Download Availability Confidentiality Integrity

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Information privacy law wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Computer Security
An Introduction
Copyright © 2013-2016 – Curt Hill
Introduction
• There are several questions that need
answers:
– What assets need protection?
– What threats exist for these assets?
– What counter measures exist for the
threats?
• Security is a course of study all its own
– All we do here is introduce the topic
• An insecure networked system cannot
be classified as reliable
Copyright © 2013-2016 – Curt Hill
NIST Definition
• National Institute of Standards and
Technology defines computer security:
• The protection afforded to an
automated information system in order
to attain the applicable objectives of
preserving the integrity, availability,
and confidentiality of information
system resources (includes hardware,
software, firmware, information/data
and telecommunications).
Copyright © 2013-2016 – Curt Hill
The Heart
• Computer security centers around
these three concepts:
– Integrity
– Availability
– Confidentiality
• These are also known as the CIA
triangle
– Failures in one often leak into others
• Lets unpack this a little further
Copyright © 2013-2016 – Curt Hill
Integrity
• Guarding against improper
modification or destruction of
information
• System integrity is about software
– System performs the functions it was
designed to accomplish
– We counter threats to the software itself
• Data integrity
– Data is changed only be those authorized
to do so and only in specified manners
• Both data and software are stored in
similar ways, so there is overlap
Copyright © 2013-2016 – Curt Hill
Availability
• System is available to do the work it
was purchased to do
– Timely and reliable access
• It services authorized users and
denies service to those who are not
• One of the problems is that additional
security is overhead that reduces
amount of work that can be done
– Although not as extreme as the availability
issues of attacks
Copyright © 2013-2016 – Curt Hill
Confidentiality
• Preserving authorized restrictions on
information
• Data confidentiality
– Private information is not disclosed to
those who are not authorized to access it
• Privacy
– The individuals to whom the data refers
have some influence on how the data is
used
– Ability to correct errors in the data
– Ability to limit who may use the data and
for what reason
Copyright © 2013-2016 – Curt Hill
Triangle or Pentangle?
• Two more concepts that figure in
frequently are Authenticity and
Accountability
• Authenticity is about the verification
process of users or system
– Are they actually who they say they are?
• Accountability is about being able to
track actions in an uncompromised
way – often after a security breach
– We need to be able to connect each action
with the one who originated the action
Copyright © 2013-2016 – Curt Hill
Definitions
• Asset – something of value needing
protection
– Hardware or software
• Attack – attempt to exploit vulnerability
• Control – mechanism that reduces
vulnerability
• Exposure – opportunity for loss or
harm
• Threat – potential for an attack
• Vulnerability – any weakness that
might allow an attack
Copyright © 2013-2016 – Curt Hill
Levels of Impact
• A failure is categorized into three
levels:
• Low – limited adverse affect
– Organization is able to perform its primary
function with only minor financial loss
• Moderate – serious adverse affect
– Loss of capability or effectiveness
– Damage to assets and finances
• High – severe or catastrophic affect
– Major damage to assets
– Could involve life threatening injuries
Copyright © 2013-2016 – Curt Hill
Examples
• Asset – student records
• Attack – stolen account/password
attempting to access records
• Control – program that checks for
weak passwords vulnerability
• Exposure – damaged reputation
• Threat – guessing a password
• Vulnerability – weak password
requirements
Copyright © 2013-2016 – Curt Hill
Your turn
• In regards to VCSU, what would
constitute failures of these
magnitudes?
– Low
– Moderate
– High
Copyright © 2013-2016 – Curt Hill
The problems
• Computer security is complex, what
are some of the problems?
• The underlying software is complex –
small error can be exploited to a large
problem
• To succeed the developer has to plug
all holes, failure comes from only
missing one that is detected
• Authentication requires the user to
possess some secret fact – how can
this be distributed?
Copyright © 2013-2016 – Curt Hill
More problems
• To most users this is an annoyance,
thus they do not employ good
practices
• Security is often an afterthought to
system development – a porous
surface is hard to plug
• Continual monitoring is required, this
is a budget item that requires
justification
• Thinking about threats requires an
unusual mind set
Copyright © 2013-2016 – Curt Hill
Audience Participation
• You are familiar with many of these
threats
– What do they do? What is the danger?
•
•
•
•
•
Infection by malware
Phishing
Denial of service
Packet sniffers
Theft of mobile devices
Copyright © 2013-2016 – Curt Hill
Survey
• A survey in 2015 of 1200 businesses
and institutions considered system
attacks and their sources
– This was a broad cross section of
different industries
• What is shown on the next screen is
the type of attack and percent of
organizations that endured one or
more such attacks
Copyright © 2013-2016 – Curt Hill
Results
•
•
•
•
•
•
•
•
Phishing – 68%
Malware – 66%
Hacking – 50%
Social engineering – 46%
Loss of mobile device – 44%
Insider theft – 25%
SQL injection – 22%
Among others
Copyright © 2013-2016 – Curt Hill
Attack Classifications
• Active attack – an attempt to alter
resources and operation
• Passive – an attempt to make use of
information without altering any of it
• Inside – usually mounted by an
employee or privileged person
– They know about the system and have a
starting point of some authorization
• Outside – not the above
– Ranges from high school pranks to
organized crime or even governments
Copyright © 2013-2016 – Curt Hill
Attack Types I
• Another way to classify attacks is in
the type of access they gain
• Interception – gain access to the asset
– While it is on the network
– Using falsified authorization
– Does not imply modification
• Interruption – disallow legitimate users
from accessing the system
– Denial of service attack
– Ransomware encryption of data
Copyright © 2013-2016 – Curt Hill
Attack Types II
• Modification – change software or data
– Reduce a customer balance or change
their contact information
– Ransomware could be here as well
• Fabrication – insert false information
– Bogus payments
– False transfers to the bad guy’s account
Copyright © 2013-2016 – Curt Hill
Countermeasures
• Any attempt to thwart an attack
• Prevention – predict the attack and
disable in advance
• Detection – look for suspicious activity
and unauthorized accesses
• Recovery – an attempt to undo the
effect of an attack
Copyright © 2013-2016 – Curt Hill
Threat Consequences
Consequence Action or attack
Disclosure
Exposure – sensitive data is made available
Interception – access to data in transit
Inference – deduce information based on what was
visible
Intrusion – active gaining of access
Deception
Masquerade – Using other’s authorization
Falsification – false data to deceive authorization
Repudiation – denial of an unauthorized action
Disruption
Incapacitation – disabling a component to damage
system
Corruption – modify component to alter behavior
Obstruction – interrupt delivery of system services
Usurpation
Misappropriation – entity gains unauthorized control
Misuse – modification to perform another function
Copyright © 2013-2016 – Curt Hill
Assets
• What are the things that need
protection?
• Assets fall into several categories:
–
–
–
–
Hardware
Software
Data
Communication lines
Copyright © 2013-2016 – Curt Hill
Assets and Example Threats
Availability
Confidentiality
Integrity
Hardware
Theft
Software
Deletion of
pgms
Unauthorized
copy of pgms
Pgms modified
to fail or
provide
unauthorized
functions
Data
Delete files
Unauthorized
access
Modification of
files
Communication
lines
Messages are Messages are
destroyed or intercepted
mangled
Copyright © 2013-2016 – Curt Hill
Messages are
falsified
Where to start?
• Historically, security is an afterthought
– After we get burned, we make sure we do
not get burned again
• Enterprises now live in a world of
forest fires
– It is not a question of if a problem will
occur, but when
• Therefore security should be
considered in every project
– Security requirements should be treated
with the same level of concern as
functional or usability requirements
Copyright © 2013-2016 – Curt Hill
Risk Assessment I
• Identify the assets
– What hardware, software and data
provide support for the enterprise?
• Value the assets
– What is the value of each asset?
• Assess the asset exposure
– What losses would occur if asset were
damaged?
• Identify the threats
– Where are the likely dangers against this
asset?
Copyright © 2013-2016 – Curt Hill
Risk Assessment II
• Assess the attack
– What are the ways that an attack on the
asset could occur?
• Consider the defense
– How may the asset be protected against
the proposed attacks?
• Feasibility study
– How does the cost of the defense
compare with the cost of damage and
likelihood of attack?
• Define security requirements
Copyright © 2013-2016 – Curt Hill
Requirements
• A normal component of requirements
are use cases
• In the security domain there are
misuse cases
• These involve ways that an attacker
could misuse the system
• These include all the classes of threats
– Interception, interruption, modification
and fabrication
Copyright © 2013-2016 – Curt Hill
• Design
Project Security
– It is difficult to add security after the
design or implementation
• Assurance
– The quality of data must be protected
from unauthorized or accidental change
• Authentication
– Data changes must be verified to prevent
incorrect access
• Access
– Ability to control who views and uses
Copyright © 2013-2016 – Curt Hill
Compromises
• Security is a necessary burden to any
system
• It will usually slow performance and
reduce usability
• These are usually minor issues
compared to an attacker misusing the
system
– The stakeholders must be aware of this
from the beginning
Copyright © 2013-2016 – Curt Hill
Security Assurance
• Avoid vulnerabilities
– A function of design
• Detect and eliminate attacks
– The application is self-checking looking
for intrusion evidence
• Limit and recover
– Backup and recovery functions prevent
data modification
Copyright © 2013-2016 – Curt Hill
Security Policies
• These are enterprise-wide and layout
the general goals
– Should be short and readable so that all
will use
– Everyone should be informed
• This should indicate those assets that
require protection and the level of
protection
• Should make clear the responsibilities
or individuals at various levels
Copyright © 2013-2016 – Curt Hill
Some Design Guidelines
•
•
•
•
•
•
Design should reflect security policy
A single point of failures should be avoided
Fail gracefully without exposing assets
Balance usability with security
Log actions of users and applications
Reduce risks with redundancy and
diversity
• Specify and check input validity
• Partition assets into separate areas to
minimize exposure
• Design for backup and recovery
Copyright © 2013-2016 – Curt Hill
Validation of Security
• Is hard – need to think like a hacker
• Use tools that may be helpful
– Such as password strength testers
• Formal verification is good but hard to
apply
• Form teams for the purpose of
attacking the system and testing its
vulnerabilities
Copyright © 2013-2016 – Curt Hill
Finally
• Security will continue to be an
important topic for the foreseeable
future
• We will continue to balance:
– The danger of security threats versus the
ease of use problems that security
requires
– Cost of security versus the cost of failure
and recovery
• Security concerns are also business
concerns
– Failures can be expensive
Copyright © 2013-2016 – Curt Hill
Related documents
Adding simple ambient sounds
Adding simple ambient sounds
Q: Having worked in both large corporations and now a small
Q: Having worked in both large corporations and now a small
Instruction level architecture
Instruction level architecture
Curt Wollan Program Biography
Curt Wollan Program Biography
b%c+1
b%c+1
Introduction to sets
Introduction to sets
Energy and Power - Reeths
Energy and Power - Reeths
CUSTOMER PILLARS: Laying Down the Growth Challenge
CUSTOMER PILLARS: Laying Down the Growth Challenge
on Operating Systems
on Operating Systems
IS Infrastructure
IS Infrastructure