Chapter 1An Introduction To Computer Security TOPICS • Introduction • Threats to Computer Systems • Threats, Vulnerabilities and Attacks • Characteristics of Computer Intrusion • Type of Threats • Points of Security Vulnerabilities • Methods of Defense • Categories of Computer Attacks • Using an Attack Taxonomy • Consideration in Selecting an Attack Taxonomy • Simple Attack Taxonomy • Risk Based Attack Taxonomy • Examples of Common Attack Methods • Attack Prevention Methods • Summary
Introduction • Computer security protects computer and everything associated with it - building, terminals, printers, cabling, disks and tapes. • Most importantly, computer security protects the information stored in a system. Hence often known as information security.
Threats to Computer Systems • Threats • Vulnerabilities • Attacks
Threats • Is defined as any potential occurrence, malicious or a possible danger that can affect the assets and resources associated with a computer system. Example: A person - a system cracker or a spy, A thing - a faulty equipment or An event - a fire or a flood.
Vulnerabilities • Is a point where a system is susceptible to attack. In other words the presence of vulnerabilities allows bad things to happen on a computer system. Example: Physical: buildings and computer rooms are vulnerable. Natural: computers are very vulnerable to natural disasters such as fire, flood etc. Human: people who administer and user computer system represent greatest vulnerability of all.
Attack • An attack on a computer system is some action taken by a malicious intruder that involves the exploitation of certain vulnerabilities to cause an existing threat to occur.
Characteristic of Computer Intrusion • The target of computer crime involves - hardware, software, media, data and people. • In any system, the weakest point is the most serious vulnerability.
Types of Threats • Confidentiality threat: • To protect information from unauthorised disclosure. • Also known as secrecy or privacy. • Integrity threat: • To ensure that information is accurate, complete and authentic. • Accuracy is more important than confidentiality of information. • Availability threat: • To ensure that the computer systems work efficiently. • Able to recover quickly and completely if a disaster occurs. • Opposite of availability is denial of service.
Points of Security Vulnerabilities • Attacks on hardware: • Computer hardware is so visible and hence easy to attack. • Includes power supply surge, unstable power supply etc. • Attacks on Software: • Software can be destroyed maliciously or modified, deleted or misplaced. • Examples include time bomb, Trojan horse, computer bug etc. • Attacks on data: • Available in many forms, such as electronic, printout and media. • Can be destroyed, changed, modified or deleted very easily.
Categories of Computer Attacks • Attack Taxonomy: • Defined as any generalised categorisation of potential attacks that might occur on given computer system. • Classes of system like real-time systems, databases and local area networks. • Consideration in selecting attack taxonomy: • Completeness • Appropriateness • Internal and External threats
Risk Based Attack Taxonomy • External information theft • External abuse of resources • Masquerading • Pest programs • Bypassing of internal controls
Risk Based Attack Taxonomy • External information theft: • Involves unauthorised access to information without exploiting any mechanisms. • Abuse of mechanisms without direct access to the system. • Associated with disclosure threat. • Example, an individual glancing at a colleague's terminal screen. • External abuse of resources: • Involves physical destruction of computer system hardware. • Associated with the integrity threat. • Example, direct vandalism.
Risk Based Attack Taxonomy • External masquerading: • Involves a malicious intruder successfully impersonating another user. • Associated with disclosure, integrity or denial of service threats. • Example, intruder tapping into a communication media. • Pest Program: • Programs that cause subsequent harm to computer systemcan be viewed as a time bomb. • Requires mechanisms internal to the computer systemassociated with integrity threat. • Example, Trojan horse and computer virus attacks.
Risk Based Attack Taxonomy • Bypassing of Internal Controls: • Involves the explicit avoidance of authorisation, access and authority controls. • Associated with disclosure, integrity or denial of service threats. • Example, cracking techniques that subvert protective approaches.
Examples of Common Attack Methods • Password spoof program • Password theft by clever reasoning • Logic bomb mail • Schedule file removal • Field separate attack • Insertion of compiler Trojan horse
Examples of Common Attack Methods • Password spoof program: • Trojan horse program is used to fake the normal login sequence. • Involves spoofing a user for login and password information. • Password theft by clever reasoning: • Users typically create passwords that are mnemonic. • Hackers gain access by guessing of password of individuals. • Obtain a copy of password file and encryption function.
Examples of Common Attack Methods • Logic bomb mail: • Programs that remain dormant until some predetermined logical condition on the target system becomes true. • May cause harm after the malicious intruder has escaped. • The login spoof might be viewed as a logic bomb. • Schedule file removal: • A useful file offered on many types of operating systems. • Used to schedule program to be run at predetermined time. • Command can be combined with attack programs.
Examples of Common Attack Methods • Field separate attack: • This attack relies on several technical assumptions underlying operating system. • Field separate can be redefined to include various characters. • Also relies on existence of system program invoked by a normal user. • Insertion of compiler Trojan horse: • Programs used by many different users are the attractive target for Trojan horse for widespread damage. • Hence, compilers are attractive targets for Trojan horse insertion.
Attack PreventionMethods • Individual screening • Physical security • Care in operations
Attack Prevention Methods • Individual screening: • Involves checking the background, credentials and other personal attributes of individuals. • Used to trust user not to spoof other user or create compiler Trojan horse. • Physical security: • This method involves securing the computer system facility. • Computer centres that are guarded, locked and monitored demonstrate this type of security control. • Advantage is external hardware damage is effectively controlled. • Disadvantage is may not useful for remote access.
Attack Prevention Methods • Care in operations: • Involves individuals being careful in their day-to-day activities to avoid common types of attacks. • Users can often avoid password spoof attacks by clearing the terminals before login into system. • Similarly compiler attacks can be avoided by simple access and configuration controls.