Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
DSC 101: Security Topics 1. 2. 3. 4. 5. 6. Components of Security States of Information Threats Attacks Malware Vulnerabilities What is Security? Security is the prevention of certain types of intentional actions from occurring in a system. – The actors who might attack a system are threats. – Threats carry out attacks to compromise a system. – Objects of attacks are assets. Components of Security Integrity Confidentiality Availability Confidentiality Confidentiality is the avoidance of the unauthorized disclosure of information. Examples where confidentiality is critical: – Personal information – Trade secrets – Military plans Security Controls for Confidentiality Access Control: rules and policies that limit access to certain people and/or systems. – File permissions (which users can access) – Firewall settings (which IP addresses can access) Encryption: transforming information so that it can only be read using a secret key. – AES – SSL Integrity Integrity is the property that information has not be altered in an unauthorized way. Examples where integrity is critical: – Operating system files – Software updates and downloads – Bank account records Security Controls for Integrity • Backups: periodic archiving of data. • Checksums: the computation of a function that maps the contents of a file to a numerical value. • Data correcting codes: methods for storing data in such a way that small changes can be easily detected and automatically corrected. Availability Availability is the property that information is accessible and modifiable in a timely fashion by those authorized to do so. Examples where availability is critical: – E-commerce site – Authentication server for your network – Current stock quotes Security Controls for Availability Physical protections: infrastructure meant to keep information available even in the event of physical challenges. – Backup generators – Disaster recovery site Computational redundancies: computers and storage devices that serve as fallbacks in the case of failures. – Backup tapes – RAID States of Information 1. Storage: information in memory or disk that is not currently being accessed. 2. Processing: information currently being used by processor. 3. Transmission: information in transit between one node and another on a network. Is your information protected in all three states? Threats, Attacks, and Vulnerabilities Threats are people who are able to take advantage of security vulnerabilities to attack systems. – Criminals, hacktivists, spies, disgruntled employees. Attacks are tools, programs, and methods used by threats to obtain assets from systems in violation of the security policy. – Stuxnet, Dark Comet, AirCrack, John the Ripper Vulnerabilities are weaknesses in a system that allow a threat to obtain access to information assets in violation of a system’s security policy. (2719662) Vulnerabilities in Gadgets Could Allow Remote Code Execution How are Digital Threats Different? Automation – Salami Attack from Office Space. Action at a Distance – Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. Technique Propagation – Criminals share attacks rapidly and globally. Who are the threats? IBM X-Force 2012 Trend and Risk Report Threat Model A threat model describes which threats exist to a system, their capabilities, history, intentions, and likely targets. – Are you worried about broad or targeted threats? – Are your threats able to develop their own tools or just use off the shelf tools? – Do you keep enough data about historical incidents to know what your threats are? Threat Model Examples Example 1: Disgruntled Insider – Targeted attack on organization – Knows systems and information assets already – Attacks more likely to focus on DoS than theft Example 2: Outsider, broad attack – Broad attack, looking for any vulnerable system. – Looking for one particular type of asset, which your organization may or may not have. Attacks and Exploits An attack is an action taken by a threat to gain unauthorized access or to create unauthorized modification of assets. – – – – Spam Phishing Malware Denial of Service An exploit is a piece of software or a scripted set of actions that carry out an attack. Threats often turn attacks into exploits to automate compromising of systems. Spam Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. – – – – Mostly e-mail, but also Blog and webforum comment spam, Wiki spam, IM spam, etc. Over 90% of e-mail is spam! Phishing E-mail Phishing Site Denial of Service Malware Malware, short for malicious software, is software designed to gain access to confidential information, disrupt computer operations, and/or gain access to private computer systems. Malware can be classified by how it infects systems: – Trojan Horses – Viruses – Worms Or by what assets it targets: – – – – – Ransomware Spyware and adware Backdoors Rootkits Botnets How much malware is out there? Trojan Horses Trojan Horse Examples Viruses A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other files. This process is called infecting. Worms A worm is a type of malware that spreads itself to other computers. Ransomware Spyware and Adware Backdoors Backdoor Example: Dark Comet Rootkits • • • • • Execution Redirection File Hiding Process Hiding Network Hiding Backdoor User Program Rootkit Operating System Botnets Vulnerabilities Vulnerabilities can be found in any software: – PC: Office, Adobe Reader, web browsers – Server: Databases, DNS, mail server software, web servers, web applications, etc. – Mobile: Mobile phone OS, mobile applications – Embedded: printers, routers, switches, VoIP phones, cars, medical devices, TVs, etc. – Third party software: Web browser plugins, Ad affiliate network JavaScript include files, Mobile ad libraries Document Format Vulnerabilities IBM X-Force 2012 Trend and Risk Report Web Browser Vulnerabilities IBM X-Force 2012 Trend and Risk Report Embedded Vulnerabilities Patches A patch is a piece of data or software designed to fix a security vulnerability or bug. – Administrator may have to apply manually. – Some vendors specify certain days to patch, such as “Patch Tuesday,” the 2nd Tuesday of the month when MS releases updates. – Increasingly software auto updates itself with current patches. Vulnerability Timeline Vulnerability Markets Vulnerability Databases Key Points 1. 2. 3. 4. 5. Components: confidentiality, integrity, availability States of Info: storage, communication, processing Definitions: threat, attack, and vulnerability Attacks: spam, phishing, DoS, and malware Vulnerabilities affect all software – Not just PC or mobile software – Lifecycle: 0day, exploit, then patch and signatures References 1. Nate Anderson, Meet the men who spy on women through their webcams: The Remote Administration Tool is the revolver of the Internet's Wild West. Ars Technica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-onwomen-through-their-webcams/, 2013. 2. Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. 3. IBM, X-Force 2012 Risk and Trends Report, 2013. 4. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGrawHill, 2005. 5. Norton, Fake Antivirus, http://www.nortonantiviruscenter.com/security-resourcecenter/fake-antivirus.html 6. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006. 7. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.