K. Salah1 Introduction to Security Overview of Computer Security

K. Salah2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures in our society Computers and networks are the nerves of the basic services and critical infrastructures in our society  Financial services and commerce  Transportation  Power grids  Etc. Computers and networks are targets of attacks by our adversaries Computers and networks are targets of attacks by our adversaries

K. Salah3 Why is security so hard? The complexity of computers and networks The complexity of computers and networks Increases Internet usage Increases Internet usage User expectation User expectation Lack of awareness of threats and risks Lack of awareness of threats and risks  Software by peopleware  Social engineering Defense is inherently more expensive Defense is inherently more expensive  Offense only needs the weakest link Ample cracking tools Ample cracking tools

K. Salah4

5 Tempset Attack Tempest Tempest  is an acronym for Transient ElectroMagnetic Pulse Emanation Surveillance.  This is the science of monitoring at a distance electronic signals carried on wires or displayed on a monitor.  It is of enormous importance to serious cryptography snoopers.  To minimize a tempest attack you should screen all the cables between your computer and your accessories, particularly your monitor.  A non CRT monitor screen such as those used by laptops (or plasma TV) offers a considerable reduction in radiated emissions and is recommended.

K. Salah6 Type of Attackers Amateurs: regular users, who exploit the vulnerabilities of the computer system Amateurs: regular users, who exploit the vulnerabilities of the computer system  aka “Smart kiddies”  Less experienced  Motivation: easy access to vulnerable resources Hackers/Crackers: attempt to access computing facilities for which they do not have the authorization Hackers/Crackers: attempt to access computing facilities for which they do not have the authorization  Experts  Motivation: enjoy challenge, curiosity Career criminals: professionals who understand the computer system and its vulnerabilities Career criminals: professionals who understand the computer system and its vulnerabilities  Motivation: personal gain (e.g., financial) Intruders are all of the above Intruders are all of the above

K. Salah7 Methods of Defense Prevent: block attack Prevent: block attack Deter: make the attack harder Deter: make the attack harder Deflect: make other targets more attractive Deflect: make other targets more attractive  E.g. is honeypots Detect: identify misuse Detect: identify misuse Tolerate: function under attack Tolerate: function under attack Recover: restore to correct state Recover: restore to correct state

K. Salah8 Computer Security Domains Physical security -- Controlling the comings and goings of people and materials; protection against the elements and natural disasters Physical security -- Controlling the comings and goings of people and materials; protection against the elements and natural disasters Operational/procedural security -- Covering everything from managerial policy decisions to reporting hierarchies Operational/procedural security -- Covering everything from managerial policy decisions to reporting hierarchies Personnel security -- Hiring employees, background screening, training, security briefings, monitoring, and handling departures Personnel security -- Hiring employees, background screening, training, security briefings, monitoring, and handling departures System security -- User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing. OS and database systems. System security -- User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing. OS and database systems. Network security -- Protecting network and telecommunications equipment, protecting network servers and transmissions, combating eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions Network security -- Protecting network and telecommunications equipment, protecting network servers and transmissions, combating eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions Information Security – Hiding of information (cryptography) and also security of information in transit over a network. Examples: e-commerce transactions, online banking, confidential s, file transfers, record transfers, authorization messages, etc. Information Security – Hiding of information (cryptography) and also security of information in transit over a network. Examples: e-commerce transactions, online banking, confidential s, file transfers, record transfers, authorization messages, etc.

K. Salah9 What is Security? Keeping something (information in our case) secure against Keeping something (information in our case) secure against  Someone stealing it  Someone destroying it  Someone changing it  Someone preventing me from using it More Specifically More Specifically  Confidentiality: nobody else can see it  Integrity: nobody else can change it  Availability: I can get at it whenever I want

K. Salah10 Basic Components of Security Confidentiality Confidentiality  Keeping data and resources secret or hidden Integrity Integrity  Ensuring authorized modifications;  Includes correctness and trustworthiness Availability Availability  Ensuring authorized access to data and resources when desired Accountability Accountability  Ensuring that an entity’s action is traceable uniquely to that entity Security assurance Security assurance  Assurance that all four objectives are met

K. Salah11 What “secure” means Confidentiality Integrity Availability Secure

K. Salah12 Information security today Emergence of the Internet and distributed systems Emergence of the Internet and distributed systems  Increasing system complexity Digital information needs to be kept secure Digital information needs to be kept secure  Competitive advantage  Protection of assets  Liability and responsibility Financial losses Financial losses  There are reports that the annual financial loss due to information security breaches is between 5 and 45 billion dollars National defense National defense  Protection of critical infrastructures: Power Grid; Air transportation  Interlinked government agencies Severe concerns regarding security management and access control measures

K. Salah13 Terminology Security Features or Services Information Attackers/Intruders/ Malfeasors Requirements & Policies Security Mechanisms Security Architecture

K. Salah14 Attack Vs Threat A threat is a “potential” violation of security A threat is a “potential” violation of security  The violation does not need actually occur  The fact that the violation might occur makes it a threat  It is important to guard against threats and be prepared for the actual violation  “being paranoid” The actual violation of security is called an attack The actual violation of security is called an attack

K. Salah15 Common security attacks Interruption, delay, denial of receipt or denial of service Interruption, delay, denial of receipt or denial of service  System assets or information become unavailable or are rendered unavailable Interception or snooping Interception or snooping  Unauthorized party gains access to information by browsing through files or reading communications Modification or alteration Modification or alteration  Unauthorized party changes information in transit or information stored for subsequent access Fabrication, masquerade, or spoofing Fabrication, masquerade, or spoofing  Spurious information is inserted into the system or network by making it appear as if it is from a legitimate entity

K. Salah16 Malicious Code or malware Trapdoors Trojan Horses Bacterium Logic Bombs WormsVirus X Files

K. Salah17 DOS and DDOS

K. Salah18 Trojan/Backdoor Program Trojan part: masquerades itself as a nice program Trojan part: masquerades itself as a nice program  WildAnimals.scr (Any executable can be saved as.scr)  YourDocumnet.doc ….exe 100 spaces followed by.exe Backdoor Backdoor  Once launched, it opens a communication channel (IRC, FTP, telnet, etc) with a certain machine  Can be used to hijack a machine if running proxy communication protocols (ssh or socks4) and bypassing firewalls Internet traffic would seem to be coming/outgoing from infected system and routed to attacker machine

K. Salah19 Goals of Security Prevention Prevention  To prevent someone from violating a security policy Detection Detection  To detect activities in violation of a security policy  Verify the efficacy of the prevention mechanism Recovery Recovery  Stop policy violations (attacks)  Assess and repair damage  Ensure availability in presence of an ongoing attack  Fix vulnerabilities for preventing future attack  Retaliation against the attacker

K. Salah20 Operational Issues Cost-Benefit Analysis Cost-Benefit Analysis  Benefits vs. total cost  Is it cheaper to prevent or recover? Risk Analysis Risk Analysis  Should we protect something?  How much should we protect this thing?  Risk depends on environment and change with time Laws and Customs Laws and Customs  Are desired security measures illegal?  Will people do them?  Affects availability and use of technology

K. Salah21 Human Issues Organizational Problems Organizational Problems  Power and responsibility  Financial benefits People problems People problems  Outsiders and insiders Which do you think is the real threat?  Social engineering