Communications Security

Overview

ENG757s2 Communications Security

Dr. Shikun Zhou

Dr
Shikun.Zhou@port.ac.uk
A2.11a

Communications Security

Unit teaching plan

Evaluating Systems
M li i
Malicious
L
Logic
i
Network Security
Auditing
Intrusion Detection
Firewalls

Overview

Communications Security

Indicative Reading

Building Internet
Firewalls,
Elizabeth D. Zwicky, D.Brent
Chapman, and Simon Cooper
O'Reilly (Jul 2000)
ISBN: 1565928717

Official Red Hat Linux

Networking and
System Administration
Terry Collings and Kurt Wall

MCSA / MCSE Windows

2000 Server
Microsoft Press

Overview

Communications Security

A General Book (Textbook)

C
Computer
t Security:
S
Security
it :
Art and Science
Matt Bishop
Addison Wesley
(10 Dec 2002)
New edition is on the way
and will be published on
1 Aug 2012
ISBN: 0201440997

Overview

Communications Security

Overview

Another General Book (Introduction)

Introduction to
Computer
S
Security
it
Matt Bishop
Addison Wesley
(04 Nov

2004 )
ISBN: 0321247442

Communications Security

Overview

Other books you can use

ISBN 10: 0132390779
ISBN-10:
ISBN-13: 9780132390774
Charles P.
P Pfleeger
Pfleeger, Shari Lawrence Pfleeger

Security in Computing, 4/E

For other books you can use,
please
l
read
d th
the fforum messages.

Communications Security

Overview

A Website: http://www.w3.org/Security/

Communications Security

Overview

Another one: http://www.techweb.com/wire/security/

Communications Security

Overview

Internet Computer Security Association: www.icsa.net

Communications Security

Overview

The Locations of All Materials

Moodle

Communications Security

Overview

Communications Security

Overview

What is Information Security?

Confidentiality
Is this all?
Why not?

Availabilityy
To whom?

Authentication
Still not there

Integrity
Its about more than network security!

Communications Security

Overview

Introduction

Components of computer security

Threats
Policies and mechanisms
The role of trust
Assurance
Operational Issues
Human Issues

Communications Security

Overview

Basic Components

Confidentiality
Keeping
K
i d
data
t and
d resources hidd
hidden

Integrity
g y
Data integrity (integrity)
Origin integrity (authentication)

Availability
Enabling access to data and resources

Communications Security

Overview

Classes of Threats

Disclosure
Di l
Snooping

Deception
D
i
Modification, spoofing, repudiation of
origin,
i i d
denial
i l off receipt
i t

Disruption
Modification

Usurpation
Modification, spoofing, delay, denial of
service

Communications Security

Overview

Policies and Mechanisms

Policy says what is, and is not, allowed

This defines security
security for the
site/system/etc.

M
Mechanisms
h i
enforce
f
policies
li i
Composition of policies
If policies conflict, discrepancies may
create security vulnerabilities

Communications Security

Overview

Exercise
Identify mechanisms for implementing the following. State
what policy or policies they might be enforcing:
A password changing program will reject passwords that are less
than 5 characters long or that are found in the dictionary
dictionary.
Only students in a CS class will be given accounts on the dept.s
computer system.
The login program will disallow logins of any students who enter
their password incorrectly three times.
The permissions of the file containing Carols
Carol s homework will
prevent Robert from cheating and copying it.
When WWW traffic climbs to more than 80% of the networks
capacity, systems will disallow any further communications to or
from Web servers.
Annie,
Annie a systems analyst
analyst, will be able to detect a student using a
program to scan her system for vulnerabilities.

Communications Security

Overview

Goals of Security

Prevention
Prevent attackers from violating security
policy

Detection
Detect
D t t attackers
tt k violation
i l ti off security
it
policy

Recovery
R
Stop attack, assess and repair damage
Continue to function correctly even if
attack succeeds

Communications Security

Overview

Trust and Assumptions

Underlie all aspects of security

Policies
Unambiguously partition system states
Correctly capture security requirements

Mechanisms
M h i
Assumed to enforce policy
Support mechanisms work correctly

Communications Security

Overview

Types of Mechanisms

secure

precise

set of reachable states

broad

set of secure states

Communications Security

Overview

Exercise

Policyy restricts the use of email on a p

particular
system to faculty and staff. Students cannot send
or receive email on that host. Classify the
following mechanisms as secure
secure, precise
precise, or
broad:
The email sending and receiving programs are disabled
As each letter is sent or received, the system looks up
the sender (or
( recipient)) in a database. Iff that part is
listed as faculty or staff, the mail is processed.
Otherwise, it is rejected
j
((Assume that the database
entries are correct).
The email sending programs ask the user if he or she is
a student
student. If so,
so the mail is refused.
refused The email receiving
programs are disabled.

Communications Security

Overview

Assurance

Specification
Requirements analysis
Statement of desired functionality

Design
How system will meet specification

Implementation
Programs/systems
P
/
t
that
th t carry outt
design

Communications Security

Overview

Operational Issues

Cost-Benefit Analysis
Is it cheaper to prevent or recover?

Risk Analysis
Should we protect something?
How much should we protect this thing?

Laws and Customs

Are desired security measures illegal?
Will people do them?

Communications Security

Overview

Human Issues

Organizational Problems
Power and responsibility
Financial benefits

People problems
Outsiders and insiders
Social engineering

Communications Security

Overview

Tying Together

Threats
Policy
Specification
Design
Implementation
Operation

Communications Security

Overview

Key Points

Policy defines security, and

mechanisms enforce security
Confidentiality
Integrity
Availabilityy

Trust and knowing assumptions

Importance
I
t
off assurance
The human factor

Communications Security

Overview

Exercise

g as a violation of
Classifyy the following
confidentiality, of integrity, of availability, or of
some combination thereof:
John copies Marys homework
Paul crashes Lindas system
Carol
C l changes
h
th
the amountt off A
Angelos
l check
h k ffrom 100
to 1,000.
Gina forges Rogers
Roger s signature on a deed
Henry registers the domain name AddisonWesley.com
publishing
g house buy
y or use that
and refuses to let the p
domain name
Unrelenting Henry spoofs Julies IP address to gain
access to her computer
computer.