ebook img

Introduction to Security The World We Live In What is Security? PDF

154 Pages·2008·3.75 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Introduction to Security The World We Live In What is Security?

The World We Live In Introduction to Security ™ Personal computers (home or office) ™ Data servers (databases and web serves) ™ Phone systems (terminals, switches, routers) ™ Cellular phones (voice, image, video, data) ™ Hand-held appliances (laptops, PDA, GPS) ™ Wireless communication (LAN, microwave, free air) ™ Information kiosks (data, service, bank ATMs) ™ Television systems (cable, satellite, free air) Prof. Shlomo Kipnis ™ Embedded systems (in cars, in home appliances) October 22, 2007 ™ Smart cards (identification, authorization, electronic cash) ™ Many other systems . . . Prof. Shlomo Kipnis 1 Fall 2007/2008 Prof. Shlomo Kipnis 2 Fall 2007/2008 What is Security? Security Challenges ™ On the one hand: ™ Securing a variety of different systems ¾ Making sure that bad things do not happen ¾ Reducing the chances that bad things will happen ™ Securing interfaces between different systems ¾ Lowering the impact of bad things ™ Different security goals and needs ¾ Providing means to recover from bad things ™ While on the other hand: ™ Attackers seek weakest link in the system ¾ Allowing good things to happen ™ Security people must protect all links in the system ¾ Managing the cost of the system ™ Maintaining system usability ™ Examples: ¾ Home security ™ Keeping security costs under control ¾ Car Security Prof. Shlomo Kipnis 3 Fall 2007/2008 Prof. Shlomo Kipnis 4 Fall 2007/2008 Threats & Attacks Some Security Breaches ™ In 1988, a computer “worm” launched by Cornell ™ Unauthorized access ™ Data leaks graduate student, Robbert Morris Jr., infected 1000’s of computers, causing them to shut down ™ System integrity loss ™ Data manipulation ™ In 1994, $10.4 million dollar computer fraud by a ™ Denial of service ™ Data fraud group from Russia against Citibank ™ Computer viruses ™ Data theft ™ In 1996, the USA DOJ and CIA home pages were ™ Trojan horses ™ Data destruction defaced by vandals ™ Information loss ™ Program manipulation ™ In 2000+, millions of attacks on governments, corporations, financial institutions, etc. every year. (Most are unsolved and are not reported.) Prof. Shlomo Kipnis 5 Fall 2007/2008 Prof. Shlomo Kipnis 6 Fall 2007/2008 1 Eavesdropping and Packet Sniffing Snooping ™ Description: Acquiring information without changing it ™ Description: Acquiring information without modifying it ™ Means: Packet sniffers, routers, gateways, capturing ™ Means: Browsing documents on disk or main memory and filtering out packets ¾ Using legitimate privileges (insiders) ¾ Hacking into a system (outsiders) ™ Threats: Sniffing can be used to catch various information sent over the network ¾ Stealing laptops ¾ Monitoring keyboard strokes ¾ Login + Password ¾ Observing timing information (covert channels) ¾ Credit card numbers ™ Threats: ¾ E-mails and other messages ¾ Obtaining sensitive information (files with credit card numbers) ¾ Traffic analysis ¾ Discovering passwords, secret keys, etc. Prof. Shlomo Kipnis 7 Fall 2007/2008 Prof. Shlomo Kipnis 8 Fall 2007/2008 Tampering Spoofing ™ Description: Modifying or destroying stored data ™ Description: Impersonating other users or computers to obtain privileges ™ Means: Insiders misusing privileges or outsiders breaking into system ™ Means: ™ Threats: ¾ Account stealing, password guessing, social engineering ¾ Change records – school grades, prison records, tax payers’ ¾ IP spoofing: E-mail forging, false IP From address, hijacking debts (NY $13 million property tax fraud) IP connections ¾ Erase audit trails (by hacker) ™ Threats: ¾ Plant Trojan-horses for password gaining, and other uses ¾ Forged messages (Dartmouth’s “exam is cancelled”) ¾ Denial of Service (IP attacks, SYN attacks, Ping-of-Death) ¾ Information sniffing (Princeton “WWW Spoofing” attack) Prof. Shlomo Kipnis 9 Fall 2007/2008 Prof. Shlomo Kipnis 10 Fall 2007/2008 Jamming Code Injection ™ Description: Disabling a system or service ™ Description: Injecting malicious code to execute on host with high privileges and infecting other hosts ™ Means: Engaging host in numerous (legitimate) activities until exhausting its resources; spoofing return ™ Means: addresses to avoid tracing ¾ Virus: attached to executable, spread through infected floppy disks, E-mail attachments, macros ™ Threats: ¾ Worm: replicate over the Internet ¾ Consume all resources on the attacked machines, e.g., memory (SYN attack), disk (E-mail attack) ™ Threats: ¾ Exploit bug to shut down hosts (ping-of-death) ¾ Everything… Prof. Shlomo Kipnis 11 Fall 2007/2008 Prof. Shlomo Kipnis 12 Fall 2007/2008 2 The Melissa Virus Exploiting Flaws ™ E-mail message; launched around end of March 1999 ™ Exploit vulnerabilities in software to penetrate systems ¾ Subject: Important Message From <name> ¾ Buffer overflow (e.g., ‘finger’, Internet Worm, Web Site apps) ¾ Body: Here is that document you asked for ... don't show ¾ Mobile code security flaws (Java, ActiveX) anyone else ;-) + set of pornographic links ¾ Bad human engineering (Unix administrator logins, sendmail) ¾ Attachment: Word file with infectious macro ™ Knowledge spreads faster than remedy ƒ Registers itself, to avoid duplication ¾ Hacker bulletins ƒ Modifies Normal.dot template ¾ Advisories: ƒ Sends Email to top 50 addresses in Outlook address book ƒ Flaws/fixes repositories, e.g., CERT ¾ When date+month matches hour+minutes, inserts “Twenty-two ƒ Publicly available software kits to detect known vulnerabilities, points, plus triple-word-score, plus fifty points for using e.g., SATAN, ISS all my letters. Game's over. I'm outta here.” ƒ But they are not always followed readily, and are often used to ¾ Impact: Within less than 3 days, over 100,000 hosts. Some the advantage of hackers hosts had to shut down because of E-mail volume ¾ Publicly available hacker kits on the net, e.g., RootKit (Unix) Prof. Shlomo Kipnis 13 Fall 2007/2008 Prof. Shlomo Kipnis 14 Fall 2007/2008 Password and Key Cracking Social Engineering ™ Guessing: family member names, phone numbers, etc. ™ Spoofing a “real system”: ™ Dictionary Attack: systematic search ¾ Login screen ¾ Crack: dictionary attack extended with common patterns ¾ Phone numbers ƒ crack is now employed by sys-admins and the passwd program ¾ ATM story ™ Exhaustive search: ™ Spoofing a “service”: ¾ Crypt-analysis tools evolve continually ¾ Stealing credit card numbers and PINs ¾ The Internet provides a massively parallel computing resource ¾ Stealing passwords ™ Crypt-analysis, bad generators, timing analysis ™ Agent-in-the-Middle Attacks ¾ Kocher: discover key by the time it takes to encrypt with it ¾ Special print of newspaper ¾ Router, gateway, bulletin boards, etc. ™ Smart-card cracking via fault injection Prof. Shlomo Kipnis 15 Fall 2007/2008 Prof. Shlomo Kipnis 16 Fall 2007/2008 Hackers – Who Are They? Political Hacking ™ Academic Researchers: ™ Motivation: ¾ Universities and research laboratories ¾ Political reasons ¾ Develop and analyze systems ¾ Industrial espionage ™ Consultant Hackers: ¾ Employed by companies to identify weaknesses in systems ¾ Military espionage ™ Independent Hackers: ¾ Information Warfare ¾ Work individually to identify weaknesses in systems ™ Resources: ¾ Motivation is social or personal ¾ Almost unlimited ™ Criminal Hackers: ¾ Other side of the law ™ Risk: ¾ Motivation is mostly financial or political ¾ Depends on the country ™ Amateur Hackers: ™ Examples: ¾ Get tools and codes from others ¾ Non-professional (leave traces) ¾ US-Russia, US-China, Israel-Hizballa Prof. Shlomo Kipnis 17 Fall 2007/2008 Prof. Shlomo Kipnis 18 Fall 2007/2008 3 Commercial Hacking Social Hacking ™ Motivation: ™ Motivation: ¾ Kind of business intelligence ¾ Political or social agenda ¾ Gain business advantage ¾ Social Hacktivism ¾ Cause direct or indirect loses ¾ Ideology ™ Resources: ™ Resources: ¾ Institutional groups may have abundant resources ¾ Limited by potential gain ¾ Independent groups may have public support ™ Risk: ™ Risk: ¾ Legal prosecution ¾ Almost no risk ™ Examples: ™ Examples: ¾ Reverse engineering, service disruption ¾ CDC (Microsoft’s SW), Russian hacker (Adobe’s SW) Prof. Shlomo Kipnis 19 Fall 2007/2008 Prof. Shlomo Kipnis 20 Fall 2007/2008 Financial Hacking Individual Hacking ™ Motivation: ™ Motivation: ¾ Monetary gains ¾ Disgruntled employees ¾ Theft of resources ¾ Curiosity ™ Resources: ¾ Intellectual challenge ¾ Single individuals – little resources (but have the skills) ¾ Vandals ¾ Organized crime – abundant financial resources ™ Resources: ™ Risk: ¾ Scarce resources ¾ Target individuals and organizations ¾ Large community ¾ Considered to be low ™ Risk: ¾ Innocent mistakes ™ Examples: ¾ Almost no risk when crossing jurisdiction boundaries ¾ Phone, TV, Web-sites, Credit card numbers Prof. Shlomo Kipnis 21 Fall 2007/2008 Prof. Shlomo Kipnis 22 Fall 2007/2008 Hacker Information Resources Recommended Books (I) ™ General Security ™ Newsgroups: ¾ alt.2600 ¾ “The NCSA Guide to Enterprise Security: Protecting Information Assets”, Michel Kabay, McGraw Hill, 1996 ¾ Cult of Dead Cow (CDC) ™ Magazines: ¾ “Practical Unix and Internet Security”, Simson Garfinkel and Gene Spafford, O’Reilly & Associates, 1996 ¾ Phrack ¾ Web sites ¾ “Security Engineering: a Guide to Building Dependable Distributed Systems”, Ross Anderson, John Wiley & Sons, 2001 ™ Conferences: ¾ DefCon ¾ “Firewalls and Internet Security”, William Cheswick and Steven Bellovin, Addison Wesley, 1994 (and 2003 ???) ™ CERT: ¾ Computer Response Emergency Team newsgroups ¾ “Web Security Sourcebook”, Aviel Rubin, Daniel Geer, and Marcus Ranum, John Wiley & Sons, 1997 Prof. Shlomo Kipnis 23 Fall 2007/2008 Prof. Shlomo Kipnis 24 Fall 2007/2008 4 Recommended Books (II) Recommended Books (III) ™ Applied Cryptography ™ Systems & Protocols ¾ “Cryptography and Network Security: Principles and Practice”, ¾ “Understanding Public-Key Infrastructure: Concepts, Standards, William Stallings, 3-rd edition, Prentice Hall, 2003 and Deployment Considerations”, Carlisle Adams and Steve Lloyd, ¾ “Network Security: Private Communication in a Public World”, New Riders, 1999 Charlie Kaufman, Radia Perlman, and Mike Speciner, 2-nd ¾ “IPSEC: The New Security Standard for the Internet, Intranets, edition, Prentice Hall, 2002 and Virtual Private Networks”, Naganand Doraswamy and Dan ¾ “Handbook of Applied Cryptography”, Alfred Menezes, Paul van Harkins, Prentice Hall, 1999 Oorschott, and Scott Vanstone, CRC Press, 1997 ¾ “SSL and TLS: Designing and Building Secure Systems”, Eric ¾ “Applied Cryptography: Protocols, Algorithms, and Source Code Rescorla, Addison Wesley, 2001 in C”, Bruce Schneier, 2-nd edition, John Wiley & Sons, 1996 ¾ “The Code Book”, Simon Singh, Anchor Books, 1999 Prof. Shlomo Kipnis 25 Fall 2007/2008 Prof. Shlomo Kipnis 26 Fall 2007/2008 5 Security Engineering Security Engineering ™ Security Engineering – a disciplined approach to building security systems: ¾ Security Policies ¾ Security Threats ¾ Security Goals ¾ Security Methods ¾ Security Layers Prof. Shlomo Kipnis ¾ Security Principles October 24, 2007 Prof. Shlomo Kipnis 1 Fall 2007/2008 Prof. Shlomo Kipnis 2 Fall 2007/2008 Security Policies Security Threats ™ Threats – what the dangers and attacks are ™ Unauthorized access ™ Data leaks ™ Goals – what to protect, types of security services ™ System integrity loss ™ Data manipulation ™ Entities – users, stations, devices, assets, etc. ™ Denial of service ™ Data fraud ™ Actions – allowable actions in the system ™ Computer viruses ™ Data theft ™ Permissions – who is allowed to do what in the system (ACL - Access Control Lists) ™ Trojan horses ™ Data destruction ™ Failures – they will happen, so better plan for them ™ Information loss ™ Program manipulation ™ Recovery – what to do when (not if) failures happen, how to recover system assets and services Prof. Shlomo Kipnis 3 Fall 2007/2008 Prof. Shlomo Kipnis 4 Fall 2007/2008 Security Goals System Entities ™ Entity Identification ™ Data Availability ™ Users: ™ Entity Authentication ™ System Availability ¾ regular users, administrators, guests, clients, suppliers, etc. ™ Data Integrity ™ Data Reliability ™ Workstations: ™ Data Authenticity ™ System Reliability ¾ personal station, functioned server, end terminal, data server ™ Data Confidentiality ™ Data Privacy ™ Gateways: ¾ routers, gateways, firewalls, application proxies, data proxies ™ Data Source Verifiability ™ Data Containment ™ Security Servers: ™ Non-Repudiation ™ Entity Anonymity ¾ administration station, key centers, directory servers, etc. ™ Plausible Deniability ™ And more . . . Prof. Shlomo Kipnis 5 Fall 2007/2008 Prof. Shlomo Kipnis 6 Fall 2007/2008 1 System Actions System Permissions ™ File System: ™ Tables of entities and actions: ¾ open, close, read, write, execute, delete, modify, list, ¾ Lists of subject, object, and actions change permissions, etc. ¾ Grouping subjects, objects, and actions ™ Banking System: ¾ Example: users, groups, files, file-actions ¾ deposit, withdraw, open, close, transfer, get balance, etc. ™ Decision procedures given an entity and an action: ™ TV Viewing System: ¾ Static rules ¾ view, purchase, store, play, connect to center, gamble, ¾ Time-driven rules change permissions, etc. ¾ Event-driven rules ™ Router / Gateway: ¾ Example: firewalls ¾ allow packets, drop packets, apply checks to packets, etc. Prof. Shlomo Kipnis 7 Fall 2007/2008 Prof. Shlomo Kipnis 8 Fall 2007/2008 System Failures System Recoveries ™ Data loss (accidental or intentional) ™ Data backup ™ Data corruption (accidental or intentional) ™ Redundant systems ™ Data falling in the wrong hands ™ Operation resumption procedures ™ Breaking into the system ™ Alternate operations ™ Leaking system secrets ™ Insurance ™ System unavailability ™ System non-accessibility ™ System non-operability Prof. Shlomo Kipnis 9 Fall 2007/2008 Prof. Shlomo Kipnis 10 Fall 2007/2008 Security Methods Security Layers ™ User Awareness – assets, secrets, passwords, etc. ™ Damage Prevention – keeping bad things away ™ Physical Protection – disks, cards, systems, locks, etc. (guards, doors, firewalls, access controls, etc.) ™ Access Control – lists, devices, etc. ™ Damage Detection – detecting when bad things ™ Cryptography – encryption, authentication, signatures happen (cameras, alarms, monitoring, intrusion ™ Backup – data, services, availability detection systems, log files, etc.) ™ Monitoring – traffic, log files, etc. ™ Damage Recovery – recovering from bad things ™ Redundancy – systems, data, people (backup, alternate systems, insurance, etc.) ™ Deception – honey-pot systems ™ Proactive Security – distributed, going after bad guys Prof. Shlomo Kipnis 11 Fall 2007/2008 Prof. Shlomo Kipnis 12 Fall 2007/2008 2 Security Principles Natural Faults ™ Electrical power interruption – no computing ™ Least Privilege – action to be performed by lowest ranking entity that can perform it ™ Communication interruption – no remote access ™ Trusted Components – identification of components and ™ Hardware malfunctioning – wrong computing the level of trust in them ™ Software bugs – wrong computing ™ Simple Designs – small and modular systems with well ™ Operator errors – loss of data or operation defined interfaces ™ Fire – damage to hardware and data ™ Paranoia – if your system / data is worth something – ™ Flood – damage to hardware and data then, sooner or later, someone will break it. Stay alert. ™ Earthquake – loss of operation and data ™ No Perfection – Return-On-Investment curves ™ Acts of War – loss of operation Prof. Shlomo Kipnis 13 Fall 2007/2008 Prof. Shlomo Kipnis 14 Fall 2007/2008 Intended Attacks System Solutions (I) ™ Sniffing – listening to the communication ™ Password systems ™ Snooping – stealing secrets or sensitive data ™ Authentication devices ™ Tampering – changing data, breaking into systems ™ Access control lists ™ Spoofing – impersonating as another entity ™ Firewalls ™ Code Injection – viruses, applets, etc. ™ Virus-detection software ™ System Exploits – finding weak spots in systems ™ Intrusion detection systems ™ Password Cracking – guessing or searching for passwords ™ Data backup systems ™ Social Engineering – convincing users to do things ™ Security evaluation software ™ Physical Attacks – breaking devices ™ Hardware security devices ™ And more . . . . . Prof. Shlomo Kipnis 15 Fall 2007/2008 Prof. Shlomo Kipnis 16 Fall 2007/2008 Security Solutions (II) Data Backup Systems ™ Secure Virtual Private Networks ™ What type of data needs to be backed-up? ¾ Mostly user data ™ Encryption software / hardware ¾ Usually not application code ™ Signature software / hardware ™ How much data needs to be backed-up? ™ Trusted operating systems ¾ Assume daily backup, 100 users, 100 MB per user per day ™ Trusted web server ¾ 10 GB of backup data per day…… ™ Software screening tools ™ Ways to deal with complexity and volume: ™ Program verification ¾ Full backup ¾ Incremental backup ™ Sand-box model ¾ Differential backup ™ Network containment ™ Backup security concerns Prof. Shlomo Kipnis 17 Fall 2007/2008 Prof. Shlomo Kipnis 18 Fall 2007/2008 3 Full Backup Incremental Backup ™ Backup files that have changed since last full backup ™ Backup all files on the computer ™ Done at small time-intervals (days, weeks) ™ Expensive: ¾ Volume to backup ™ Less expensive than full backup: ¾ Time to run the backup ¾ Volume of data to backup increases with time ¾ Recovery time is fast (1 full backup + 1 incremental backup) ¾ Storage to be kept for many years ¾ Storage can be reused after next full backup ™ Done at large time-intervals (month, year) ™ Can be used hierarchically and jointly with full backup: ™ Used as a complete system image at a given time ¾ Full backup once a year ™ Allows rebuilding the system as it was on a given date ¾ Level 1 incremental backup once a month ¾ Level 2 incremental backup once a day Prof. Shlomo Kipnis 19 Fall 2007/2008 Prof. Shlomo Kipnis 20 Fall 2007/2008 Differential Backup Backup Security Concerns ™ Backup files that have changed since last differential backup ™ Where is the backup data kept physically? ™ Done at small time-intervals (days, weeks) ™ Is the backup data kept encrypted? ¾ Where is the encryption key? ™ Less expensive than full backup: ¾ Is the encryption key backed-up for future use? ¾ Volume of data to backup is more or less constant every time ¾ Where is the encryption key kept? ¾ Recovery time is variable (1 full backup + ??? differential backups) ¾ Keep a hard copy of the key !!! ¾ Storage can be reused after next full backup ™ How does the system determine which files to backup? ™ Can be used hierarchically and jointly with full backup: ¾ Timestamps by the operating system ¾ Full backup once a year ¾ Tables or flags for each file ¾ Level 1 differential backup once a month ¾ What protects the time, table, flags? ¾ Level 2 differential backup once a day Prof. Shlomo Kipnis 21 Fall 2007/2008 Prof. Shlomo Kipnis 22 Fall 2007/2008 Monitoring Systems Redundant Systems ™ Log Files: ™ CPUs in Server ¾ user name, process id, exit status, time, etc. ¾ Special systems with 2 or 3 CPUs per server ™ Shell History: ¾ Used in mission-critical financial applications ¾ last few commands are kept in history ™ Servers in Farm ™ Mail: ¾ Several servers with access to same database ¾ outgoing mail is kept in system ¾ Used in database / web farms ™ Monitoring Software: ¾ Used also for load balancing ¾ on the wires, in the file system, exceptional operations ™ Site Redundancy ™ Audit Levels: ¾ dictated by the US DoD “orange book” ¾ Cold site – has data, operational within hours/days ™ Log files need to be backed-up !!! ¾ Hot site – runs in parallel, operational immediately Prof. Shlomo Kipnis 23 Fall 2007/2008 Prof. Shlomo Kipnis 24 Fall 2007/2008 4 Physical Security Physical Access ™ Physical Access ™ Buildings ¾ Buildings, computers, terminals, cables, data ¾ Doors, windows, locks, ventilation paths ™ Transmission Lines ™ Computers ¾ Electrical wires, optical fibers, wireless communication ¾ PCs, laptops, storage devices ™ Display Devices ™ Terminals ¾ CRT screens, LCD screens, paper ¾ Printers, screens, X-terminals, remote access ™ Magnetic Media ™ Cables ¾ Disks, tapes, computer memory ¾ Eavesdropping, networks, modems, entry points ™ Computing devices ™ Data ¾ PC cards, smart cards ¾ Disks, tapes, backup Prof. Shlomo Kipnis 25 Fall 2007/2008 Prof. Shlomo Kipnis 26 Fall 2007/2008 Transmission Lines Display Devices ™ Electrical Wires: ™ CRT Screens: ¾ Electromagnetic radiation is emitted from wires carrying signals ¾ Cathode Ray Tubes emit electromagnetic radiation ¾ Radiation can be detected up to meters from the wire ¾ Radiation can be captured and analyzed ¾ Signal can be re-constructed with commercial equipment ¾ Signal / image can be reconstructed ¾ Same technology is used for testing communication equipment ¾ Commercial products exist that do the job ¾ Tempest standards ™ LCD Screens: ™ Wireless Communication ¾ Less vulnerable to radiation analysis ¾ Easy to eavesdrop a wireless line ™ Paper: ™ Optical Fibers ¾ Paper falling to the wrong hands… ¾ Signal can be stolen off fiber by bending the fiber and placing it in a liquid with similar diffraction index to that of wire ¾ Writing on paper leaves marks on paper / material behind it Prof. Shlomo Kipnis 27 Fall 2007/2008 Prof. Shlomo Kipnis 28 Fall 2007/2008 Magnetic Media Computing Devices ™ Delete: ™ PC Cards: ¾ Removes the pointer to the object ¾ Physically securing crypto-processors and keys ™ Erase: ¾ IBM 4758 processor board complies with FIPS-140 level 4 ¾ Writes zero on memory area ¾ Tamper resistance against break-ins and other physical probing ™ Purge: techniques (temperature, power tests, etc.) ¾ Wipes the memory area several times (?) ™ Smart Cards ™ Disks / Tapes / Magnetic Memory: ¾ Small chips with some physical protection ¾ Digital signals are encoded by analog phenomena ¾ Freezing the chip and getting the info out ¾ Magnetic media have “state memory” of several generations ¾ Physical probing onto the chip bus ¾ Digital values of 0 or 1 leave trace even after erased ¾ Information is truly erased only after several generations of ¾ Surface meshes (can be defeated with Focused Ion Beams) random values have been written Prof. Shlomo Kipnis 29 Fall 2007/2008 Prof. Shlomo Kipnis 30 Fall 2007/2008 5

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.