1 / 28

Principles of Security

Principles of Security. Burgess Ch.9. Principles of Security (Burgess Ch.9). Aspects of Security No Access without security check Security maintenance can reduce Privacy Integrity is ensured through effective Security Trust is a substitute for security

savannac
Download Presentation

Principles of Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Principles of Security Burgess Ch.9

  2. Principles of Security(Burgess Ch.9) • Aspects of Security • No Access without security check • Security maintenance can reduce Privacy • Integrity is ensured through effective Security • Trust is a substitute for security • Security often effects Reliability and Safety • More Security = Less Convenience • Hence the frequent use of Trust agreements FIT2018 (c) Monash University

  3. Physical Security • Physical access to host equipment, devices and communication media • Software security depends on “adequate” host security • Level of security depends on value of asset • Adequate security often consists of several overlapping schemes (No single security mechanism is perfect!) FIT2018 (c) Monash University

  4. Scope of Security • Applies to local system resources as well as remote network resources • Many major fraud cases perpetrated by insiders • But Internet is huge and also represents a significant threat • Threats may also include accidental and “natural” sources FIT2018 (c) Monash University

  5. Basic Components of Security • Restriction of access: Privacy of resource/data • Authentication: Verification of Identity • Trust: Inherent security of known source • Integrity: Guarantee against corruption/loss FIT2018 (c) Monash University

  6. Common Trust Relationships • Many implied trusts in computer systems • Unix NFS trusts the agent that mounts remote file systems (usually root user) • rlogin, rsh, rexec commands trust root users from hosts registered in .rhosts and hosts.equiv files • downloaded executable code is “trusted” (Trojan Horse) • After authentication of a known host, data downloaded during that session is trusted • Trust relationships imply assumed security, and if overused can expose security holes. FIT2018 (c) Monash University

  7. Security Policy • Is a definition of security requirements for local users • Used to determine • if/when a breach has occurred • what to do about it FIT2018 (c) Monash University

  8. Factors in Security Policy • Source of threat • Remote threat? • Internal threat (different host or same host?) • Interruption of service? • User error or accident? • Level of threat • Sophisticated spies? • Tourists – curious? Just looking? • Braggers – trying to impress? FIT2018 (c) Monash University

  9. Factors in Security Policy • Cost of implementation (Technical and Personal) • Loss of convenience tolerated by users • Nature of protected asset – total cost of loss/damage • Secrets – government, trade, operational • Personnel data – employees, patients, customers … • Critical system service – web, email, directory, keyserver • System abuse – where system is used to aid/abet damage elsewhere FIT2018 (c) Monash University

  10. Factors in Security Policy • Consequence of security breach • Financial loss • Legal liability • Operational loss • lost business, missed deadline • Loss of reputation (Integrity) • damage to trust relationships FIT2018 (c) Monash University

  11. System Integrity - Protecting against Loss • Loss of Data – Backup through Redundancy • Traditional: tape backup • Disks now bigger, faster & cheaper • CDROM is at least as fast as tape • May also Backup and restore through Network • Loss of Service • Downtime can be just as serious as lost data • UPS protects against power outage • Redundant CPU, network hardware & connections prevent downtime due to equipment failure or circuit interruption • Careful network design helps prevent DoS attack FIT2018 (c) Monash University

  12. System and Network Security • Only an insignificant percentage of network users are malicious, but since Internet is so huge, this amounts to a significant threat! • Obscurification – Security through Obscurity • Hiding information to make it difficult for intruders • But if black-hats can see that there is nothing worth finding, they will often leave a system alone  • Open Source vs Corporate code FIT2018 (c) Monash University

  13. System and Network Security • “Honey Pot” machines – sacrificial system, easily rebuilt if compromised - no real loss • Security Holes • bugs in systems that may be exploited by attackers • setuid-root programs (eg passwd sendmail finger) • Firewalls can prevent access systems with security holes • See CERT and SANS news://comp.security.announce • Homogeneous networked hosts • Easier to install and maintain • More likely to be able to fix all security holes FIT2018 (c) Monash University

  14. System and Network Security • Modem pools • may allow back-door connections around network security features and firewalls • Laptops and portable systems • Theft of a laptop can yield enough information to compromise other hosts • Backups • Secure storage of backup is often overlooked. • Why break into a system when the information can be obtained by stealing the backups? FIT2018 (c) Monash University

  15. Non-Technical aspects of Security • Otherwise impenetrable system can still be compromised using “Social Engineering” • An unwary user may be tricked into revealing the keys to sensitive information • Phone call from bogus SysAdmin who needs info to repair or install • Bogus Market survey with questions that reveal enough info to be able to guess passwords or key information • Discarded documents with account numbers or other pertinent data FIT2018 (c) Monash University

  16. Non-Technical aspects of Security • Bragging • Misguided users bragging about how good their system is, re actually giving information away • Egotistical crackers may over emphasize their success to provoke a situation where more information is revealed • Security Policy needs to include steps to minimise these social issues • user education • clearly stated policy on disclosing information over the phone • Check Lists FIT2018 (c) Monash University

  17. TCP/IP Security • IP is “best effort” datagram – ie no sequence • TCP offers guaranteed delivery of data stream over IP – breaks stream into segments and provide own sequence, error detection and correction • Sequence provided by byte position in data stream • Packets protected by checksum and positive acknowledgment of received sequence number • Packets with errors are dropped, leading to acknowledgement timeout and retransmission FIT2018 (c) Monash University

  18. TCP/IP Security • TCP connections are full duplex streams • Initial sequence numbers established during initial connection using “3-Way Handshake” FIT2018 (c) Monash University

  19. Common Network Host Attack Methods • Ping attack - “Ping of Death” • RFC791 specifies maximum segment size 64Kb • Some systems can transmit segments larger than this, but not all can receive them! • ping –s 65510 targethost • In vulnerable systems leads to buffer overflow and unpredictable results – often serious system corruption FIT2018 (c) Monash University

  20. Common Network Host Attack Methods • Denial of Service (DoS) attack • Generating requests for service faster than service can be supplied may cause server to grind to a halt! • Also Distributed DoS - Synchronising multiple clients to request services simultaneously FIT2018 (c) Monash University

  21. Common Network Host Attack Methods • TCP/IP Spoofing • Generating TCP packets with false source address • Not common until recently, since this requires user programs running with system privileges to be able to send raw IP frames • False packets must also have expected sequence numbers, or they will be rejected by the target • Acknowledgements sent back to real host usually cause it to immediately reset the connection FIT2018 (c) Monash University

  22. Common Network Host Attack Methods • SYN flooding • The 3-way handshake can be used as part of a DoS attack • Attacker connects (SYN) with a spoofed source IP address • Target system replies with a SYN+ACK to the real host and waits for an ACK • if the real host cannot reset the connection, then the target system waits forever! • Many spoofed incomplete connection requests eventually exhaust target system resources. Prevent valid connections from being accepted. • Recent systems resistant to this form of attack. May also be protected by routers that drop packets with forged addresses FIT2018 (c) Monash University

  23. Common Network Host Attack Methods • TCP Sequence attack • A form of IP Spoofing • A false IP packet transmitted by a third party can be inserted into an existing connection stream • Relies on being able to correctly guess the next sequence number at that point in the stream • Allows an observer to commandeer a TCP session and impersonate other hosts with trusted access or after authentication has occurred • More difficult now that TCP has been modified to allow random initial sequence numbers FIT2018 (c) Monash University

  24. Common Network Host Attack Methods • Fragmentation attack “Teardrop” • Exploits a bug in the reassembly of UDP packets in some old versions of TCP/IP • Attacker send two or more forged UDP packets with sequence numbers and length values such that the datagrams overlap • When the target attempts to allocate memory for buffer space, it generated faulty system call parameters that cause the operating system to panic • Most modern implementations of TCP/IP no longer vulnerable to this problem FIT2018 (c) Monash University

  25. Common Network Host Attack Methods • ICMP Flooding - “Smurf” • A form of DDoS attack. • The attacker sends a spoofed ICMP echo request packet to the broadcast address of a large network • All the hosts in that network then reply to the echo request but send to the target, not the attacker! • The large number of replies arriving in rapid succession flood the target and consume all system resources. FIT2018 (c) Monash University

  26. Common Network Host Attack Methods • DNS Cache poisoning • The DNS is often used as a way to verify the IP address of a remote connection request. • In systems where connections are controlled by host.equiv or .rhost files, this sort of attack can be used to allow the attacker to impersonate a trusted host, and so gain access. • A forged DNS reply to a request from the target machine to it DNS server can be used to insert the attackers IP address in the target host DNS cache, in place of the actual address of the trusted host. • A sort time later (before the cached DNS entry expires) the attacker’s host can request a connection and will be accepted FIT2018 (c) Monash University

  27. …. Time for a Break .… 

More Related