Yun Zhang
advertisement
Chapter 6 Computer & Web Security Yun Zhang Computer Security Reading Sequence: • 6.1 Security Threats • 6.2 Security Technologies • 6.3 Prevention, Detection, and Recovery Assessments: • Exercise 6 2 Yun Zhang Introduction to Computer Systems 6.1 Security Threats A secure system maintains the following: • Data confidentiality机密性- data access is restricted to authorized personnel • Data integrity完整性- data is not altered unintentionally • Data availability可效性- services that enable data access are operational 3 Yun Zhang Introduction to Computer Systems weak computer security for home • Sensitive information exposed敏感信息暴露- for example, intruder 入侵者can use your password and credit card number to steal your money. • Loss of data 数据丢失- for example, intruders can delete or corrupt important documents such as financial statements and business proposals. • Loss of system functionality系统功能丧失- for example, intruders can occupy your CPU and memory using malicious 恶意的 programs disabling the system to process legitimate正常的 instructions. 4 Yun Zhang Introduction to Computer Systems weak computer security for business • Loss of time and money devoted to resolving security issues (for example, loss of revenue opportunity during system downtime) • Loss of trust in system from customers resulting in loss of profit, reputation, jobs, and potentially the entire business (for example, if credit card information of customers could be obtained by intruders through an online store, then no one would use the site, and the business will no longer be profitable.) 5 Yun Zhang Introduction to Computer Systems common attack methods • three groups: • identity theft/privacy violation attacks偷窃 行为, • malicious software programs (for example, virus, worms, and Trojan horse), • denial of service attacks. 6 Yun Zhang Introduction to Computer Systems Reading Sequence: • • • • 6.1.1 Intruders: Who, Why, and How? 6.1.2 Identity Theft and Privacy Violation. 6.1.3 Malicious Software. Textbook, Section 4C. Learning Goal: Knowledge of computer viruses and how to fight them. • Textbook, Subsection "User IDs and Passwords" in Section 1B. • 6.1.4 Denial of Service. 7 Yun Zhang Introduction to Computer Systems 6.1.1 Intruders: Who, Why, and How? • People who hack for fun, curiosity好奇心, personal pride, or just for the sake of breaking into computer systems to see how far they can get.. • Internal or external personnel who may be seeking revenge 报仇on the targeted organization. • People who may want to make a profit or gain other benefits using confidential data from the targeted system • Criminals or organizations whose objective is to corrupt the security of the targeted system for unethical不道德的 purposes including blackmail and industrial espionage 间 谍 • Terrorists who want to promote political aims and demoralize the victim country 8 Yun Zhang Introduction to Computer Systems launch attacks steps Step 1: Obtain information • Guess passwords. • Pretend to be a system administrator asking for sensitive information. • Read packets of sensitive information sent over the Internet or stored on the computer. • Scan for vulnerabilities. 9 Yun Zhang Introduction to Computer Systems launch attacks steps • Step 2: Analyze Information • Use the information obtained and look for weak points in the network to exploit (for example, open ports, user accounts). 10 Yun Zhang Introduction to Computer Systems launch attacks steps • Step 3: Launch attack • Alter, delete or corrupt data on system. • Make system unavailable by creating excessive amount of traffic on the network • Slow down a network. • Deface丑化 a website. 11 Yun Zhang Introduction to Computer Systems 12 Yun Zhang Introduction to Computer Systems 6.1.2 Identity Theft and Privacy Violation • • • • • Password Cracking Packet Sniffing Social Engineering/Fraud 欺骗 Spoofing哄骗 Port Scanning 13 Yun Zhang Introduction to Computer Systems Password Cracking破坏密码 • The easiest password attack mechanism is called dumpster diving, "rummaging through trash." • involves searching for sensitive information that may be thrown away into the trash, which can be accessed by an intruder who can physically retrieve the trash. 14 Yun Zhang Introduction to Computer Systems brute force method • trying all different alphanumeric combinations until the password is cracked. • dictionary attack, matching every word in the dictionary against the password to decrease the search space. There are many software programs designed to crack passwords using these methods. 15 Yun Zhang Introduction to Computer Systems Prevention:预防 • Do not throw away legible password information in the trash or leave your passwords at obvious places • Destroy or lock up sensitive information • Use difficult to guess passwords that are resistant to brute force or dictionary attacks • Change passwords frequently • Limit physical access to computer areas, especially central servers 16 Yun Zhang Introduction to Computer Systems Packet sniffing • A packet sniffer is a software program or a hardware device that captures data packets as they are transmitted through the network. Some data packets captured may contain sensitive information. Installing a packet sniffer does not require administrator rights. It can be installed on a laptop and access the network through an open port. • Cable modem and wireless users have a higher risk of exposure to packet sniffers compared to DSL (such as ADSL, HDSL, and VDSL ) and traditional dial-up users because entire neighborhoods of cable modem and wireless users are part of the same LAN. A packet sniffer installed on any cable modem or wireless user's computer may be able to capture data packets transmitted by other computers in the same LAN. 17 Yun Zhang Introduction to Computer Systems Prevention: • Employ data encryption to use encrypted protocols • Limit physical access to network connections • Monitor network usage and investigate abnormal or suspicious activities 18 Yun Zhang Introduction to Computer Systems Social Engineering/Fraud欺骗 • Social engineering refers to the action of tricking people into providing information needed to gain access to systems. Unlike the other attack methods discussed, this attack does not involve a software tool. • manipulating利用 the network administrator or other authorized user to give you account name and password information. • This can be achieved over the phone, via email or even in person pretending to be someone important in an organization. 19 Yun Zhang Introduction to Computer Systems Prevention: • Verify identities of people requesting sensitive information • Become aware of social engineering schemes and educate others of security policies and their importance 20 Yun Zhang Introduction to Computer Systems Spoofing 哄骗 • Spoofing is the act of using one machine to impersonate another. An intruder can launch attacks using the identity of another machine so that the intruder would not be held liable for his actions. For instance, an intruder can mask the identity of a machine with special access privileges to obtain control of other computers on the network. Then the intruder can launch a denial of service attack on a target computer system by sending numerous data packets to tie up the target system's network resources, and cause the system to become unavailable to other users. When the targeted system tries to find the attacker, the trace results would likely to point to the machine that was used to mask the identity of the intruder. 21 Yun Zhang Introduction to Computer Systems IP spoofing • IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To use IP spoofing, an intruder must first identify an IP address of a trusted host and then modify the packet headers so that the packets look like they are coming from that host. This method is effective because dialog between machines are automated, which eliminates the need for username or password. 22 Yun Zhang Introduction to Computer Systems email spoofing • email spoofing: an attacker fakes an email header to make it appear as if it came from somewhere or someone other than the actual source. • Examples of spoofed emails that could lead to an attack on data integrity: • Email from a system administrator instructing users to delete files, or provide sensitive information such as logins and passwords • Email claiming to be from a system administrator requesting users to change their passwords to a specified string • Email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information 23 Yun Zhang Introduction to Computer Systems Prevention: • Monitor transaction logs of servers such as email server, Web server, and scan for unusual behaviors (monitoring should be done off-line to avoid attacks during the process) • Minimize system privileges of servers • Limit user access to network or administrator command functions 24 Yun Zhang Introduction to Computer Systems Port Scanning端口扫描 • The objective of port scanning is to detect security weaknesses in a remote or local host. A port scanner is a program that scans TCP/IP ports and services (for example, TELNET or FTP) and reports responses from the target system. An intruder can use a port scanner to find information about the target host such as which port is open and whether an anonymous user can log in. Once an intruder logs in successfully through the open port, the intruder can try to gain access to more computers on the network. Port scanning activity is usually a precursor to an attack on a target system. 25 Yun Zhang Introduction to Computer Systems Prevention: • Close unused ports • Monitor suspicious network activities (for example, if a host is scanning through port activities, the attacker may be preparing for an attack) 26 Yun Zhang Introduction to Computer Systems 6.1.3 Malicious Software • • • • • • Virus 病毒 Trojan Horse 特洛伊木马 Worm 蠕虫 Prevention Detection Counter Measures 对策 27 Yun Zhang Introduction to Computer Systems Virus • A virus attaches itself to a file or software application, and then replicates itself on the host computer, spreading copies of itself to other files. It can corrupt files, alter or destroy data, display irritating messages, and/or disrupt computer operations. When a computer opens an infected file, it executes the attached virus instructions. • An undetected virus can hide in a computer for days or months, while reproducing itself, and attaching itself to other files. The infected files may be spread when a user transfers them via the Internet or removable storage media to other computers. 28 Yun Zhang Introduction to Computer Systems Viruses • Viruses are categorized by the type of files they infect: • Boot sector- compromises the system at the lowest level. This leads to difficulties in starting the system securely; it also causes recurring problems during the computers operation • Application software- infects executable files (for example, .exe files) • Macro- infects macro files and documents that use macros such as Microsoft Excel and Microsoft Word; it is attached to a document or worksheet, and often distributed as an e-mail attachment. When one opens the document, the macro virus copies itself into the other macro files, where it is picked up by other documents. 29 Yun Zhang Introduction to Computer Systems Viruses • Viruses frequently have double extensions such as .txt.vbs, .mpg.exe, and .gif.scr. The files attached to the email messages sent by these viruses may appear to be harmless files of type: text (.txt), movie (.mpg), picture (.gif) or other file types, when in fact the file is a malicious script or executable, for example, .vbs, .exe, .scr. If you are using the Microsoft Windows operating system, be aware that the operating system hides extensions for known file types by default. To make file extensions visible, you can click on My Computer on the desktop, then from the Tools menu, select Folder Options... Click on the View tab, and uncheck Hide file extensions for known file types option. 30 Yun Zhang Introduction to Computer Systems Trojan Horse特洛伊木马 • A Trojan horse is a program that appears to be performing one task while executing a malicious task in the background. It may reach your computer as an email attachment, usually as amusing or seemingly useful software to entice you to open it. Once you open the attachment, the Trojan horse program can search for your user information, steal your login names, and copy your passwords. Some Trojan horse programs can delete, modify, or transmit files on your computer. And, some Trojan horse programs may contain viruses, worms, or other Trojan horse programs. Trojan horse programs can use your account privileges to install other programs such as programs that provide unauthorized network access. Or, they can use your account to attack other systems and implicate your site as the source of an attack. 31 Yun Zhang Introduction to Computer Systems Trojan Horse特洛伊木马 • Trojan horse sample: Back Orifice (BO) • The Back Orifice is a Windows 95/98 backdoor program. Once installed inadvertently 不注意地, it permits intruders who know the listening port number and BO password to control the affected machine remotely. The intruders can execute privileged operations such as execute commands, list files, upload files, and download files. 32 Yun Zhang Introduction to Computer Systems Worm 蠕虫 • A worm is malicious software that can execute itself on a vulnerable remote machine. Compared to a viruses, which infect files and spread through the transfer of infected files and email messages, worms can penetrate computer systems more easily because they do not need a user to execute them. Worms can perform trigger events that vary from display of irritating messages to destruction of data. 33 Yun Zhang Introduction to Computer Systems Worm 蠕虫 • Most worms travel within email messages and TCP/IP packets, replicating from one computer to another. A worm can arrive as a mass-mailing worm that sends itself to every address in the email address book of an infected computer. To cover its tracks, a mass-mailing worm can set the "From:" line of the message to be a randomly selected address from the email address book. • Worm sample: 911 Worm 34 Yun Zhang Introduction to Computer Systems Worm 蠕虫 • This worm is also known as Chode, Worm.Firkin, and other names. It searches through a range of IP addresses of known ISPs to find an accessible computer that has a non-password-protected shared drive. It uses the shared drive to copy its files onto the other computers. Once the infected computer starts Windows, a .vbs script is launched. On the 19th of the month, this script deletes files from the following directories: • C:\windows C:\windows\system C:\windows\command C:\ Then, it displays a message indicating the machine has been infected. 35 Yun Zhang Introduction to Computer Systems Prevention • The most effective way to prevent malicious code attacks is avoid opening unexpected email messages or attachments. You should be cautious and use only authorized media for loading data and software. You should not run executable programs unless you trust the sender of the information and you confirmed with the sender that he intended to send you the attachment. Also, avoid sending programs from an unknown source to others. 36 Yun Zhang Introduction to Computer Systems Prevention • You should also be cautious when executing content such as Java applets, JavaScript, or Active X controls from web pages. To decrease your computer's susceptibility to worms, you may wish to configure your browser to disable the automatic execution of web page content. You may also want to disable macros in any product that contains a macro language. For example, to disable macro execution in Microsoft Word, click on Tools, select Macro, and then select Security. Choose a security level from High or Medium. "High" silently ignores the macro code and "Medium" prompts you to enable or disable the macro code. 37 Yun Zhang Introduction to Computer Systems Detection • Some notable symptoms of malicious code infection on your computer system are: • Unexpected changes in file sizes or date/time stamps • Slow starting or slow running because the virus is exhausting computer's resources • Unexpected or frequent system failures • Low computer memory on disks • Abnormal application behaviors 38 Yun Zhang Introduction to Computer Systems Counter Measures • When you suspect that a virus has entered your system: • 1. Try to contain the virus. • 2. Try to identify the virus. • 3. Try to recover corrupted data and files. • 4. Once you have determined the source of infection, alert others of the virus. • There are various tools such as anti-virus scanners that can help you look for known viruses. You can also use anti-virus monitors to look for virus-related application behaviors. 39 Yun Zhang Introduction to Computer Systems 6.1.4 Denial of Service • • • • • Network Connectivity Network Bandwidth Other Resource Consumption Attacks Distributed Denial of Service Attack Prevention 40 Yun Zhang Introduction to Computer Systems Denial of Service • In a denial of service (DoS) attack, the objective of the attacker is to exhaust system resources such as network connectivity and network bandwidth to prevent legitimate traffic from being transmitted and processed. This attack is characterized by the following: • Disruption中断 of network connectivity and Internet services • Disruption of services to specific system(s) or person(s) • Consumption of other resources on a computer system 41 Yun Zhang Introduction to Computer Systems Network Connectivity • To tie up a network connectivity of a target machine, an intruder can initiate a half-open connection to the target machine. The target machine starts the connection process and waits for intruder’s bogus假的 connection to be completed. While it is waiting, it is blocking other legitimate connections. This attack can even be launched over a dial-up modem connection against a high-speed network system. 42 Yun Zhang Introduction to Computer Systems Network Bandwidth • One common attack on the target system's network bandwidth is to generate an excessive amount of traffic on that network. This attack is also known as network flooding. An example of a network bandwidth attack is the Smurf attack. The Smurf attack is launched using the Ping command. 43 Yun Zhang Introduction to Computer Systems Smurf attack • The intruder sends ping commands repeatedly using the victim's address as the return address. When the Ping command is broadcast to multiple hosts on the target system's local network, all the machines receiving the Ping request will reply to the innocent, spoofed target system for each Ping command. This causes the target system's network to be flooded with ping replies. If there are enough packets flooding the network, the spoofed host will no longer be available to receive or distinguish legitimate traffic. Its services are rendered unavailable. 44 Yun Zhang Introduction to Computer Systems a Smurf attack 45 Yun Zhang Introduction to Computer Systems Other Resource Consumption Attacks • An intruder may also attempt to stall a system by attacking other components including CPU cycles, memory, and disk space using malicious programs. Recall that viruses, worms, and Trojan horses are programs. Executing these programs consumes CPU cycles, memory, and disk space. These malicious programs can copy themselves repeatedly to exhaust your CPU cycles, memory, and disk space. 46 Yun Zhang Introduction to Computer Systems • Another way to consume disk space is by spamming an email server, generating excessive numbers of email messages. For instance, when 80% of your email storage is filled with spam mails, disk space needed to store legitimate emails will be limited. An intruder can also devise ways to cause the system to generate error messages that need to be written to disk continuously. When data is continuously written to disk with no limits on the amount of data that can be written, the system will eventually run out of disk space and become unable to perform other functions. 47 Yun Zhang Introduction to Computer Systems Distributed Denial of Service Attack分布式拒绝服务攻击 • A distributed denial of services (DDoS) attach is usually launched using multiple computers to attack one victim computer. In a DDoS attack, the intruder compromises a few computers to act as the control centers, also known as "handlers 主控" or "masters." The intruder also installs "agents代理" (frequently through a Trojan horse program) that run on other compromised computers. Each handler computer controls a group of agent computers. 48 Yun Zhang Introduction to Computer Systems DDoS attack 49 Yun Zhang Introduction to Computer Systems Prevention • Disable or block any unused network services. • Observe your system performance and establish baselines 基线for ordinary activity. Use the baseline to gauge 测量unusual levels of disk activity, CPU usage, or network traffic. • Routinely examine your physical security with respect to your current needs (for example, servers, routers, unattended terminals, network access points). 50 Yun Zhang Introduction to Computer Systems 6.2 Security Technologies • Reading Sequence: • 6.2.1 Encryption. • Parsons/Oja, Tech Talk: "Encryption" in Chapter 6. • 6.2.2 Applications of Encryption. • 6.2.3 Authentication. • Assessments: • Multiple-Choice Quiz 23 51 Yun Zhang Introduction to Computer Systems 6.2.1 Encryption • • • • • Substitution Cipher替代密码 Transmitting the Key Private Key Encryption Scheme Public Key Encryption Scheme Hybrid Encryption Schemes 52 Yun Zhang Introduction to Computer Systems Encryption • Sensitive information must be encrypted 加密 prior to transmission, and then decrypted解密 by the receiver. • Encryption加密 is the process of transforming information so it is unintelligible to eavesdroppers 偷听者. • Decryption解密is the process of transforming encrypted information so that it is intelligible 可理 解的 to the intended recipient. 53 Yun Zhang Introduction to Computer Systems Encryption • A message to be encrypted is known as plaintext.明码文本 • The encrypted version is called ciphertext. 密文 • In order to encrypt a message in a way that the receiver can decrypt it again, there must be a key密钥, or password, that determines how the encryption is done. • Cryptography algorithms加密算法 are mathematical functions used for encryption or decryption. 54 Yun Zhang Introduction to Computer Systems Substitution Cipher置换密码 • The most basic type of private key encryption is the substitution cipher. A substitution cipher changes the plaintext to ciphertext by replacing each element of the plaintext with its encrypted substitute. The elements might be individual letters, but they could also be words or phrases. • This coding scheme therefore has a very small keyspace. • simple codes can be broken quickly by brute force. 55 Yun Zhang Introduction to Computer Systems Substitution encryption results Message Encryption Technique Encrypted Message HELLO WORLD shift right by one character IFMMP XPSME IBM shift left by one character HAL 56 Yun Zhang Introduction to Computer Systems 57 Yun Zhang Introduction to Computer Systems Passphrase key encryption Plaintext Key Copied Key Key Converted to Numbers Plaintext Ciphertext HELLO WORLD CAT CATCATCATC 3 1 20 3 1 20 3 1 20 3 HELLOWORLD KFFOPQRSFG • Using a passphrase密码短语to control the substitution cipher greatly expands the keyspace. 58 Yun Zhang Introduction to Computer Systems Transmitting the Key • Suppose you want to send messages to a friend who will be traveling to a hostile location. You could pick a passphrase and give it to your friend before she departs on her trip. • What happens if the passphrase leaks out after your friend has left? Your communication will no longer be secure, and you will have no way to get a new passphrase to her without it being intercepted截取. Another problem is that if you stick with the same passphrase for too long, an eavesdropper might be able to crack your code by statistical analysis of the encrypted messages. 59 Yun Zhang Introduction to Computer Systems Transmitting the Key • It is safer to choose a new key for each message. But, you will need a way of securely transmitting that key to your friend. One solution to this problem that has been used over the centuries is to pick a line in a book to use as a passphrase, assuming that both you and your friend have copies of the book. Instead of transmitting the actual key, you just indicate the line number to look up to find the passphrase. • For instance, H.II.ii.24 might refer to Hamlet Act II, Scene ii, Line 24. Even if an eavesdropper realized that this was a reference to Shakespeare's play, the eavesdropper would need to know the edition that was used in order to get an accurate key. 60 Yun Zhang Introduction to Computer Systems Passphrase key transmission and encryption 61 Yun Zhang Introduction to Computer Systems Private Key Encryption Scheme • In a private key encryption私钥加密 scheme, the same key that was used to encrypt a message can also be used to decrypt it. This is also known as the symmetric encryption. In this scheme, the sender and receiver must keep the key to themselves, hence the term, “private” key encryption scheme. Private key encryption schemes are used by modern encryption algorithms such as DES and RC4.对称式加密就是加密和解密使用 同一个密钥,通常称之为“Session Key”。如DES和RC4 加密标准就是典型的“对称式”加密法。 62 Yun Zhang Introduction to Computer Systems Public Key Encryption Scheme • Public key encryption公钥加密, uses one key is to encrypt a message and another key to decrypt it. It is also known as asymmetric encryption scheme. In this encryption scheme, only the decryption key need be kept secret, and the encryption key can be freely published. 63 Yun Zhang Introduction to Computer Systems Public Key encryption In a public key encryption scheme, each public key has a corresponding private key. An eavesdropper cannot decrypt a message even if he knows the public key that was used to encrypt it. Only the person holding the private key can decrypt the message.使用公开密钥的系 统叫做公共密钥基础结构(PKI)。 64 Yun Zhang Introduction to Computer Systems number theory数论 • Public key encryption is based on a branch of mathematics called number theory, which says that certain types of problems, such as factoring large numbers, appear to be intractably hard. In other words, if a number is many digits long, it can take an extremely long time to find a smaller number (other than 1) by which it divides evenly. Because intractable 难处理的 problems are so hard, a code based on these types of problems should be safe from brute force attack. The calculations required to break such a code would take way too long—perhaps trillions of years, even on a very fast computer. 65 Yun Zhang Introduction to Computer Systems PGP • One common way for people to communicate via public key encryption is a software package called PGP, which stands for Pretty Good Privacy. PGP was developed by an American programmer, Phil Zimmermann, because he wanted to ensure that private citizens, not just governments, would be able to communicate without fear of eavesdropping. 66 Yun Zhang Introduction to Computer Systems Hybrid混合 Encryption Schemes • Although public key encryption is very secure, it does have some drawbacks. This method for encrypting and decrypting messages requires a lot of computation, so it is slower than other types of codes. Also, the encrypted message may be quite a bit longer than the original plaintext, so it will take longer to transmit over a network. These considerations led people to develop hybrid schemes in which public key encryption is used to send a freshly-created key, called the session key, and then the actual message is encrypted using a symmetric encryption scheme like RC4 or DES, based on that session key. Because session keys are generated randomly and thrown away after one use, even if an eavesdropper manages to decrypt one message by brute force, the eavesdropper will be unable to decrypt any other messages between the same parties. So, the hybrid scheme is reasonably secure, and it takes advantage of the efficiency of the simpler symmetric encryption schemes. • Most public-key encryption schemes are actually hybrids of this sort. SSL (the Secure Socket Layer protocol used by web browsers) is a hybrid scheme. 67 Yun Zhang Introduction to Computer Systems 6.2.2 Applications of Encryption • • • • Email Hard Drives DVD Movies Cellular Phones 68 Yun Zhang Introduction to Computer Systems Email • Email may travel through a dozen computers on its way from the sender to the intended recipient, so there is ample opportunity for eavesdropping. By default, email is not encrypted at present, but many users are opting to use PGP to secure their email communications. Some mail clients now include built-in PGP support. 69 Yun Zhang Introduction to Computer Systems Hard Drives • Some users are choosing to encrypt their entire hard drive, in order to protect against loss of secrets in the event that their computer is stolen or seized. An old laptop full of trade secrets or classified military information might be worth much more to a thief than a new laptop with an empty hard drive. While user directories can be protected with passwords, an intruder with physical access to the machine can use his own copy of the operating system to boot the computer, and thereby gain access to all the data on the computer. Or, the intruder can make a copy of the hard drive, a process known as mirroring, and thus steal the data it contained. • Encrypting the hard drive prevents others from reading your files, even if they steal or copy the drive. Each time your computer boots, you would be required to enter a pass phrase to unlock the drive. 70 Yun Zhang Introduction to Computer Systems DVD Movies • Movies on DVD (Digital Video Disk) are encrypted using a scheme called CSS (Content Scrambling System), in order to prevent people from making unauthorized copies. However, the encryption scheme was not secure. In 1999, several groups of computer programmers broke the encryption by reverse-engineering a software DVD player. Although the motion picture studios filed several lawsuits to prevent the distribution of software for decrypting DVD movies, their efforts have been unsuccessful. Programmers claimed that computer code is a type of speech, and therefore should enjoy the same legal protections as books and music. 71 Yun Zhang Introduction to Computer Systems Cellular Phones • Every cellular phone has an electronic serial number to provide unique identification of the phone. When a call is made, the cellular phone transmits its identification information. This allows the phone system to provide continuous service to the caller as the caller travels from one place to another, and it also allows the call to be billed accordingly. Someone who captured this information could "clone" the cellular phone by copying its ID into another phone. As a result, its calls would then be billed to the original owner. In order to prevent this, digital cellular phones use encryption to protect the phone's identity. (Analog cellular phones, based on older technology, do not use encryption.) Because people often use the pushbuttons on a phone to enter private data such as bank account numbers and credit card numbers, all digits dialed on a digital phone are also encrypted. • Cellular phones use relatively weak encryption. Recently several cellular phone encryption schemes have been cracked by independent cryptography experts, but even this weak encryption is sufficient to deter casual eavesdroppers. 72 Yun Zhang Introduction to Computer Systems 6.2.3 Authentication • • • • • Strong Passwords Smart Cards Biometrics Digital Signatures Digital Certificates and Certificate Authorities • SSL Protocol 73 Yun Zhang Introduction to Computer Systems Authentication 证明, 鉴定 • Authentication is the process of confirming an identity, determining whether you are who you claim to be. This is usually done by verifying that your login name and password match. However, passwords can often be stolen, accidentally revealed, or forgotten. • 74 Yun Zhang Introduction to Computer Systems Strong Passwords • Characteristics of a good password: • Difficult to guess • At least 8 characters long, the longer the better (if you can remember it) • Contains a mix of uppercase letters, lowercase letters, numbers, symbols, and punctuation marks • Characters are arranged in an unpredictable order • Can be typed in quickly by you to prevent someone from obtaining your password by looking at your key strokes 75 Yun Zhang Introduction to Computer Systems Strong Passwords • Characteristics of a bad password: • Based on personal information such as all or part of your name, nickname, birth date, company name, and relative's name • Based on surrounding objects, such as "computer", "desk“ • Words from a dictionary • Names of fictional characters from movies or books • Words spelled in a particular patter (e.g. with the last letter omitted, backwards) • Character sequence that is easy to type, such as "asdf" and "qwer" • Characters that follow a certain pattern such as "abcabcdabcde" and "1122334455" • Passwords you have seen or used previously 76 Yun Zhang Introduction to Computer Systems Strong Passwords • Generating a good password: • Use a password generator application • Use the third letter of each word (more than 2 characters long) from a randomly selected sentence Example: – Sentence: "AUTHENTICATION is the process of confirming an identity, determining whether someone is who he claims to be." – Password: "Teonetemoa." • Insert symbols randomly (e.g. "Te*netem$a.") • Mix of uppercase letters, lowercase letterers, numbers, symbols, and punctuation marks (e.g. "T1e*netEm$a.") 77 Yun Zhang Introduction to Computer Systems Smart Cards • A smart card is a credit card-sized plastic card with an embedded integrated circuit chip. It serves as a secure medium for storing important personal identification information such as picture identifications, voiceprints, fingerprints, signatures, and account information. 78 Yun Zhang Introduction to Computer Systems Smart Cards • Smart card chips can be embedded on phone cards, banking cards or health cards. Using the phone card as an example, the smart card chip is embedded on the phone card, which contains your phone account number and other related information. To use the card, you would slide the card into the card reader usually embedded as part of the public phone. The card reader would prompt for a PIN number, and then it would read off the information from the smart card to authenticate you. • Similarly, a smart card that stores login and password information can be used to log onto computer systems. To access a computer system, you would insert the smart card into a card reader connected to the computer system. After providing your PIN number, the system will authenticate you based on the information on the smart card and the PIN number you provided. 79 Yun Zhang Introduction to Computer Systems Biometrics 生物测定学 • Biometrics refers to the automatic identification of a person based on his/her physiological or behavioral characteristics. Among the features measured are face, fingerprints, handwriting, iris 虹膜, and voice. Biometric technologies are being developed to enhance identity verification solutions. This method of identification is more secure compared to traditional methods involving passwords and PIN numbers because the person to be identified is required to be physically present at the pointof-identification. Also, it is more convenient because it eliminates the need to remember passwords or PINs, or carry identification cards. 80 Yun Zhang Introduction to Computer Systems Digital Signatures数字签名 • Just as you would sign a document to indicate to the receiver of your message that the message came from you, you can attach a digital signature to an electronic document to indicate that the message did indeed originate from you. A digital signature must be both unique to the sender and unique to the particular message so that it can be verified but not reused. For instance, if you were to send an email request to have your friend deposit $2000 to your account, you may attach a digital signature to your email request so that your friend can trust that the request did come from you and the account information included in the email is not altered. 81 Yun Zhang Introduction to Computer Systems 82 Yun Zhang Introduction to Computer Systems Digital Signatures数字签名 • Sender: • 1. Transform the entire message using a hashing algorithm to generate a hash of the message. • 2. Generate the digital signature by encrypting the message hashed using the sender's private key. 83 Yun Zhang Introduction to Computer Systems Digital Signatures数字签名 • Receiver: • 1. Transform the entire message using a hashing algorithm to generate a hash of the message. • 2. Decrypt the digital signature using the sender's public key. • 3. Compare the message hashed, and the decrypted digital signature, which should be the same as the sender's message hashed. If these two hashes are the same, then the receiver can trust that the message was sent from the sender and that the message was not altered during transmission. Otherwise, the message may have been altered. 84 Yun Zhang Introduction to Computer Systems Digital Certificates数字证书 • Just as a driver‘s license or a passport is used to identify a person, a digital certificate is used to identify an individual, a server, a company, or some other entity. A digital certificate is an electronic identity document whose purpose is to help prevent impersonation. 85 Yun Zhang Introduction to Computer Systems Certificate Authority • To extend this analogy, just as you would go to a government agency to obtain a passport, you would go to a certificate authority (CA) to obtain a digital certificate. A CA is a trusted third-party organization or company that validates identities and issues certificates. The certificates are used to associate public keys with entities (e.g. organizations, people). The role of the CA in data security is important, as electronic exchange of data becomes a necessity for communications and commerce. For example, electronic-commerce sites such as Amazon.com and BestBuy.com have digital certificates so that users can trust that they are using legitimate sites instead of a fraudulent site created by hackers. 86 Yun Zhang Introduction to Computer Systems Digital certificate 87 Yun Zhang Introduction to Computer Systems Certification Path 88 Yun Zhang Introduction to Computer Systems Certificate warning 89 Yun Zhang Introduction to Computer Systems PKI • The set of standards and services that govern the use of public-key cryptography and the system of certificates is called Public Key Infrastructure (PKI). • Issuance 发行of digital certificates to individual users and organizations • Integration with corporate certificate directories; tools for managing, renewing, and revoking certificates 90 Yun Zhang Introduction to Computer Systems SSL Protocol • SSL (Secure Socket Layer) is a protocol layer that operates on top of TCP/IP to provide encrypted communications. The protocol is a set of rules governing server authentication, client authentication, and encrypted communication between servers and clients. SSL uses public key cryptography to transmit a unique session key for each connection. It then uses a faster, symmetric encryption algorithm to encrypt whatever information the application needs to transmit. 91 Yun Zhang Introduction to Computer Systems SSL Protocol • When you communicate with a Web server using the prefix https instead of http, your browser establishes an SSL connection. Many websites such as Amazon.com use this technique to keep your password and personal data secure from others. You will also see a lock icon appear at the bottom right of the web page window indicating the data on the page came to you encrypted via a SSL protocol. If do not see a lock icon when transmitting sensitive information, you should be aware that your data was not encrypted, and may be seen by eavesdroppers. The image below highlights the URL that begins with "https" and the lock icon, indicating that the data on the page will be transmitted securely. 92 Yun Zhang Introduction to Computer Systems 93 Yun Zhang Introduction to Computer Systems 6.3 Prevention, Detection, and Recovery • • • • • Reading Sequence: 6.3.1 Firewall. 6.3.2 Intrusion Detection Tools. 6.3.3 Data Recovery. Textbook, Section 4D. Learning Goal: Learn about disk backup procedures that provide for the recovery of lost or corrupted files. • 6.3.4 Summary of Security Tips. 94 Yun Zhang Introduction to Computer Systems 6.3.1 Firewall • • • • • • Application Gateway Packet Filter Application Gateway versus Packet Filter Hybrid Intruder Attacks Prevented by Firewall Setting up a Firewall 95 Yun Zhang Introduction to Computer Systems Firewall • A firewall is a program or hardware device that protects your network by filtering incoming packets from the Internet entering your protected network or computer system. It can be used as a cost-effective method to protect a computer at home, or within an organization. It provides a level of separation between your protected system and the Internet. 96 Yun Zhang Introduction to Computer Systems 97 Yun Zhang Introduction to Computer Systems Application Gateway应用网关 • The first type is an application gateway. Instead of allowing corporate hosts to communicate directly with external hosts, communication has to go through an application, called a proxy代理服务器, running on or directly behind the firewall. 98 Yun Zhang Introduction to Computer Systems Packet Filter包过滤 • It uses information in the header of every packet to decide whether a packet is acceptable to pass the firewall. A packet contains the address of its sender, the address of the destination, and data. If a packet's source or destination is not acceptable, the packet is blocked, and a record is entered in a log that can be inspected by the network manager. 99 Yun Zhang Introduction to Computer Systems 6.3.2 Intrusion Detection Tools • Intrusion Detection Systems • Network Monitoring Tools • Anti-Virus Software 100 Yun Zhang Introduction to Computer Systems Intrusion Detection Systems • An intrusion detection system (IDS) for a computer is like a security system for a home. When an intrusion is detected, the IDS alerts the network administrators, just as the alarm of the home security system would go off to alert the homeowners. An IDS gathers and analyzes information within a computer or a network to identify possible security breaches. In case of a security breach, an IDS can provide traces of events to help track down the intruder. However, an IDS does not block potentially malicious traffic. When used with a firewall, an IDS can verify the firewall configurations and serve as an added layer of security that alerts network administrators of suspicious data that passed through the firewall. Compared to firewall, IDS provides more in-depth traffic monitoring. 101 Yun Zhang Introduction to Computer Systems Intrusion Detection Systems • An IDS works by matching incoming traffic against an intrusion detection (ID) signature database of known attacks or suspicious activity, and alerts administrators when a match occurs. An ID signature can be a special TCP state, special bytes in the IP header, or a special byte stream in a packet. IDS can also send automatic notifications to alert system administrators of potential security breaches via a variety of channels, including email and mobile phones. These notifications would help network administrators identify subsequent steps for resolving the security breach and they can help strengthen security policies. 102 Yun Zhang Introduction to Computer Systems Intrusion Detection Systems Strengths of IDS: • Can trace跟踪 each step of an attack • Cannot be easily circumvented包围 Weaknesses of IDS: • Cannot block intruding traffic • Only as strong as its signature database • Possibility of false alarms • Set up may require some level of configuration and security knowledge 103 Yun Zhang Introduction to Computer Systems Setting up an IDS • Typically, an IDS is set up behind the firewall to examine more thoroughly packets that have filtered through the firewall. 104 Yun Zhang Introduction to Computer Systems Network Monitoring Tools • Network monitoring should be conducted continuously to maintain confidence in the security of a protected network and data resources. Network monitors may be installed at strategic locations to collect and examine information continuously that may indicate suspicious activity. Some systems can react to suspicious network activity by blocking suspect connections, limiting or disabling affected services, isolating affected systems, and collecting evidence for subsequent analysis. Additionally, monitoring can help determine whether security countermeasures are effective. 105 Yun Zhang Introduction to Computer Systems Anti-Virus Software • In general, an anti-virus software program searches through files (or memory) for indications of malicious code using a virus profile (sometimes called "signatures") provided by the vendor. Anti-virus software programs can also remove viruses from files, isolate files that cannot be cleaned, and discover Trojan horse programs and worms. Some anti-virus software can recover data deleted by viruses. 106 Yun Zhang Introduction to Computer Systems Anti-Virus Software • Because new viruses are discovered daily, the effectiveness of anti-virus software is dependent upon having the latest virus profiles installed on your computer. Some virus tool vendors provide subscription services or other distribution facilities to help customers keep up to date with the latest viral signatures. Strengths of anti-virus software: • Protect users from email borne malicious code that can go unnoticed by IDSs and firewalls • Can detect a network-propagated virus infection Weaknesses of anti-virus software: • Must be updated frequently • Does not protect against all network-based exploits 107 Yun Zhang Introduction to Computer Systems 6.3.3 Data Recovery • In case of a security breach where your data is compromised, tampered with, corrupted, or deleted, you need to be sure you have a backup, or a copy of your data to restore your computer system. Data that can be compromised include files, application programs, and the operating system. Backing up your data is one of the most important actions in securing your computer system. Having a backup of your data not only mitigates data loss caused by intruder attacks, backups also help recover from losses caused by unintentional deletion of data, software malfunction, hardware malfunction, and natural disasters. 108 Yun Zhang Introduction to Computer Systems Backup • In general, you should back up your system: • Periodically (for example, monthly, weekly, every other day, everyday) depending on how frequently your data changes • Before you make potentially 潜在地 irreversible 不能撤回的changes to your data such as changing file structures, deleting large amounts of data • Before installing hardware or software components that may alter your data 109 Yun Zhang Introduction to Computer Systems Backup • Backups should be kept on a removable medium or stored at a remote site in case of natural disasters or physical destruction of computer equipment. When performing virus scans or data integrity checks on your system, be sure to perform it on your back ups too. It is important that the backed up data is not compromised or corrupted. 110 Yun Zhang Introduction to Computer Systems Backup • Differential backup差分备份:A copy of all the data that changed since the last full backup • Incremental backup增量备份: A copy of all the data that changed since the last full, differential, or incremental back up. Note that the first incremental backup is also a differential backup from the full backup. 111 Yun Zhang Introduction to Computer Systems Comparing backup methods 112 Yun Zhang Introduction to Computer Systems Example 1 • organization that does a full backup every Friday at 5 P.M. and a differential backup every Wednesday at 5 P.M. • Incidence: data failure on Thursday at 6 P.M. • Data recovery method: restore data from last Friday's full backup and then Wednesday's differential backup. • Data loss: data after Wednesday's differential backup and before data failure Thursday- about 25-hours worth of work on the machine 113 Yun Zhang Introduction to Computer Systems Example 2 • organization that does a full backup every Friday at 5 P.M., a differential backup every Wednesday at 5 P.M., and an incremental backup every other day at 5 P.M. • Incidence: data failure on Thursday at 6 P.M. • Data recovery method: restore data from last Friday's full backup, then Wednesday's differential backup, and finally Thursday's incremental backup. • Data loss: data after Thursday's incremental backup- about one hour worth of work on the machine 114 Yun Zhang Introduction to Computer Systems • Notice that it may take more time to recover data if many incremental backups were done, but the amount of data lost would be less. When determining how often you should backup your data, ask yourself how many hours worth of work on the computer are you willing to risk losing? For example, if your answer is 24 hours, then you should back up everyday. If your answer is 48 hours, you should back up every other day. When choosing a backup method, keep in mind the relative amount of time each backup method takes to complete when you would conduct the backup. For example, a full backup would take the longest amount of time; therefore, they are usually performed during hours when the computer system is not being used as much. At the minimum, full backups should be performed on a regular basis. 115 Yun Zhang Introduction to Computer Systems 6.3.4 Summary of Security Tips • There are many ways to violate your data integrity, breach your data confidentiality, and interrupt your system availability through malicious acts, user errors, and disasters. The following is a list of security practices that can help you protect your computer system: • Keep applications and operating system updated with the latest security patches (vendors such as Microsoft are continually fixing vulnerabilities and posting updates to their customers) • Turn off your computer or disconnect from the network when not in use • Close all unused Internet ports • Install firewalls to protect your network boundary in order to keep unwanted traffic and users out of the network • Use security software such as firewall and intruder detection systems 116 Yun Zhang Introduction to Computer Systems Security Tips • Practices against privacy violation and identity theft: • Use strong passwords that are 8 or more characters long, consisting of a mix of upper and lower case letters, numbers, and punctuation marks • Encrypt sensitive data such as passwords and credit card numbers 117 Yun Zhang Introduction to Computer Systems Practices against malicious code: • Avoid opening unexpected email attachments. If you must, be sure your virus definitions are up-to-date, save the file to your hard disk, scan the file using your anti-virus software, and then open the file • Expose hidden filename extensions • Exercise caution when downloading unauthenticated software. If you choose to install software that has not been signed by a trusted source, you may wish to wait for a period of time before installing it in order to see if a Trojan horse is discovered • Disable Java, JavaScript, and ActiveX if possible- a malicious web developer may attach a script to the content sent from a web site. The malicious script is transferred to your browser, where it can execute and compromise your machine. However, disabling Java, JavaScript, and ActiveX may impair your browsing experience 118 Yun Zhang Introduction to Computer Systems Practices against malicious code: • Disable scripting features in email programs if possibleemail programs use the same code as web browsers to display HTML, therefore vulnerabilities that affect ActiveX, Java, and JavaScript are often applicable to email as well as web pages • Turn off macros in applications • Install anti-virus software and keep it up-to-date on user machines and on email servers • Consult your system support personnel if you work from home to conform with employer's policies or procedures relating to the security of your home network 119 Yun Zhang Introduction to Computer Systems Practices against malicious code: • Practices against data failure, corruption, or deletion: • Develop a recovery plan in case your system is compromised, or destroyed • Perform and verify backups • Make a boot disk before your computer is damaged or compromised • If your computer is compromised: • Disconnect it from the network and restore from backups • Verify the integrity of the entire computer (software, configuration files, logs, data, etc.) • If integrity cannot be verified, reinstall operating system and applications • Apply all security patches and workarounds before reconnecting to network 120 Yun Zhang Introduction to Computer Systems Practices against malicious code: • It is also possible to safeguard your system so that traffic other than that which is necessary cannot pass through your system. But, keep in mind, you may be limiting your system's ability to interact with other systems or users (for example, filtering out email attachments). Or, you can go to the extremes to avoid security threats and limit your use of the computer by disconnecting from the network. That, however, would severely limit the functionality of your computer. When setting up a computer system, there is a balance that you will need to establish between risk and reward. You should estimate how much risk you are willing to take in order to obtain the functionality that you desire for your computer system. In general, when safeguarding your computer system, make sure you follow a reasonable security policy advised by security experts. 121 Yun Zhang Introduction to Computer Systems Exercise 6 • Question 1. Malicious Email • Items a-g below are email scenarios where you are the receiver of the email. Answer the questions in each item and justify your answers. • a. You received an unexpected email with an attachment named, "SecurityPatches4You.exe", from an unknown sender. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you? Would you open the attachment? • b. You received an unexpected email with an attachment named, "SecurityPatches4You.exe", from your friend Joe. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you from Joe? Would you open 122 the attachment? Yun Zhang Introduction to Computer Systems Exercise 6 • c. You received an unexpected email with an attachment named, "finalDraft.doc", from your friend Joe. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you from Joe? Would you open the attachment? • d. You received an expected email with .doc attachment from your friend Joe (assume hidden extensions are exposed). What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you? What would you do and why? 123 Yun Zhang Introduction to Computer Systems Exercise 6 • e. You received an unexpected email with no attachment from your friend Joe. The email instructs you to click on the enclosed URL. What type(s) of malicious code (virus, worm, Trojan horse, or mobile code) may be included in the email? How did the email reach you fro Joe? What would you do and why? • f. You received an unexpected, digitally signed email with no attachment from your friend Joe. The email instructs you to deposit $10,000 to Joe’s bank account. How did the email reach you? What would you do and why? • g. You received an expected, digitally signed email without an attachment from your friend Joe. Joe also confirmed that he sent the email. The email instructs you to deposit $20,000 to Joe’s bank account. How did the email reach you? What would you do and why? 124 Yun Zhang Introduction to Computer Systems Exercise 6 • Question 2. Cryptography • In this section, you will encode/decode simple messages using different cryptography methods. • a. Consider the alphabet shift cipher. Complete the following table: 125 Yun Zhang Introduction to Computer Systems Exercise 6 Plaintext Encryption Technique Software Shift right by 4 characters Shift right by 3 characters Ciphertext Vbvwhpv 126 Yun Zhang Introduction to Computer Systems Exercise 6 • b. What is the maximum number of ways you can replace a character using the above alphabet shift cipher? What is the size of the key space? What is a weakness of the alphabet shift cipher above? • c. How does using a secret passphrase as the encryption key compare to using the alphabet shift cipher? • Let us try using a passphrase to encrypt the message "Meet at noon." with a larger key space. The key is "CBA". In this case, only encrypt alphabet letters. • d. What is the encrypted message? 127 Yun Zhang Introduction to Computer Systems Exercise 6 • Now let us explore how to use private/public keys and digital signature. Suppose Jean is sending her friend Erin a secret note with a digital signature. • e. How does Jean include a digital signature? What key does Jean use to encrypt the entire message including the digital signature? • f. How does Erin decrypt the message, and verify that the message was from Jean? 128 Yun Zhang Introduction to Computer Systems Exercise 6 • Question 4. Data Backups • Consider the process of restoring data to a server from backup media. Assume the server failed Friday, November 14, at 3:00 P.M. • For each backup procedure below, indicate what data is lost, and describe the procedures for restoring data. • a. Full backup every Friday at 6:00 P.M. • b. Full backup every Friday at 6:00 P.M. and differential backup every Wednesday at 6:00 P.M. • c. Full backup every Friday at 6:00 P.M. and incremental backup every Monday, Tuesday, Wednesday, and Thursday at 6:00 P.M. • 129 Yun Zhang Introduction to Computer Systems
