270 likes | 397 Views
Security Mechanisms. University of Sunderland CIT304 Harry R. Erwin, PhD. Basic Rules of Security. Concentrate valuable assets Defense in depth Coordinate all aspects of security Software Hardware Physical Procedural
E N D
Security Mechanisms University of Sunderland CIT304 Harry R. Erwin, PhD
Basic Rules of Security • Concentrate valuable assets • Defense in depth • Coordinate all aspects of security • Software • Hardware • Physical • Procedural We will examine software security mechanisms first and then survey the other areas.
Definition • A security mechanism is ‘a hardware or software component, system, or product that supports one or more security objectives.’ • Another term that might be applied is a ‘security service.’ • “The function of a security mechanism is to detect, prevent, or recover from a security attack (William Stallings).” • A security mechanism is how you implement your intent (i.e., security objectives).
Examples of Software Mechanisms • Identification and Authentication • Access Control • Audit • Firewalls • Intrusion Detection • Cryptography and Public Key Infrastructure (PKI) • Virus Protection • Object Reuse/Media Sanitizing • Electronic Signatures
Identification and Authentication • Identifies someone to the system. • At least one of the following must be supplied: • Something known (user name and password) • Something owned (password token) • Some physical characteristic (fingerprint, retinal scan, voice scan) • Authentication is ‘weak’ if only one is supplied. • Two required for ‘strong’ authentication.
Access Control • Based on what the user is authorized to do. In other words, enforces least privilege. • ‘Discretionary access control (DAC)’ is where the document owner controls who has access to it. This is designed for benign environments. • ‘Mandatory access control (MAC)’ defines a security level for documents and resources. A potential user or process has to have that level. • Commercial organizations may go further—time of day, location, task being performed. • Should be enforced by operating system kernel.
Audit • Tracks who did what and when. • Done right, can stand up in court as evidence. • Usually must be turned on (selectively). • May result in large audit files. • Audit trails are extremely interesting to hackers—show what can and cannot be seen.
Firewalls • Control access to protected assets. • Workstation firewalls are the minimum. • Bridge/router/switch firewalls should: • Control access to TCP/IP ports selectively. • Track outgoing as well as incoming packets. • Monitor packet contents if possible. • SOAP “bypasses corporate firewalls.” (M$)
Intrusion Detection • Must be based on documented policies for use of the system. Uses expertise. Enforces intent. • Can detect evidence of • Break-ins • Remote exploitation • Application-level exploitation • Generates log files of great interest to hackers. • Does not detect one-time events
Cryptography and Public Key Infrastructure (PKI) • May support virtual private networks (VPNs) and closed user groups (CUGs) where information is sent using encrypted tunneling. Usually peer-to-peer. • May support strong authentication. • ssh, sftp, ssl, Kerberos, PGP, etc. • Functional infrastructure required is extensive. Distribution of keys is extremely manpower-intensive and expensive. • PKI allows the distribution of keys ‘in-band’ (over the network).
Virus Protection • Viruses (and other malware) are the most serious vulnerability of modern computer systems. They are usually malicious. • Many websites upload ‘malware’ when you visit them. Consider using adaware or similar programmes to detect them. • Check out the Sony rootkit. That’s similar in intent. • Virus protection depends on: • Careful procedures for dealing with untrusted programs and data. • Programs to detect the ‘signatures’ of viruses that manage to penetrate the installation procedures.
Object Reuse/Media Sanitizing • The random bits in memory or on the disk contain information. Most operating systems do not zero these bits when they reallocate resources. • A secure operating system zeros memory and other resources before allocating them (and often when the resources are released). • This is done based on bitter experience.
Electronic Signatures • Provide • Authentication • Data integrity • Non-repudiation • The same legal status as a hand-written signature (Electronic Communications Act 2000)
Rules for Writing Secure Software • Least privilege—limit access rights to those necessary for the function • Economy—keep the design simple • Complete mediation—check all accesses for authorization • Open design—don’t hide your code! • Separation of privilege—no single key for access • Least common mechanism—isolate users • Psychological acceptability—make security easy to use
Non-Software Security Mechanisms • Physical Security • Environmental Security • Personnel Security • Training and Security Awareness • Guidance and Policy Documentation • Configuration Management (based on Qinetiq recommendations, Spafford et al., 2003, are similar)
Physical Security To deny unauthorized access: • Perimeter defense • Building security • Inner protection of the office and server rooms • Workstation protection
Perimeter defense • Defined security perimeter • Controlled access points • Pass system and visitor control • Guards during quiet hours
Office Security • Office layout and design • Anonymity • Location of support services • Inventory sensitive assets
Workstation Security • Control unauthorized access • Removable media • Peripherals protected • Regular inspections to verify user configuration modification has not subverted security.
Environmental Security • Natural disasters • Fire • Flood • Storm • Earthquake • Utilities • Communications • Hardware failure
Personnel Security To ensure you can trust people with access to sensitive information and other assets. Tasks include: • Establishing identity • Verification of details • Credit checks • Maintenance of records
Training and Security Awareness • Important vulnerabilities are to • Social engineering and • Non-malicious actions by insiders • To mitigate these vulnerabilities, the most effective approach is a training program. • Trust your people, but • Make sure they understand these vulnerabilities and what they should do to mitigate them.
Guidance and Policy Documentation Provide: • Administrator guidance documentation • User guidance documentation • Defined security policies • Defined security procedures
Configuration Management It is difficult to secure a system whose configuration is not defined and managed. • User software and hardware modifications to workstations may occur. (e.g., personal modems) • Security may not be enabled. • Security may not be managed and configured. • Threats may not be addressed in a timely fashion. Keep track of your configuration!
Conclusions General Principles of Security: • Concentrate valuable assets • Defense in depth • Coordinate all aspects of security • Software • Hardware • Physical • Procedural