Upload
jonas-lambert
View
223
Download
0
Embed Size (px)
DESCRIPTION
CIT 380: Securing Computer SystemsSlide #3 Course Administration Web Site –Notes, readings, and assignments on web site. –http://www.nku.edu/~waldenj1 Assignment submission –Use submit command on kosh. Contact Information – –Phone: (859)
Citation preview
CIT 380: Securing Computer Systems Slide #1
CIT 380: Securing Computer Systems
Introduction
CIT 380: Securing Computer Systems Slide #2
About Me http://www.nku.edu/~waldenj1
James Walden– Assistant Professor of Computer Science– [email protected]– Interests:
• Software Security• Programming Languages• Software Engineering• Network Security
CIT 380: Securing Computer Systems Slide #3
Course Administration
Web Site– Notes, readings, and assignments on web site.– http://www.nku.edu/~waldenj1
Assignment submission– Use submit command on kosh.
Contact Information– Email: [email protected]– Phone: (859) 572-5571
CIT 380: Securing Computer Systems Slide #4
CIT 380 within the Curriculum
CIT 140 CIT 370 CIT 380Security
CIT 484Network Security
CIT 430Forensics
CIT 380: Securing Computer Systems Slide #5
Syllabus
CIT 380: Securing Computer Systems Slide #6
Course Goals1. What is computer security?2. How do computer systems fail?3. How can the risks to a system be evaluated?4. How well does a particular security solution mitigate the
risks to a system?5. How can the costs and trade-offs of a security solution be
balanced?6. What are the essential problems and solutions of network
security?7. How do viruses and worms propagate and how can they be
stopped?8. How can intrusions be detected and investigated to
determine the nature of the attackand the attacker?9. What are the ethical impacts of security technologies?
CIT 380: Securing Computer Systems Slide #7
GradingGrades are based on
– Midterm Exam (30%)– Final Exam (40%)– Assignments (30%)
A 90-100B 80-89C 70-79D 60-69F 0-60
CIT 380: Securing Computer Systems Slide #8
Topics
A first look at four important questions:– What is security?– How do we evaluate risks of various threats?– How does security mitigate these risks?– How do we balance the costs and trade-offs of
our security solutions?
CIT 380: Securing Computer Systems Slide #9
9/11
Most devastating terrorist attack in history.– Low-tech.– Innovative.
• Completely different than earlier hijackings.• We thought we had solved airplane bombings by
ensuring passengers were on same flight as baggage.– What were the security responses?
• How effective were the responses?• What were the costs?
CIT 380: Securing Computer Systems Slide #10
What is Security?
Security is the prevention of certain types of intentional actions from occuring in a system.– These potential actions are threats.– Threats that are carried out are attacks.– Intentional attacks are carried out by an attacker.– Objects of attacks are assets.
CIT 380: Securing Computer Systems Slide #11
Safety vs Security Adversary: An intelligent attacker who
intentionally causes the system to fail.
Security• Home: door lock.• Car: alarm.• Computer: Login
password.
Safety• Home: fire alarm.• Car: crumple zones.• Computer: UPS.
Safety and security can interact: Who is watching your computer room after the fire alarm was pulled?
CIT 380: Securing Computer Systems Slide #12
Goals of SecurityPrevention
– Prevent attackers from violating security policy
Detection– Detect attackers’ violation of security policy
Recovery– Stop attack, assess and repair damage
Survivability– Continue to function correctly even if attack succeeds
CIT 380: Securing Computer Systems Slide #13
NSTISSC Security Model
CIT 380: Securing Computer Systems Slide #14
Components of Security
Confidentiality– Keeping data and resources hidden. Privacy.
Integrity– Preventing unauthorized changes to data or
resources.
Availability– Enabling access to data and resources
CIT 380: Securing Computer Systems Slide #15
ConfidentialityAuthentication
Passwords, mother’s maiden name
CorporationsTrade secrets, e.g., the formula for Coca Cola.
DatabasesSSN, Driver’s license
GovernmentsNational securityEmbarrassing information: www.thememoryhole.org
CIT 380: Securing Computer Systems Slide #16
Integrity
Data Integrity– content of the information.– ex: 2005 Walmart $1.5 million bar code scam.
Origin Integrity (authentication)– source of the information.– ex: 1997 Kurt Vonnegut MIT commencement
address email. Vonnegut was not the 1997 speaker and the content wasn’t his.
Prevention vs Detection
CIT 380: Securing Computer Systems Slide #17
Availability
Prevent loss of system access.
Denial of service attacks common.– Easy to launch, difficult to track down.– Can be just part of another attack
CIT 380: Securing Computer Systems Slide #18
States of Information
1. StorageInformation not currently being accessed.
2. ProcessingInformation currently being used by processor.
3. TransmissionInformation in transit btw one node and another.
CIT 380: Securing Computer Systems Slide #19
Security Measures
Technology.– Hardware/software used to ensure
confidentiality, integrity, or availability.
Policy and practice.– Security requirements and activities.
Education, training, and awareness.– Understanding of threats and vulnerabilities and
how to protect against them.
CIT 380: Securing Computer Systems Slide #20
How to evaluate security solutions?
1. What assets are you trying to protect?2. What are the risks to those assets?3. How well does the security solution
mitigate those risks?4. What other risks does the security solution
cause?5. What costs and trade-offs does the security
solution impose?
CIT 380: Securing Computer Systems Slide #21
Aspects of Risks
To evaluate a risk, we need to evaluate both:– Probability of risk occurring.– Cost incurred by risk if it occurs.
Minimize product of probability and cost.Risks are impacted by environment.
– Building a house in a flood plain incurs additional risks beyond that of house itself.
– Similarly, installion and configuration options impact risk of software systems.
CIT 380: Securing Computer Systems Slide #22
Security is a matter of Trade-offs
Security is only one of many system goals:• Functionality• Ease of Use• Efficiency• Time to market• Cost• Security
CIT 380: Securing Computer Systems Slide #23
Cost-Benefit Analysis
Is it cheaper to prevent violation or recover?– Cost of good network security:
• Money, time, reduced functionality, annoyed users.• Large and ongoing.
– Risks of bad network security:• Angry customers, bad press, network downtime.• Small and temporary.
CIT 380: Securing Computer Systems Slide #24
Airport SecurityLet’s consider the issue of airport security again from
the standpoint of what we’ve learned. Develop a solution, keeping the 5 questions in mind:
1. What assets are you trying to protect?2. What are the risks to those assets?3. How well does the security solution mitigate
those risks?4. What other risks does the security solution cause?5. What costs and trade-offs does the security
solution impose?
CIT 380: Securing Computer Systems Slide #25
Human Issues: People Problems
Social engineering– Kevin Mitnick testified before Congress “I was
so successful in that line of attack that I rarely had to resort to a technical attack.”
Circumvention– Users write down passwords, leave screens
unlocked.
Insider attacks
CIT 380: Securing Computer Systems Slide #26
Human Issues: OrganizationsLow priority
– Security costs, but doesn’t produce income.– Lack of liability reduces costs of bad security.
Variable impact– Cost of security violation highly variable.– Insurance converts variable risk to fixed cost, but
risk too variable for much involvement so far.Power and responsibility
– Personnel responsible for security often don’t have power to enforce security.
CIT 380: Securing Computer Systems Slide #27
Security: Laws and Customs
Are desired security measures illegal?– cryptography export before 2000– is it legal to monitor security breakins?– international commerce
Will users circumvent them?– writing down passwords– removing file ACLs
CIT 380: Securing Computer Systems Slide #28
Security Liability
Product liability:– Tires: Continental recalled Ford SUV tires in
2002 due to wire and vibration problems.– Software: Manufacturer not liable for security
flaws.
Since Microsoft isn’t liable for Windows security failures, why would they want to sacrifice money, time, functionality, and ease of use for security?
CIT 380: Securing Computer Systems Slide #29
Assumptions• Security rests on assumptions specific to
type of security required and environment.• Example:
– TCP/IP designed for pre-commercial Internet.• Assumed only legitimate admins had root access.• Trusted IP addresses, since only root can set IP addr.• What happens to network when Windows 95 systems
added to network, where desktop user has all privileges?
CIT 380: Securing Computer Systems Slide #30
Assurance
How much can you trust a system?Example:
– Purchasing aspirin from a drugstore.– Bases for trust:
• Certification of drug by FDA.• Reputation of manufacturer.• Safety seal on bottle.
CIT 380: Securing Computer Systems Slide #31
How much do you trust? Ken Thompson’s compiler hack from
“Reflections on Trusting Trust.”– Modified C compiler does two things:
• If compiling a compiler, inserts the self-replicating code into the executable of the new compiler.
• If compiling login, inserts code to allow a backdoor password.
– After recompiling and installing old C compiler:• Source code for Trojan horse does not appear
anywhere in login or C compiler.• Only method of finding Trojan is analyzing binary.
CIT 380: Securing Computer Systems Slide #32
Key Points• Components of security
– Confidentiality– Integrity– Availability
• States of information– Storage, Processing, Transmission
• Evaluating risk and security solutions.– Security is a matter of trade-offs.
• Security is a human problem.
CIT 380: Securing Computer Systems Slide #33
References1. Ross Anderson, Security Engineering, Wiley,
2001.2. Matt Bishop, Introduction to Computer Security,
Addison-Wesley, 2005.3. Peter Neumann, (moderator), Risks Digest,
http://catless.ncl.ac.uk/Risks/4. Bruce Schneier, Beyond Fear, Copernicus Books,
2003.5. Ken Thompson, “Reflections on Trusting Trust”,
Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)