Vous êtes sur la page 1sur 37

CSEN 1001

Computer
and
Network
Security
Amr El Mougy
Amr Osman
Course Details
Instructor:
Amr El Mougy
Email: amr.elmougy@guc.edu.eg
Office hours: Mon 12:00-1:00
Thursday 3:00-4:00
Office: C7.312

Assessment:

Assignments
5%
Quizzes
10%
Class Work
5%
Project
20%
Mid-term
20%
Final
40%
TA:
Amr Osman
Email: amr.salaheldin@guc.edu.eg
Office: C7.220
Course Details
Text book and some lecture slides:
Authors: William Stallings and Lawrie Brown
Title: Computer Security, Principles and Practice
Publisher: Pearson Education, Inc., 2008
Note:
These slides are not meant to be comprehensive lecture
notes! They are only remarks and pointers. The material
presented here is not sufficient for studying for the course.
Your main sources for studying are the text and your own
lecture notes

Course Details
Security concepts
Cryptographic tools
User authentication
Access control
Security attacks
Prevention systems
Software Security
Cryptographic algorithms
Internet security
Management issues

Lecture (1)
Introduction and Key
Security Concepts
Definitions
The US-based National Institute for Standards and Technology (NIST)
defines computer security as follows:



[Computer security is] the protection afforded to an automated information system in order
to attain the applicable objectives of preserving integrity, availability, and confidentiality of
information system resources (includes hardware, software, firmware, information/data, and
telecommunications)

Definition (Computer Security)
Key Security Concepts
CIA Triad
Confidentiality
Confidentiality covers two concepts:

Data confidentiality: Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals

Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed
Integrity
Integrity as a security goal also covers two related concepts:

Data integrity: Assures that information and programs are changed
only in a specified and authorized manner

System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system
Availability
Availability ensures that a system works promptly and service is not
denied to authorized users. A loss of availability is the disruption of
access to or use of information or an information system
Further Considerations
Some additional aspects are often mentioned:

Authenticity:
The property of being genuine and able to be verified
Confidence in the validity of a transmission, verifiability of a message
originator, inputs arriving from trusted sources
Verifiability of a users identity

Accountability:
Actions can be uniquely traced to their originator
Essential for nonrepudiation, deterrence, fault isolation, intrusion detection,
after action recovery, legal action
Truly secure systems are not achievable, so security breaches must be
traceable
DAD Triad
The complement of CIA
Denial
Unauthorized individuals gain
access to confidential information
Data is modified or destroyed
through some unauthorized
mechanism
Authorized users can not gain access
to a system for legitimate purposes
DAD activities
may be malicious
or accidental
Levels of Security Breaches
Low
Moderate
High
Limited adverse effect
System performs its primary functions
Minor damages to assets and individuals
Serious adverse effect
System performs its primary functions
with lower efficiency
Significant damage to assets and
individuals (no loss of life)
Catastrophic adverse effect
System unable to perform its
primary functions
Major damage to assets and
individuals
Layered Security Aspects
Security considerations include:
Physical security
Operating system security
Windows, Mac OS, Unix/Linux (Sun OS, Solaris, Open BSD, . . . )
Application layer security
Browser, e-mail client, . . .
Communication security
Encryption
Firewalls
Intrusion detection systems
Computer Security Challenges
1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
9. too often an after-thought
10. regarded as impediment to using system
Security Vocabulary
System resource: (Asset)
Data, services, capabilities (processing power, communication bandwidth), equipment, etc.
Adversary:
An entity that attacks or is a threat to a system
Attack:
An assault from an intelligent threat; an intelligent act manifesting a deliberate attempt to breach security
Vulnerability:
A flaw or weakness that could be exploited to violate a systems security
Threat:
A potential to violate security; a possible danger that might exploit a vulnerability
Risk:
Probability of a particular threat exploiting a particular vulnerability
Security policy:
A set of rules and practices that regulate how a system provides security for their assets
Countermeasure:
An action or device to reduce a threat/vulnerability/attack by eliminating or preventing it or by
minimizing adverse effects
Security Vocabulary
Countermeasures
Owners
Vulnerabilities
Threat Agents
Threats
Risk
Assets
to
to
value
wish to minimize
impose
to reduce
that may
posses
that may be
reduced by
may be aware of
Wish to abuse and/or may damage
give
rise to
that
exploit
leading
to
that increase
Example
The water flowing to the right is a threat to
the man (he might catch a cold)
Example: The existence of a particular virus


The crack in the wall is a vulnerability
Example: Open ports on a computer
Vulnerability + Threat = Risk!
Vulnerability Threat Risk
Vulnerabilities and Attacks
System resource vulnerabilities may
be corrupted (loss of integrity)
become leaky (loss of confidentiality)
become unavailable (loss of availability)
Attacks are threats carried out and may be
passive
active
insider
outsider
Typical Threats
Hacker
Anyone who attempts to penetrate the security of an information
system, regardless of intent
Early definition included anyone very proficient in computer use
Malicious insider
Someone from within the organization that attempts to go beyond
the rights and permissions that they legitimately hold
Security professionals and system administrators are particularly
dangerous
Typical Threats
Malicious code object
Virus:
A program that attaches itself to a program or file so it can spread from
one computer to another, leaving infections as it travels
Worm:
A program that takes advantage of file or information transport
features on your system, which allows it to travel unaided. The biggest
danger with a worm is its capability to replicate itself on your system
(e.g., sending itself to all of the e-mail list in your computer)
Trojan horse:
A program that at first glance will appear to be useful software but will
actually do damage once installed or run on your computer. It usually
appears that is coming from a trusted source
Countermeasures
Means used to deal with security attacks
prevent
detect
recover
May result in new vulnerabilities
Will have residual vulnerability
Goal is to minimize risk given constraints
Threat Consequences
Unauthorized
Disclosure
Exposure
Interception
Inference
Intrusion
Deception
Masquerade
Falsification
Repudiation
Disruption
Incapacitation
Corruption
Obstruction
Usurpation
Misappropriation
Misuses
Attacks on Communication Networks
We distinguish:
Passive attacks
Attempts to learn or make use of information from the system
but does not affect system resources
Eavesdropping or monitoring of transmissions
Active attacks
Attempts to alter system resources or affect their operation.
Passive Attacks
Release of message contents / snooping
Traffic analysis / spoofing
Passive attacks are hard to detect!
Active Attacks
Masquerade: One entity pretends
to be a different entity
Replay attack: Passive capture of a
data unit and its subsequent
retransmission to produce an
unauthorized effect
Active Attacks
Modification attack: Some portion of
a legitimate message is altered or
messages are reordered to produce
an unauthorized effect
Denial of service: Prevents or inhibits
the normal use or management of
communications facilities
Security Functional Requirements
Technical measures:
Access control; identification & authentication; system & communication
protection; system & information integrity
Management controls and procedures:
Awareness & training; audit & accountability; certification, accreditation, &
security assessments; contingency planning; maintenance; physical &
environmental protection; planning; personnel security; risk assessment;
systems & services acquisition
Overlapping technical and management:
Configuration management; incident response; media protection
threat + vulnerability = risk

Risk analysis, assessment, and management are required
Risk Analysis
Actions involved in risk analysis:
Determine which assets are most valuable
Identify risks to assets
Determine the likelihood of each risk occurring
Take action to manage the risk
Security professionals formalize the risk analysis process
Step 1: Asset Valuation
Step 1 in risk analysis process: Asset valuation

Identify the information assets in the organization
- Hardware, software, and information/data
Assign value to those assets using a valuation method
Asset Valuation Methods
Replacement cost valuation
Replacement cost (also called current cost accounting or CCA) values assets based on what it
would cost to replace them if they were acquired today
For example, if Utility Company were placing this same plant today, the materials would cost
$530,000 and the installation would cost $56,000. The replacement cost value is $586,000
Original cost valuation
Original cost (also called historic cost accounting or HCA) values assets based on what the company
actually spent for the assets when they were acquired
Example: In 1990, Utility Company spent $500,000 to purchase the materials for its fixed lines and
$50,000 to install them. The original cost value of these assets is $550,000 before depreciation
Depreciated valuation
Uses the original cost less an allowance for value deterioration (original value how much drop in
its price since purchased)
Qualitative valuation
Assigns priorities to assets without using dollar values
Step 2: Risk Assessment
Qualitative
Assessment
Quantitative
Assessment
Focuses on analyzing intangible properties
of an asset rather than financial value
Prioritizes risks to aid in the assignment of
security resources
Relatively easy to conduct
Assigns dollar values to each risk based on
measures such as: asset value (AV).
Assesses the exposure factor (EF), i.e., the expected
portion (%) that can be destroyed by a given risk
Assesses the annualized rate of occurrence (ARO),
i.e., the number of times you expect the risk to
occur.
Determines the single loss expectancy (SLE),
amount of damage each time the risk occur
(SLE = AV EF)
Evaluates the annualized loss expectancy (ALE), i.e.,
the amount of damage each year from a given risk
(ALE = ARO SLE)
Step 3: Managing Risks
Risk avoidance
Used when a risk overwhelms the benefits gained from having a particular mechanism
available
Avoid any possibility of risk by disabling the mechanism that is vulnerable
Disabling e-mail is an example of risk avoidance
Risk mitigation
Used when a threat poses a great risk to a system
Takes preventative measures to reduce the risk
A firewall is an example of risk mitigation
Risk acceptance
Useful when risk or potential damage is small
Do nothing to prevent or avoid the risk
Risk transference
Ensure that someone else is liable if damage occurs
Buy insurance for example
Security Tradeoffs
Security can be seen as a tradeoff between risks and benefits
Cost of implementing the security mechanism vs. the amount
of damage it may prevent
Tradeoff considerations:
user convenience
business goals
expenses
X.800 Security Architecture
X.800, Security Architecture for OSI
Systematic way of defining requirements for security and
characterizing approaches to satisfying them
Defines:
Security attacks - compromise security
Security mechanism - act to detect, prevent, recover from attack
Security service - counter security attacks
Security Taxonomy