or lock up. • Similarly DNS poisoning is used for server spoofing.

  39. Attacks on Different Layers • IP Attacks • ICMP Attacks • Routing Attacks • TCP Attacks • Application Layer Attacks

  40. Security Countermeasures • Security countermeasures act as an action, device, procedure, technique or other measure that reduces the vulnerability of a threat to a computer system. • We have come to rely increasingly on countermeasures. • Many security analysts believe that countermeasures would not be as necessary as they currently are if better security features were built into computer systems.

  41. Implementating Security • Unique to each individual user/company and system • Solution should contain three components for completeness • Prevention (Access control measures) • Detection (Fire walls, IDS, Virus scanners) • Reaction (disaster mode and severity) • Recovery (Network disaster management sys)

  42. Types of Security Countermeasures • Firewalls (Pix fire wall) • Anti-Virus Software • Encryption Tools • Anonymity Tools • IDS • VPN’s • Access control • Honey pot

  43. Firewall Technology • A firewall is a system or combination of systems that enforces a boundary between two or more networks. • Firewalls help to secure systems not only from unauthorized access to information in databases, but also help prevent unwanted and unauthorized communication into or out of a privately owned network. Proxy and Pix Fire walls • A firewall is a "blockage" between an internal privately owned network and an external network, which is not assumed to be secure.

  44. Define IDS • IDS has all been about analyzing network traffic to look for evidence of attack. • IDS is also about scanning access logs and analyzing the characteristics of files to see if they have been compromised. • IDS have thousands of attack pattern saved in their database. So they match them with ordinary traffic to detect malicious traffic. • IDS may be hardware based or software based, e.g. SNORT

  45. Functions of IDS • Monitoring and analyzing both user and system activities • Analyzing system configurations and vulnerabilities • Assessing system and file integrity • Ability to recognize patterns typical of attacks • Analysis of abnormal activity patterns • Tracking user policy violations

  46. Types of IDS • Network Intrusion Detection Systems (NIDS) (Snort, zone alarm) • Host Intrusion Detection Systems (HIDS) • System Integrity Verifier (SIV) Tripwire • Log File Monitor (LFM) • Honeypot: A fake deception server to trace and misleading the cracker. production and research honeypots.

  47. VPN • Virtual private network is a private network that uses links across private or public networks e.g. internet • You must have PPTP tunneling protocol or L2TP layer two tunneling protocol to support VPN, both are automatically installed on WIN 2003 server. • Configure a VPN server on WIN 2003 server • Make a VPN client and connect via VPN.

More Related