1 / 33

Computer Security: Principles and Practice

Computer Security: Principles and Practice. Chapter 1 – Overview. First Edition by William Stallings and Lawrie Brown Lecturer: Ming Hour Yang. Overview. What is Computer Security?

julian-rowe
Download Presentation

Computer Security: Principles and Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Security: Principles and Practice Chapter 1 – Overview First Edition by William Stallings and Lawrie Brown Lecturer: Ming Hour Yang

  2. Overview What is Computer Security? Computer Security: protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).

  3. Key Security Concepts

  4. Intrusion Activites • Can you name some intrusion activities? • 植入不明程式(如病毒, 後門程式) • 不當存取權限升等 • 不當方法取得帳號 • 檔案竊取 • 阻斷服務 • 違反電子郵件寄送規定 • 上班時間看股票資訊

  5. Computer Security Challenges • not simple • must consider potential attacks • procedures used counter-intuitive • must decide where to deploy mechanisms • involve algorithms and secret info • battle of wits between attacker / admin • not perceived on benefit until fails • requires regular monitoring • too often an after-thought • regarded as impediment to using system

  6. Security Terminology

  7. Vulnerabilities and Attacks • system resource vulnerabilities may • be corrupted (loss of integrity) • become leaky (loss of confidentiality) • become unavailable (loss of availability) • attacks are threats carried out and may be • passive • active • insider • outsider

  8. Who launch attacks • Can you name some? • 駭客 • 對特殊目標具有特殊目的的人(竊取網路銀行帳號及密碼) • 離職員工, 離時雇員 • 練習中的新手 • And?

  9. Motivation of an attack • Try to give me some reason • 竊取資料, 偷頻寬 • 破壞 • 當攻擊跳板 • 中斷服務 • 練功, 玩 • 作戰 • Else?

  10. Taxonomy of Attacking • 搜尋攻擊目標相關資訊 • 確定對方系統資訊 • 通訊埠掃描 • 作業系統版本, 提供服務項目(telnet, ftp, web)及版本 • 弱點攻擊 • 取得管理者權限 • 植入程式 • Backdoor, trojan horse, sniffer • 隱藏蹤跡 • Rootkit • “有目的”的攻擊 • “沒目的”的攻擊

  11. Target of Attackers • 單位所有 IP addresses • 伺服器位置 • 人員, e-mail, 名字英文縮寫, 網域名稱查詢伺服器(DNS)位置, 撥接上網電腦所在位置…等 • 網管人員帳號 • 是否有撥接上網的電腦 • 是否有新成立的單位

  12. Collect Target Information • 取得管道 • 仔細閱讀對方網站內容 • 搜尋引擎(yahoo, google, dogpile, altivista, edgar) • 搜尋工具, 如Webferret, Nessus • 可同時搜尋 15 個搜尋引擎 • 紀錄搜尋結果 • 去除重複的結果(標題相同, 網址相同,…)

  13. Password Cracking • 工具軟體 • Brutus, http://www.hoobie.net/brutus/brutus-download.html • 字典檔

  14. Homework • Use Nessus to scan your computer, and find out the vulnerabilities in the computer • Read the Nessus report, and write a report to me to show me what you learned from the Nessus report • Your report needs a cover page which includes your name and ID • Due date 3/16 • Mail your report to me mhyang@cycu.edu.tw

  15. Countermeasures • means used to deal with security attacks • prevent • detect • recover • may result in new vulnerabilities • will have residual vulnerability • goal is to minimize risk given constraints

  16. Security Mechanisms/Tools • 弱點掃描工具軟體 • R-scanner • nessus • 網路架構 • 防火牆系統 • 入侵偵測系統

  17. Security Scanner • 何謂弱點掃描器 • 為何需要弱點掃描器 • R-scanner, nessus • 特殊描述語言 • NASL (Nessus Attack Scripting Language)

  18. 網際網路 企業內部網路 防火牆 Firewall • 在一個受保護的網路間, 用來強制執行企業安全政策的一個或一組系統 • 目的: • 謹慎的在一個控制 點上限制人們進出 網路 • 防止攻擊者接近 防禦物

  19. What the firewall cant’ • 防火牆管不到不經過它的連線 • 防火牆管不到企業內部的“漢奸”

  20. Intrusion Detection System • 網路型入侵偵測系統 • Snort • 篩檢網路流通封包 • 本機型入侵偵測系統 • Agent based IDS • 保護重要檔案及系統檔

  21. Threat Consequences • unauthorized disclosure • exposure, interception, inference, intrusion • deception • masquerade, falsification, repudiation • disruption • incapacitation, corruption, obstruction • usurpation • misappropriation, misuse

  22. Scope of Computer Security

  23. Network Security Attacks • classify as passive or active • passive attacks are eavesdropping • release of message contents • traffic analysis • are hard to detect so aim to prevent • active attacks modify/fake data • masquerade • replay • modification • denial of service • hard to prevent so aim to detect

  24. Security Functional Requirements • technical measures: • access control; identification & authentication; system & communication protection; system & information integrity • management controls and procedures • awareness & training; audit & accountability; certification, accreditation, & security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition • overlapping technical and management: • configuration management; incident response; media protection

  25. X.800 Security Architecture • X.800, Security Architecture for OSI • systematic way of defining requirements for security and characterizing approaches to satisfying them • defines: • security attacks - compromise security • security mechanism - act to detect, prevent, recover from attack • security service - counter security attacks

  26. Security Taxonomy

  27. Security Trends

  28. Computer Security Losses

  29. Security Technologies Used

  30. Computer Security Strategy • specification/policy • what is the security scheme supposed to do? • codify in policy and procedures • implementation/mechanisms • how does it do it? • prevention, detection, response, recovery • correctness/assurance • does it really work? • assurance, evaluation

  31. Summary • security concepts • terminology • functional requirements • security architecture • security trends • security strategy

  32. Homework • Get an exploit • Attack a target in our testbed. • Use Snort to detect the attack and Use etheral to analyse the communications between the attacking and victim hosts. • Write the analysis report • Mail your report to nash@wns.ice.cycu.edu.tw • The deadline is 3/30

More Related