Overview
• Vulnerability
– Flaw or weakness in a system's design, implementation,
or operation and management that could be
exploited to violate the system's security policy.
11
Security Concepts and Relationships
12
Assets of a Computer System
Hardware
Software
Data
14
Countermeasures
• prevent
means used to deal • detect
with security attacks • recover
15
Lecture 2:
Overview (cont)
20
Threat Consequences
Disruption is a threat to availability or system
integrity
• Incapacitation: a result of physical destruction
of or damage to system hardware
• Corruption: system resources or services
function in an unintended manner;
unauthorized modification
• Obstruction: e.g. overload the system or
interfere with communications
21
Scope of Computer Security
22
Computer and Network Assets
Availability Confidentiality Integrity
Equipment is stolen or
An unencrypted CD-
Hardware disabled, thus denying Jamming
ROM or DVD is stolen.
service.
A working program is
modified, either to
Programs are deleted, An unauthorized copy cause it to fail during
Software
denying access to users. of software is made. execution or to cause it
to do some unintended
task.
An unauthorized read
of data is performed. Existing files are
Files are deleted,
Data An analysis of modified or new files
denying access to users.
statistical data reveals are fabricated.
underlying data.
Messages are destroyed Messages are modified,
Communication or deleted. Messages are read. The delayed, reordered, or
Lines and Communication lines traffic pattern of duplicated. False
Networks or networks are messages is observed. messages are
rendered unavailable. fabricated.
23
Passive and Active Attacks
• Passive attacks attempt to learn or make use of information
from the system but does not affect system resources
• eavesdropping/monitoring transmissions
• difficult to detect
• emphasis is on prevention rather than detection
• two types:
– message contents
– traffic analysis
27
Data – connection confidentiality
Confidentiality
Service – connectionless confidentiality
– selective-field confidentiality
• protection of transmitted
data from passive attacks – traffic-flow confidentiality
28
• connectionless integrity service
Data – provides protection against
Integrity message modification only
Service
• connection-oriented integrity
service
– assures that messages are
• can apply to a stream of received as sent
messages, a single message, • no duplication, insertion
or selected fields within a modification, reordering, or
message replays
29
• a variety of attacks can result in
the loss of or reduction in
Availability availability
Service • some of these attacks are
amenable to authentication
and encryption
• some attacks require a
physical action to prevent
or recover from loss of
• a service that protects a availability
system to ensure its
availability • depends on proper
– being accessible and management and control of
usable upon demand by system resources
an authorized system
entity
30
Security Implementation
prevention detection
complementary
courses of
action
recovery
response
31
Security Mechanism
• Feature designed to
– Prevent attackers from violating security policy
– Detect attackers’ violation of security policy
– Response to mitigate attack
– Recover, continue to function correctly even if attack
succeeds
Least
astonishment
Attack Surfaces
Consist of the reachable and exploitable vulnerabilities in
a system
Examples:
Code that
processes An employee
Open ports on incoming data, with access to
outward facing Services email, XML, sensitive
Web and other available on office Interfaces, SQL, information
servers, and the inside of a documents, and Web forms vulnerable to a
code listening firewall and industry- social
on those ports specific custom engineering
data exchange attack
formats
Attack Surface Categories
Network Software Human Attack
Attack Surface Attack Surface Surface
Vulnerabilities over an
enterprise network, wide- Vulnerabilities in
area network, or the application, utility, or
Internet operating system code
Vulnerabilities created by
personnel or outsiders,
Included in this category such as social
are network protocol engineering, human
vulnerabilities, such as error, and trusted insiders
those used for a denial-of-
service attack, disruption Particular focus is Web
of communications links, server software
and various forms of
intruder attacks
Security Technologies Used
36
Types of Attacks Experienced
37
38
Defense in Depth and Attack Surface
Low Medium
Deep
Small Large
Attack Surface
Computer Security Strategy
what is the
how does it do does it really
security scheme
it? work?
supposed to do?
40
Computer Security Strategy
Security Policy
• formal statement of rules and practices that
specify or regulate security services
• factors to consider:
– value of the protected assets
– vulnerabilities of the system
– potential threats and the likelihood of attacks
• trade-offs to consider:
– ease of use versus security
– cost of security versus cost of failure and recovery
42
Assurance and Evaluation
• assurance
– the degree of confidence one has that the security
measures work as intended
– both system design and implementation
• evaluation
– process of examining a system with respect to
certain criteria
– involves testing and formal analytic or
mathematical techniques
43
Security Trends
45
The Seventies
• John Draper
– a.k.a. Captain Crunch
– “If I do what I do, it is only
to explore a system”
46
The Eighties
• Robert Morris worm - 1988
– Developed to measure the size of the Internet
• However, a computer could be infected multiple times
– Brought down a large fraction of the Internet
• ~ 6K computers
48
Code-Red Worm
• On July 19, 2001, more than 359,000 computers connected to the
Internet were infected in less than 14 hours
• Spread
49
Sapphire Worm
• was the fastest computer worm in history
– doubled in size every 8.5 seconds
– infected more than 90 percent of vulnerable hosts
within 10 minutes.
50
DoS attack on SCO
• On Dec 11, 2003
– Attack on web and FTP servers of SCO
• a software company focusing on UNIX systems
51
Witty Worm
• 25 March 2004
– reached its peak activity after approximately 45
minutes
– at which point the majority of vulnerable hosts
had been infected
• World
• USA
52
Nyxem Email Virus
• Spread
53
Sipscan Botnet
• probing
54