* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture 3.1 - Host
Survey
Document related concepts
Airport security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Wireless security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Unix security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Lecture 3.1 - Host-level Security No aspect of security seems to get more time in the popular press (newspapers and TV) than the vulnerabilities associated with host computers. Viruses infect our operating systems, spam clogs our email, software manufacturers frequently expect users to install security patches. This lecture presents an overview of the issues involved in host-level security, while subsequent lectures focus on security issues specific to the Windows and Unix operating systems. Early in these lectures we discovered that complete security is never possible. In the absence of complete security, the best approach is to practice security in layers. Like an onion has many layers surrounding its core, computer security is most effective when practiced in layers. If an attack is able to penetrate one layer, other layers may still be able to defend the assets. In recent lectures we have explored layers of defense based in cryptography. In this lecture we begin another layer. host-level security. Host-level security is about the software that executes on user’s machines, often connected to a network. Host-level security must focus especially on operating systems, because operating systems for two reasons: (1) Modern operating systems are designed to provide many features for assisting to secure a computer, its data, its programs, and its users; and (2) Because of its ultimate capabilities, it is the operating system that is the greatest prize of the attacker. If an attack can manage to take control of a computer’s operating system, then virtually everything stored in that computer is at risk. We begin by briefly reviewing the major components of a modern operating system (O.S.). At the lowest level of the system is the BIOS (Basic Input Output System). The BIOS is responsible for testing I/O devices and loading the operating system. Surprisingly many computers do not protect their BIOS so that anyone with an operating system CD could insert it into the machine, and reboot from the copy of the O.S. on the CD. The kernel of the operating system is like the coordinator that directs and controls all other O.S. functions. We talk about kernel mode or root privilege to refer to the elevated authorization level usually required to execute the kernel. The kernel needs the highest possible authorizations, because of the many demanding tasks it must perform. To communicate with users the kernel interacts through command-line interfaces and Graphical User Interfaces (GUIs) to communicate with other applications programs the kernel uses an Application Programming Interface (API) such as the .net API of Windows or the object-oriented frameworks of OSX. Every one of these O.S. components is a potential vulnerability and interfaces between the components present even more vulnerabilities. The final component of a modern O.S. not yet discussed are the device drivers. A device driver is the software executed within the computer that communicates directly with peripheral devices (disk drives, printers, CDs, DVDs, graphics cards, and so forth). In Windows XP the device drivers are a serious security risk because some of them are permitted to execute in highly privileged modes and because device drivers are generally not written by Microsoft, but by vendors. This means that the vendor selling the O.S. is not in complete control of the security of privileged mode software. (In Vista device drivers are no longer permitted to run with such high privilege.) Apple’s OSX operating system is far more secure with respect to device drivers, because Apple supports only a restricted of peripheral devices so Apple can supply its own device drivers. There are a large number of vulnerability categories for hosts: 1) The computer must be secured physically. 2) The O.S. most likely needs to support multiple users and manage their authorizations. 3) The O.S. most likely must manage process authorization in a multi-tasking environment. 4) Some O.S. provide users remote log-in, which introduces unique vulnerabilities. 5) The O.S. must manage memory as an asset to be used by processes. 6) The O.S. must provide a secure file system. 7) The O.S. often provides for certain forms of security related to traffic to its network interfaces. 8) The O.S. must manage permissions that are granted to application software. Some of the most common methods of defense that are employed by a host computer include: 1) physical security devices 2) user accounts with secure login 3) asset permission management (authorization) 4) remote login 5) audit and logging 6) file backup 7) network-related security The physical security slide is included, because even though this is very low-tech and obvious it is often physical security that is most vulnerable. More secrets have been stolen by carrying a laptop or disk drive away from a company or government than will ever be captured by a network attack.