Download Chapter 1: Security Problems in Computing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Cross-site scripting wikipedia , lookup

Wireless security wikipedia , lookup

Malware wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

IT risk management wikipedia , lookup

Information privacy law wikipedia , lookup

Security-focused operating system wikipedia , lookup

Information security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Cyberattack wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Chapter 1: Security Problems in Computing
The textbook opens with a chapter entitled “Is There A Security Problem in Computing?”.
The answer is that yes there is a problem and always has been since the early days when we
discovered the operating system and allowed more than one programmer at a time access to
the same computer. Easier access to computers has facilitated much of modern commerce,
including e-mail and just-in-time commerce. It has also facilitated a lot of mischief.
The first section of the first chapter discussed security of computers by comparison to the
security in early banks. It would be instructive to take this example a bit further to show the
co-evolution of bank vault doors and criminal tools to open those doors illegally. For
example, early vault doors fit their frames approximately as well as an average door of today.
The bank robbers discovered that they could pack explosives in the cracks between the vault
door and its frame and blow out the door quite easily. This lead to development of doors that
sealed tightly enough to prevent insertion of explosives. The time lock (allowing the vault
door to be opened only during specified hours) evolved to meet a similar threat, probably that
of night-time embezzlement by bank employees.
The U.S. Department of Defense uses safes and vaults to store classified material; the more
highly classified the material, the better the security required. It is interesting to note that the
measure of security in use by the DOD is the amount of time required for a determined and
skilled attacker to overcome the security. The motto is “Keep the bad guy busy until the
good guys come”. In the arena of physical security, nothing can be absolutely protected.
The only answer is to make a successful attack costly and time-consuming. We often apply
the same idea to the protection of computer and information assets”.
The Great Diamond Heist
This is a true story dating from the 1970’s. The amount involved was ten million dollars.
The book makes the comment that about information in a bank’s computer that “stored on
paper, recorded on a storage medium, resident in memory, or transmitted over telephone lines
or satellite links, this information can be used in myriad ways to make money illicitly”.
This true story is set in a wire room of a bank. A “wire room” is the office of the bank
responsible for transfer of money to and from the bank by electronic means. It is common to
transfer hundreds of millions of dollars in a given day; indeed a single transfer of one
hundred million dollars would be viewed with only slight curiosity. In this context, it is
necessary to secure the system used to affect the transfer.
At one bank in California, the employees in the wire room became tired of remembering the
password, so they wrote it on a blackboard. A consultant to the bank memorized that
password, and used it to transfer ten million dollars to Switzerland on his behalf, where he
purchased ten million dollars in diamonds. He was caught only after returning to the U.S.
This is one of thousands of such stories that can be told. I shall limit myself to two more.
The Alabama Pool Hall Company
This story was told me by a banker whom I have every reason to trust. It shows the dangers
of incorrect data in the computer system, though I seriously doubt that a computer was
directly involved in the event. The event probably took place in the early 1960’s.
The proprietor of a small pool hall was worried about having overdrawn his checking
account, so he went to his bank to verify his balance, which he suspected was about $5.00 in
the red. To his surprise he was told that the balance was $9,995.00. He insisted that the
balance was not correct and demanded to see a manager who asserted that there could have
been no mistake and that the balance must be accurate. The pool hall owner then did the
only logical thing by writing a check for the amount and walking out of the bank with a big
wad of money. Only later, when the Alabama Power Company came up $10,000 short on its
deposits was it discovered what had happened. By then the pool hall owner had spent quite a
bit of the money and could only return some of it. Threats of criminal prosecution were
deflected successfully by the simple fact that the pool hall owner had done nothing illegal;
indeed he had repeatedly protested to the bank that the amount was incorrect.
Motto: Never be too sure about your database.
The “Kidnapped” Database
This is a story on which I know very little directly, but which I have no reason to doubt. An
insurance company stored all of its customer information on magnetic tapes. One day, the
tapes were stolen as they were being transferred to another location. The thief called the
insurance company and demanded a ransom for the tapes, otherwise he would destroy them.
He was told to do as he pleased as the company had complete back-ups and did not need to
retrieve the original tapes. End of story.
The Protection Environment
Risk assessment forms the basis of all computer and information systems assurance. In risk
assessment, one asks what assets have value and should be protected. In some environments,
such as banking there are many objects that have obvious value – big stacks of $100 bills, for
example. As we saw in one of the stories above, there were also assets that had great value,
although the value was not immediately obvious. The first and most basic practice of
security is to determine what needs to be protected and at what level.
The U.S. government classifies information by the amount of damage its unauthorized
release would be likely to cause. This risk assessment then forms the basis of the choice of
means to be used in protecting that information, which may range from placing a document
out of sight in a closed drawer up to placing it in a heavy duty safe in a locked room within a
building that is guarded internally by armed soldiers and surrounded by barbed wire and
other external protection devices.
One important component of risk assessment is what is called a “Red Team”. These are
people who do not sit around complementing one on the excellent security system but
periodically challenge the system to look for unsuspected vulnerabilities. At this point, the
student should expect another story with an obvious moral.
The “Real Red Team”
This story was told me while I was working for U.S. Air Force Intelligence in the late 1960’s.
I have no reason to doubt the story or to believe that is remains sensitive.
There was a U.S. embassy in an Eastern European (then Soviet Block) country that was
repeatedly suffering break-ins by Russian intelligence agents. It soon became obvious that
the Reds were breaking in through a window in the attic of the embassy, so the security staff
secured the window. Then this did not work, they placed bars over the window. When this
did not work, they finally stopped and examined the window, which was found to be securely
locked and unmovable within its frame. The frame, however, was on hinges and would open
like a door in the wall. Securing the window frame to the wall brought the attacks to a stop.
Motto: There are more ways to attack your system than you imagine.
Risk Assessment: Vulnerability, Threat, and Attack
We formulate risk assessment in terms such as vulnerability, threat, and attack. The book
discusses these at some lengths. One should realize that these discussions rarely focus on the
computer hardware itself, except as it is a repository for data.
When a manager contemplates the loss of a data center, it is seldom the loss of the hardware
that is the issue. Hardware can be purchased for a fixed price, known in advance. Another
reason that threats to physical hardware receive little attention is that such threats are well
understood and well anticipated by conventional measures, such as appropriate sprinklers and
other fire suppression devices. When a manager contemplates the loss of the data center, she
contemplates the cost of lost productivity and of replacing the data.
One of the issues in risk assessment is a slight difference in terminology between different
groups. The insurance industry practically invented the discipline of risk analysis; we in
information assurance have adopted their terms with slightly modified definitions.
For information assurance, vulnerability is a weakness in the system that might be exploited
for nefarious reasons. Examples of vulnerabilities in software include backdoors (also
called “trapdoors”) accidentally left in the system to sloppy coding practices that allow
buffer overflow. There is a long list of classic vulnerabilities that the student should study.
We use controls as mechanisms to reduce vulnerabilities. Controls are specific to the type of
vulnerability addressed. Threats exploit vulnerabilities and controls are measures to counter
the threats. A threat can be viewed as an actual exploitation of a vulnerability; a system can
be vulnerable but not under threat if nobody recognizes the vulnerability.
Remember that system vulnerabilities are often discovered only by accident or by random
and blind testing, but that they are publicized over the internet and quickly become known.
What is Computer Security?
The first thing we should say in this regard is to debunk the myth that it is impossible to
make a computer system perfectly secure. There are two objections to this myth.
1) One can always make a computer completely secure by unplugging it, removing all
internet connections, and locking it in a room to which nobody has access.
2) The statement that a useable computer cannot be made secure leads to a fatalism that
is close to surrender. We must hold to the ideal that it is possible to make a computer
to be completely secure and work tirelessly towards that goal, even as we recognize
that the goal is not likely to be attained. Never give up!
The goals of computer security must be based on a risk analysis. Consider the merchant
who places some merchandise outside the store to attract possible buyers. The merchandise
placed outside the store is usually interesting but of very little value, so that the downside of
its being stolen is less that the potential benefit of attracting customers into the store. It is the
same with the goals of information assurance – we must formulate them within context.
In general, the goals of computer security can be divided into a number of broad categories.
Confidentiality
This service insures that the data are available only to persons who are
authorized access to the data. This service, sometimes called privacy
or secrecy, is the primary goal of the U.S. government’s scheme of
classifying documents as SECRET, TOP SECRET, etc.
Integrity
This service insures that the data can be modified only by persons who
are specifically authorized to change or delete the data. Think of the
effect of changing the results of an HIV test to “positive” or of
changing your credit rating from “can buy a house” to “cannot afford
to buy a television”.
Availability
This service insures that the data and other services can be accessed by
authorized persons in a timely manner without undue delay. Primary
attacks against this service are called denial of service (DOS) attacks.
It is important to view divisions such as the above as guides to thinking; i.e., broad
categories into which one can organize thoughts. It is not important to argue that a threat is
against integrity and not availability. The bottom line is not to get caught in the details.
We categorize attacks into a number of broad categories for ease of discussion. One should
note that these terms become common by usage, as is frequently the case. Some times, the
meaning of terms evolves, as is the case with the term “hacker”, which used to imply only a
very proficient programmer who had the ability to get things done.
The book claims that the security community uses the term “cracker” as a synonym for the
term “malicious hacker” meaning a person who breaks into software systems with malicious
intent. This use of the term “cracker” is not familiar to me.
A number of terms are in common use to describe attacks against computer security.
Trojan Horse
This is a program that appears to do one thing while actually doing
something else. This “extra surprise” is often not what you want.
Virus
This is a fragment of code that is inserted into another program. As
opposed to a worm, a virus cannot exist or execute independently of
the host program to which it is attached.
Trapdoor
This is a program that has a secret entry point. Trapdoors are often
accidental remnants of the development process in which they served
as ways for the developers to debug the programs. Trapdoors are also
often carried by Trojan Horses as a way to let malicious hackers gain
unauthorized access to computer systems.
Worm
This is a program that can exist and execute independently, but that
uses the services of the host operating system to propagate itself.
Logic Bomb
This is a program (often a worm) that waits for a specific date and
time to attack a system. One of the first logic bombs was designed
to become active on the anniversary of the independence of the state
of Israel, but was detected and removed before it “struck”.
Other terms, such as bacterium (a program that affects computers by endlessly replicating
itself), have been in common use, but seem not to be used today.
Methods of Defense
We shall study a number of methods of defense in this course. There are two basic
approaches: 1) keep the bad guys away, and 2) keep a record when they do attack so you can
track them down. The best methods of defense include a number of “defense in depth”
strategies, including encryption to be sure that the hackers cannot use the data if they get it
and cryptographic hash functions to be sure that any attempt to alter the data will be
detected.
We begin our formal study with the study of encryption, a topic that is basic to all of
information assurance.
Related documents
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices
Overview of the SSNAPP Methodology
Overview of the SSNAPP Methodology
Testimony - American Security Project
Testimony - American Security Project
Asset Related Risk
Asset Related Risk
Findings and Recommendations
Findings and Recommendations
Introduction - Northern Kentucky University
Introduction - Northern Kentucky University
Careless Delegation of Trust
Careless Delegation of Trust
Vulnerability
Vulnerability
Network Security Chapter 14
Network Security Chapter 14