Chapter 15 Security
Internal and External
Threats /attacks
Breach of confidentiality
Breach of integrity
Breach of availability
Theft of service
Denial of service
Methods -- masquerading, breach of authentication, replay attack, message modification, man-in-the-middle attack, session hijacking
Four levels
Physical
Human -- social engineering, phishing, dumpster diving
OS
Network
Program Threats -- back doors
Trojan horse, login emulations (cntl-alt-del), spyware, keyboard logging
Trap-door
Logic bomb
Stack & buffer overflow, kiddie script
Viruses
Biological analogy -- infect, self replicate, latency, disinfecting, etc.
Virus dropper
Virus categories:
file, boot, macro,
source code, polymorphic, encrypted, stealth, tunneling, multipartite, armored
PDF viruses?
Window vs. Unix
Detecting vs. disinfecting
Safe computing -- sandbox, rich text format
System and Network Threats -- usually breakdown in protection mechanism
Worms -- spawn or fork
Morris
-- rsh, finger, sendmail attack
Sobig worm
Port scanning -- nmap, nessus
Zombie system
Denial-of-service & distributed DOS
Cryptography
Network receives bits from wire, impractical to build a network that assures source & destination
Encrypt, decrypt (vs. encipher vs. decipher)
Plaintext, cyphertext
Cryptography (designing), cryptanalysis (breaking), cryptology (both)
Authentication, integrity, nonrepudiation
Man-in-middle attack
Key, keyspace, size (effect of the number of bits)
One-time pads
Symmetric (DES, triple DES, AES, ...Fish, RC4)
Asymmetric -- public key, private key
Example (p580)
Authentication -- message digest, digital signature
Key distribution -- out-of-band, certificate, session key
Implementation -- IPSec, VPN, SSL
User Authentication
Passwords -- guessing (info vs. brute force), shoulder surfing, written down, illegal transfer, keystroke logging
Selection, generation, design
Frequency of change, keeping secure, password safes
Storing password in computer -- encrypted, dictionary attacks, salt, size
Paired passwords & two-factor authentication -- challenge/response, one-time, PIN, one-time pad
Biometrics -- palm, finger/thumb print, signature, retina
Implementing Defenses
Defense in depth
Policy -- explicit
Vulnerability assessment -- risk assessment, penetration test
Scans -- Satan, etc.
Security through obscurity
Intrusion detection -- detection vs. preventions
Signature (characterizes dangerous) vs. Anomaly (characterizes normal)
Zero-day attacks, false positive, false negatives
E.g., Trip-wire
Auditing, Accounting, Logging
Firewalls -- security domains, DMZ, tunnels, spoofing, VPN, personal, proxy servers
Computer-security classifications -- Orange book (rainbow books)
A, B3, B2, B1, C2, C1, D
Balance -- getting something done
Most secure computer is turned-off, unconnected to the network, & still in a box
Legal Implications -- notification, reasonable expectations, due-diligence, polices, prosecution