Upload
austin-crawford
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
CS363Week 15 - Friday
Last time
What did we talk about last time? Reviewed some of the material from
Exam 1 and Exam 2
Questions?
Secret Messages!
Big Ideas in Computer Security
Network Security
Packet switched vs. circuit switched
The Internet is a packet switched system This means that individual pieces of data
(called packets) are sent on the network Each packet knows where it is going A collection of packets going from point A to point B
might not all travel the same route Phone lines are circuit switched
This means that a specific circuit is set up for a specific communication
Operators used to do this by hand Now it is done automatically Only one path for data
Network strength
If a single cut can case a network to go down, that network is vulnerable to a single point of failure
Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city Resilience or fault tolerance
Terminology
A computer network is at least two computers connected together Often one is a server and the other is a
client A computer system in a network is
called a node The processor in a node is called a
host A connection between two hosts is a
link
Communication
Analog or digital A modem converts between the two Portmanteau of “modulator-demodulator”
Copper wire is the main workhorse Twisted pair is a pair of insulated copper wires▪ Limit of about 10 Mbps and about 300 feet without a boost
Coaxial cable has a single wire surrounded by an insulation jacket covered by a grounded braid of wire▪ Ethernet is an example▪ Repeaters or amplifiers are needed periodically to
prevent signal degradation
Transmission media
Copper wire Twisted pair is a pair of insulated copper wires Coaxial cable has a single wire surrounded by an insulation jacket covered by a
grounded braid of wire Repeaters or amplifiers are needed periodically to prevent signal degradation
Optical fiber Carries light instead of electricity Higher bandwidth and less signal degradation than copper Replacing aging copper lines
Wireless Good for short distance Uses radio signals
Microwave Strong signals Requires line of sight
Infrared Similar to microwave but weaker signals
Satellites Need geosynchronous orbits Secure applications need smaller footprints than broadcasts
Layers
Protocols and standards define each layer Not every layer is always used Sometimes user errors are referred to as Layer 8
problemsLayer Name Activity Example
7 Application
User-level data HTTP
6 Presentation
Data appearance, some encryption SSL
5 Session Sessions, sequencing, recovery IPC and part of TCP
4 Transport Flow control, end-to-end error detection
TCP
3 Network Routing, blocking into packets IP
2 Data Link Data delivery, packets into frames, transmission error recovery
Ethernet
1 Physical Physical communication, bit transmission
Electrons in copper
TCP/IP
The OSI model is conceptual Most network communication uses
TCP/IP We can view TCP/IP as four layers:Layer Action Responsibilities Protocol
Application Prepare messages User interaction HTTP, FTP,
etc.
Transport Convert messages to packets
Sequencing, reliability, error correction
TCP or UDP
Internet Convert packets to datagrams Flow control, routing IP
Physical Transmit datagrams as bits Data communication
TCP/IP
Transmission Control Protocol (TCP) Creates a reliable communication session Wraps information into packets Uses port numbers to connect processes to
information streams Internet Protocol (IP)
Allows for unreliable transport Wraps packets into datagrams Uses IP addresses for routing
User Datagram Protocol (UDP) Alternative to TCP that is unreliable but has low
overhead
Reconnaissance
A smart attacker learns everything he or she can about the system before attacking it
Useful methods for reconnaissance of a network include: Port scans Social engineering Dumpster diving OS and application fingerprinting Background research
Eavesdropping and wiretapping Eavesdropping means overhearing private
information without much effort Administrators need to periodically monitor
network traffic Wiretapping implies that more effort is
being used to overhear information Passive wiretapping is only listening to
information Active wiretapping means that you may
adding or changing information in the stream
Wiretapping
If you are on the same LAN, you can use a packet sniffer to analyze packets
Inductance allows you to measure the signals inside of a wire without a direct physical connection
Wireless is broadcast Easy to intercept, but can be protected by WPA or WPA2
encryption (and hardly at all by WEP) Microwave is easy to intercept
Heavy multiplexing makes it hard to untangle individual signals Satellites are similar (unsecure but heavily multiplexed) Optical fiber is very difficult to tap
Cutting a single fiber means recalibrating the network Repeaters and taps that connect the fiber are the best places
to attack
Authentication attacks
Spoofing is when an attacker carries out one end of a networked exchange
A masquerade is spoofing where a host pretends to be another host URL confusion: someone types hotmale.com (don’t go
there!) or gogle.com Phishing is a form of masquerading Session hijacking (or sidejacking) is carrying on
a session started by someone else Login is encrypted, the rest of the data often isn’t Firesheep allows you to log on to other people’s Facebook
and Twitter accounts in, say, the same coffeeshop Man-in-the-middle attacks
Confidentiality threats
Misdelivery Data can have bad addresses, occasionally because of
computer error Human error (e.g. James Hughes (student) instead of
James Hughes (professor)) is more common) Exposure of data can happen because of
wiretapping or unsecure systems anywhere along the network
Traffic flow analysis Data might be encrypted Even so, it is very hard to hide where the data is going
to and where it is coming from Tor and other anonymization networks try to fix this
Integrity threats
Attackers can falsify some or all of a message, using attacks we’ve talked about Parts of messages can be combined Messages can be redirected or deleted Old messages can also be replayed
Noise can degrade the signals All modern network protocols have error
correction built in Malformed packets can crash systems Protocols often have vulnerabilities
Web site vulnerabilities
Web sites are supposed to be up all the time They can be studied and attacked over a long period of time
Known vulnerabilities in web servers allow hackers (even unsophisticated ones) to gain control of web sites and deface them
Buffer overflows can crash web applications URL and SQL injection attacks
If web applications are poorly written, they may blindly execute whatever is passed into the URL
Could point to ../../../sensitive.dat, gaining access to files in other directories
Could give SQL to destroy or publicize the contents of the database Server-side includes can tell the server to do specific
things, but they can be manipulated by attackers who cleverly edit the HTTP requests
Denial of service
Networks are one of the best places to launch an attack on availability
In this setting, these are usually called denial of service (DoS) attacks
Transmission failure can happen because a line is cut or because there is too much noise
Flooding is a common technique Ask for too many connections Request too many of some other service
Denial of service attacks
TCP SYN floods Exploit the three-way handshake
Echo-chargen Chargen sets up a stream of packets for testing Echo packets are supposed to be sent back to the sender If you can trick a server into sending echo packets to itself, it will respond to its
own packets forever Ping of death
A ping packet requests a reply If you can send more pings than a server can handle, it goes down Only works if the attacker has more bandwidth than the victim (DDoS helps)
Smurf A ping packet is broadcast to everyone, with the victim spoofed as the originator All the hosts try to ping the victim The real attacker is hidden
Teardrop A teardrop attack uses badly formed IP datagrams They claim to correspond to overlapping sequences of bytes in a packet There’s no way to put them back together and the system can crash
Distributed denial of service Distributed denial of
service (DDoS) attacks use many machines to perform a DoS attack
Usually, many targets have been compromised with a Trojan horse making them zombies
These zombie machines are controlled by the attacker, performing flooding or other attacks on a victim
The attacker is hard to trace
DNS attacks
The Domain Name System (DNS) uses Domain Name Servers (also DNS) to convert user readable URLs like google.com to IP addresses
Taking control of a server means that you get to say where google.com is
For efficiency, servers cache results from other servers if they didn’t know the IP DNS cache poisoning is when an attacker
gives a good server a bad IP address
Active and mobile code threats Cookies
Small files saved by your browser on your disk Can be per-session or persistent Intercepted cookies can allow impersonation
Server side scripting Includes ASP, JSP, and PHP Again, poorly sanitized inputs can cause arbitrary code to be
executed on the server Active code
Java applets are run in a sandbox, preventing them from accessing most of your system▪ Some JVM implementations had weaknesses allowing them out
ActiveX is Microsoft’s system for running code in a browser▪ It has far too much power and can do anything to your system▪ Usually, you have to click a button to allow the ActiveX control to run
Network encryption
Encryption is important for network security
Link encryption encrypts data just before going through the physical communication layer Each link between two hosts could have
different encryption Message are in plaintext within each host Link encryption is fast and transparent
End-to-end encryption provides security from one end of the transmission to the other Slower Responsibility of the user Better security for the message in transit
Wireless security
A wireless access point has a Service Set Identifier (SSID)
SSIDs are usually broadcast, weakening security Even non-broadcast SSIDs can be discovered whenever someone
connects to them Wired Equivalent Privacy (WEP) was the old standard
for encryption Tools like WEPCrack and AirSnort can break WEP in minutes
because of flaws in the RC4 encryption algorithm WiFi Protected Access (WPA) and later WPA2 have
better security Encryption keys change for each packet Several authentication mechanisms are allowed WPA2 can use AES There are still flaws in some implementations
Firewalls
A firewall filters traffic between an inside network and an outside network The inside is more trusted and needs to be
protected from the outside Kinds of firewalls:
Packet filtering gateway or screening routers Stateful inspection firewalls Application proxies Guards Personal firewalls
Intrusion detection
Firewalls and authentication mechanisms are supposed to prevent malicious attacks
Not all attacks can be prevented It is useful to know when they are happening
An intrusion detection system (IDS) is hardware or software that monitors activity to look for suspicious patterns
A network-based IDS is stand-alone hardware that monitors a whole network
A host-based IDS runs on a host to protect that host
Types of IDSs
Signature-based IDSs do pattern matching, looking for patterns of known malicious behavior Only works for known types of attacks
Heuristic (or anomaly based) IDSs build up a model of acceptable behavior If something doesn’t fit the model, an alarm is raised An example is a particular user who has a characteristic way
of typing that suddenly changes State-based IDSs try to see when the system is in an
unsafe state Model-based IDSs try to model unacceptable activity
and react when activity looks like the model Misuse intrusion detection is like model-based
except that the model is known bad behavior
Security Planning
Security plan
A security plan is a document that describes how your organization will address its security needs
It should address:1. Policy2. Current state3. Requirements4. Recommended controls5. Accountability6. Timetable7. Continuing attention
Parts of a business continuity plan
A business continuity plan covers what will happen if a computer security problem actually happens
These plans cover big problems Catastrophic situations where large portions
of the computer systems don't work They must stop working for a long duration
Assess business impact Develop strategy to control impact Develop and implement a plan
Incident security plans
An incident security plan covers the non-business parts of any security breaches There should be incident security plans even for incidents
that are too small to fall under a business continuity plan Such a plan covers:
The definition of an incident Who is responsible for taking charge What the plan of action is
Such a plan must consider: Legal issues How to preserve evidence How to record the progress in executing the plan How to handle public relations
Risk Analysis
Risk terminology
Risk is the potential for a problem Risk is characterized by three factors
1. Loss associated with the event▪ Risk impact
2. Likelihood that the event will occur▪ A likelihood of 1 means there is a problem
3. The degree to which we can change the outcome ▪ Risk control is reducing the risk
Risk exposure = risk impact x risk probability
We can avoid, transfer, or assume the risk, depending on the tradeoffs
Risk analysis
Risk analysis is examining a system to find vulnerabilities and the harm they could cause
Risk leverage = Steps of a risk analysis:
1. Identify assets2. Determine vulnerabilities3. Estimate likelihood of exploitation4. Compute expected annual loss5. Survey applicable controls and their costs6. Project annual savings of control
Risk analysis pros and cons
Pros Cons
Improve awareness False sense of confidence
Relate security mission to management objectives
Hard to perform
Identify assets, vulnerabilities, and controls
Done once and then forgotten
Improve basis for decisions Lack of accuracy
Justify expenditures for security
Organizational Security Policies
Security policies
A security policy is a high level document informing users of the security goals of the system
Possible purposes: Recognizing sensitive information assets Clarifying security responsibilities Promoting awareness Guiding new users
Focus of a security policy Audience
Users Owners Beneficiaries The needs of all parties should be balanced
Purpose Promote efficient business operation Facilitate information sharing in the organization Safeguard information Ensure accurate information is available Ensure a safe workplace Comply with laws and regulations
The policy should say what is protected and how
Characteristics of a good policy
Coverage should be clear and comprehensive Everything should be covered Except for whatever is explicitly excluded
The policy should be adaptive and last for as long as possible Avoid referring to specific dates or protection
mechanisms The policy needs to be realistic
Possible Affordable Usable
It also needs to be understandable
Physical Security
Physical security
Natural disasters Flood Fire Everything else▪ Insure and backup
Power issues Power loss Uninterruptible power supplies (UPS) Surge suppressor
Human vandals Unauthorized access Theft
Disposing of sensitive information
Shredding paper documents Overwriting magnetic data Degaussing Van Eck phreaking safeguards
Backups
Everything should be backed up, always A complete backup covers the current state of
all data Revolving backups keep the last few complete
backups A selective (or incremental) backup stores only
the files that have changed since the last backup Ideally, you should have an offsite backup of all
your data in case of fire or flood Burning your critical data to a few DVDs and keeping
them at home or school or vice versa is a good idea for you guys
Making a Business Case for Security
Elements of a business case A business case is a proposal that justifies
an expenditure, usually including: A description of the problem you're trying to solve A list of possible solutions Constraints on solving the problem A list of assumptions Analysis of each alternative▪ Risks▪ Costs▪ Benefits
A summary of why your proposal is best
Net present value
Net present value (NPV) of a proposal is the present value of benefits minus the value of the initial investment
NPV looks at the lifetime of a project The rate of return if you were investing your money
typically is called the discount rate or opportunity cost
Business people always think about what their money could be doing other than your project
C0 is the initial investment Bt is the benefit in time period t Ct is the cost in time period t k is the discount rate n is the number of time periods
Privacy Concepts
What is information privacy? Controlled disclosure
Right to control who knows your private data Control is always diminished by sharing data with
another party Sensitive data
Not all data is equally sensitive Different people in different circumstances may
disagree about what should be protected Affected subject
Both people and businesses have private data Increasing privacy (an aspect of confidentiality)
often decreases availability
Computer-related privacy problems
Broad data collection No informed consent Loss of control Ownership of the data
Fair information policies
In 1973, a committee advising the U.S. Department of Human Services proposed a set of principles for fair information practice: Collection limitation Data quality Purpose specification Use limitation Security safeguards Openness Individual participation Accountability
U.S. privacy laws
The 1974 Privacy Act is a broad law that covers all the data collected by the government The law is based on the principles from two slides
earlier Laws for data collected by other organizations are
for specific areas and not necessarily consistent Fair Credit Reporting Act is for consumer credit Health Insurance Portability and Accountability Act
(HIPAA) is for healthcare information Gramm-Leach-Bliley Act (GLBA) is for financial services Children's Online Privacy Protection Act (COPPA) is for
children's web access
Non-US privacy
The European Union adopted the European Privacy Directive that requires that data about individuals be: Processed fairly and lawfully Collected for specified, explicit, and legitimate
purposes Adequate, relevant, and not excessive for the
purposes they were collected Accurate and as up to date as necessary Kept in a form that permits identification of
individuals for no longer than necessary
Authentication
Authentication
We have already discussed authentication from the perspective of how to do it But what are we really authenticating?
We could be authenticating any of the following three things: Individual▪ The physical person▪ Example: you
Identity▪ A string or numerical descriptor▪ Examples: the name "Clarence", the account admin
Attribute▪ A characteristic▪ Examples: being 21, having top secret clearance
Correlation in data mining Correlation is joining databases on
common fields Privacy for correlation can be improved
by making it harder to find links between related fields
Data perturbation randomly swaps fields in records Swapping records indiscriminately can destroy
the value of the research It has to add just enough randomness to the
right fields
Aggregation in data mining Aggregation means reporting sums, medians,
counts or other statistical measures As we discussed in the database chapter, these
can threaten privacy if we have a very small sample size
A corresponding problem happens if we have a sample that includes almost but not quite all of the data
For aggregates, data perturbation means adding small, random positive and negative values to each value, adding noise to the final aggregates If done correctly, the aggregates may still be accurate
enough for research purposes
Privacy on the Web
Payment
Credit cards can easily be defrauded since you provide the critical information to stores
Payment schemes like PayPal give more anonymity but do not have the same consumer protection laws
Site registration
Virtually every site on the Internet allows (if not requires) you to register with a user name and password so that you can log in
For the sake of privacy, you should have a different ID and password for every site This, of course, is impossible
People tend to use one or two IDs (and one or two passwords) for everything Many websites encourage this behavior by forcing you to use
your e-mail address as your ID In this way, it is easy for anyone with access to multiple
databases to aggregate information about you Since your e-mail address is often tied closely to you, they
could find out your true identity
Cookies
A cookie is a small text file kept on your computer that records data related to web browsing
Cookies can only be read by the site that originally stored the cookie
The way to get around this is called third-party cookies Networks of sites can form an alliance in which they cooperate
to track all of your visits to sites in the network Visiting a single page could store cookies from every ad
on the page (and more!) Web bugs are images that are usually 1 x 1 pixels and
clear They make it impossible to know how many sites could be
storing cookies
Regular mail cannot be opened under penalty of federal law
Most people do not encrypt their e-mail using PGP or S/MIME
E-mail travels from originating computer to SMTP server through the Internet to a POP server to the destination Anyone can read and collect your e-mail on
the way E-mail provides almost no guarantee of
authenticity
Privacy in emerging technolgies Radio frequency identification (RFID) tags
are usually small, inexpensive transmitters They can be attached to almost anything The infrastructure to track you everywhere may soon
exist Electronic voting has many issues
It's hard to engineer a system that correctly counts votes but cannot report how someone voted
The software and hardware design for these systems are generally not publicized
Internet voting will probably increase VoIP
Privacy is in the hands of Skype
Legal Issues
Summary of copyrights, patents, and trade secrets
Copyright Patent Trade Secret
ProtectsExpression of idea, not idea
itself
Invention, the way something
works
A secret, a competitive advantage
Protected object made
public
Yes, all about promoting publication
Filed at patent office No
Requirement to distribute Yes No No
Ease of filing Easy, do it yourself
Complicated, usually needs
lawyersNo filing
DurationLife of author +
70 years, 95 years for corporations
19 years As long as you can keep it secret
Legal protection
Sue if unauthorized copy
sold
Sue if invention copied
Sue if secret improperly obtained
Criminal vs. civil law
Criminal Law Civil Law
Defined by Statutes ContractsCommon law
Cases brought by Government
GovernmentIndividuals and
companies
Wrong party Society Individuals and companies
Remedy Jail or fine Damages, usually money
Employee and Employer Rights
Who owns what?
If you are paid to develop software, the company owns the software
If you write code in your free time, it is possible that your job can still claim a piece of it (especially if you used any of their hardware or software)
If you are a consultant who writes a program for a client and then further develop it yourself, it's complicated
Often covered by your contract
Patents and copyrights
The inventor is the entity that owns the patent Who is the inventor? It matters whether your employer files the patent or if you
do In general, when you create something, you hold the
copyright The exception is a work for hire situation which
exists when some or all of the following apply: The employer has a supervisory relationship The employer has the right to fire you The employer arranges for the work to be done before it is
created A written contract states that the employer has hired you
to do certain work
Reporting flaws
Researchers and users should report flaws to companies so that they can be fixed, but there is disagreement about how public the reporting is
Developers want the vulnerabilities secret as long as possible so that a small number of patches can fix many vulnerabilities
Users want more pressure on developers to fix problems quickly
Researchers have suggested guidelines to reach a compromise between these two groups
Computer crime
Computer crime needs new definitions for crime Traditional crime focuses on crimes
against people (murder) or crimes against objects (theft)
Copying software is not traditional theft because no tangible object is missing
Computer trespassing has a similar problem
Evidence of computer crime is difficult to authenticate
Computer criminals are hard to catch
Much of the crime is international, and there are no international computer laws Although many countries cooperate to catch
criminals, there are safe havens where they cannot be arrested
Technical problems make them hard to catch Attacks can be bounced through many
intermediaries, each requiring their own search warrant
The right network administrators has to be given the warrant (and he or she might not keep good records)
Cryptography and the law Many countries have controls on the use of cryptography
Governments want cryptography they can break so that they can catch criminals
Laws are hard to enforce for individuals, especially now that the instructions for coding up AES are widely available
Until 1998, export of cryptography in the US was covered under laws preventing the export of weapons of war This definition changed, although there are still export
restrictions There were never any restrictions on the use of cryptography in
the US Absurdly, the government said that object code was subject to
export restriction, but printed source code was an idea and therefore not
Escrowed cryptography
The government made proposals to relax export rules for escrowed encryption With escrowed encryption, the government is
given copies of all the keys used to protect all transmissions, but promises to use them only with court authorization
Three well known proposals for these systems were Clipper, Capstone, and Fortezza
These proposals were not adopted because of public distrust of what the government might do with all the keys
Laws vs. ethics
Laws: Apply to everyone Courts determine which law applies or if one
supersedes another Laws and courts define what is right (legal) and what is
wrong (illegal) Laws are enforced
Ethics: Are personal Ethical positions often come into conflict with each
other There is no universal standard of right and wrong There is no systematic enforcement for ethical decisions
Examining an ethical choice
1. Understand the situation Learn all the facts about the situation first
2. Know several theories of ethical reasoning There may be many ways to justify different
choices3. List the ethical principles involved
What different philosophies could be applied?4. Determine which principles outweigh others
This is the hard part where you have to make a subjective valuation
Ethical breakdown
Teleology(Consequence-
based)Deontology
(Rule-based)
IndividualBased on
consequences to the individual (egoism)
Based on rules acquired by the individual from religion, analysis, or
experience
Universal
Based on consequences to
society (utilitarianism)
Based on universal rules that everyone can agree
on (but there are very few of these)
Upcoming
Next time…
There is no next time!
Reminders
Review for the final exam Monday, May 5, 2014 2:30pm - 5:30pm
Finish Project 3 Final report due before midnight
tonight