Upload
garry-robinson
View
216
Download
0
Embed Size (px)
Citation preview
CIT 380: Securing Computer Systems
Security Solutions
Threat: Your Adversaries
• Youthful attackers• Organized crime• Terrorists• Governments• The competition• Hacktivists• Hired guns
Threat: Your Adversaries
• Disgruntled employees• Clueless employees• Customers• Suppliers• Vendors• Business partners• Contracts, temps, consultants
Threat Perspective
• “However, just as you don’t want to underestimate the threats that you face, neither do you want to overestimate them.” Counter Hack Reloaded page 10
Threat Assessment
• “You must sit down and carefully evaluate which threats would be motivated to go after your organization, tally the tangible and intangible value of the assets you have to protect, and then deploy security commensurate with the threat and the value of your systems and information.”
• Counter Hack Reloaded page 11
CIT 380: Securing Computer Systems Slide #6
How to evaluate security solutions?
1. What assets are you trying to protect?2. What are the risks to those assets?3. How well does the security solution mitigate
those risks?4. What other risks does the security solution
cause?5. What costs and trade-offs does the security
solution impose?
CIT 380: Securing Computer Systems Slide #7
Aspects of Risks
To evaluate a risk, we need to evaluate both:– Probability of risk occurring.– Cost incurred by risk if it occurs.
Minimize product of probability and cost.
Aspects of Risks
Risks are impacted by environment.– Building a house in a flood plain incurs additional
risks beyond that of house itself.– Similarly, installation and configuration options
impact risk of software systems.
CIT 380: Securing Computer Systems Slide #8
CIT 380: Securing Computer Systems Slide #9
Security is a matter of Trade-offs
Security is only one of many system goals:• Functionality• Ease of Use• Efficiency• Time to market• Cost• Security
CIT 380: Securing Computer Systems Slide #10
Cost-Benefit Analysis
Is it cheaper to prevent violation or recover?– Cost of good network security:• Money, time, reduced functionality, annoyed users.• Large and ongoing.
– Risks of bad network security:• Angry customers, bad press, network downtime.• Small and temporary.
CIT 380: Securing Computer Systems Slide #11
Airport SecurityLet’s consider the issue of airport security again from
the standpoint of what we’ve learned. Develop a solution, keeping the 5 questions in mind:
Airport Security
1. What assets are you trying to protect?2. What are the risks to those assets?3. How well does the security solution mitigate
those risks?4. What other risks does the security solution
cause?5. What costs and trade-offs does the security
solution impose?
CIT 380: Securing Computer Systems Slide #12
CIT 380: Securing Computer Systems Slide #13
Human Issues: People Problems
Social engineering– Kevin Mitnick testified before Congress “I was so
successful in that line of attack that I rarely had to resort to a technical attack.”
Circumvention– Users write down passwords, leave screens
unlocked.
Insider attacks
CIT 380: Securing Computer Systems Slide #14
Human Issues: OrganizationsLow priority– Security costs, but doesn’t produce income.– Lack of liability reduces costs of bad security.
Variable impact– Cost of security violation highly variable.– Insurance converts variable risk to fixed cost, but
risk too variable for much involvement so far.
Human Issues: Organizations
Power and responsibility– Personnel responsible for security often don’t
have power to enforce security.
CIT 380: Securing Computer Systems Slide #15
CIT 380: Securing Computer Systems Slide #16
Security: Laws and Customs
Are desired security measures illegal?– cryptography export before 2000– is it legal to monitor security breakins?– international commerce
Will users circumvent them?– writing down passwords– removing file ACLs
CIT 380: Securing Computer Systems Slide #17
Security Liability
Product liability:– Tires: Continental recalled Ford SUV tires in 2002
due to wire and vibration problems.– Software: Manufacturer not liable for security
flaws.
Since Microsoft isn’t liable for Windows security failures, why would they want to sacrifice money, time, functionality, and ease of use for security?
CIT 380: Securing Computer Systems Slide #18
Assumptions
• Security rests on assumptions specific to type of security required and environment.
Assumptions
• Example: – TCP/IP designed for pre-commercial Internet.• Assumed only legitimate administrators had root
access.• Trusted IP addresses, since only root can set IP address.• What happens to network when Windows 95 systems
added to network, where desktop user has all privileges?
CIT 380: Securing Computer Systems Slide #19
CIT 380: Securing Computer Systems Slide #20
Assurance
How much can you trust a system?Example:– Purchasing aspirin from a drugstore.– Bases for trust:• Certification of drug by FDA.• Reputation of manufacturer.• Safety seal on bottle.
CIT 380: Securing Computer Systems Slide #21
How much do you trust? Ken Thompson’s compiler hack from
“Reflections on Trusting Trust.”– Modified C compiler does two things:• If compiling a compiler, inserts the self-replicating
code into the executable of the new compiler.• If compiling login, inserts code to allow a backdoor
password.
How much do you trust?
– After recompiling and installing old C compiler:• Source code for Trojan horse does not appear
anywhere in login or C compiler.• Only method of finding Trojan is analyzing binary.
CIT 380: Securing Computer Systems Slide #22
CIT 380: Securing Computer Systems Slide #23
Key Points• Components of security– Confidentiality– Integrity– Availability
• States of information– Storage, Processing, Transmission
• Evaluating risk and security solutions.– Security is a matter of trade-offs.
• Security is a human problem.
Discussion: Gas Drive Away Without Paying
• What measures can be imposed?• What are the costs for the merchant and the
customer?• Do the benefits outweigh the costs?
CIT 380: Securing Computer Systems Slide #25
References1. Ross Anderson, Security Engineering, Wiley,
2001.2. Matt Bishop, Introduction to Computer Security,
Addison-Wesley, 2005.3. Peter Neumann, (moderator), Risks Digest,
http://catless.ncl.ac.uk/Risks/4. Bruce Schneier, Beyond Fear, Copernicus Books,
2003.5. Ken Thompson, “Reflections on Trusting Trust”,
Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)