Download chap1-slide - GEOCITIES.ws

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
Document related concepts

Information security wikipedia , lookup

Wireless security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Trusted Computing wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Unix security wikipedia , lookup

Malware wikipedia , lookup

Denial-of-service attack wikipedia , lookup

Hacker wikipedia , lookup

Mobile security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyberattack wikipedia , lookup

Cybercrime wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
ADCS
Chapter 1
An Introduction To
Computer Security
Some men see things as they are and
ask why. Others dream things that
never were and ask why
not.
~ George Bernard Shaw
Irish Playwright and Critic
Prepared by:
SITI ZAINAH ADNAN
If you do have any feedback or comment,
please feel free to email me at
[email protected]
Your cooperation is very much appreciated !
CS262/0602/V2
Chapter 1 - 1
ADCS
References
• Book (available at the Informatics
library)
– CHAPTER 1: Security In Computing,
Charles P.Pfleeger, Prentice Hall
International
• Notes (available at IVC)
– ComputerSecurityIntro
– SecurityTaxonomy
CS262/0602/V2
Chapter 1 - 2
ADCS
An Introduction To
Computer Security
TOPICS
• Introduction
• Threats to Computer Systems
– Threats, Vulnerabilities and Attacks
– Type of Threats
– Points of Security Vulnerabilities
– Methods of Defense
• Categories of Computer Attacks
– Using an Attack Taxonomy
– Consideration in Selecting an Attack
Taxonomy
– Simple Attack Taxonomy
– Risk Based Attack Taxonomy
• Examples of Common Attack Methods
• Attack Prevention Methods
CS262/0602/V2
Chapter 1 - 3
ADCS
Introduction
• Why computer security becomes
more important?
• What is computer security?
• How to define computer security?
• Who are the attackers?
• What are their objectives?
• What are natural disasters?
• Kinds of security breaches computer security concepts
• What are the objectives (goals) of
computer security - information
quality?
• What are the weakness points
(vulnerabilities) in computer system?
• What are types of treats (possible
danger that might occur)?
• How to control (methods of defence)
treats that might lead to computer
attacks?
CS262/0602/V2
Chapter 1 - 4
ADCS
Introduction
• Computer security was not an issue
at the beginning
• But with the set off the “information
age”, organisation dependent on
computers for their functioning
• Information became a strategic
asset, therefore should be properly
protected
• Networking as well was booming
which result in central mainframe
being replaced with LAN of PCs
connected to public network
• So as the users varies from the
expertise to the novice
• As a results, computer system
becomes more vulnerable
CS262/0602/V2
Chapter 1 - 5
ADCS
Introduction
• Computer security -ways and means
taken to protects computer and
everything associated with it:
– Hardware
– Software
– Storage media
– Data
– Persons (authorised users)
– Information (Information
Security)
• Secure computing resources against
unauthorized users (attackers,
outsider) as well as from natural
disasters
CS262/0602/V2
Chapter 1 - 6
ADCS
Introduction
• Computer security:
– Preventing attackers from
achieving objectives through
unauthorised access or
unauthorised use of computers
and networks
– Keeping anyone from doing things
you do not want them to do, with,
on, or from your computers or any
peripheral devices
– It is a mean to achieve the goal information security
– A computer is secure if you can
depend on it and its software to
behave as you expected
– Trusted system - the system that
able to preserve and protect your
data
CS262/0602/V2
Chapter 1 - 7
ADCS
Introduction
• Attackers:
– Hackers - break into computers
for challenge and status
– Spies - break into computers for
information to be used for political
gain
– Terrorists - break into computers
to cause fear for political gain
– Corporate raiders - employees
break into computers of
competitors for financial gain
– Professional criminal - break into
computers for personal financial
gain
– Vandals - break into computers to
cause damage
CS262/0602/V2
Chapter 1 - 8
ADCS
Introduction
• Objectives:
– Corruption of information - any
unauthorised alteration of files
stored on a host computer or data
in transmit across the network
– Disclosure of information - the
dissemination of information to
anyone who is not authorised to
access that information
– Theft of service - the
unauthorised use of computer or
network services without
degrading the service to other
users
– Denial of service - the intentional
degrading or blocking of computer
or network resources
CS262/0602/V2
Chapter 1 - 9
ADCS
Introduction
• Natural disasters:
– Earthquake
– Floods
– Lighting
– Storm
– Power fluctuation
– Humidity
– Dust
– Varying temperature
– Fire
• Can cause damage (harmful effect
or loss) of computer resources
CS262/0602/V2
Chapter 1 - 10
ADCS
Kind of Security Breaches
• Exposure
– Form of possible loss or harm in
a computing system
– E.g. unauthorized disclosure of
data, modification of data, denial
of legitimate access to computing
• Vulnerability
– Weakness in the security system
– Might be exploited to cause loss
or harm
– Things that are not well
protected
– E.g. Natural: computers are very
vulnerable to natural disasters
such as fire, flood etc.
CS262/0602/V2
Chapter 1 - 11
ADCS
Kind of Security Breaches
• Attack
– Action taken by a malicious
intruder that involves the
exploitation of certain
vulnerabilities
– E.g. hit the hard drive
• Threats
– Circumstances that have the
potential to cause loss or harm
– Possible danger
– E.g. A person - a system cracker
or a spy
• Control
– Protective measure to reduce
vulnerability
– An action, a device, a procedure
or a technique
– E.g. Firewall, password checking
CS262/0602/V2
Chapter 1 - 12
ADCS
Points of Security Vulnerabilities
• Attacks on hardware:
– Computer hardware is so visible
and hence easy to attack.
– Includes power supply surge,
unstable power supply etc.
• Attacks on Software:
– Software can be destroyed
maliciously or modified, deleted or
misplaced.
– Examples include time bomb,
Salami attack, Trojan horse,
computer bug etc.
• Attacks on data:
– Available in many forms, such as
electronic, printout and media.
– Can be destroyed, changed,
modified or deleted very easily.
CS262/0602/V2
Chapter 1 - 13
ADCS
Objectives of Computer
Security- Information Quality
• Confidentiality
– Assets of computing system are
accessible only by authorised
parties
– Also known as secrecy or
privacy.
– Access type: reading, viewing,
printing, knowing
– e.g. research results should be
kept secret from competitors
CS262/0602/V2
Chapter 1 - 14
ADCS
Objectives of Computer
Security- Information Quality
• Integrity
– Assets can be modified only by
authorised parties
– To ensure that information is
accurate, complete and
authentic.
– Modification: writing, changing
status, deleting, creating
– e.g. information shouldn’t be
tampered with and is no replay of
previous communication
– e.g. sender (receiver) cannot
repudiate the date sent/received e-commerce
CS262/0602/V2
Chapter 1 - 15
ADCS
Objectives of Computer Security
- Information Quality
• Availability
– Assets are available to
authorized parties
– Able to recover quickly and
completely if a disaster occurs
– To ensure timely processing and
distribution of the information
– Opposite of availability is denial
of service (DoS)
– DoS can jeopardise the
processing continuity and hence
the organisation survival
CS262/0602/V2
Chapter 1 - 16
ADCS
Types of Threats
• A the sender sends a message to B
the receiver through the
transmission medium T
• O an interceptor or intruder might
try to access the message in any of
the following ways:
– Block it, by preventing it reaching
B
– Intercept it, by un-authorise
access on it
– Modify it, by seizing the message
– Fabricate an authentic-looking
message
CS262/0602/V2
Chapter 1 - 17
ADCS
(T) Transmission
medium
(A) Information
source
(B) Information
destination
Normal flow
There is a flow of information from a
source, such as a file or a region of
main memory, to a destination, such
as another file or user.
CS262/0602/V2
Chapter 1 - 18
ADCS
a) Block (interruption)
-An asset of the system is destroyed
or becomes unavailable or usable
-Attack on availability
-e.g. Hardware destruction, cutting
telecommunication line, disabling the
file management system
CS262/0602/V2
Chapter 1 - 19
ADCS
(A) Information
source
(B) Information
destination
(O) Intruder
b) Interception
-An un-authorize party gains
access to an asset.
-This is an attack on confidentiality
-e.g. Wiretapping to capture data in a
network, illicit copying of files or
program
CS262/0602/V2
Chapter 1 - 20
ADCS
c) Modification
-An un-authorize party not only gains
access but to tamper (modify) an
asset.
-This is an attack on integrity
-e.g. Changing value on data files,
altering program so it works differently
CS262/0602/V2
Chapter 1 - 21
ADCS
d) Fabrication
-An un-authorize party inserts
counterfeit objects into the system
-This is an attack on authenticity
-e.g. Insertion of spurious messages
in a network
CS262/0602/V2
Chapter 1 - 22
ADCS
Interception
Interruption
(Loss)
Modification
Data
Fabrication
Interruption
Interception
(Theft)
Hardware
Interruption
(Denial of Service)
(Deletion)
Software
Modification
Interception
Potential security
weak points
CS262/0602/V2
Chapter 1 - 23
ADCS
Methods Of Defense
• Encryption
– Most powerful
– Provides data secrecy, integrity
and availability.
• Software / Program Control
– To exclude outside attack.
– E.g. authenticated login-session,
anti-virus program, logs
(provides evidence for security
incidents)
• Hardware Control
– Devise used to limit access or
verify user’s identity.
– E.g. badges, hardware lock
CS262/0602/V2
Chapter 1 - 24
ADCS
Methods Of Defense
• Policies
– Develop strict procedures:
• Account management includes specific rules for the
creation/deletion of accounts,
rules for well-chosen password
• Automatic backup - consists of
a backup scheme, a restoration
scheme, etc
• Auditing, monitoring - main
target keeping the users aware
and alert for symptoms of
incidents, etc
• Incident plan - involves a
detailed (tested) procedure, the
appointment of a contact person,
the elaboration of juridical, etc
• Key management - determines
how and when new keys are
chosen
CS262/0602/V2
Chapter 1 - 25
ADCS
Methods Of Defense
• Physical Control
– Easiest, most effective and least
expensive methods
– Building protection- measures
against natural disasters,
assaults, unwanted visitors, etc
– Data (media) protection measures for the protection of
removable media (tapes, disks,
CD-ROMs, etc)
CS262/0602/V2
Chapter 1 - 26
ADCS
Computer Attacks
•
•
•
•
•
•
•
•
•
•
•
What is taxonomy?
What is computer attack taxonomy?
Why did they choose attack?
Why computer attack is categorised?
Why it is important?
What are the objectives to
categorised computer attacks?
What are the example of attack
taxonomy?
What is matrices attack taxonomy?
What is risk based attack taxonomy?
What are the example of computer
attack?
What are the methods to prevent
computer attack?
CS262/0602/V2
Chapter 1 - 27
ADCS
Categories of
Computer Attacks
•
Taxonomy – definition
– The science, laws, or principles of
classification
– Division into ordered groups or
categories
CS262/0602/V2
Chapter 1 - 28
ADCS
Categories of
Computer Attacks
• Attack Taxonomy:
– Defined as any generalised
categorisation of potential
attacks that might occur on given
computer system.
– Important and necessary process
for systematic study to gain
greater understanding of
computer security attack
– Useful in development of new
system and evaluating existing
system
• Consideration in selecting attack
taxonomy:
– Completeness
– Appropriateness
– Internal and External threats
CS262/0602/V2
Chapter 1 - 29
ADCS
Simple Attack
Taxonomy
• Using matrices (table) by Perry and
Wallich
• Classification of scheme based on two
dimensions:
– Vulnerabilities
– Potential perpetrators
(attackers)
CS262/0602/V2
Chapter 1 - 30
ADCS
Simple Attack
Taxonomy
Programmers
Theft of
information
Information
destruction
Malicious
software
Theft of
services
Theft as user
Internal
Users
External
(Outsiders)
Unauthorised
action
Via modem
Malicious
software
Unauthorised
action
Via modem
• Theft of services e.g. unauthorised
copying of s/w or unauthorised used
of computer or n/w services
• Malicious s/w e.g. time-bomb, Trojan
horse, virus etc
• e.g. programmers may insert a
malicious software to cause
information destruction such as time
bomb
CS262/0602/V2
Chapter 1 - 31
ADCS
Risk Based Attack
Taxonomy
• Based on a vast number of reported
instances of actual attacks
(experience based) by Neumann
and Parker
• Provides a reasonable justification of
completeness for the taxonomy
• Based on security-related incidents
reported to CERT/CC (Computer
Emergency Response Team
Coordination Center) located at
Carnegie Mellon University
(www.cert.org)
• CERT/CC provides Internet
community with single organisation for
coordinating responses to security
incidents
CS262/0602/V2
Chapter 1 - 32
ADCS
Risk Based Attack
Taxonomy
• External information theft:
– Unauthorised access to information
that do not require physical access
to the computer system or network
– Associated with disclosure threat.
– Visual spying - glancing at one’s
terminal to view the information, look
over at one’s shoulder and observe the
keystrokes when the password was
being entered
– Social engineering - forged telephone
call/email message asking
inexperienced users to change
password into specific words
– Searching waste baskets for
printouts to get wealth of information
if it not properly disposed
CS262/0602/V2
Chapter 1 - 33
ADCS
Risk Based Attack
Taxonomy
• External abuse of resources:
– Involves physical destruction of
computer system hardware.
– Associated with the integrity threat.
– Example, smashing a disk drive
CS262/0602/V2
Chapter 1 - 34
ADCS
Risk Based Attack
Taxonomy
• Masquerading:
– Involves a malicious intruder
successfully impersonating another
user.
– Once password or other authentication
means have been captured, they can
be used to masquerade as somebody
else
– Associated with disclosure, integrity or
denial of service threats.
– Example, recording and playing
back network transmission
CS262/0602/V2
Chapter 1 - 35
ADCS
Risk Based Attack
Taxonomy
• Pest Program:
– Programs that cause subsequent
harm to computer system
– Can be quickly distributed through
information sharing
– Requires mechanisms internal to the
computer system
– Associated with integrity threat.
– Example, installing malicious
software
CS262/0602/V2
Chapter 1 - 36
ADCS
Pest Program
• Virus is a computer program that
intentionally written to attach itself to
other programs or disk boot sections
and replicate whenever those
programs executed or those disks
infected
• A virus that is attached to another
program can be either:
– Transient virus
• Runs when its attached
program executes
• Terminates when its attached
program ends.
– Resident virus
• Locates itself in memory so that
it can remain active, or be
activated, even after its
attached program ends.
CS262/0602/V2
Chapter 1 - 37
ADCS
Pest Program
• Virus categorized based on the
method of distribution and attack:
– Macros - small programs written
in macro code for word
processing or spreadsheet
applications.
– Executables - attached
themselves to the executable
program (or executable itself)
– Boot sector - copy itself to the
boot sector or hard drives or
floppy disks. Once in memory, a
boot sector virus tries to replicate
itself to other drives.
CS262/0602/V2
Chapter 1 - 38
ADCS
Pest Program
– Stealth - avoid detection by
redirecting hard drive read
requests away from the virus
scanner or by manipulating
directory structure information.
– Polymorphic - a polymorphic
virus has programming code
enabling it to change its action
and programming code each
time it runs. The virus can avoid
being detected by older
versions of virus scanner
software. Modern virus scanners
use variety of techniques to
identify polymorphic viruses.
CS262/0602/V2
Chapter 1 - 39
ADCS
Risk Based Attack
Taxonomy
• Bypassing of Internal Controls:
– Avoid authentication to access to
computer resources by using
existing program flaws (bugs)
– The prime targets are
authorisation, access and
authority controls.
– Associated with disclosure, integrity
or denial of service threats.
– E.g. Microsoft Windows kernel
contains stack buffer overflow:
• Attacker can exploit this flaw to
execute code with privileges of
OS kernel such as reading
protected area of system
memory etc
CS262/0602/V2
Chapter 1 - 40
ADCS
Attack Methods - Examples
• Spoofing or masquerading
– A host or a program or an
application hide its true identity
by using the identity of a legitimate
network device or host.
– For example, in IP spoofing, a
cracker alters the IP packet
header so that it appears to have
originated
from
a trusted
network. This allows crackers to
gain access to engage in system
snooping (the action to enter a
computer network and begins
mapping the system’s contents).
CS262/0602/V2
Chapter 1 - 41
ADCS
Attack Methods - Examples
• Brute-Force attacks:
– Users typically create passwords that
are mnemonic.
– Hackers gain access by guessing of
password of individuals.
– Obtain a copy of password file and
encryption function.
• Software based attacks:
– Through pest program
CS262/0602/V2
Chapter 1 - 42
ADCS
Attack Methods - Examples
• Schedule file removal:
– A useful file offered on many types
of operating systems.
– Used to schedule program to be
run at predetermined time
Command can be combined with
attack programs
– e.g. every time the user log in then
delete system file
CS262/0602/V2
Chapter 1 - 43
ADCS
Attack Methods - Examples
• Field separate attack:
– This attack relies on technical
things in operating system:
• Redefine field separator
variable to include various
characters to create
pathnames for files in OS
• Invoke system programs that
can be used to execute codes
to open certain files with
administrative privileges
• Transferring privilege through
some means through OS shell
or other program
– The objective is to launch further
attack to computer system
CS262/0602/V2
Chapter 1 - 44
ADCS
Attack Methods - Examples
• DoS and DDoS
– Is a high volume of traffic
generated by attacker to a network,
server will become too busy to
attend to the request causing the
legal user unable to use the
resources.
– Distributed Denial of Service
(DDoS) is DoS attack which is
launch
from
several
host
(distributed) instead of only by single
host.
– Example of DoS (Denial of Service)
attacks are: Land, Smurf / Fraggle,
FTP (File Transfer Protocol) Bounce,
UDP (User Datagram Protocol)
Bomb, Ping of Death, Syn Flood,
Teardrop.
CS262/0602/V2
Chapter 1 - 45
ADCS
Methods to Prevent Attack
• Individual screening:
– Involves checking the
background, credentials and other
personal attributes of individuals
(user authentication)
– Used to trust user not to spoof
other user or create compiler
Trojan horse.
CS262/0602/V2
Chapter 1 - 46
ADCS
Methods to Prevent Attack
• Physical security:
– This method involves securing the
computer system facility.
– Computer centres that are
guarded, locked and monitored
demonstrate this type of security
control.
– Advantage is external hardware
damage is effectively controlled.
– Disadvantage is may not useful for
remote access.
CS262/0602/V2
Chapter 1 - 47
ADCS
Methods to Prevent Attack
• Care in operations:
– Involves individuals being careful
in their day-to-day activities to
avoid common types of attacks.
– Users can often avoid password
spoof attacks by clearing the
terminals before login into system.
– Similarly compiler attacks can be
avoided by simple access and
configuration controls.
CS262/0602/V2
Chapter 1 - 48
ADCS
Methods to Prevent Attack
• The use of Software and Hardware
system protection
– The use of:
• Firewall
• Anti virus software
• IDS (Intrusion Detection
System)
• Cryptography technique
(Encryption and Decryption)
CS262/0602/V2
Chapter 1 - 49
Related documents
Notes from Round Table 35 January 27, 2016
Notes from Round Table 35 January 27, 2016
Input Magic—Differential Signals Allow Input Swing to Exceed Supply Voltage
Input Magic—Differential Signals Allow Input Swing to Exceed Supply Voltage
Posters – Immunology and Oncology NAME OF THE PROJECT Bio
Posters – Immunology and Oncology NAME OF THE PROJECT Bio
DN116 - Micropower 12-Bit ADCs Shrink Board Space
DN116 - Micropower 12-Bit ADCs Shrink Board Space
Op Amp Drives SAR ADCs to True Zero on a Single 5V Supply
Op Amp Drives SAR ADCs to True Zero on a Single 5V Supply
BLOOM`S TAXONOMY Knowledge – Recalling specific facts or
BLOOM`S TAXONOMY Knowledge – Recalling specific facts or
Antibody-Drug Conjugates
Antibody-Drug Conjugates
Hittite`s High Speed ADCs Target Digital
Hittite`s High Speed ADCs Target Digital
Energy Meter with Integrated Sense Resistor
Energy Meter with Integrated Sense Resistor
Antibody-Drug Conjugates (ADCs)
Antibody-Drug Conjugates (ADCs)
Hierarchical DNA Sequencing
Hierarchical DNA Sequencing
Classification PPT
Classification PPT