Académique Documents
Professionnel Documents
Culture Documents
Chapter one
1
What is security?
Why do we need security?
Who is vulnerable?
Computer and Network Security Concepts
Security Services
Security Threats / Attacks
◦ Active and passive attacks
Model for Network Security
Methods of Defense
Security Policy
2
Dictionary.com says:
1. Freedom from risk or danger; safety.
In other words, having systems in place beforehand which
prevent attacks before they begin.
2. Freedom from doubt, anxiety, or fear; confidence.
Related to the first definition, having peace of mind
knowing that your systems are safe and protected.
3. Something that gives or assures safety,
This includes contingency plans for what to do when
attackers strike, hiring network security consultants to find
insecurities in your network, etc. as:
A group or department of private guards: Call building security if
a visitor acts suspicious.
Measures adopted by a government to prevent espionage,
sabotage, or attack.
Measures adopted, as by a business or homeowner, to prevent a
crime such as burglary or assault: Security was lax at the firm's
smaller plant.
4. …etc.
3
Computer security
◦ involves implementing measures to secure a single
computer.
◦ When securing a single computer, you are concerned with
protecting the resources stored on that computer and
protecting that computer from threats.
Network security
◦ involves protecting all the resources on a network from
threats. You must consider not only the computers on the
network, but other network devices, network transmission
media, and the data being transmitted across the network.
Information security
◦ involves protecting all the information and data stored in a
computer and network from threats. The information
should be accessed only by an authorized person
4
Financial institutions and banks
Internet service providers
Pharmaceutical companies
Educational Institutions
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK on the cyber
space.
5
Confidentiality:
◦ Authentication
The assurance that the communicating entity is the one it claims to be
◦ Access Control
The prevention of unauthorized use of a resource
who can have access to a resource,
under what conditions access can occur,
what those accessing the resource are allowed to do
prevention of unauthorized disclosure of information.
Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information.
Integrity:
◦ prevention of unauthorized modification of information.
◦ Guarding against information modifications or destruction, including
ensuring information non-repudiation and authenticity.
Availability:
◦ prevention of unauthorized withholding of information or resources.
◦ Ensuring timely and reliable access to and use of information
Accountability:
◦ holding users accountable for their actions.
Nonrepudiation:
◦ the ability to ensure that someone cannot deny (i.e.,repudiate) his or
her actions.
6
7
Passive attacks
◦ Obtain message contents
◦ Monitoring traffic flows
8
Obtain message contents
◦ The release of message contents is easily understood
(Figure 1.2a). A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or
confidential information.
◦ We would like to prevent an opponent from learning the
contents of these transmissions.
Traffic analysis,
◦ (Figure 1.2b). Suppose that we had a way of masking the
contents of messages or other information traffic so that
opponents, even if they captured the message, could not
extract the information from the message.
◦ The common technique for masking contents is encryption.
If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages.
◦ The opponent could determine the location and identity of
communicating hosts and could observe the frequency and
length of messages being exchanged.
◦ This information might be useful in guessing the nature of
the communication that was taking place.
9
Active attacks
◦ Masquerade of one entity as
some other
◦ Replay previous messages
◦ Modify messages in transmit
◦ Add, delete messages
◦ Denial of service
10
A masquerade
◦ Takes place when one entity pretends to be a different entity (Figure 1.3a).
◦ A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a
valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an
entity that has those privileges.
Modification of messages
◦ Simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect
(Figure 1.3c). For example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred Brown to read
confidential file accounts.“
The denial of service
◦ prevents or inhibits the normal use or management of communications
facilities (Figure 1.3d).
◦ This attack may have a specific target; for example, an entity may suppress
all messages directed to a particular destination (e.g., the security audit
service).
◦ Another form of service denial is the disruption of an entire network, either
by disabling the network or by overloading it with messages so as to degrade
performance. 11
◦ Hackers vs. crackers
The general view is that, while hackers build things, crackers
break things. Cracker is the name given to hackers who
break into computers for criminal gain; whereas, hackers can
also be internet security experts hired to find vulnerabilities
in systems. These hackers are also known as white hat
hackers.
Types of hackers:
White hat hackers, security experts hired to find
vulnerabilities in systems.
Black hat hackers, a hacker with extensive computer
knowledge whose purpose is to breach or bypass security.
Black hat hackers are also known as crackers or dark-side
hackers.
Grey hat hackers, who may sometimes violet laws or
typical ethical standards, but does not have the malicious
intent typical of a black hat hackers
◦ Cyber vandalism: Intentionally disrupting, defacing,
destroying Web site
12
13
Identity and Access Management (IAM)
◦ Authentication
◦ Authorization
◦ Auditing
Encryption
Securing channels of communication (SSL, S-HTTP,
VPNs)
Firewalls
Intrusion detection systems
Software Controls (access limitations in a data base, in
operating system protect each user from other users)
Hardware Controls (smartcard)
Regular scanning, detection and removal of viruses
Security Policies and management
Physical Controls
14
15
Encryption
◦ Transforms data into cipher text readable
only by sender and receiver
◦ Secures stored information and information
transmission
◦ Provides key dimensions of security:
1. Message integrity
2. Nonrepudiation
3. Authentication
4. Confidentiality
16
17
Secure Sockets Layer (SSL):
◦ Establishes a secure, negotiated client-server
session in which URL of requested document,
along with contents, is encrypted
S-HTTP:
◦ Provides a secure message-oriented
communications protocol designed for use in
conjunction with HTTP
18
19
Firewall
◦ Hardware or software
◦ Uses security policy to filter packets
◦ Two main methods:
1. Packet filters
2. Application gateways
20
21
Internet DMZ
Web server, email
server, web proxy,
etc
Firewall
Firewall
Intranet
22
Used to monitor for “suspicious activity” on a network
◦ Can protect against known software exploits, like buffer
overflows
Open Source IDS: Snort, www.snort.org
Uses “intrusion signatures”
◦ Well known patterns of behavior
Ping sweeps, port scanning, web server indexing, OS fingerprinting,
DoS attempts, etc.
Example
◦ IRIX vulnerability in webdist.cgi
◦ Can make a rule to drop packets containing the line
“/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”
However, IDS is only useful if contingency plans are
in place to curb attacks as they are occurring
23
Operating system security enhancements
◦ Upgrades, patches
Anti-virus software:
◦ Easiest and least expensive way to prevent threats
to system integrity
◦ Regular scanning, detection and removal of viruses
◦ Requires daily updates
24
needs to address:
◦ scope and purpose including relation of objectives to
business, legal, regulatory requirements
◦ IT security requirements
◦ assignment of responsibilities
◦ risk management approach
◦ security awareness and training
◦ general personnel issues and any legal sanctions
◦ integration of security into systems development
◦ information classification scheme
◦ contingency and business continuity planning
◦ incident detection and handling processes
◦ how when policy reviewed, and change control to it
25
Risk assessment
Security policy
Implementation plan
◦ Access controls
◦ Authentication
procedures, inc.
biometrics
◦ Authorization policies,
authorization
management systems
Security organization
Security audit
26
1. Read and prepare a document about the Challenges and the most Common
Security threats listed bellow and indicate the techniques that could be
implemented to mitigate the risk
Malicious code: Viruses, Worms, Trojan horses, Bots, botnets
Phishing
Pharming
Insider jobs
TCP attacks
malicious software
Vishing/smishing,
1. List down some of the Current Smartphone security risks and enumerate some of
the tips to overcome the risks
2. Justify why it is not possible to protect or secure a given network, computer or
Information 100%?