Overview
Communications Security
Evaluating Systems
M li i
Malicious
L
Logic
i
Network Security
Auditing
Intrusion Detection
Firewalls
Overview
Communications Security
Indicative Reading
Building Internet
Firewalls,
Elizabeth D. Zwicky, D.Brent
Chapman, and Simon Cooper
O'Reilly (Jul 2000)
ISBN: 1565928717
Overview
Communications Security
Overview
Communications Security
Overview
Introduction to
Computer
S
Security
it
Matt Bishop
Addison Wesley
(04 Nov
2004 )
ISBN: 0321247442
Communications Security
Overview
Communications Security
Overview
A Website: http://www.w3.org/Security/
Communications Security
Overview
Communications Security
Overview
Communications Security
Overview
Moodle
Communications Security
Overview
Communications Security
Overview
Confidentiality
Is this all?
Why not?
Availabilityy
To whom?
Authentication
Still not there
Integrity
Its about more than network security!
Communications Security
Overview
Introduction
Communications Security
Overview
Basic Components
Confidentiality
Keeping
K
i d
data
t and
d resources hidd
hidden
Integrity
g y
Data integrity (integrity)
Origin integrity (authentication)
Availability
Enabling access to data and resources
Communications Security
Overview
Classes of Threats
Disclosure
Di l
Snooping
Deception
D
i
Modification, spoofing, repudiation of
origin,
i i d
denial
i l off receipt
i t
Disruption
Modification
Usurpation
Modification, spoofing, delay, denial of
service
Communications Security
Overview
M
Mechanisms
h i
enforce
f
policies
li i
Composition of policies
If policies conflict, discrepancies may
create security vulnerabilities
Communications Security
Overview
Exercise
Identify mechanisms for implementing the following. State
what policy or policies they might be enforcing:
A password changing program will reject passwords that are less
than 5 characters long or that are found in the dictionary
dictionary.
Only students in a CS class will be given accounts on the dept.s
computer system.
The login program will disallow logins of any students who enter
their password incorrectly three times.
The permissions of the file containing Carols
Carol s homework will
prevent Robert from cheating and copying it.
When WWW traffic climbs to more than 80% of the networks
capacity, systems will disallow any further communications to or
from Web servers.
Annie,
Annie a systems analyst
analyst, will be able to detect a student using a
program to scan her system for vulnerabilities.
Communications Security
Overview
Goals of Security
Prevention
Prevent attackers from violating security
policy
Detection
Detect
D t t attackers
tt k violation
i l ti off security
it
policy
Recovery
R
Stop attack, assess and repair damage
Continue to function correctly even if
attack succeeds
Communications Security
Overview
Mechanisms
M h i
Assumed to enforce policy
Support mechanisms work correctly
Communications Security
Overview
Types of Mechanisms
secure
precise
broad
Communications Security
Overview
Exercise
Communications Security
Overview
Assurance
Specification
Requirements analysis
Statement of desired functionality
Design
How system will meet specification
Implementation
Programs/systems
P
/
t
that
th t carry outt
design
Communications Security
Overview
Operational Issues
Cost-Benefit Analysis
Is it cheaper to prevent or recover?
Risk Analysis
Should we protect something?
How much should we protect this thing?
Communications Security
Overview
Human Issues
Organizational Problems
Power and responsibility
Financial benefits
People problems
Outsiders and insiders
Social engineering
Communications Security
Overview
Tying Together
Threats
Policy
Specification
Design
Implementation
Operation
Communications Security
Overview
Key Points
Communications Security
Overview
Exercise
g as a violation of
Classifyy the following
confidentiality, of integrity, of availability, or of
some combination thereof:
John copies Marys homework
Paul crashes Lindas system
Carol
C l changes
h
th
the amountt off A
Angelos
l check
h k ffrom 100
to 1,000.
Gina forges Rogers
Roger s signature on a deed
Henry registers the domain name AddisonWesley.com
publishing
g house buy
y or use that
and refuses to let the p
domain name
Unrelenting Henry spoofs Julies IP address to gain
access to her computer
computer.