Upload
peter-banda
View
213
Download
0
Embed Size (px)
Citation preview
8/19/2019 Security of Information Systems.doc
1/9
SECURITY OF INFORMATION SYSTEMS (COMPUTERS
AND NETWORKS)
SECURITY THREATS
To understand the types of threats to security that exist, we need to have a definition ofsecurity requireents! Coputer and networ" security address four requireents#
$! Confidentia%ity &secrecy'# Requires that the inforation in a coputer systeon%y (e accessi(%e for readin) (y authori*ed parties! This type of access inc%udes
printin), disp%ayin), and other fors of disc%osure, inc%udin) sip%y revea%in) the
existence of an o(+ect!! Inte)rity &consistency'# Requires that coputer syste assets can (e odified
on%y (y authori*ed parties! -odification inc%udes writin), chan)in), chan)in)
status, de%etin), and creatin)! .efore odification and after it, syste shou%d (e inthe consistent state, specified (y soe constraints!
/! Avai%a(i%ity# Requires that coputer syste assets are avai%a(%e to authori*ed
parties!0! Authenticity# Requires that a coputer syste (e a(%e to verify the identity of a
user!
TY1ES 23 THREATS
The types of attac"s on the security of a coputer syste are (est characteri*ed (yviewin) the function of the coputer syste as providin) inforation!
$! Interruption# An asset is destroyed or (ecoes unavai%a(%e or unusa(%e! This is an
attac" on availability! Exap%es inc%ude destruction of a piece of hardware, suchas a hard dis", the cuttin) of a counication %ine, or the disa(%in) of the fi%e
ana)eent syste!! Interception# An unauthori*ed party )ains access to an asset! This is an attac" on
confi!ntiality! The unauthori*ed party cou%d (e a person, a pro)ra, or a
coputer! Exap%es inc%ude wiretappin) to capture data in a networ" and the
i%%icit copyin) of fi%es or pro)ras!/! -odification# An unauthori*ed party not on%y )ains access to (ut tapers with an
asset! This is an attac" on int!"#ity$ confi!ntiality$ an a%t&!nticity! Exap%es
inc%ude chan)in) va%ues in a data fi%e, a%terin) pro)ra so that it perfors
different%y, and odifyin) the content of essa)es (ein) transitted in a networ"!0! 3a(rication# An unauthori*ed party inserts counterfeit o(+ects into the syste!
This is an attac" on int!"#ity an a%t&!nticity! Exap%es inc%ude the insertion of
spurious essa)es in a networ" or the additions of records to a fi%e!
$
8/19/2019 Security of Information Systems.doc
2/9
C2-1UTER SYSTE- ASSETS
Avai%a(i%ity Secrecy Inte)rity4Authenticity
Hardware Equipent is sto%en
or disa(%ed, thus
denyin) service
Software 1ro)ras are
de%eted, denyin)access to users
An unauthori*ed
copy of software isade
A wor"in) pro)ra
is odified, either tocause it to fai% durin)
execution or to cause
it to do soeunintended tas"
5ata 3i%es are de%eted,
denyin) access tousers
An unauthori*ed
read of data is perfored! An
ana%ysis of
statistica% datarevea%s under%yin)
data!
Existin) fi%es are
odified or new fi%esare fa(ricated!
Counication
%ines
-essa)es are
destroyed or
de%eted!Counication
%ines or networ"s
are rendered
unavai%a(%e!
-essa)es are read!
The traffic pattern
of essa)es iso(served!
-essa)es are
odified, de%ayed,
reordered, ordup%icated! 3a%se
essa)es are
fa(ricated!
Hardware
The ain threat to coputer syste hardware is in the area of avai%a(i%ity! Threats
inc%ude accidenta% and de%i(erate daa)e to equipent as we%% as theft! 1hysica% and
adinistrative security easures are needed to dea% with these threats!
SoftwareThe operatin) syste, uti%ities, and app%ication pro)ras are what a"e coputer syste
hardware usefu% to (usiness and individua%s!A "ey threat to software is an attac" on avai%a(i%ity! Software is easy to de%ete! Carefu%
software confi)uration ana)eent, which inc%udes a"in) (ac"ups of the ost recentversion of software, can aintain hi)h avai%a(i%ity! A ore difficu%t pro(%e to dea% withis software odification that resu%ts in a pro)ra that sti%% functions (ut that (ehaves
different%y than (efore! Coputer viruses and re%ated attac"s fa%% into this cate)ory and
are treated %ater! And software secrecy 6 this pro(%e of unauthori*ed copyin) ofsoftware is so%ved usin) specia% easures &e!)!, use of a "ey dis", re)istration nu(ers,
etc!' (ut cop%ete%y it is not so%ved!
8/19/2019 Security of Information Systems.doc
3/9
5ata
5ata security is ore widespread than hardware or software security pro(%es, which
invo%ves fi%es and other fors of data contro%%ed (y individua%s, )roups, and (usinessor)ani*ations! Security concerns with respect to data are (road, encopassin)
avai%a(i%ity, secrecy, and inte)rity! The o(vious concern with secrecy, of course, is the
unauthori*ed readin) of data fi%es or data(ases, and this area has (een the su(+ect of
perhaps ore research and effort than any other area of coputer security! A %ess o(vioussecrecy threat invo%ves the ana%ysis of data and anifests itse%f in the use of so7ca%%ed
statistica% data(ases, which provide suary or a))re)ate inforation! They ay (e
used to disc%ose persona% inforation! 3or exap%e, if one ta(%e records the a))re)ate of the incoes of A, ., C, and 5, and another one records the a))re)ate of the incoes of
A, ., C, 5, and E, the difference (etween the two a))re)ates wou%d (e the incoe of E!
This pro(%e is exacer(ated (y the increasin) desire to co(ine data sets! 3ina%%y, datainte)rity is a a+or concern in ost insta%%ations! -odifications to data fi%es can have
consequences fro inor to disastrous!
Counication 8ines and 9etwor"s
There are two c%asses of attac"s# passive and active!
1assive attac"s are# re%ease of essa)e contents and traffic ana%ysis!
The re%ease of essa)e contents is easi%y understood!
The traffic ana%ysis is ore su(t%e! Suppose that we had a way of as"in) the contents of essa)es or other inforation traffic so that opponents, even if they captured the
assa)e, cou%d not extract the inforation fro the essa)e! The coon technique for
as"in) is encryption! If we had encryption protection in p%ace, an opponent i)ht sti%%
(e a(%e to o(serve the pattern of these essa)es! The opponent cou%d deterine the%ocation and identity of counicatin) hosts and cou%d o(serve the frequency and %en)th
of essa)es (ein) exchan)ed! This inforation i)ht (e usefu% in )uessin) the nature of the counication that was ta"in) p%ace!
1assive attac"s are very difficu%t to detect (ecause they do not invo%ve any a%teration of
the data! However, it is feasi(%e to prevent the success of these attac"s! Thus, the
ephasis in dea%in) with passive attac"s is on prevention rather than detection!Active attac"s invo%ve soe odification of the data strea or the creation of the fa%se
strea and can (e su(divided into four cate)ories# asquerade, rep%ay, odification of
essa)es, and denia% of service!A asquerade ta"es p%ace when one entity pretends to (e a different entity! A asquerade
attac" usua%%y inc%udes one of the other fors of active attac"! 3or exap%e,authentication sequences can (e captured and rep%ayed after a va%id authenticationsequence has ta"en p%ace, thus ena(%in) an authori*ed entity with few privi%e)es to o(tain
extra privi%e)es (y ipersonatin) an entity that has those privi%e)es!
Rep%ay invo%ves the passive capture of a data unit and its su(sequent retransission to produce unauthori*ed effect!
-odification of essa)es sip%y eans that soe portion of a %e)itiate essa)e is
a%tered, or that essa)es are de%ayed or reordered, to produce an unauthori*ed effect! 3or
/
8/19/2019 Security of Information Systems.doc
4/9
Counication 8ines and 9etwor"s &Cont'
exap%e, :A%%ow ;ohn Sith to read confidentia% fi%e accounts< is odified to :A%%ow
3red .rown to read confidentia% fi%e accounts
The denia% of service prevents or inhi(its the nora% use or ana)eent of
counication faci%ities! This attac" ay have a specific tar)et= for exap%e, an entityay suppress a%% essa)es directed to a particu%ar destination &e!)!, the security audit
service'! Another for of a service denia% is the disruption of an entire networ", either (ydisa(%in) the networ" or (y over%oadin) it with essa)es so as to de)rade perforance!
Active attac" is difficu%t to prevent, that>s why the ain )oa% is to detect attac" and to
recover fro any disruption caused (y it!
1R2TECTI29
The introduction of u%tipro)rain) %eads to resources sharin) (y any users! This
sharin) invo%ves not +ust the processor (ut a%so the fo%%owin)#
$! -eory! I42 devices, such as dis"s and printers/! 1ro)ras
0! 5ata
The a(i%ity to share these resources introduced the need for protection! 2peratin) systeay offer protection a%on) the fo%%owin) spectru#
• 9o protection# This is appropriate when sensitive procedures are (ein) run at
separate ties!
• Iso%ation# This approach ip%ies that each process operates separate%y fro
other processes, with no sharin) or counication! Each process has its own
address space, fi%es, and other o(+ects!
• Share a%% or share nothin)# The owner of an o(+ect &e!)!, a fi%e or a eory
se)ent' dec%ares it to (e pu(%ic or private! In the forer case, any process
ay access the o(+ect= in the %atter, on%y the owner>s processes ay access the
o(+ect!
• Share via access %iitations# The operatin) syste chec"s the perissi(i%ity of
each access (y a specific user to a specific o(+ect! The operatin) syste actsas a )uard (etween users and o(+ects, ensurin) that on%y authori*ed accesses
occur!
• Share via dynaic capa(i%ities# This extends the concept of access contro% to
a%%ow dynaic creation of sharin) ri)hts for o(+ects!
• 8iit use of an o(+ect# This for of protection %iits not +ust access (ut theuse to which the o(+ect ay (e put! 3or exap%e, a user ay (e a%%owed to
view a sensitive docuent, (ut not print it! Another exap%e is that a user ay (e a%%owed access to a data(ase to derive statistica% suaries (ut not to
deterine specific data va%ues!
0
8/19/2019 Security of Information Systems.doc
5/9
1rotection of -eory
In a u%tipro)rain) environent, eory protection is essentia%! The concern here is
not +ust security, (ut the correct functionin) of the various processes!
The separation of the eory space of various processes is easi%y accop%ished with a
virtua% eory schee &se)entation, or pa)in), or co(ination of the two'! There ay (e provided a%so sharin) (y a%%owin) the sae se)ent or pa)e to appear in ore than
one ta(%e! There ay (e used hardware support for chec"in) va%idity of access of the process to the o(+ect (y coparison of the contro% "ey associated with the o(+ect, with the
access requirin) "ey associated with the process &e!)!, R18 and 518 for Inte% processors
usin) four priority rin)s'!
User72riented Access Contro%
The easures ta"en to contro% access in a data processin) syste fa%% into two cate)ories#
those associated with the user and those associated with the data!The ost coon technique for user access contro% on a shared syste or server is the
user %o) on, which requires (oth a user identifier &I5' and a password!
5ata72riented Access Contro%
3o%%owin) successfu% %o)on, the user has (een )ranted access to one or a set of hosts andapp%ications! This is )enera%%y not sufficient for a syste that inc%udes sensitive data in its
data(ase! Throu)h the user access procedure, a user can (e identified to the syste!
Associated with each user, there can (e a profi%e that specifies perissi(%e operations andfi%e accesses! The data(ase ana)eent syste, however, ust contro% access to specific
records or even portions of records! 3or exap%e, it ay (e perissi(%e for anyone inadinistration to o(tain a %ist of persona%, (ut on%y se%ected individua%s ay have accessto sa%ary inforation! 2peratin) syste ay )rant a user access to a fi%e or use an
app%ication, fo%%owin) which there are no ore security chec"s, whi%e the data(ase
ana)eent syste ust a"e a decision on each individua% access attept! Thatdecision wi%% depend not on%y on the user>s identity (ut a%so on the specific parts of data
(ein) accessed and even on the inforation a%ready divu%)ed to the user!
?
8/19/2019 Security of Information Systems.doc
6/9
5ata72riented Access Contro% &Cont'
A )enera% ode% of access contro% as exercised (y a fi%e or data(ase ana)eent syste
is that of an access atrix#
3i%e $ 3i%e 3i%e / 3i%e 0 Account
$
Account
User A 2wn
R
@
2wn
R
@
Inquiry
credit
User . R 2wn
R
@
@ R Inquiry
de(it
Inquiry
credit
User C R
@
R 2wn
R @
Inquiry
de(it
Access contro% %ists for fi%es are o(tained fro access atrix (y ta"in) content of its
co%uns, and Capa(i%ity %ists &tic"ets' for users are o(tained fro the atrix (y ta"in) itsrows! 3or exap%e, Access contro% %ist for 3i%e $ is#
3i%e $ B AD2wn,R,@B B .DRB B CDR,@B
Capa(i%ity %ist for User . is#
User . B 3i%e $DRB B 3i%e D2wn, R,@B B 3i%e /D@B B 3i%e 0DRB
Such %ists a%%ow "eepin) sparse access atrix effective%y!The (asic e%eents of this ode% are as fo%%ows#
• Su(+ect# An entity capa(%e of accessin) o(+ects! enera%%y, the concept of su(+ect equates with that of process! Any user or app%ication actua%%y )ains
access to an o(+ect (y eans of a process that represents that user or app%ication
• 2(+ect# Anythin) to which access is contro%%ed! Exap%es inc%ude fi%es,
portions of fi%es, pro)ras, and se)ents of eory!
• Access ri)ht# The way in which an o(+ect is accessed (y a su(+ect! Exap%es
are read, write, and execute!
Capa(i%ity %ists &tic"ets' specify authori*ed o(+ect and operations for user! User ay (e
authori*ed to %oan or )ive the to others! .ecause tic"ets ay (e dispersed around the
syste, they present a )reater security pro(%e than access contro% %ists! In particu%ar,tic"ets ust (e un7for)ea(%e! 2ne way to accop%ish this is to have the operatin) syste
ho%d a%% tic"ets on (eha%f of users! These tic"ets wou%d have to (e he%d in a re)ion
inaccessi(%e to users!
F
8/19/2019 Security of Information Systems.doc
7/9
I9TRU5ERS
2ne of the ost pu(%ici*ed threat to security is the intruder &the other is viruses',
)enera%%y referred to as hac"er or crac"er! There can (e identified three c%asses of
intruders#
• -asquerader# An individua% who is not authori*ed to use the coputer and who penetrates a syste>s access contro%s to exp%oit a %e)itiate
user>s account
• -isfeasor# A %e)itiate user who accesses data, pro)ras, or resources
for which such access is not authori*ed, or who is authori*ed for such
access (ut isuses his or her privi%e)es
• C%andestine user# An individua% who sei*es supervisory contro% of the
syste and uses this contro% to evade auditin) and access contro%s or tosuppress audit co%%ection!
The asquerader is %i"e%y to (e an outsider= the isfeasor )enera%%y is an insider= and the
c%andestine user can (e either an insider or an outsider!
I9TRUSI29 TECH9IGUES
The o(+ective of the intruder is to )ain access to a syste or to increase the ran)e of
privi%e)es accessi(%e on a syste! This requires the intruder to acquire inforation thatshou%d have (een protected! In ost cases, this inforation is in the for of a user
password! @ith "now%ed)e of soe other user>s password, an intruder can %o) in to a
syste and exercise a%% the privi%e)e accorded to the %e)itiate user!
Typica%%y, a syste ust aintain a fi%e that associates a password with each authori*eduser! If such a fi%e is stored with no protection, then it is an easy atter to )ain access to it
and %earn passwords! There is no password fi%e under -icrosoft @indows 9T44J1!-icrosoft @indows 9T44J1 stores encrypted password hashes in the @indowsRe)istry &http#44www!tech7faq!co4windows7password7fi%e!sht%'! The password fi%e for
Unix is %ocated in 4etc and is a text fi%e ca%%ed passwd
&http#44www!nrc!or)4pu(4faq4hac"faq4hac"faq7K!ht%'! The password fi%e can (e protected in one of two ways#
• 2ne7way encryption# The syste stores on%y an encrypted
for of the user>s password! @hen the user presents a password, the
syste encrypts that password and copares it with the stored va%ue! In practice, the syste usua%%y perfors a one7way transforation ¬
reversi(%e' in which the password is used to )enerate a "ey for the
encryption function and in which a fixed7%en)th output is produced!• Access contro%# Access to the password fi%e is %iited to
one or very few accounts!
L
http://www.tech-faq.com/windows-password-file.shtmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.htmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html
8/19/2019 Security of Information Systems.doc
8/9
I9TRUSI29 TECH9IGUES &C29T'
If one or (oth of these countereasures are in p%ace, soe effort is needed for a potentia%
intruder to %earn passwords! The fo%%owin) techniques for %earnin) passwords are "nown#
$! Try defau%t passwords used with standard accounts
that are shipped with the syste! -any adinistrators do not (other tochan)e the!
! Exhaustive%y try a%% short passwords &those of one tothree characters'
/! Try words in the syste>s on%ine dictionary or a %ist
of %i"e%y passwords! Exap%es of the %atter are readi%y avai%a(%e on hac"er (u%%etin (oards &e!)!, http#44www!openwa%%!co4passwords4word%ists4'!
0! Co%%ect inforation a(out users, such as their fu%%
naes, the naes of their spouse and chi%dren, pictures in their office, and
(oo"s in their office that are re%ated to ho((ies!?! Try users> phone nu(ers, socia% security nu(ers,
and roo nu(ers!F! Try a%% %e)itiate %icense p%ate nu(ers for this
state!
L! Use Tro+an horse &descri(ed %ater' to (ypass
restrictions on access!K! Tap the %ine (etween a reote user and the host
syste!
The first six ethods are various ways of )uessin) a password! If an intruder has to
verify the )uess (y atteptin) to %o) in, it is tedious and countered eans of attac"! 3or exap%e, a syste can sip%y re+ect any %o)in after three password attepts, thus
requirin) the intruder to reconnect to the host to try a)ain! Under these circustances, it
is not practica% to try ore than handfu% of passwords! However, intruder is un%i"e%y to trysuch crude ethods! 3or exap%e, if an intruder can )ain access with a %ow %eve% of
privi%e)es to an encrypted password fi%e, then the strate)y wou%d (e to capture that fi%e
and then use the encryption echanis of that particu%ar syste at %eisure unti% a va%id password that provided )reater privi%e)es was discovered!
uessin) attac"s are feasi(%e, and indeed hi)h%y effective, when %ar)e nu(er of )uesses
can (e attepted autoatica%%y and each )uess verified, without the )uessin) process (ein) detecta(%e! 8ater we sha%% consider thwartin) )uessin) attac"!
The seventh ethod of attac" %isted ear%ier, the Tro+an horse, can (e particu%ar%y difficu%t
to counter! 3or exap%e, a %ow7privi%e)ed user produced a )ae pro)ra and invited the
syste operator to use it in his or her spare tie! The pro)ra did indeed p%ay a )ae,
(ut in the (ac")round it a%so contained code to copy password fi%e, which wasunencrypted (ut access protected, into the user>s fi%e! .ecause the )ae was runnin)
under the operator>s hi)h7privi%e)e ode, it was a(%e to )ain access to the password fi%e!The ei)hth attac" %isted, %ine tappin), is a atter of physica% security! It can (e countered
with %in" encryption technique!
@e turn now to a discussion of the two principa% countereasures# prevention anddetection! 1revention is a cha%%en)in) security )oa% and an uphi%% (att%e at a%% ties! The
difficu%ty stes fro the fact that the defender ust attept to thwart a%% possi(%e attac"s,
K
http://www.openwall.com/passwords/wordlists/http://www.openwall.com/passwords/wordlists/
8/19/2019 Security of Information Systems.doc
9/9
whereas the attac"er is free to try to find the wea"est %in" in the defense chain and attac"
at that point! 5etection is concerned with %earnin) of an attac", either (efore or after its
success!
M