1 / 30

CS 5950/6030 Network Security Class 2 (F, 9/2/05)

CS 5950/6030 Network Security Class 2 (F, 9/2/05). Leszek Lilien Department of Computer Science Western Michigan University [Using some slides prepared by: Prof. Aaron Striegel, University of Notre Dame

osgood
Download Presentation

CS 5950/6030 Network Security Class 2 (F, 9/2/05)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 5950/6030 Network SecurityClass 2 (F, 9/2/05) Leszek Lilien Department of Computer Science Western Michigan University [Using some slides prepared by: Prof. Aaron Striegel, University of Notre Dame Prof. Barbara Endicott-Popovsky and Prof. Deborah Frincke, University of Washington]

  2. Section 1– Class 2 Class 1: 1.1. Course Overview • Syllabus - Course Introduction 1.2. Survey of Students’ Background and Experience 1.3. Introduction to Security 1.3.1. Examples – Security in Practice 1.3.2. What is „Security?” 1.3.3. Pillars of Security: Confidentiality, Integrity, Availability (CIA) – PART 1 Class 2: 1.3.3. Pillars of Security: Confidentiality, Integrity, Availability (CIA) — PART 2 1.3.4. Vulnerabilities, Threats, and Controls – PART 1 Vulnerabilities, Threats, and Controls / Attacks Kinds of Threats (interception/interruption/modification/fabrication) Levels of Vulnerabilities / Threats A) Hardware level B) Software level ... To be continued ...

  3. 1.1. Course Overview (1) CS 5950/6030: Network Security - Fall 2005 Department of Computer Science Western Michigan University Description: Survey of topics in the area of computer and network security with a thorough basis in the fundamentals of computer/network security. Class: CEAS C0141, M W F 3:00 PM – 3:50 PM Instructor: Dr. Leszek (Leshek) Lilien, CEAS B-249, phone: 276-3116 Email: llilien@wmich.edu – please use for urgent matters only Notes: 1) Only mail coming from a WMU account (ending with “wmich.edu” will be read). 2) Files submitted as attachments will not be read unless they are scanned with up-to-date anti-viral software, and the message including them contains the following statement: I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>>. Office Hours: MW 4:30 PM -5:30 PM F 1:30 PM – 2:30 PM OK? Web Pages:http://www.cs.wmich.edu/~llilien/cs5950-6030/index.html

  4. . . .

  5. 1.2. Survey of Students’Backgroundand Experience (1) Background Survey CS 5950/6030 Network Security - Fall 2005 Please print all your answers. First name: __________________________ Last name: _____________________________ Email _____________________________________________________________________ Undergrad./Year________ OR:Grad./Year or Status (e.g., Ph.D. student) ________________ Major _____________________________________________________________________ PART 1. Background and Experience 1-1) Please rate your knowledge in the following areas (0 = None, 5 = Excellent). UNIX/Linux/Solaris/etc. Experience (use, administration, etc.) 0 1 2 34 5 Network Protocols (TCP, UDP, IP, etc.) 0 1 2 34 5 Cryptography (basic ciphers, DES, RSA, PGP, etc.) 0 1 2 34 5 Computer Security (access control, security fundamentals, etc.) 0 1 2 34 5 Any new students who did not fill out the survey?

  6. . . .

  7. 1.3. Introduction to Security (1)1.3.1. Examples – Security in Practice • ... [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  8. 1.3.2. What is„Security?” You Will Never Own a Perfectly Secure System. You Will Never Own a Perfectly Secure System. You Will Never Own a Perfectly Secure System. [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  9. . . .

  10. Integrity Confidentiality Availability 1.3.3. Pillars of Security: Confidentiality, Integrity, Availability (CIA) Confidentiality: Who is authorized?Integrity: Is the data „good?”Availability: Can access data whenever need it? S S = Secure [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  11. Health Data Payroll Data Biographical Data Sensitive Data Packet Switch Bridge Integrity File Server Confidentiality Gateway Availability Other Networks Balancing CIA Need to balance CIA Ex: Disconnect computer from Internet to increase confidentiality (availability suffers, integrity suffers due to lost updates) Ex: Have extensive data checks by different people/systems to increase integrity (confidentiality suffers as more people see data, availability suffers due to locks on data under verification) [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  12. Class 1 ended here.Class 2 starts here.

  13. Confidentiality • “Need to know” basis for data access • How do we know who needs what data? Approach: access control specifies who can access what • How do we know a user is the person she claims to be? Need her identity and need a gatekeeper to verify this identity Approach: identification and authentication • Analogously: “Need to access/use” basis for physical assets • E.g., access to a computer room, use of a desktop • Confidentiality is: • difficult to ensure • easiest to assess in terms of success (binary in nature: Yes / No)

  14. Integrity • Integrity vs. Confidentiality • Concerned with unauthorized modification of assets (= resources) Confidentiality - concered with access to assets • Integrity is more difficult to measure than confidentiality Not binary – degrees of integrity Context-dependent - means different things in different contexts Could mean any subset of these asset properties: { precision / accuracy / currency / consistency / meaningfulness / usefulness / ...} • Types of integrity—an example • Quote from a politician • Preserve the quote (data integrity) but misattribute (origin integrity)

  15. Availability (1) • Not understood very well yet „[F]ull implementation of availability is security’s next challenge” E.g. Full implemenation of availability for Internet users (with ensuring security) • Complex Context-dependent Could mean any subset of these asset (data or service) properties : { usefulness / sufficient capacity / progressing at a proper pace / completed in an acceptable period of time / ...} [Pfleeger & Pfleeger]

  16. Availability (2) • We can say that an asset (resource) is available if: • Timely request response • Fair allocation of resources (no starvation!) • Fault tolerant (no total breakdown) • Easy to use in the intended way • Provides controlled concurrency (concurrency control, deadlock control, ...) [Pfleeger & Pfleeger]

  17. 1.3.4. Vulnerabilities, Threats, and Controls • Understanding Vulnerabilities, Threats, and Controls • Vulnerability = a weakness in a security system • Threat = circumstances that have a potential to cause harm • Controls = means and ways to block a threat, which tries to exploit one or more vulnerabilities • Most of the class discusses various controls and their effectiveness [Pfleeger & Pfleeger]

  18. Attack • = exploitation of one or more vulnerabilities by a threat; tries to defeat controls • Attack may be: • Successful • resulting in a breach of security, a system penetration, etc. • Unsuccessful • when controls block a threat trying to exploit a vulnerability [Pfleeger & Pfleeger] • Examples • Fig. 1-1 (p.6) • New Orleans disaster (Hurricane Katrina): What were city vulnerabilities, threats, and controls

  19. Kinds of Threats • Kinds of threats: • Interception • an unauthorized party (human or not) gains access to an asset • Interruption • an asset becomes lost, unavailable, or unusable • Modification • an unauthorized party changes the state of an asset • Fabrication • an unauthorized party counterfeits an asset [Pfleeger & Pfleeger] • Examples?

  20. Levels of Vulnerabilities / Threats • D) for other assets (resources) • including. people using data, s/w, h/w • C) for data • „on top” of s/w, since used by s/w • B) for software • „on top” of h/w, since run on h/w • A) for hardware [Pfleeger & Pfleeger]

  21. A) Hardware Level of Vulnerabilities / Threats • Add / remove a h/w device • Ex: Snooping, wiretapping Snoop = to look around a place secretly in order to discover things about it or the people connected withit.[Cambridge Dictionary of American English] • Ex: Modification, alteration of a system • ... • Physical attacks on h/w => need physical security: locks and guards • Accidental (dropped PC box) or voluntary (bombing a computer room) • Theft / destruction • Damage the machine (spilled coffe, mice, real bugs) • Steal the machine • „Machinicide:” Axe / hammer the machine • ...

  22. Example of Snooping:Wardriving / Warwalking, Warchalking, • Wardriving/warwalking-- driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs • Warchalking-- using chalk markings to show the presence and vulnerabilities of wireless networks nearby • E.g., a circled "W” -- indicates a WLAN protected by Wired Equivalent Privacy (WEP) encryption [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  23. Example of Snooping:Tapping Wireless http://www.oreillynet.com/cs/weblog/view/wlg/448 [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  24. [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  25. Example of System Alteration:Skimming from ABC.com A legitimate transaction, so it seems... Stealing credit card data. Making counterfeit „blank” credit card (with a blank magnetic strip). Magetizing the magnetic strip to complete produsing a counterfeit card. [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  26. B) Software Level of Vulnerabilities / Threats • Software Deletion • Easy to delete needed software by mistake • To prevent this: use configuration management software • Software Modification • Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information Leaks (via covert channels), ... • Software Theft • Unauthorized copying • via P2P, etc.

  27. Mass Mailing Viruses Macro Viruses “Back Doors” a.k.a. “Remote Access Trojans” Cell phone viruses Home appliance viruses Viruses • Virus • A hidden, self-replicatingsection of computer software, usually malicious logic, that propagates by infecting(i.e., inserting a copy of itself into and becoming part of)another program.A virus cannot run by itself; it requires that its host program be run to make the virus active • Many kinds of viruses: [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  28. Trapdoors Trojan Horses X Files Bacteria Worms Logic Bombs Viruses Types of Malicious Code [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

  29. Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Trapdoor - A hidden computer flawknown to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, whocan activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting(i.e., inserting a copy of itself into and becoming part of)another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. […more types of malicious code exist…][bacterium: http://sun.soci.niu.edu/~rslade/secgloss.htm, other: http://www.ietf.org/rfc/rfc2828.txt] X Files

  30. Continued - Class 3

More Related