1 / 107

Topics for discussion:

IPICS2004 Information Systems S ecurity (S ecurity of Distributed and Internet Based Information Systems) G. Pangalos Informatics Laboratory Aristotelean University of Thessaloniki. Topics for discussion:. The security problem - Basic security concepts The security of internet based IS

Download Presentation

Topics for discussion:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IPICS2004Information Systems Security(Security of Distributed and Internet Based Information Systems)G. PangalosInformatics LaboratoryAristotelean University of Thessaloniki

  2. Topics for discussion: • The security problem - Basic security concepts • The security of internet based IS • Acceptable approaches to internet security • A methodology – tool for selecting the appropriate security measures / guidelines

  3. 1. Basic Security Issues

  4. the need for security • Many I.S. handle sensitive information that should be protected. • Without an appropriate level of security in place, no such a system can be operational. • A secure operational environment is thus required. • Security is therefore an important issue for most I.S.s

  5. What is Security? Basic concepts: • Confidentiality: The protection of information from unauthorized access, or unintended disclosure. • Integrity: The protection of information from unauthorized modification • Availability:Resources are in the place, without unreasonable delay, when the user needs them

  6. need for security • As organizations increase their reliance on the information systems and the Internet for daily business, they become more vornurable to security breaches

  7. Several major questions arise, for example: • How to safeguard the confidentiality of the information (i.e. who should be allowed to see what and under what conditions), • How to safeguard the integrity of the information, - How to improve its availability to legitimate users, etc..

  8. In order to answer those questions it is necessary to: 1. Identify the security requirements/threats/vulnerabilities associated to the various categories of users and data types 2. Study the related security technology available 3. Study the impact of adding security on the availability / performance / cost of the system 4. Propose specific measures required to improve the security of the system. 5. Define an appropriate security policy for accessing the information

  9. Some problems to think on... • Confidentiality vs Availability vs Integrity (vs Accountability) • The ease of Attack (e.g. through internet) • The emergence of new, internet based, applications (electronic commerce, e – payments, …) • The Holistic Approach necessary

  10. Why is this still a problem? We: • Have been working on it for 30 years • Have A Good Theoretical Foundation • Understand the Problem • Have Products • Continue to Make Progress • We have Ethics classes

  11. . . . But! • Security Controls Have Operational Impact • Security costs (security should not cost. It should pay) • Products Do Not Match Problems • Not enough Flexibility • Rapidly Evolving Technology • No security culture

  12. Computer Security Topics • Operating Systems Security • Database Security • Network Security • Internet Security • Electronic Commerce security • Office Automation Security • Formal Models of Secure Systems • Risk Analysis/Threat Analysis • Encryption (symmetric and asymmetric) • …

  13. So, Why Aren’t Systems Secure? • Security is usually an afterthought • Security can be expensive • Security is fundamentally hard to address • False solutions • Belief that computers are the problem - not people (teach ethics) • Technology is oversold

  14. Possible Information States ... • Processing • Storage • Transmission

  15. What we are trying to do ... • The Information Security Objective then becomes: • To preserve Security Characteristics across all three possible states of processing. • Maintain the appropriate level of security

  16. Security Threats - Risks

  17. A threat is any circumstance or event with the potential to cause harm to an organisation(through the disclosure, modification or destruction of information, or by the denial of critical services). • The presence of a threat does not mean that it will necessarily cause actual harm. • To become a risk a threat must take advantage of a vulnerability in the system security controls

  18. Why not just Encrypt ? • Encryption is likely the most powerful tool available - but does not solve all problems. • Steganography + Encryption + …..

  19. What Tends to Work ... • User Education • Strong “holistic” approach • Good Risk Analysis • Plans and Procedures Enforcement • Strong Identification and Authentication • Firewalls on networks • Law and Regulation

  20. Basic Concepts: • Access control. There is a need to protect resources against unauthorised access.The access control components decide whether an subject can access a particular resource (object). This functionality is related to both the secrecy and integrity.. • Authentication . Verification of the identity of users. This is of crucial importance in distributed systems due to the inherent ability of these systems to allow access to remote resources via physically untrusted communication environments. • Auditing .Users that access resources should be accountableThe audit components should record the identities and actions of them.

  21. Basic Concepts: • Non-repudiation. For some applications it is important to provide evidence of actions. Typical examples of this are proof of receipt of a message or proof of sending a message. • Security management .This is the management of information related to the security of a system. Typically this determines the security characteristics of a system. • Cryptography. The provision of the above mentioned functionality is usualy based on cryptography which is essential in distributed systems where communication is based on insecure links.

  22. 2.The Internet Security Problem:

  23. Facts: • The Internet is the fastest growing telecommunications medium in history • It provides unprecedented opportunities for interaction and data sharing.

  24. Advantages of using Internet/Web browsers to provide access to information • Ease of deployment of information: • No specific network infrastructure is required. • Everybody has a navigation program for the WWW (Netscape Navigator, Internet Exploreretc.) • User-friendly environment: • Users need not specific knowledge to access data. • Everybody knows how to use a Web browser. • Ease of administration: • The Web server handles all of the communications and simply passes the data back to the client.

  25. The Internet Security problem

  26. Vulnerable TCP/IP servicesa number of the TCP/IP services are not designed to be secure and can be compromised by knowledgeable intruders • Ease of eavesdropping and spoofingthe majority of Internet traffic is not encrypted • Lack of policymany sites are configured unintentionally for wide-open Internet access without regard for the potential for abuse from the Internet • Complexity of configurationhost security access controls are often complex to configure and monitor

  27. Threatsin Internet • Information BrowsingUnauthorised viewing of sensitive information by intruders or legitimate users may occur through a variety of mechanisms • MisuseThe use of information assets for other than authorised purposes can result in denial of service, increased cost, or damage to reputations. • Component FailureFailure due to design flaws or hardware/software faultscan lead to denial of service or security compromises through the malfunction of a system component.

  28. Threatsin Internet • Unauthorised deletion, modification or disclosureIntentional damage to information assets that result in the loss of integrity or confidentiality of business functions and information. • PenetrationAttacks by unauthorised persons or systems that may result in denial of service or significant increases in incident handling costs. • MisrepresentationAttempts to masquerade as a legitimate user to steal services or information, or to initiate transactions that result in financial loss or embarrassment to the organisation.

  29. Internet Security Riscs: • The advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information (open environment, uncontrolled platforms, etc.). • The very nature of the Internet means that security risks cannot be totally eliminated.

  30. !!! • Because of these security risks and the need to research security requirements vis-a-vis the Internet, in the past some organizations (e.g. HCFA) had even prohibited until recently the use of the Internet for the transmission of sensitive data.

  31. On the other hand: • There is a growing demand for using the Internet for fast and inexpensive transmission of information.

  32. It is therefore necessary to accommodate this need, provided that it can be assured thatproper steps are being taken to maintain an acceptable level of security for the information involved.

  33. Solving the problem requires:A. To activate the necessary security toolsB. To have an adequate InternetSecurity Policy in place

  34. A.Activate the necessary security tools

  35. Levels of Internet security: • Security at the Application Layer 2. Security at the Transport Layer 3. Security at the Physical Layer

  36. The 3 Layers of protocols: SHTTP HTTP SMTP FTP S.S.L. (Transport Layer) TCP / IP (Physical layer) Hierarchical Layers of Internet Security: (ApplicationLayer)

  37. Security at level 1: (Aplication Layer) Tools available: a. Use of a ‘Secure’ Transfer Protocol (e.g.S-HTTP) b. Use of end-to-end Encryption c. Use of Digital Signatures and user Certificates ……….

  38. Security at level 2: (Transport Layer) Method:Activate an SSL connection • Set up a PKI / TTP infrastructure • Provide SERVER / CLIENT / USER certificates • Use them to activate an SSL / https connection between client / server

  39. B.Have an adequate InternetSecurity Policy in place

  40. That is …. • To establish the basic security requirements that must be satisfied in order to use the Internet to safely transmit sensitive information.

  41. What is needed: • To define a suitable Internet Security Policy, and • To describe the set of technical measuresthat are needed for its implementation.

  42. A. Development of an Internet Security Policy: Acceptable Security Approaches

  43. Basic Security Principlesfor the transmission of sensitive data over the Internet

  44. 1. Access and modification of information: Sensitive information sent over the Internet must be accessed and modified only by authorized parties

  45. 2. Use of Acceptable technologies • Appropriate technologies must be used to ensure that data travels safely over the Internet and is only disclosed to authorised parties. • These technologies should: • allow users to prove they are who they say they are (identification and authentication), and • allow the organized scrambling of data (encryption) to avoid inappropriate disclosure or modification

  46. As seen later: The Internet can be used for the safe transmission of sensitive data, provided that: • a suitable Internet Security Policy is in place, • an acceptable method of encryption is utilized to provide for confidentiality and integrity of the data, and • Suitable identification and authentication procedures are employed to assure that both the sender and recipient of the data are known to each other and are authorized to receive and decrypt such information.

  47. II. Acceptable Security Methods

  48. Acceptable Security Methods: • In order to safely use the internet for the transmission of sensitive data, the method(s) employed by all users must come under one of the acceptable approaches to security described below.

  49. These approaches: …... • Are as generic as possible and as open to specific implementations as possible, to provide maximum user flexibility within the allowable limits of security and manageability • Have been based on a detailed study of the existing security framework and guidelines in the EU countries, USA and Canada.

  50. Major sources: • Development of a H.L. Security Policy for the processing and transmission of data through the INTERNET, Medical informatics and internet applications Journal, 1999. • The Intranet Health Clinic project, WP6 report: security, The IHC project, EU, 2000. • European prestandard CEN/TC 251/SEC-COM “Security for Healthcare Communication”, 1999 • Recommendation No. R (99)5 ‘for the protection of privacy on the Internet’,1999. • Directive 95/46/EC ‘on the protection of individuals with regard to the processing of personal data and on the free movement of such data’.

More Related