Lecture 1, 20-771: The Internet, Fall 2002 1 20-771: Computer Security Lecture 1: Introduction Robert Thibadeau School of Computer Science Carnegie Mellon

Lecture 1, 20-771: The Internet, Fall 2002 1

20-771: Computer SecurityLecture 1: Introduction

Robert Thibadeau

School of Computer Science

Carnegie Mellon University

Institute for eCommerce, Fall 2002


Today’s lecture

• Class Details

• Basics of Computer Security

• Break (10 min)

• Overview


This Week

Chapters 1 & 2 : Stein as a Guide

Class Participation and AnswersMid-Term & Final

Linux and Windows 2000 Tasks

Java Programming : A Watcher (basis for Sniffer)

Read Steven Levy’s Crypto (try, over the long weekend)


Computer Security

• Security against Threat

• Threat: a use other than intended

• Source of Intention– Owner/Author

• Target of Intention– Machine, Software, Data, Facility

• Nature of Intention– Almost never clear

– 100% Uptime

– Only Owner/Author can Modify

– Owner/Author can say Who can Modify What


What do we secure?• Securing the Server

– Web Server

– Mail Server

– Disk Contents

• Securing the Client– Browser

– Disk Contents

• Securing the Network– Physical Wire

– All the Routers/Gateways

• Securing the Data Objects– Tamperproofing

– Authenticating

– Authorizing Access

• What else?


Other Things we Secure

• Privacy is just a special case of data about you that you author

• Opposite of Digital Rights Management

• Others? (Classroom Discussion Invited )


How do we manage the security?

• Management of many Programs

• Management of lots of Data

• Management of many Machines

• Management of many People

• Management of many Contracts

• Systems Mgmt, Policy, The Law


How do we evaluate Security?

• Security is Never Absolute!– Insiders possible : Social Engineering

– People who can make the box can break the box

» No exceptions! (even cryptography…a cryptographer knows the weak point and can take pictures of you with his girlfriend).

– Here’s your screwdriver!

• Security is always MORE or LESS– Weigh the Incentive to violate your security

» If the incentive is there, the bad guy is thinking

– If Incentive is very high, then Security must be very high

• THE BIGGEST SECURITY MISTAKE PEOPLE MAKE IS PRESUPPOSING SECURITY IS ABSOLUTE

– You forget to monitor your weak points.


Purpose of Course

• Become Intelligently Paranoid• Paranoid

– The bad guys are indeed there (especially at CMU!)– The bad guys are stealing from you invisibly– Rarely do the bad guys let you know (they are parasites

not troopers!)– A CMU we just want free interchange of knowledge all

around : don’t steal, give and take…it’s better!– In a Company you can’t have that but you need some.

• Intelligent– Know what they can do if they want to– Know what they can’t do even if they want to– Know what you can do about it– There is a system! (and here it is…)


Security Layers

Whole Facility / Internet Security

Path Security Proxy/Router Security

Host Security

Server SecurityClient Security

Server ApplicationsClient Applications

Proxy/Router Applications

Security Server

Applications

Security Assurance

Applications


Our Class



Host Security




Security Server

Applications

Security Assurance

Applications

Web Server

Security

Web Client

Security

Web Security (WS) by Lincoln SteinOldie but goodie


Our Class



Host Security




Security Server Applications

WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security

Windows 2000 Server Security from MSDN


Whole Facility/Internet Security

• Enforcing Protocols– Killer Packets

– www.cert.org www.first.org

• Enforcing Policy– Where Technology Ends and the Law Begins

– Facility Policy

» Security Architecture

– Protocols Allowed and Disallowed

» Rights and Obligations

– Password Policy

• Providing Publicity : www.cert.org www.security.scs.cmu.edu

• Training and Education– Reporting


Our Class

Whole Facility / Internet Security – Protocols/Policy/Publicity


Host Security





WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security


Path Security

• Electricity can be read– I can tap any copper line and you won’t know.

• Electromagnetics can be read– Radio – Frequency Hopping

– Microwave – Straight Line but can put tap in middle

– Terminal – Read screens through windows

» A modern screen is in fact a serial device

» Defeat : block view of light from screens

• Tapping optics (harder electromagnetics)– Laser – Straight Line but smaller – catch scatter

– Repeater (introduces detectable delay)

• Denial of Service (A shovel or Thunder Storm)

• Nearly every path device has a specification that completely delimits the security considerations


Proxy/Router Security

• Special Case of Server Security

• Physical Protection is critical

• Can be made very tough by putting all code in hardware.

– You can’t change the code at all.

– Need less physical protection.

– This is just a special case of gaining security by creating a special purpose server.

– Linux is great for this.


Our Class


Path Security-

Physical security

Proxy/Router Security- Kind of Server

Host Security



Proxy/Router Applications –

Put in Hardware!

(buy CISCO)


WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security

Technology The Law

CryptographyHow To


Break!


Our Class


Path Security-

Physical security


Host Security




Put in Hardware!

(buy CISCO)


WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security

Technology The Law

CryptographyHow To


The How-Toof Computer Security

• Integrity – Is it what it represents itself to be?

• Privacy – Is it hidden from those without a right to see it?

• Authentication – Is it from who it pretends to be from?

• Authorization – Is it provided to who it is supposed to be provided to?

• Auditability – Do I have a record of how it was used?

• Availability – Is it there when I need it?

It : the service or the total data, program, machine, facility, network that is secure – whose intention is being protected.


IPAAA of Logging In

• Log In is security for the software on a machine.

• Integrity?

• Privacy?

• Authentication?

• Authorization?

• Audit?

• Availability?

• There can be multiple perspectives on IPAAA but there is usually a right answer.


IPAAA Solutions

• Integrity, Privacy, Authentication, Authorization, and Audibility are NOT SOLVED PROBLEMS in general!!!

– We don’t know how to fully represent intention

– We don’t know how to enforce these without loss of human productivity

» Loss by user

» Loss by administrator

• Today’s solutions are very imperfect but work OK (the horse gets us across town…maybe we just need powerful enough engines to fly).

• Cryptography has provided technical “solutions” to all the problems


Where Cryptography Succeeds and Fails

• Succeeds– If all the assumptions hold, it really works well. Try as you might, you

can’t beat the system.– It has several good alternative solutions to every problem.– This is all very good for ecommerce.

• Fails– It makes assumptions that are not necessarily valid and are hard to

prove » Password guessing just uses “crypt” to create the un-reversible

cypher – you never really have to “decrypt”» somebody says they are Microsoft and another group says they

are Microsoft Corporation… who do you believe is the real Microsoft?

– Usability is REALLY BAD!!!!!!» Buy lots of special hardware» People are constantly frustrated – Huge Untold Productivity

Losses “a constant state of huppliness”» This is all very bad for general ecommerce

– I forgot that password!

• Lots of “dot com” business opportunity


Web Security from a Perspective

• User Perspective– Is the site who it pretends to be?

– Is the document returned correct and free from malicious Viruses?

– Is my personal privacy protected?

• Webmaster Perspective– User can’t break into my site?

– User can only see what he is authorized to see?

– User can’t crash my server?

– User is who he claims to be?

• Both– The network isn’t being sniffed

– The data between the browser and server is not tampered


Windows 2000 Server SecurityMS Selections from the Catalog of Cryptography!

• User/File/Program Access Control

• Adoption of Kerberos v5 Authentication Standard

• Implementation of Public Key Infrastructure (PKI)

• File Encryption

• IPSec – Cryptography for IP

• Security Management Snap-Ins for System Management across Facility


Our Class


Path Security-

Physical security


Host Security




Put in Hardware!

(buy CISCO)


WINDOWS 2000

Security Assurance

Applications

Web Server

Security

Web Client

Security

Technology The Law

CryptographyHow To

Integrity/Privacy/Authenticate/

Authorize/Record


Wednesday

• Read Chapters 1 & 2 of WS : Be prepared to answer questions orally

• Study IPAAAA from Slides. Be prepared to apply it.


Questions

• List the Six Basic Elements of Computer Security Technology.

• What is Integrity?

• What is Authentication?

• What is Authorization?

• What is Privacy?

• What is Auditability?

• What is Availability?

Documents

Lecture 1, 20-771: The Internet, Fall 2002 1 20-771: Computer Security Lecture 1: Introduction Robert Thibadeau School of Computer Science Carnegie Mellon