1 / 44

DSC 101: Security

DSC 101: Security. Topics. Components of Security States of Information Threats Attacks Malware Vulnerabilities. What is Security?. Security is the prevention of certain types of intentional actions from occurring in a system. The actors who might attack a system are threats .

kass
Download Presentation

DSC 101: Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DSC 101: Security

  2. Topics • Components of Security • States of Information • Threats • Attacks • Malware • Vulnerabilities

  3. What is Security? Security is the prevention of certain types of intentional actions from occurring in a system. • The actors who might attack a system are threats. • Threats carry out attacksto compromise a system. • Objects of attacks are assets.

  4. Components of Security Integrity Confidentiality Availability

  5. Confidentiality Confidentiality is the avoidance of the unauthorized disclosure of information. Examples where confidentiality is critical: • Personal information • Trade secrets • Military plans

  6. Security Controls for Confidentiality Access Control: rules and policies that limit access to certain people and/or systems. • File permissions (which users can access) • Firewall settings (which IP addresses can access) Encryption: transforming information so that it can only be read using a secret key. • AES • SSL

  7. Integrity Integrity is the property that information has not be altered in an unauthorized way. Examples where integrity is critical: • Operating system files • Software updates and downloads • Bank account records

  8. Security Controls for Integrity • Backups: periodic archiving of data. • Checksums: the computation of a function that maps the contents of a file to a numerical value. • Data correcting codes: methods for storing data in such a way that small changes can be easily detected and automatically corrected.

  9. Availability Availability is the property that information is accessible and modifiable in a timely fashion by those authorized to do so. Examples where availability is critical: • E-commerce site • Authentication server for your network • Current stock quotes

  10. Security Controls for Availability Physical protections: infrastructure meant to keep information available even in the event of physical challenges. • Backup generators • Disaster recovery site Computational redundancies: computers and storage devices that serve as fallbacks in the case of failures. • Backup tapes • RAID

  11. States of Information • Storage: information in memory or disk that is not currently being accessed. • Processing: information currently being used by processor. • Transmission: information in transit between one node and another on a network. Is your information protected in all three states?

  12. Threats, Attacks, and Vulnerabilities Threats are people who are able to take advantage of security vulnerabilities to attack systems. • Criminals, hacktivists, spies, disgruntled employees. Attacks are tools, programs, and methods used by threats to obtain assets from systems in violation of the security policy. • Stuxnet, Dark Comet, AirCrack, John the Ripper Vulnerabilities are weaknesses in a system that allow a threat to obtain access to information assets in violation of a system’s security policy.

  13. How are Digital Threats Different? Automation • Salami Attack from Office Space. Action at a Distance • Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. Technique Propagation • Criminals share attacks rapidly and globally.

  14. Who are the threats? IBM X-Force 2012 Trend and Risk Report

  15. Threat Model A threat model describes which threats exist to a system, their capabilities, history, intentions, and likely targets. • Are you worried about broad or targeted threats? • Are your threats able to develop their own tools or just use off the shelf tools? • Do you keep enough data about historical incidents to know what your threats are?

  16. Threat Model Examples Example 1: Disgruntled Insider • Targeted attack on organization • Knows systems and information assets already • Attacks more likely to focus on DoS than theft Example 2: Outsider, broad attack • Broad attack, looking for any vulnerable system. • Looking for one particular type of asset, which your organization may or may not have.

  17. Attacks and Exploits An attack is an action taken by a threat to gain unauthorized access or to create unauthorized modification of assets. • Spam • Phishing • Malware • Denial of Service An exploit is a piece of software or a scripted set of actions that carry out an attack. Threats often turn attacks into exploits to automate compromising of systems.

  18. Spam Spam is the use of electronic messagingsystems to send unsolicited bulk messages, especially advertising, indiscriminately. • Mostly e-mail, but also • Blog and webforum comment spam, • Wiki spam, • IM spam, etc.

  19. Over 90% of e-mail is spam!

  20. Phishing E-mail

  21. Phishing Site

  22. Denial of Service

  23. Malware Malware, short for malicious software, is software designed to gain access to confidential information, disrupt computer operations, and/or gain access to private computer systems. Malware can be classified by how it infects systems: • Trojan Horses • Viruses • Worms Or by what assets it targets: • Ransomware • Spyware and adware • Backdoors • Rootkits • Botnets

  24. How much malware is out there?

  25. Trojan Horses

  26. Trojan Horse Examples

  27. Viruses A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other files. This process is called infecting.

  28. Worms A worm is a type of malware that spreads itself to other computers.

  29. Ransomware

  30. Spyware and Adware

  31. Backdoors

  32. Backdoor Example: Dark Comet

  33. Rootkits • Execution Redirection • File Hiding • Process Hiding • Network Hiding • Backdoor User Program Rootkit Operating System

  34. Botnets

  35. Vulnerabilities Vulnerabilities can be found in any software: • PC: Office, Adobe Reader, web browsers • Server: Databases, DNS, mail server software, web servers, web applications, etc. • Mobile: Mobile phone OS, mobile applications • Embedded: printers, routers, switches, VoIP phones, cars, medical devices, TVs, etc. • Third party software: Web browser plugins, Ad affiliate network JavaScript include files, Mobile ad libraries

  36. Document Format Vulnerabilities IBM X-Force 2012 Trend and Risk Report

  37. Web Browser Vulnerabilities IBM X-Force 2012 Trend and Risk Report

  38. Embedded Vulnerabilities

  39. Patches A patch is a piece of data or software designed to fix a security vulnerability or bug. • Administrator may have to apply manually. • Some vendors specify certain days to patch, such as “Patch Tuesday,” the 2nd Tuesday of the month when MS releases updates. • Increasingly software auto updates itself with current patches.

  40. Vulnerability Timeline

  41. Vulnerability Markets

  42. Vulnerability Databases

  43. Key Points • Components: confidentiality, integrity, availability • States of Info: storage, communication, processing • Definitions: threat, attack, and vulnerability • Attacks: spam, phishing, DoS, and malware • Vulnerabilities affect all software • Not just PC or mobile software • Lifecycle: 0day, exploit, then patch and signatures

  44. References • Nate Anderson, Meet the men who spy on women through their webcams: The Remote Administration Tool is the revolver of the Internet's Wild West. ArsTechnica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/, 2013. • HoneynetProject, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. • IBM, X-Force 2012 Risk and Trends Report, 2013. • Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005. • Norton, Fake Antivirus, http://www.nortonantiviruscenter.com/security-resource-center/fake-antivirus.html • Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006. • Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.

More Related