270 likes | 295 Views
Integrity. (slides courtesy of Leticia Nisbet , Lauren Walters, and Andrew Yao). Why Integrity?. Integrity is equivalent to trust / reliability / truth Failure to protect integrity opens organization to largest classes of malware Integrity is often the first target of intruders.
E N D
Integrity (slides courtesy of Leticia Nisbet, Lauren Walters, and Andrew Yao)
Why Integrity? • Integrity is equivalent to trust / reliability / truth • Failure to protect integrity opens organization to largest classes of malware • Integrity is often the first target of intruders
Definitions • Integrity requires that computer system assets and transmitted information be capable of modification only by authorized parties. • not modified by unauthorized persons • not created by unauthorized persons • In telecommunication, the term data integrity has the following meanings: • The condition in which data are identically maintained during any operation, such as transfer, storage, and retrieval. • The preservation of data for their intended use.
Integrity Compromise • Integrity can be compromised in two main ways: • Malicious altering • Attacker alters account number in a bank transaction • Forging an identity document • Accidental altering • Transmission errors: “my name Leticia and u have a car” • Hard disk crash
Network Integrity • When considering what to protect within your network, you are concerned with maintaining the integrity of: • the physical network • your network software and resources • your reputation • This Integrity involves • identity of computers and users • proper operation of the services • network performance
Common Methods of Attack on Integrity • The four methods of attack that are commonly used to compromise the integrity of a network: • Network packet sniffers • IP spoofing • Password attacks • Application layer attacks
Network Packet Sniffers • Network packet sniffers can yield critical system information, such as user account information and passwords. • When an attacker obtains the correct account information, he or she has the run of your network. • Worst-case scenario • an attacker gains access to a system-level user account • creates a new account that can be used at any time as a back door • can modify system-critical files such as: • the password for the system administrator account • the list of services and permissions on file servers • the login details for other computers that contain confidential information.
Network Packet Sniffers 2 • Packet sniffers provide information about the topology of your network that many attackers find useful. such as • what computers run which services • how many computers are on your network • which computers have access to others • A network packet sniffer can be modified • to interject new information • change existing information in a packet. • Attack can cause network connections to shut down prematurely, as well as change critical information within the packet. • Imagine modification to the accounting system
IP Spoofing • IP spoofing can yield access to user accounts and passwords, and it can also be used in other ways. • Attacker emulates one of your internal users in ways that prove embarrassing for your organization • Such attacks are easier when an attacker has a user account and password • Are possible by combining simple spoofing attacks with knowledge of messaging protocols. • Telnetting directly to the SMTP port on a system allows the attacker to insert bogus sender information.
Password Attacks • A brute-force password attack can provide access to accounts that can be used to modify critical network files and services. • Can compromise network's integrity • Once an attacker gets the password and gains access to the system • he can modify the routing tables for the network. • attacker ensures that all network packets are routed to him or her before they are transmitted to their final destination
Application Layer Attacks • Application Layer attacks can be implemented using several different methods. • A common method is exploiting well-known weaknesses in software commonly found on servers, such as sendmail, PostScript, and FTP. • By exploiting these weaknesses, attackers can gain access to a computer with the permissions of the account running the application • usually a privileged system-level account
Application Layer Attacks Trojan horse attacks • implemented using bogus programs that attacker substitutes for common programs. • programs provide all functionality of a normal application or service • also include other features that are known to the attacker • programs can capture sensitive information and distribute it back to the attacker
Network considerations when defining security policies • Three main types of networks must be considered when defining a security policy • Trusted • Un-trusted • Unknown.
Trusted Networks • Networks inside your network security perimeter. • Networks that you are trying to protect. • Someone in the organization administers the computers that comprise these networks (most times) • Organization controls their security measures. • Usually, trusted networks are within the security perimeter. • To set up firewall server • explicitly identify the type of networks that are attached to the firewall server through network adapter cards • After the initial configuration, the trusted networks include the firewall server and all networks behind it. One exception to this general rule is the inclusion of virtual private networks (VPNs)
Un-trusted Networks • Networks known to be outside your security perimeter. • Un-trusted because they are outside your control • No control over the administration or security policies for these sites • Private, shared networks from which you are trying to protect your network • Still need and want to communicate with these networks although they are un-trusted. • To set up the firewall server • explicitly identify the un-trusted networks from which that firewall can accept requests
Know Your Enemy • Know attackers or intruders. • Consider who might want to circumvent your security measures • Identify their motivations. • Determine what they might want to do and the damage that they could cause to your network. • Security measures can never make it impossible for a user to perform unauthorized tasks with a computer system; they can only make it harder. • The goal is to make sure that the network security controls are beyond the attacker's ability or motivation.
Count the Cost • Security measures usually reduce convenience, especially for sophisticated users. • Security can delay work and can create expensive administrative and educational overhead. • Security can use significant computing resources and require dedicated hardware. • When you design your security measures, understand their costs and weigh those costs against the potential benefits. • To do that, you must understand the costs of the measures themselves and the costs and likelihood of security breaches. If you incur security costs out of proportion to the actual dangers, you have done yourself a disservice.
Identify Any Assumptions • Every security system has underlying assumptions. • For example, you might assume that your network is not tapped, that attackers know less than you do, that they are using standard software, or that a locked room is safe. Be sure to examine and justify your assumptions. Any hidden assumption is a potential security hole.
Control Your Secrets • Most security is based on secrets. • Eg. Passwords and encryption keys • Too often, the secrets are not all that secret. The most important part of keeping secrets is in knowing the areas that you need to protect. • What knowledge would enable someone to circumvent your system? • You should jealously guard that knowledge and assume that everything else is known to your adversaries. • The more secrets you have, the harder it will be to keep them all. Security systems should be designed so that only a limited number of secrets need to be kept.
Limit the Scope of Access • You should create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system. • The security of a system is only as good as the weakest security level of any single host in the system.
Limit Your Trust • You should know exactly which software you rely on, and your security system should not have to rely on the assumption that all software is bug-free.
Tools • Integrity Management Software • Anti-Virus Software
Integrity Management Software • Encryption is most commonly used for secrecy but it can also be used for integrity. • Check for integrity by specifically utilizing… • Hash functions • Digital Signatures • File Size • Example • Tripwire Enterprise
Hash Functions • A public function that maps a plaintext message of any length to a fixed length hash value • Are used as an authenticator • Pros • Offers integrity • Cons • No confidentiality • Examples • CRC • MD5 • SHA-1
Advanced CheckSum Verifier (ACSV) Advanced Intrusion Detection Environment (AIDE) Cambia CM Crckit FileCheckMD5 FTimes Hashdig Integrit Intrusec CM Jacksum LANGuard Security Integrity Monitor MD5 Hashing Utilities Md5deep Nabou NIST_Crc Radmind Samhain Secure Hash Signature Generator Sentinel Sha_verify Spidernet SysCheck Sysdiff Tripwire - Commercial Tripwire – OpenSource Veracity System Integrity Assurance ViperDB Yafic Winalysis WinInterrogate Xintegrity Examples of Integrity Management Software
Anti-virus Software • The techniques for detecting a virus include • Checking unexpected increases in file size • Noting changes in timestamps • Sudden decreases in free space • Calculating checksums • Saving images on the internal control tables and noting unexplained changes