Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability."— Presentation transcript:

1 Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability

2 Access Control Limiting and controlling access to a shared resource Two approaches – 1) define what different subjects are allowed to do and 2) define what can be done to different objects Access permissions – Unix has read, write, and execute; Windows NT has read, write, execute, delete, change permission, and change ownership

3 Software Reliability How buggy software provides security vulnerability Why these problems are so common

4 The Ubiquity of Faulty Code Estimates from SEI are 5-15 errors/1000 LOC WIN2000 has 35-60 million LOC Capers Jones study of errors in COBOL programs Problem of getting people to install bug fixes

5 Risk What is risk? –Magnitude of loss –Likelihood of loss –Exposure to loss How well do people understand probability?

6 Vulnerabilities Five steps to an attack 1)Identify the specific target to be attacked and gather information about the target 2)Analyze the information and identify a vulnerability in the target that will accomplish the attack objectives 3)Gain the appropriate level of access to the target 4)Perform the attack on the target 5)Complete the attack, which may include erasing evidence of the attack, and avoid retaliation

7 The Vulnerability Landscape Physical Virtual Trust Model System Life Cycle

8 Countermeasures Protection Detection Reaction

9 Threat Modeling What are the threats? How would a hacker think about attacking this system?

10 Use of Threat Modeling Risk Assessment Security Design 1)Understand the real threats to the system and assess the risk of these threats 2)Describe the security policy necessary to defend against the threats 3)Describe the countermeasures that enforce the policy

11 Security Policies Good policies are appropriate for real threats Security policies should be written Security policies should specify security measures and who is responsible for their implementation, enforcement, audit, and review

12 Network The Internet Browser Packet Router Packet Router Packet Route Webserver Software Router The global Internet has thousands of networks

13 Frames and Packets Server Switch Router A Router B Client PC Packet Frame 1 Carrying Packet in Network 1 Frame 2 Carrying Packet in Network 2 Frame 3 Carrying Packet in Network 3

14 Frames and Packets Like passing a shipment (the packet) from a truck (frame) to an airplane (frame) at an airport. Truck Same Shipment Airplane Airport Truck Shipper Receiver

15 Network Layered Architecture TCP/IP Application Transport Internet OSI Subnet Access: Use OSI Standards Here Hybrid TCP/IP-OSI Application Presentation Session Application Transport NetworkInternet Data Link Physical

16 Physical and Data Link Layers Physical (Layer 1): defines electrical signaling and media between adjacent devices Data link (Layer 2): control of a frame through a single network, across multiple switches Switched Network 1 Data Link Physical LinkFrame

17 Internet Layer Governs the transmission of a packet across an entire internet. Path of the packet is its route Switched Network 1 Switched Network 2 Switched Network 3 Router Route Packet

18 Internet and Transport Layers Transport Layer End-to-End (Host-to-Host) Client PC Server Internet Layer (Usually IP) Hop-by-Hop (Host-Router or Router-Router) Router 1Router 2Router 3

19 Hierarchical IP Address Network Part (not always 16 bits) Subnet Part (not always 8 bits) Host Part (not always 8 bits) Total always is 32 bits. 128.171.17.13 Host 13 128.171.17.13 CBA Subnet (17) UH Network (128.171) The Internet

20 Domain Name Service Domain names and physical addresses The DNS is a database that shows domain names and physical addresses

21 IP Address Spoofing Trusted Server 60.168.4.6 Victim Server 60.168.47.47 1. Trust Relationship 2. Attack Packet Spoofed Source IP Address 60.168.4.6 Attacker’s Identity is Not Revealed Attacker’s Client PC 1.34.150.37 3. Server Accepts Attack Packet

22 Internet Protocol (IP) IP Addresses and Security –IP address spoofing: Sending a message with a false IP address –Gives sender anonymity so that attacker cannot be identified –Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts

23 Transmission Control Protocol (TCP) TCP Messages are TCP Segments –Flags field has several one-bit flags: ACK, SYN, FIN, RST, etc. Window Size (16 bits) Flag Fields (6 bits) Reserved (6 bits) Header Length (4 bits)

24 Communication During a TCP Session PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgement of 1) 3. ACK (2) Open (3) 3-Way Open

25 Communication During a TCP Session PC Transport Process Webserver Transport Process Close (4) 13. FIN (Close) 14. ACK (13) 15. FIN 16. ACK (15) Note: An ACK may be combined with the next message if the next message is sent quickly enough Normal Four-Way Close

26 Targeted System Penetration Unobtrusive Information Collection –Whois database Information about responsible person Information about IP addresses of DNS servers, to find firm’s IP address block

27 Targeted System Penetration IP Address Spoofing Put false IP addresses in outgoing attack packets Attacker is blind to replies –Use series of attack platforms

28 Using a Chain of Attack Hosts Attacker 1.4.5.6 Victim 60.77.8.32 Compromised Host 123.67.8.23 Compromised Host 123.67.33.4 Attack Replies Allows Reading of Replies Without Exposing Attacker

29 Using a Chain of Attack Hosts Subsequent Trace Back Successful Connection Broken Connection Broken Compromised Host 123.67.8.23 Compromised Host 123.67.33.4 Attacker 1.4.5.6 Victim 60.77.8.32

30 Denial-of-Service (DoS) Attacks Flooding Denial-of-Service Attacks –SYN flooding Try to open many connections with SYN segments Victim must prepare to work with many connections Victim crashes if runs out of resources; at least slows down More expensive for the victim than the attacker

31 SYN Flooding DoS Attack SYN Attacker 1.34.150.37 Victim 60.168.47.47 Attacker Sends Flood of SYN Segments Victim Sets Aside Resources for Each Victim Crashes or Victim Becomes Too Overloaded to Respond to the SYNs from Legitimate Uses

32 Distributed Denial-of-Service (DDoS) Attacker 1.34.150.37 Attack Command Handler Attack Command Zombie Attack Packet Victim 60.168.47.47 Attack Packet Zombie Handler Attack Command

33 Types of Firewall Inspection Packet Inspection –Examines IP, TCP,UDP, and ICMP header contents –Static packet filtering looks at individual packets in isolation. Misses many attacks –Stateful inspection inspects packets in the context of the packet’s role in an ongoing or incipient conversation Stateful inspection is the preferred packet inspection method today

34 Types of Firewall Inspection Denial-of-Service Inspection –Recognizes incipient DoS attacks and takes steps to stop them –Limited to a few common types of attacks

35 Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second) Complexity of Filtering: Number of Filtering Rules, Complexity Of rules, etc.

36 Stateful Inspection Firewalls State of Connection: Open or Closed –State: Order of packet within a dialog –Often simply whether the packet is part of an open connection

37 Stateful Inspection Firewalls Static Packet Filter Firewalls are Stateless –Filter one packet at a time, in isolation –If a TCP SYN/ACK segment is sent, cannot tell if there was a previous SYN to open a connection –But stateful firewalls can

38 DMZ Demilitarized Zone - Space between two firewalls For Servers That Must be Accessed From the Outside

39 Configuring, Testing, and Maintaining Firewalls Must test Firewalls with Security Audits –Only way to tell if policies are being supported –Must be driven by policies Maintaining Firewalls –New threats appear constantly –ACLs must be updated constantly if firewall is to be effective

40 Hardening Host Computers The Problem –Computers installed out of the box have known vulnerabilities Not just Windows computers –Hackers can take them over easily –They must be hardened—a complex process that involves many actions

41 Hardening Host Computers Elements of Hardening –Physical security –Secure installation and configuration –Fix known vulnerabilities –Turn off unnecessary services –Harden all remaining applications

Download ppt "Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CCNA – Network Fundamentals

CCNA – Network Fundamentals
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.

Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Similar presentations

Ads by Google