© 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Chapter Overview © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved The NIST Computer Security Handbook defines the term Computer Security as: “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/data, and telecommunications) © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved grity I nte Confiden tiality The CIA Triad Data and services A v a il y t i l i b a © 2016 Pearson Education, Inc., Hoboken, NJ All rights Key Security Concepts Confidentiality Integrity • Guarding • Preserving against authorized improper restrictions on information information modification or access and destruction, disclosure, including including ensuring means for information protecting nonrepudiation personal and privacy and authenticity proprietary information © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Availability • Ensuring timely and reliable access to and use of information Levels of Impact Low Moderat e High The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Computer Security Challenges • Computer security is not as • • • • simple as it might first appear to the novice Potential attacks on the security features must be considered Procedures used to provide particular services are often counterintuitive Physical and logical placement needs to be determined Additional algorithms or protocols may be involved © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved • Attackers only need to find a • • • • single weakness, the developer needs to find all weaknesses Users and system managers tend to not see the benefits of security until a failure occurs Security requires regular and constant monitoring Is often an afterthought to be incorporated into a system after the design is complete Thought of as an impediment to efficient and user-friendly operation Computer Security Terminolog y RFC 4949, Internet Security Glossary, May 2000 © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Owners wish to minimize Threat agents value wish to abuse and/or may damage impose countermeasures give riseto assets to reduce risk to to threats that increase Figure1.1 Security Concepts and Relationships © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Assets of a Computer System Hardware Software Data Communication facilities and networks © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Vulnerabilities, Threats and Attacks • Categories of vulnerabilities • Corrupted (loss of integrity) • Leaky (loss of confidentiality) • Unavailable or very slow (loss of availability) • Threats • Capable of exploiting vulnerabilities • Represent potential security harm to an asset • Attacks (threats carried out) • Passive – attempt to learn or make use of information from the system that does not affect system resources • Active – attempt to alter system resources or affect their operation • Insider – initiated by an entity inside the security parameter • Outsider – initiated from outside the perimeter © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Countermeasures Means used to deal with security attacks • • • Prevent Detect Recover May itself introduce Residual new vulnerabilities Goal is tomay minimize residual vulnerabilities remain level of risk to the assets © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Threat Consequence Unauthorized Disclosure A circumstance or event whereby an entity gains access to data for which the entity is not authorized Threat Action (Attack) Exposure: Sensitive data are directly released to an unauthorized entity Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections Deception Masquerade: An unauthorized entity gains access to a A circumstance or system or performs a malicious act by posing as an event that may result authorized entity in an authorized entity Falsification: False data deceive an authorized entity receiving false data Repudiation: An entity deceives another by falsely denying and believing it to be responsibility for an act true Disruption A circumstance or event that interrupts or prevents the correct operation of system services and functions Usurpation A circumstance or event that results in control of system services or functions by an unauthorized entity Incapacitation: Prevents or interrupts system operation by disabling a system component Corruption: Undesirably alters system operation by adversely modifying system functions or data Obstruction: A threat action that interrupts delivery of system services by hindering system operation Misappropriation: An entity assumes unauthorized logical or physical control of a system resource Misuse: Causes a system component to perform a function or service that is detrimental to system security **Table is on page 20 in the textbook Table 1.2 Threat Consequences, and the Types of Threat Actions That Cause Each Consequence Based on RFC 4949 © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Computer System Data Computer System Sensitivefiles must besecure (filesecurity) Access to thedata must becontrolled (protection) Data Data must be securely transmitted through networks (network security) Processesrepresenting users Guard Processes representing users Guard Access to thecomputer facility must becontrolled (user authentication) Users making requests Figure 1.2 Scope of Computer Security This figure depicts security concerns other than physical security, including control of access to computers systems, safeguarding of data transmitted over communications systems, and safeguarding of stored data © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Table 1.3 Computer and Network Assets, with Examples of Threats Availability Confidentiality Integrity Equipment is stolen or Hardware disabled, thus denying service Software An unencrypted CDROM or DVD is stolen Programs are deleted, An unauthorized copy denying access to users of software is made An unauthorized read of data is performed Files are deleted, Data An analysis of denying access to users statistical data reveals underlying data Messages are destroyed Communication or deleted Messages are read The Lines and Communication lines traffic pattern of Networks or networks are messages is observed rendered unavailable A working program is modified, either to cause it to fail during execution or to cause it to some unintended task Existing files are modified or new files are fabricated Messages are modified, delayed, reordered, or duplicated False messages are fabricated Passive and Active Attacks Passive Attack • Attempts to learn or make use of information from the system but does not affect system resources Active Attack • • • Eavesdropping on, or monitoring of, transmissions • Goal of attacker is to obtain information that is being transmitted • Two types: • Attempts to alter system resources or affect their operation Involve some modification of the data stream or the creation of a false stream Four categories: o o o o Replay Masquerade Modification of messages Denial of service o Release of message contents o Traffic analysis © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Table 1.4 Security Requirement s (FIPS PUB 200) (page of 2) (Table can be found on page 26 in the textbook.) Table 1.4 Security Requirement s (FIPS PUB 200) (page of 2) (Table can be found on page 27 in the textbook.) Fundamental Security Design Principles Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychologic al acceptabilit y Isolation Encapsulatio n Modularity Layering © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Least astonishmen t Attack Surfaces Consist of the reachable and exploitable vulnerabilities in a system Examples: Open ports on outward facing Web and other servers, and code listening on those ports Services available on the inside of a firewall © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Code that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats Interfaces, SQL, and Web forms An employee with access to sensitive information vulnerable to a social engineering attack Attack Surface Categories Network Attack Surface Software Attack Surface Vulnerabilities over an enterprise network, widearea network, or the Internet Vulnerabilities in application, utility, or operating system code Included in this category are network protocol vulnerabilities, such as those used for a denial-ofservice attack, disruption of communications links, and various forms of intruder attacks © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Human Attack Surface Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders Particular focus is Web server software Shallow High Security Risk Deep Low Security Risk Medium Security Risk Small Large Layering Medium Security Risk Attack Surface Figure1.3 Defensein Depth and Attack Surface © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Bank Account Compromise User credential compromise UT/U1a User surveillance UT/U1b Theft of token and handwritten notes Malicious software installation Vulnerability exploit UT/U2a Hidden code UT/U3a Smartcard analyzers UT/U3b Smartcard reader manipulator UT/U3c Brute force attacks with PIN calculators UT/U2b Worms UT/U2c E-mails with malicious code CC2 Sniffing User communication with attacker UT/U4a Social engineering UT/U4b Web page obfuscation Injection of commands CC3 Active man-in-the middle attacks User credential guessing IBS1 Brute force attacks IBS2 Security policy violation Use of known authenticated session by attacker Redirection of communication toward fraudulent site CC1 Pharming IBS3 Web site manipulation Normal user authentication with specified session ID CC4 Pre-defined session IDs (session hijacking) Figure1.4 An Attack Treefor Internet BankingAuthentication © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Computer Security Strategy Security Policy • Formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources Security Implementation • Involves four complementary courses of action: • Prevention • Detection • Response • Recovery Assurance Evaluation • The degree of confidence one has that the security measures, both technical and operational, work as intended to protect the system and the information it processes • Process of examining a computer product or system with respect to certain criteria © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved Summary • Computer security concepts o Definition o Challenges o Model • Threats, attacks, and assets o Threats and attacks o Threats and assets • Security functional requirements © 2016 Pearson Education, Inc., Hoboken, NJ All rights reserved • Fundamental security design principles • Attack surfaces and attack trees o Attack surfaces o Attack trees • Computer security strategy o Security policy o Security implementation o Assurance and evaluation ... Fundamental security design principles • Attack surfaces and attack trees o Attack surfaces o Attack trees • Computer security strategy o Security policy o Security implementation o Assurance and evaluation... reserved Computer Security Strategy Security Policy • Formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and. .. rights reserved Summary • Computer security concepts o Definition o Challenges o Model • Threats, attacks, and assets o Threats and attacks o Threats and assets • Security functional requirements