View
227
Download
1
Tags:
Embed Size (px)
Citation preview
Computer Security
Prevention and detection of unauthorized actions by users of a computer system
• Confidentiality• Integrity• Availability
Access Control
• Limiting and controlling access to a shared resource
• Two approaches – 1) define what different subjects are allowed to do and 2) define what can be done to different objects
• Access permissions – Unix has read, write, and execute; Windows NT has read, write, execute, delete, change permission, and change ownership
Software Reliability
• How buggy software provides security vulnerability
• Why these problems are so common
The Ubiquity of Faulty Code
• Estimates from SEI are 5-15 errors/1000 LOC
• WIN2000 has 35-60 million LOC• Capers Jones study of errors in
COBOL programs• Problem of getting people to install
bug fixes
Risk
• What is risk?– Magnitude of loss– Likelihood of loss– Exposure to loss
• How well do people understand probability?
Vulnerabilities
Five steps to an attack1) Identify the specific target to be attacked and
gather information about the target2) Analyze the information and identify a
vulnerability in the target that will accomplish the attack objectives
3) Gain the appropriate level of access to the target4) Perform the attack on the target5) Complete the attack, which may include erasing
evidence of the attack, and avoid retaliation
The Vulnerability Landscape
• Physical• Virtual• Trust Model• System Life Cycle
Countermeasures
• Protection• Detection• Reaction
Threat Modeling
• What are the threats?• How would a hacker think about
attacking this system?
Use of Threat Modeling
• Risk Assessment• Security Design
1) Understand the real threats to the system and assess the risk of these threats
2) Describe the security policy necessary to defend against the threats
3) Describe the countermeasures that enforce the policy
Security Policies
• Good policies are appropriate for real threats
• Security policies should be written• Security policies should specify
security measures and who is responsible for their implementation, enforcement, audit, and review
Network
The Internet
Browser
Packet
Router
PacketRouter
Packet
Route
WebserverSoftware
Router
The globalInternet has
thousands of networks
Frames and Packets
ServerSwitch
Switch
RouterA
Router B
Client PC
Packet
Packet
Frame 1Carrying Packet
in Network 1
Frame 2Carrying Packet
in Network 2Frame 3Carrying Packet
in Network 3
Frames and Packets• Like passing a shipment (the packet) from
a truck (frame) to an airplane (frame) at an airport.
Truck
SameShipment
Airplane
Airport AirportTruck
Shipper Receiver
Network Layered Architecture
TCP/IP
Application
Transport
Internet
OSI
Subnet Access: UseOSI Standards Here
Hybrid TCP/IP-OSI
Application
Presentation
Session
Application
Transport Transport
Network Internet
Data Link Data Link
Physical Physical
Physical and Data Link Layers
• Physical (Layer 1): defines electrical signaling and media between adjacent devices
• Data link (Layer 2): control of a frame through a single network, across multiple switches
SwitchedNetwork 1
Data Link
Physical Link Frame
Internet Layer• Governs the transmission of a packet
across an entire internet. Path of the packet is its route
SwitchedNetwork 1
SwitchedNetwork 2
Switched Network 3 RouterRoute
Packet
Internet and Transport Layers
Transport LayerEnd-to-End (Host-to-Host)
Client PC ServerInternet Layer(Usually IP)
Hop-by-Hop (Host-Router or Router-Router)
Router 1 Router 2 Router 3
Hierarchical IP AddressNetwork Part (not always 16 bits)
Subnet Part (not always 8 bits)
Host Part (not always 8 bits)
Total always is 32 bits.
128.171.17.13
Host 13128.171.17.13
CBASubnet (17)
UH Network (128.171)The Internet
Domain Name Service
• Domain names and physical addresses
• The DNS is a database that shows domain names and physical addresses
IP Address Spoofing
Trusted Server60.168.4.6
Victim Server60.168.47.47
1. Trust Relationship
2. Attack Packet
Spoofed Source IP Address60.168.4.6
Attacker’s Identity is Not Revealed
Attacker’s Client PC1.34.150.37
3. Server Accepts Attack Packet
Internet Protocol (IP)
• IP Addresses and Security
– IP address spoofing: Sending a message with a false IP address
– Gives sender anonymity so that attacker cannot be identified
– Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts
Transmission Control Protocol (TCP)
• TCP Messages are TCP Segments– Flags field has several one-bit flags:
ACK, SYN, FIN, RST, etc.
Window Size(16 bits)
Flag Fields(6 bits)
Reserved(6 bits)
HeaderLength(4 bits)
Communication During a TCP Session
PCTransport Process
WebserverTransport Process
1. SYN (Open)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
Open(3)
3-Way Open
Communication During a TCP Session
PCTransport Process
WebserverTransport Process
Close(4)
13. FIN (Close)
14. ACK (13)
15. FIN
16. ACK (15)
Note: An ACK may be combined with the next message if the next messageis sent quickly enough
Normal Four-Way Close
Targeted System Penetration
• Unobtrusive Information Collection– Whois database Information about
responsible person
• Information about IP addresses of DNS servers, to find firm’s IP address block
Targeted System Penetration
• IP Address Spoofing Put false IP addresses in outgoing attack packets
• Attacker is blind to replies
– Use series of attack platforms
Using a Chain of Attack Hosts
Attacker1.4.5.6 Victim
60.77.8.32
CompromisedHost
123.67.8.23
CompromisedHost
123.67.33.4
Attack
Replies
Allows Reading of RepliesWithout Exposing Attacker
Using a Chain of Attack Hosts
Subsequent Trace Back
Successful
ConnectionBroken
ConnectionBroken
CompromisedHost
123.67.8.23
CompromisedHost
123.67.33.4
Attacker1.4.5.6
Victim60.77.8.32
Denial-of-Service (DoS) Attacks
• Flooding Denial-of-Service Attacks– SYN flooding
• Try to open many connections with SYN segments
• Victim must prepare to work with many connections
• Victim crashes if runs out of resources; at least slows down
• More expensive for the victim than the attacker
SYN Flooding DoS Attack
SYN SYN SYN SYN SYN
Attacker 1.34.150.37
Victim 60.168.47.47
Attacker Sends Flood of SYN Segments Victim Sets Aside Resources for Each Victim Crashes or Victim Becomes Too
Overloaded to Respond to the SYNs from Legitimate Uses
Distributed Denial-of-Service (DDoS)
Attacker 1.34.150.37
Attack Command
Handler Attack Command
Zombie
Attack Packet
Victim 60.168.47.47Attack Packet
Attack Packet
Zombie
ZombieHandler
Attack Command
Attack Command
Attack Command
Types of Firewall Inspection
• Packet Inspection
– Examines IP, TCP,UDP, and ICMP header contents
– Static packet filtering looks at individual packets in isolation. Misses many attacks
– Stateful inspection inspects packets in the context of the packet’s role in an ongoing or incipient conversation
• Stateful inspection is the preferred packet inspection method today
Types of Firewall Inspection
• Denial-of-Service Inspection
– Recognizes incipient DoS attacks and takes steps to stop them
– Limited to a few common types of attacks
Drivers of Performance Requirements: Traffic Volume and
Complexity of Filtering
PerformanceRequirements
Traffic Volume (Packets per Second)
Complexityof Filtering:Number of
FilteringRules,
ComplexityOf rules, etc.
Stateful Inspection Firewalls
• State of Connection: Open or Closed
– State: Order of packet within a dialog
– Often simply whether the packet is part of an open connection
Stateful Inspection Firewalls
• Static Packet Filter Firewalls are Stateless
– Filter one packet at a time, in isolation
– If a TCP SYN/ACK segment is sent, cannot tell if there was a previous SYN to open a connection
– But stateful firewalls can
DMZ
• Demilitarized Zone - Space between two firewalls
• For Servers That Must be Accessed From the Outside
Configuring, Testing, and Maintaining Firewalls
• Must test Firewalls with Security Audits
– Only way to tell if policies are being supported
– Must be driven by policies
• Maintaining Firewalls
– New threats appear constantly
– ACLs must be updated constantly if firewall is to be effective
Hardening Host Computers
• The Problem– Computers installed out of the box
have known vulnerabilities• Not just Windows computers
– Hackers can take them over easily
– They must be hardened—a complex process that involves many actions
Hardening Host Computers
• Elements of Hardening– Physical security– Secure installation and configuration– Fix known vulnerabilities– Turn off unnecessary services– Harden all remaining applications