Chapter 1

Chapter 1
Overview
 Computer Security
Overview
the term Computer Security as:
“The protection afforded to an
automated information system in
order to attain the applicable
objectives of preserving the integrity,
availability and confidentiality of
information system resources”
(includes hardware, software,
firmware, information/data, and
telecommunications).
The CIA Triad

Confidentiality
- data
confidentiality
- privacy

Integrity
- data integrity
- system integrity

 Availabilit
y
Key Security Concepts

Confidentia Availabili
Integrity
lity ty
• preserving • guarding • ensuring
authorized against timely and
restrictions on improper reliable access
information information to and use of
access and modification information
disclosure, or destruction,
including including
means for ensuring
protecting information
personal nonrepudiatio
privacy and n and
proprietary authenticity
information
 Computer Security Challenges

 computer security is not  attackers only need to find

as simple as it might first a single weakness, the
appear to the novice developer needs to find all
 weaknesses
potential attacks on the
 users and system managers
security features must be
tend to not see the benefits
considered
of security until a failure
 procedures used to occurs
provide particular  security requires regular
services are often and constant monitoring
counterintuitive  is often an afterthought to
 physical and logical be incorporated into a
placement needs to be system after the design is
determined complete
  thought of as an
additional algorithms or
protocols may be involved impediment to efficient and
user-friendly operation
Table 1.1

Computer
Security
Terminolo
gy
 Figure 1.2
Security Concepts and Relationships
 Vulnerabilities, Threats
and Attacks
 categories of vulnerabilities
 corrupted (loss of integrity)
 leaky (loss of confidentiality)
 unavailable or very slow (loss of availability)

 threats
 capable of exploiting vulnerabilities
 represent potential security harm to an asset

 attacks (threats carried out)

 passive – does not affect system resources
 active – attempt to alter system resources or affect
their operation
 insider – initiated by an entity inside the security
parameter
 outsider – initiated from outside the perimeter
Countermeasures
means used to deal • prevent
with security • detect
attacks • recover

may introduce new

vulnerabilities
residual
vulnerabilities may
remain
goal is to minimize
residual level of risk
to the assets
 Threat
Consequen
ces
 Figure 1.3
Scope of Computer Security
 Table 1.3
Computer and Network Assets
Examples of Threats

Table 1.3 Computer and Network Assets, with Examples of Threats.

 Passive and Active
Attacks
 Passive attacks attempt to learn or make use of
information from the system but does not affect system
resources
 eavesdropping/monitoring transmissions
 difficult to detect
 emphasis is on prevention rather than detection
 two types:
 release of message contents
 traffic analysis

 Active attacks involve modification of the data stream

 goal is to detect them and then recover
 four categories:
 masquerade
 replay
 modification of messages
 denial of service
Table
1.4
(FIPS PUB
200)

Secu
rity

Requ
irem
ents
 Security Functional
Requirements
functional areas that
functional areas that functional areas that
overlap computer
primarily require primarily require
security technical
computer security management controls
measures and
technical measures and procedures
management controls
include: include:
include:
• access control; • awareness & • configuration
identification & training; audit & management;
authentication; accountability; incident response;
system & certification, and media protection
communication accreditation, &
protection; and security
system & information assessments;
integrity contingency
planning;
maintenance;
physical &
environmental
protection; planning;
personnel security;
risk assessment; and
systems & services
 Security Architecture For
Open Systems

 ITU-T Recommendation X.800, Security

Architecture for OSI
 systematic way of defining the requirements
for security and characterizing the
approaches to satisfying them
 was developed as an international standard
 focuses on:
 security attacks – action that compromises the
security of information owned by an
organization
 security mechanism – designed to detect,
prevent, or recover from a security attack
 security service – intended to counter security
 Security Services
X.800 RFC 2828
 defines a security  defines a security
service as a service service as a
that is provided by processing or
a protocol layer of communication
communicating service that is
open systems and provided by a
ensures adequate system to give a
security of the specific kind of
systems or of data protection to
transfers system resources;
security services
implement security
policies and are
implemented by
Table 1.5

Security
Services

Source: From X.800, Security Architecture for OSI

  Data Origin Authentication
 provides for the
corroboration of the source
of a data unit
Authentication  does not provide protection
Service against the duplication or
modification of data units
 this type of service supports
applications like email
where there are no prior
interactions between the
 concerned with assuring communicating
 Peer entities
Entity Authentication
that a communication is  provides for the corroboration
from the source that it of the identity of a peer entity
in an association
claims to be from  provided for use at the
establishment of, or at times
 must assure that the during the data transfer phase
connection is not of, a connection
 attempts to provide confidence
interfered with by a third
that an entity is not performing
party masquerading as either a masquerade or an
one of the two legitimate unauthorized replay of a
parties previous connection
 Access Nonrepudiation
Control Service
Service

 prevents either
 the ability to limit and
sender or receiver
control the access to host
from denying a
systems and applications
transmitted message
via communications links
 receiver can prove
 each entity trying to gain
that the alleged
access must first be sender in fact sent
identified, or the message
authenticated, so that
access rights can be  the sender can prove
tailored to the individual
  protects the traffic flow
from analysis
Data  this requires that an attacker

Confidentiality not be able to observe the

source and destination,
Service frequency, length, or other
characteristics of the traffic
on a communications facility

 connectionless
confidentiality
 protection of all user data in
 the protection of transmitted
a single data block
data from passive attacks
 selective-field
 the broadest service
protects all user data
confidentiality
 confidentiality of selected
transmitted between two
users over a period of time fields within the user data on
a connection or a single data
 connection confidentiality
block
 the protection of all user
data on a connection  traffic-flow confidentiality
  a connection-oriented
integrity service assures
that messages are
Data received as sent, with no
Integrity duplication, insertion
modification, reordering,
Service or replays
 destruction of data is
also covered under this
service
 addresses both message
 can apply to a stream of stream modification and
messages, a single denial of service
message, or selected
fields within a message  need to make a distinction
between the service with
 a connectionless integrity and without recovery
service generally provides  concerned with detection
protection against rather than prevention
message modification  the incorporation of
only automated recovery
mechanisms is the more
  a variety of attacks can
result in the loss of or
reduction in availability
 some of these attacks
Availability are amenable to
Service authentication and
encryption
 some attacks require a
physical action to
prevent or recover from
loss of availability

 a service that protects a  X.800 treats availability

system to ensure its as a property to be
availability associated with various
 defined as the property
security services
of a system or a system
resource being accessible
and usable upon demand  addresses the security
by an authorized system concerns raised by
entity, according to
performance denial-of-service attacks
specifications of the
system  depends on proper
 Table
1.6

X.800
Security
Mechanisms
Figur
e 1.4

Securi
ty
Trend
s
Figure 1.5

Security Technologies
Used
 Computer Security
Strategy

implementation/
specification/policy correctness/assurance
mechanisms

what is the
security
how does it does it
scheme
do it? really work?
supposed to
do?
 Security Policy
 formal statement of rules and practices
that specify or regulate how a system or
organization provides security services to
protect sensitive and critical system
resources
 factors to consider:  trade-offs to
 value of the assets
consider:
being protected
 ease of use versus
 vulnerabilities of the
security
system
 cost of security versus
 potential threats and
cost of failure and
the likelihood of
recovery
attacks
 Security Implementation

prevention response
detection •
response
• secure upon
•encryption •detection,
upon
intrusion
detection detection,
being able to
algorithms
systems
• prevent halt anable
being to
attack
•unauthorized haltprevent
and an attack
detection of and prevent
denial to
of further
access further
service
encryption involves four damage
damage
attacks
keys
complementary
courses of
detection
action:
•
recovery involves
intrusion prevention
•detection
use of backup four
systems • secure
systems complemen
encryption
• detection of
tary
algorithms
denial of
service courses
• prevent of
attacks unauthorized
action:
access to
encryption
keys
 Assurance and
Evaluation
 assurance
 the degree of confidence one has that the
security measures work as intended to protect
the system and the information it processes
 encompasses both system design and system
implementation

 evaluation
 process of examining a computer product or
system with respect to certain criteria
 involves testing and formal analytic or
mathematical techniques
 Summary
 security concepts
 CIA triad
 security architecture
 confidentiality – preserving  security services – enhances
the disclosure of information the security of systems and
 integrity – guarding against information transfers, table 1.5
modification or destruction  security mechanisms –
of information mechanisms designed to detect,
 availability – ensuring timely prevent, or recover from a
and reliable access to security attack, table 1.6
information  security attack – any action that
 terminology – table 1.1 compromises the security of
 threats – exploits information owned by an
vulnerabilities organization
 attack – a threat carried out  security trends
 countermeasure – means to  figure 1.4
deal with a security attack  security strategy
 assets – hardware,
 policy, implementation,
software, data,
communication lines, assurance and evaluation