Introduction to Information Security
advertisement
The Cast of Characters Introduction to Information Security Alice and Bob are the good guys; sometimes there is Carol and David Eve is the “eavesdropper” eavesdropper” Isaac is the Internet Service Provider (ISP) Mallory or Malvin is the “malicious hacker” hacker” Oscar is the “opponent” opponent” Sam is the “sniffer” sniffer” or “spoofer” spoofer” Trudy is the “intruder” intruder” 1 An Online Banking System Alice opens Alice’ Alice’s Online Bank (AOB) What are Alice’ Alice’s security concerns? If Bob is a customer of AOB, what are his security concerns? How are Alice and Bob concerns similar? How are they different? How does Trudy view the situation? 3 2 The Security Triad--CIA Confidentiality Integrity Availability 4 Introduction to Information Security by Mark Stamp 1 CIA CIA Trudy must not be able to change Bob’ Bob’s account balance Bob must not be able to improperly change his own account balance Integrity: prevent unauthorized writing of information AOB must prevent Trudy from learning Bob’ Bob’s account balance Confidentiality: prevent unauthorized reading of information 5 6 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp CIA CIA Which among the following is the most important: Confidentiality Integrity Availability AOB’ AOB’s information must be available when needed Bob must be able to make transaction If not, he’ he’ll take his business elsewhere Availability: Data is available in a timely manner when needed Denial of Service (DOS) or DDOS 7 Can we possibility ignore one of the three? 8 Introduction to Information Security by Mark Stamp 2 Beyond CIA Beyond CIA How does Bob’ Bob’s computer know that “Bob” Bob” is really Bob and not Trudy? Bob’ Bob’s password must be verified This requires some clever cryptography What are the security concerns of passwords? Are there alternatives to passwords? When Bob logs into AOB, how does AOB know that “Bob” Bob” is really Bob? As before, Bob’ Bob’s password is verified Unlike standalone computer case, network security issues arise What are the network security concerns? Protocols are critically important Cryptography also important in protocols 9 10 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp Beyond CIA Beyond CIA Once Bob is authenticated by AOB, then AOB must restrict actions of Bob Bob can’ can’t view Charlie’ Charlie’s account info Bob can’ can’t install new software, etc. Cryptography, protocols, and access control are implemented in software What are security issues of software? Most software is complex and buggy Software flaws lead to security flaws How do you reduce flaws in software development? Enforcing these restrictions is known as authorization Access control includes both authentication and authorization 11 12 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp 3 Beyond CIA Beyond CIA Operating systems enforce security Some software is intentionally evil For example, authorization Malware: Malware: computer viruses, worms, etc. OS: large and complex software What can Alice and Bob do to protect themselves from malware? malware? What can Trudy do to make malware more “effective” effective”? 13 14 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp Multiple Layers of Security Win XP has 40,000,000 lines of code! Subject to bugs and flaws like any other software Many security issues specific to OSs Can you trust an OS? Information Security The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Physical security Personnel security Operations security Communications security Network security Information security Tools: policy, awareness, technology, training/education C.I.A. triad was the industry standard 15 16 4 Critical Characteristics of Information Critical Characteristics of Information Availability Confidentiality Access without interference or restriction Prevent disclosure or exposure Accuracy Integrity Free from mistakes Whole, complete, uncorrupted Authenticity Utility Original or genuine Having value for some purpose 17 Critical Characteristics of Information Breach of confidentiality Breach of possession??? Possession Having control or ownership 18 NSTISSC Security Model Breach of possession Breach of confidentiality??? 19 20 5 Approaches to Information Security Implementation: BottomBottom-Up Approach Balancing Information Security and Access Grassroots effort: systems administrators attempt to improve security of their systems Impossible to obtain perfect security— security—it is a process, not a goal Key advantage: technical expertise of individual administrators Security should be considered balance between protection and availability To achieve balance, level of security must allow reasonable access, yet protect against threats Seldom works, as it lacks a number of critical features: Participant support 21 Approaches to Information Security Implementation: TopTopDown Approach Organizational staying power 22 Saltzer and Schroeder’s Security Design Principles Initiated by upper management Open Design Assume universal knowledge of source and specifications Issue policy, procedures and processes FailFail-safe Defaults Dictate goals and expected outcomes of project Base access decisions on permission rather than exclusion Determine accountability for each required action Least Privilege No more privileges than what is needed. Most successful also involve formal development strategy Economy of Mechanism 23 Keep it simple and small. 24 6 Saltzer and Schroeder’s Security Design Principles Separation of privileges Don’ Don’t permit an operation based on a single condition. Total mediation Check everything, every time. Least common mechanism Beware of shared resources. Psychological acceptability Will they use it? 25 Threats An object, person, or other entity that represents a constant danger to an asset Management must be informed of the different threats facing the organization By examining each threat category, management effectively protects information through policy, education, training, and technology controls 26 CSI/FBI 2006 Survey Report CSI/FBI 2006 Survey Report Top 4 Attack Types or Misuse Detected 80 Total reported losses: $52.5 M Respondents reporting website attack: 95% Techniques used to evaluate security: 70 60 50 2004 2005 2006 40 30 20 10 0 Virus Insider abuse Laptop theft Unauth access 27 Internal audits: 82% Penetration testing: 66% Automated tools: 66% External audits: 62% Email monitoring software: 61% None: 5% 28 7 Attacks Attacks Act or action that exploits vulnerability (i.e., an identified weakness) in a controlled system Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information Hoaxes: transmission of a virus hoax with a real virus attached Accomplished by a threat agent which damages or steals organization’ organization’s information Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism 29 Attacks Attacks Denial): attacker Denial-ofof-service (DoS (DoS): sends large number of connection or information requests to a target Password crack: attempting to reverse calculate a password Brute force: trying every possible combination of options of a password Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses 30 Distributed denial): denial-ofof-service (DDoS (DDoS): coordinated stream of requests is launched against target from many locations simultaneously 31 32 8 Attacks Attacks Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address Mail bombing: also a DoS; DoS; attacker routes large quantities of ee-mail to target ManMan-inin-thethe-middle: attacker monitors network packets, modifies them, and inserts them back into network Sniffers: Sniffers: program or device that monitors data traveling over network (Nmap (Nmap,, Snort, WireShark) WireShark) Social engineering: using social skills to convince people to reveal access credentials or other valuable information to attacker Spam: unsolicited commercial ee-mail; more a nuisance than an attack, though is emerging as a vector for some attacks 33 Compromised System Checklist* Compromised System Checklist* Check for unauthorized services Examine log files Security and audit log files Check the /etc/inetd.conf in Linux or services viewer in Windows Look for root/administrative files and privileges Audit and check privilege use in Windows Examine /etc/passwd file in Linux or the Security log in Windows for unauthorized user creation/change activity Check system and network configuration Privilege use can be accomplished by secondary logon: runas /user:userName cmd_to_execute setuid and setgid files in Linux find / -user root -perm 4000 -print Check system binaries Use md5 to calculate hash digest signature Check for inappropriate non-local host names in /etc/hosts.equiv, /etc/hosts.lpd, and in all .rhosts files in Linux. Check for packet sniffers Use AntiSniff Examine files run by 'cron' and 'at‘ for Linux and ‘Task Scheduler’ in Windows *United States-Computer Emergency Readiness Team (US-CERT) 34 Check for LMHOSTS and HOSTS in Windows 35 *United States-Computer Emergency Readiness Team (US-CERT) 36 9 Compromised System Checklist* Protocols Human protocols Look everywhere for unusual or hidden files rules followed in human interactions find / -name ".. " -print –xdev find / -name ".* " -print -xdev Networking protocols rules followed in networked communication systems Examine all machines on the local network for intrusion Use Snort IDS Security protocols rules followed in a secure communications *United States-Computer Emergency Readiness Team (US-CERT) 37 38 Protocols Simple Security Protocol Protocol flaws can be very subtle Several wellwell-known security protocols have serious flaws 1. 2. 3. Including IPSec, IPSec, GSM and WEP Insert ATM card Enter PIN Correct PIN? Yes? Get your money No? Machine keeps your card Common to find implementation errors Such as IE implementation of SSL 39 40 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp 10 Authentication Alice must prove her identity to Bob May also require Bob to prove he’ he’s Bob (mutual authentication) May also need to establish a session key May have other requirements, such as Authentication Protocols Use only public keys Use only symmetric keys Use only a hash function 41 42 Introduction to Information Security by Mark Stamp Authentication Authentication on a standstand-alone computer is relatively simple Simple Authentication “I’m Alice” Prove it Authentication over a network is much more complex My password is “frank” Attacker can passively observe messages Attacker can replay messages Active attacks may be possible (insert, delete, change messages) Bob Alice Simple and may be OK for standalone system But insecure for networked system Subject to a replay attack Bob must know Alice’ Alice’s password 43 44 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp 11 Authentication Attack Authentication Attack “I’m Alice” “I’m Alice” Prove it Prove it My password is “frank” My password is “frank” Bob Alice Bob Eve This is a replay attack How can we prevent a replay? Eve 45 46 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp Simple Authentication Better Authentication “I’m Alice” Prove it I’m Alice, My password is “frank” h(Alice’s password) Bob Alice Bob Alice Better since it hides Alice’ Alice’s password From both Bob and attackers More efficient… efficient… But same problem as previous version But still subject to replay 47 48 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp 12 Challenge-Response Challenge-Response “I’m Alice” To prevent replay, challengechallenge-response used Suppose Bob wants to authenticate Alice Nonce Challenge sent from Bob to Alice Only Alice can provide the correct response Challenge chosen so that replay is not possible h(Alice’s password, Nonce) Alice How to accomplish this? Password is something only Alice should know… know… For freshness, a “number used once” once” or nonce Bob Nonce is the challenge The hash is the response Nonce prevents replay, insures freshness Password is something Alice knows Note that Bob must know Alice’s password 49 50 Introduction to Information Security by Mark Stamp Introduction to Information Security by Mark Stamp Questions ??? 51 13
