1 / 28

Security Risk Analysis of Computer Networks: Techniques and Challenges

Security Risk Analysis of Computer Networks: Techniques and Challenges. Anoop Singhal Computer Security Division National Institute of Standards and Technology Simon Ou Dept. of Computer and Information Science Kansas State University. Outline. Basics of Network Security Risk Analysis

steve
Download Presentation

Security Risk Analysis of Computer Networks: Techniques and Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology Simon Ou Dept. of Computer and Information Science Kansas State University

  2. Outline • Basics of Network Security Risk Analysis • Threats to Networks • Common Vulnerability Scoring System (CVSS) • Attack Graphs, Bayesian Networks and Tools for generating Attack Graphs • Quantifying Security Risk using attack graphs and CVSS • Conclusions

  3. Enterprise Network Security Management • Networks are getting large and complex • Vulnerabilities in software are constantly discovered • Network Security Management is a challenging task • Even a small network can have numerous attack paths

  4. Trends for Published Vulnerabilities

  5. Enterprise Network Security Management • Currently, security management is more of an art and not a science • System administrators operate by instinct and learned experience • There is no objective way of measuring the security risk in a network • “If I change this network configuration setting will my network become more or less secure?”

  6. Challenges in Security Metrics • Typical issues addressed in the literature • How can a database server be secured from intruders? • How do I stop an ongoing intrusion? • Notice that they all have a qualitative nature • Better questions to ask: • How secure is the database server in a given network configuration? • How much security does a new configuration provide? • How can I plan on security investments so it provides a certain amount of security? • For this we need a system security modeling and analysis tool

  7. Challenges in Security Metrics • Metric for individual vulnerability exists • Impact, exploitability, temporal, environmental, etc. • E.g., the Common Vulnerability Scoring System (CVSS) v2 released on June 20, 20071 • However, how to compose individual measures for the overall security of a network? • Our work focuses on this issue 1. Common Vulnerability Scoring System (CVSS-SIG) v2, http://www.first.org/cvss/

  8. Challenges in Security Metrics • Counting the number of vulnerabilities is not enough • Vulnerabilities have different importance • The scoring of a vulnerability is a challenge • Context of the Application • Configuration of the Application • How to compose vulnerabilities for the overall security of a network system

  9. What is an Attack Graph • A model for • How an attacker can combine vulnerabilities to stage an attack such as a data breach • Dependencies among vulnerabilities

  10. Attack Graph Example

  11. Different Paths for the Attack • sshd_bof(0,1) → ftp_rhosts(1,2) → rsh(1,2) → local_bof(2) • ftp_rhosts(0,1) → rsh(0,1) → ftp_rhosts(1,2) → rsh(1,2) → local_bof(2) • ftp_rhosts(0,2) → rsh(0,2) → local_bof(2)

  12. Attack Graph from machine 0 to DB Server

  13. What is ? Stands for Common Vulnerability Scoring System An open framework for communicating characteristics and impacts of IT vulnerabilities Consists three metric groups: Base, Temporal, and Environmental

  14. CVSS (Cont’d) Base metric : constant over time and with user environments Temporal metric : change over time but constant with user environment Environmental metric: unique to user environment

  15. CVSS (Cont’d) • CVSS metric groups • Each metric group has sub-matricies • Each metric group has a score associated with it • Score is in the range 0 to 10

  16. Access Vector This metric measures how the vulnerability is exploited. • Local • Adjacent Network • Network

  17. Access Complexity This metric measures the complexity of the attack required to exploit the vulnerability • High: Specialized access conditions exist • Medium: The access conditions are somewhat specialized • Low: Specialized access conditions do not exist

  18. Authentication This metric measures the number of times an attacker must authenticate to a target to exploit a vulnerability • Multiple: The attacker needs to authenticate two or more times • Single: One instance of authentication is required • None: No authentication is required

  19. Confidentiality Impact This metric measures the impact on confidentiality due to the exploit. • None: No Impact • Partial: There is a considerable information disclosure • Complete: There is total information disclosure • Similar things for the Integrity Impact and Availability Impact

  20. Base Score Base Score = Function(Impact, Exploitability) Impact = 10.41 * (1-(1-ConImp)*(1-IntImp)*(1-AvailImpact)) Exploitability = 20*AccessV*AccessComp*Authentication

  21. Base Score Example CVE-2002-0392 • Apache Chunked Encoding Memory Corruption BASE METRIC EVALUATION SCORE Access Vector [Network] (1.00) Access Complex. [Low] (0.71) Authentication [None] (0.704) Availability Impact[Complete] (0.66) Impact = 6.9 Exploitability = 10.0 BaseScore = (7.8)

  22. Numbers are estimated probabilities of occurrence for individual exploits, based on their relative difficulty. The ftp_rhosts and rsh exploits take advantage of normal services in a clever way and do not require much attacker skill A bit more skill is required for ftp_rhosts in crafting a .rhost file. sshd_bof and local_bof are buffer-overflow attacks, which require more expertise. Attack Graph with Probabilities

  23. When one exploit must follow another in a path, this means both are needed to eventually reach the goal, so their probabilities are multiplied: p(A and B) = p(A)p(B) When a choice of paths is possible, either is sufficient for reaching the goal: p(A or B) = p(A) + p(B) –p(A)p(B). Probabilities Propagated Through Attack Graph

  24. Network Hardening • When we harden the network, this changes the attack graph, along with the way its probabilities are propagated. • Our options to block traffic from the Attacker: • Make no change to the network (baseline) • Block ftp traffic to prevent ftp_rhosts(0,1) and ftp_rhosts(0,2) • Block rsh traffic to prevent rsh(0,1) and rsh(0,2) • Block ssh traffic to prevent sshd_bof(0,1)

  25. Comparison of Options • We can make comparisons of relative security among the options • Make no change p=0.1 • Blocking rsh traffic from Attacker leaves a remaining 4-step attack path with total probability p = 0.1∙0.8∙0.9∙0.1 = 0.0072 • Blocking ftp traffic, p=0.0072 • But blocking ssh traffic leaves 2 attack paths, with total probability p ≈ 0.0865, i.e., compromise is 10 times more likely as compared to blocking rsh or ftp.

  26. Need for a Modeling Tool • For a large enterprise network that has hundreds of host machines and several services we need a modeling tool that can • Generate the attack graph • Use the attack graph for quantitative analysis of the current configuration • Help the network administrators to decide what changes to make to improve security

  27. Network Vulnerability Host Configuration DB Configuration Security Modeling Tool Attack Graphs System Architecture

  28. Conclusions • Based on attack graphs, we have proposed a model for security risk analysis of information systems • Composing individual scores to more meaningful cumulative metric for overall system security • The metric meets intuitive requirements • The metric can be used for making recommendations to improve network security

More Related