Computer system security

Chapter 1
Introduction

Maereg Teferi(MSc)
 Overview
• Security Goals
• The need for security
• OSI Security Architecture
• Attacks, services and mechanisms
• Security attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
2
 Computer Security
• Is defined as the protection afforded to an
automated information system in order to attain the
applicable objectives of preserving the integrity,
availability and confidentiality of information
system resources (includes hardware, software,
firmware, information/data, and
telecommunications)

3
CIA Triad

4
 Key Objectives
• Confidentiality
– Data Confidentiality-information not disclosed to
unauthorized individuals
– Privacy– individuals control how their information is
collected, stored, shared
• Integrity
– Data Integrity
– System Integrity
• Availability– service not denied to authorized users

5
 Security Goals

Confidentiality

Integrity Avalaibility

6
 Security Goals
• Confidentiality
– Concealment of information or resources
• Integrity
– Trustworthiness of data or resources
• Availability
– Ability to use information or resources

7
 Confidentiality
• Need for keeping information secret arises from use
of computers in sensitive fields such as government
and industry
• Access mechanisms, such as cryptography, support
confidentiality
– Example: encrypting income tax return
• Lost through unauthorized disclosure of information

8
 Integrity
• Often requires preventing unauthorized changes
• Includes data integrity (content) and origin integrity
(source of data also called authentication)
• Include prevention mechanisms and detection
mechanisms
– Example: Newspaper prints info leaked from White House and
gives wrong source
• Includes both correctness and trustworthiness
• Lost through unauthorized modification or destruction of
information
9
 Availability
• Is an aspect of reliability and system design
• Attempts to block availability, called denial of
service attacks (DoS) are difficult to detect
– Example: bank with two servers –one is blocked, the
other provides false information
• Ensures timely and reliable access to and use of
information
• Lost through disruption of access to information or
information system 10
 Authenticity and
Accountability
Two additional objectives:
• Authenticity- being genuine and able to be verified
or trust; verifying that users are who they say they
are
• Accountability-actions of an entity can be traced
uniquely to that entity; supports nonrepudiation,
deterrence, fault isolation, intrusion, detection and
prevention.
11
 Levels of Impact
• We can define 3 levels of impact from a
security breach:
–Low
–Moderate
–High

12
 Security Breach
Low Impact
• Loss has limited adverse effect
• For example:
– Effectiveness of the functions of an
organization are noticeably reduced
– Results in minor damage to organizational
assets
– Results in minor financial loss
– Results in minor harm to individuals
13
 Security Breach
Moderate Impact

• Loss may have serious adverse effect on

organizational operations, assets or individuals.
• For example:
– Effectiveness of the functions of an organization
are significantly reduced
– Results in significant damage to organizational
assets
– Results in significant financial loss
– Results in significant harm to individuals
14
 Security Breach
High Impact
• Loss is expected to have severe or catastrophic adverse
effect on organizational operations, assets or individuals.
• For example:
– Effectiveness of the functions of an organization are
reduced so that the organization cannot perform its
primary function(s).
– Results in major damage to organizational assets
– Results in major financial loss
– Results in severe or catastrophic harm to individuals, involving
loss of life or serious life-threatening injuries
15
 Examples of Security
Requirements
• Confidentiality – student grades
– High confidentiality – grades
• Only available to students, parents and employees (who need
it to do their job)
– Moderate confidentiality –enrollment
– Low confidentiality – Directory information
• Lists of departments, faculty, students
• Available to the public
• Often published on Web site
16
 Examples of Security
Requirements
• Integrity- patient information
– High requirement for integrity
• –Medical database, if falsified or inaccurate, could cause
harm ( allergies, etc.)
– Medium requirement for integrity
• Web site that offers a forum for discussion of medical topics,
not for research
– Low requirement for integrity
• Anonymous poll (such as a patient satisfaction)

17
 Examples of Security
Requirements
Availability - The more critical a component or
service is, the higher the level of availability required:
•High availability- authentication service
– Interruption of service results in being unable to access
computing resources
•Moderate availability- College web site
– Provides information but is not critical
•Low availability- online phone directory
– Other sources of information are available 18
 The Need for Security
• Computer Security - the collection of tools
designed
– to protect data and
– to thwart hackers
• Network security or internet security-
security measures needed to protect data
during their transmission
19
 Security
• Motivation: Why do we need security?
• Increased reliance on Information technology with
or with out the use of networks
• The use of IT has changed our lives drastically.
• We depend on E-mail, Internet banking, and several
other governmental activities that use IT

• Increased use of E-Commerce and the World wide

web on the Internet as a vast repository of various
kinds of information (immigration databases, flight
tickets, stock markets etc.) 20
 Security Concerns
• Damage to any IT-based system or activity can result in
severe disruption of services and losses
• Systems connected by networks are more prone to attacks
and also suffer more as a result of the attacks than stand-
alone systems
• Concerns such as the following are common
– How do I know the party I am talking on the network is really the
one I want to talk?
– How can I be assured that no one else is listening and learning the
data that I send over a network
– Can I ever stay relaxed that no hacker can enter my network
21
 Concerns continued…
• Is the web site I am downloading information from a
legitimate one, or a fake?

• How do I ensure that the person I just did a financial

transaction denies having done it tomorrow or at a later
time?

• I want to buy some thing online, but I don’t want to let

them charge my credit card before they deliver the
product to me
22
 That is why…
• ..we need security
– To safeguard the confidentiality, integrity, authenticity
and availability of data transmitted over insecure
networks
– Internet is not the only insecure network in this world
– Many internal networks in organizations are prone to
insider attacks
– In fact, insider attacks are greater both in terms of
likelihood of happening and damage caused
23
 However, in reality
• Security is often over looked (not one of the top criteria)
• Availability, efficiency and performance tend to be the
ones
• Systems too complex in nature and rich in features can be
filled with security holes
• Incorporation of security into networks, not growing with
the rapidly growing number and size of networks
• Attacking is becoming so common and easy – there are
books clearly explaining how to launch them
• Security and attacks are a perpetual cat-and-mouse play.
The only way to avoid attacks is to keep up-to-date with
latest trends and stay ahead of malicious netizens 24
 The Good News...
• There a lot of techniques for defense
• Educating people on security solves many problems
• About threats and on the existence of security
mechanisms, qualified personnel, usability and
economics
• We will cover a lot of network defenses
– Certainly not all

25
 Computer Security
Challenges
Computer Security is both fascinating and
complex:
1.not simple
2.must consider potential attacks
3.procedures used counter-intuitive
4.involve algorithms and secret info
5.must decide where to deploy mechanisms

26
 Computer Security
Challenges
6. battle of wits between attacker/administrator
7. not perceived to be a benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to efficient and user
friendly use of system
These difficulties will be explored throughout the
course.
27
 OSI Security Architecture

• International Telecommunications Union (ITU) is a

United Nations sponsored agency that develops standards
relating to telecommunications and to Open system
Interconnection (OSI)

28
 7 Layer OSI Model

Layer Functions
7 Application How application uses network

6 Presentation How to represent & display data

5 Session How to establish communication

4 Transport How to provide reliable delivery (error checking,

sequencing, etc.)
3 Network How addresses are assigned and packets are forwarded

2 Data Link How to organize data into frames & transmit

1 Physical How to transmit “bits” 29

 OSI Network Stack and Attacks
(V. Shmatikov)
email,Web,NFS Sendmail, FTP, NFS bugs,
application chosen-protocol and
version-rollback attacks
presentation
RPC RPC worms, portmapper exploits
session
TCP SYN flooding, RIP attacks,
transport sequence number prediction
IP IP smurfing and other
network
802.11 address spoofing attacks
data link WEP attacks
physical

Only as secure as the single weakest layer… 30

 OSI Security Architecture
• The OSI security architecture focuses on security
attacks, mechanisms and services

31
 Aspects of Security
• consider 3 aspects of information security:
– security attack
– security mechanism
– security service
• note terms:
– threat – a potential for violation of security
– attack – an assault on system security, a
deliberate attempt to evade security services
32
 Threats and Attacks
• Threat - a potential for violation of security or a
possible danger that might exploit a vulnerability
• Attack - an assault on system security- an
intelligent act that is a deliberate attempt to evade
security services and violate the security policy of
a system.

33
 Attacks, Services and
Mechanisms
• Security Attack: Any action (active or
passive) that compromises the security of
information.
• Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
• Security Service: A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms 34
Security Threats/Attacks

35
 Security Attacks
• Interruption: This is an attack on
availability
– Disrupting traffic
– Physically breaking communication line
• Interception: This is an attack on
confidentiality
– Overhearing, eavesdropping over a
communication line
36
 Security Attacks (continued)
• Modification: This is an attack on integrity
– Corrupting transmitted data or tampering with
it before it reaches its destination
• Fabrication: This is an attack on
authenticity
– Faking data as if it were created by a legitimate
and authentic party

37
 Threats
• Disclosure – unauthorized access to
information
• Deception – acceptance of false data
• Disruption- interruption or prevention of
correct operation
• Usurpation- unauthorized control of some
part of a system
38
 Examples of Threats
• Snooping intercepting information (“passive”
wiretapping)
• Modification or alteration of information by
“active” wiretapping
• Masquerading or spoofing
• Repudiation of origin
• Delay or denial of service
39
 Safeguards and
Vulnerabilities

• A Safeguard is a countermeasure to protect

against a threat

• A weakness in a safeguard is called a

vulnerability

40
 Passive and Active Attacks
• Security attacks are usually classified as passive
or active:
• Passive- attempts to learn or make use of
information from the system, but does not affect
system resources.
• Active- attempts to alter system resources or
affect their operation.

41
 Passive and active attacks
• Passive attacks- goal to obtain information
– No modification of content or fabrication
– Eavesdropping to learn contents or other information (transfer
patterns, traffic flows etc.)
• Release of message contents
• Traffic analysis
• Active attacks- modification of content and/or participation in
communication to
• Impersonate legitimate parties (Masquerade)
• Replay or retransmit
• Modify the content in transit
• Launch denial of service attacks
42
Passive Attacks

43
Passive Attacks

44
Active Attacks

45
Active Attacks

46
Summary of Passive and Active Threats

47
 Services and Mechanisms
• A security policy is a statement of what is and
what is not allowed.
• A security service is a measure to address a threat
– E.g. authenticate individuals to prevent unauthorized
access
• A security mechanism is a means to provide a
service
– E.g. encryption, cryptographic protocols
48
 Security Services
– enhance security of data processing systems and
information transfers of an organization
– are intended to counter security attacks
– use one or more security mechanisms
– often replicate functions normally associated with
physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
are notarized or witnessed; are recorded or licensed 49
 Security Services
• (X.800) defines a security service as a service provided by
the protocol layer of a communicating system, that ensures
adequate security of the systems or data transfers
• 5 Categories
– Authentication
– Access Control
– Data confidentiality
– Data Integrity
– Nonrepudiation (and Availability)
50
 Security Services
• Authentication (who created or sent the data)
• Access control (prevent misuse of resources)
• Confidentiality (privacy)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files
51
 Security Services
Examples
• Authentication
– Ensuring the proper identification of entities and origins of data before
communication
• have both peer-entity & data origin authentication
• Access control
– Preventing unauthorized access to system resources
• Data confidentiality
– Preventing disclosure to unauthorized parties
• Data integrity
– Preventing corruption of data
• Non-repudiation
– Collecting proof to prevent denial of participation in transaction or communication
• Availability
– Protection against denial-of-service

52
 Security Mechanism

• feature designed to detect, prevent, or recover

from a security attack
• no single mechanism that will support all services
required
• however one particular element underlies many of
the security mechanisms in use:
– cryptographic techniques
• hence our focus on this topic
53
 Security Mechanisms
Examples
• Two types
– Specific mechanisms existing to provide certain security
services
• E.g. encryption used for authentication
• Other examples: encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding, routing control,
notarization
– Pervasive mechanisms which are general mechanisms
incorporated into the system and not specific to a service
• E.g. security audit trail
• Other examples: trusted functionality, security labels, event detection,
security audit trails, security recovery

54
 Model for Network Security
• Basic tasks
– Design an algorithm that opponent cannot defeat
– Generate the secret information to be used with
the algorithm
– Develop methods for distributing secret
information
– Specify a protocol to be used
• May need a trusted third party to assist
55
Model for Network Security

56
 Two Types of Program
Threats
• Information access threats
– Intercept or modify data on behalf of users who
should not have access to that data.
– E.g. corruption of data by injecting malicious code
• Service threats
– Exploit service flaws in computers to inhibit use by
legitimate uses.
• Viruses and worms are examples of software
attacks. 57
General Security
Access Model

58
 Model for Network Access
Security
• Security mechanisms for controlling unwanted
access fall into two categories.
• Using this model requires us to:
1. select appropriate gatekeeper functions to identify
users (for example, password-based login procedures)
2. implement security controls to ensure only authorised
users access designated information or resources (for
example, monitor activities and analyse stored
information to detect the presence of intruders

59
 Methods of Defense
• Encryption
• Software Controls
– (access limitations in a data base, in operating system protect each
user from other users)
• Hardware Controls
– (smartcard)
• Policies
– (frequent changes of passwords)
• Physical Controls

60