Security of Information Systems.doc

8/19/2019 Security of Information Systems.doc

1/9

SECURITY OF INFORMATION SYSTEMS (COMPUTERS

AND NETWORKS)

SECURITY THREATS

To understand the types of threats to security that exist, we need to have a definition ofsecurity requireents! Coputer and networ" security address four requireents#

$! Confidentia%ity &secrecy'# Requires that the inforation in a coputer systeon%y (e accessi(%e for readin) (y authori*ed parties! This type of access inc%udes

printin), disp%ayin), and other fors of disc%osure, inc%udin) sip%y revea%in) the

existence of an o(+ect!! Inte)rity &consistency'# Requires that coputer syste assets can (e odified

on%y (y authori*ed parties! -odification inc%udes writin), chan)in), chan)in)

status, de%etin), and creatin)! .efore odification and after it, syste shou%d (e inthe consistent state, specified (y soe constraints!

/! Avai%a(i%ity# Requires that coputer syste assets are avai%a(%e to authori*ed

parties!0! Authenticity# Requires that a coputer syste (e a(%e to verify the identity of a

user!

TY1ES 23 THREATS

The types of attac"s on the security of a coputer syste are (est characteri*ed (yviewin) the function of the coputer syste as providin) inforation!

$! Interruption# An asset is destroyed or (ecoes unavai%a(%e or unusa(%e! This is an

attac" on availability! Exap%es inc%ude destruction of a piece of hardware, suchas a hard dis", the cuttin) of a counication %ine, or the disa(%in) of the fi%e

ana)eent syste!! Interception# An unauthori*ed party )ains access to an asset! This is an attac" on

confi!ntiality! The unauthori*ed party cou%d (e a person, a pro)ra, or a

coputer! Exap%es inc%ude wiretappin) to capture data in a networ" and the

i%%icit copyin) of fi%es or pro)ras!/! -odification# An unauthori*ed party not on%y )ains access to (ut tapers with an

asset! This is an attac" on int!"#ity$ confi!ntiality$ an a%t&!nticity! Exap%es

inc%ude chan)in) va%ues in a data fi%e, a%terin) pro)ra so that it perfors

different%y, and odifyin) the content of essa)es (ein) transitted in a networ"!0! 3a(rication# An unauthori*ed party inserts counterfeit o(+ects into the syste!

This is an attac" on int!"#ity an a%t&!nticity! Exap%es inc%ude the insertion of

spurious essa)es in a networ" or the additions of records to a fi%e!

$


2/9

C2-1UTER SYSTE- ASSETS

Avai%a(i%ity Secrecy Inte)rity4Authenticity

Hardware Equipent is sto%en

or disa(%ed, thus

denyin) service

Software 1ro)ras are

de%eted, denyin)access to users

An unauthori*ed

copy of software isade

A wor"in) pro)ra

is odified, either tocause it to fai% durin)

execution or to cause

it to do soeunintended tas"

5ata 3i%es are de%eted,

denyin) access tousers

An unauthori*ed

read of data is perfored! An

ana%ysis of

statistica% datarevea%s under%yin)

data!

Existin) fi%es are

odified or new fi%esare fa(ricated!

Counication

%ines

-essa)es are

destroyed or

de%eted!Counication

%ines or networ"s

are rendered

unavai%a(%e!

-essa)es are read!

The traffic pattern

of essa)es iso(served!

-essa)es are

odified, de%ayed,

reordered, ordup%icated! 3a%se

essa)es are

fa(ricated!

Hardware

The ain threat to coputer syste hardware is in the area of avai%a(i%ity! Threats

inc%ude accidenta% and de%i(erate daa)e to equipent as we%% as theft! 1hysica% and

adinistrative security easures are needed to dea% with these threats!

SoftwareThe operatin) syste, uti%ities, and app%ication pro)ras are what a"e coputer syste

hardware usefu% to (usiness and individua%s!A "ey threat to software is an attac" on avai%a(i%ity! Software is easy to de%ete! Carefu%

software confi)uration ana)eent, which inc%udes a"in) (ac"ups of the ost recentversion of software, can aintain hi)h avai%a(i%ity! A ore difficu%t pro(%e to dea% withis software odification that resu%ts in a pro)ra that sti%% functions (ut that (ehaves

different%y than (efore! Coputer viruses and re%ated attac"s fa%% into this cate)ory and

are treated %ater! And software secrecy 6 this pro(%e of unauthori*ed copyin) ofsoftware is so%ved usin) specia% easures &e!)!, use of a "ey dis", re)istration nu(ers,

etc!' (ut cop%ete%y it is not so%ved!


3/9

5ata

5ata security is ore widespread than hardware or software security pro(%es, which

invo%ves fi%es and other fors of data contro%%ed (y individua%s, )roups, and (usinessor)ani*ations! Security concerns with respect to data are (road, encopassin)

avai%a(i%ity, secrecy, and inte)rity! The o(vious concern with secrecy, of course, is the

unauthori*ed readin) of data fi%es or data(ases, and this area has (een the su(+ect of

perhaps ore research and effort than any other area of coputer security! A %ess o(vioussecrecy threat invo%ves the ana%ysis of data and anifests itse%f in the use of so7ca%%ed

statistica% data(ases, which provide suary or a))re)ate inforation! They ay (e

used to disc%ose persona% inforation! 3or exap%e, if one ta(%e records the a))re)ate of the incoes of A, ., C, and 5, and another one records the a))re)ate of the incoes of

A, ., C, 5, and E, the difference (etween the two a))re)ates wou%d (e the incoe of E!

This pro(%e is exacer(ated (y the increasin) desire to co(ine data sets! 3ina%%y, datainte)rity is a a+or concern in ost insta%%ations! -odifications to data fi%es can have

consequences fro inor to disastrous!

Counication 8ines and 9etwor"s

There are two c%asses of attac"s# passive and active!

1assive attac"s are# re%ease of essa)e contents and traffic ana%ysis!

The re%ease of essa)e contents is easi%y understood!

The traffic ana%ysis is ore su(t%e! Suppose that we had a way of as"in) the contents of essa)es or other inforation traffic so that opponents, even if they captured the

assa)e, cou%d not extract the inforation fro the essa)e! The coon technique for

as"in) is encryption! If we had encryption protection in p%ace, an opponent i)ht sti%%

(e a(%e to o(serve the pattern of these essa)es! The opponent cou%d deterine the%ocation and identity of counicatin) hosts and cou%d o(serve the frequency and %en)th

of essa)es (ein) exchan)ed! This inforation i)ht (e usefu% in )uessin) the nature of the counication that was ta"in) p%ace!

1assive attac"s are very difficu%t to detect (ecause they do not invo%ve any a%teration of

the data! However, it is feasi(%e to prevent the success of these attac"s! Thus, the

ephasis in dea%in) with passive attac"s is on prevention rather than detection!Active attac"s invo%ve soe odification of the data strea or the creation of the fa%se

strea and can (e su(divided into four cate)ories# asquerade, rep%ay, odification of

essa)es, and denia% of service!A asquerade ta"es p%ace when one entity pretends to (e a different entity! A asquerade

attac" usua%%y inc%udes one of the other fors of active attac"! 3or exap%e,authentication sequences can (e captured and rep%ayed after a va%id authenticationsequence has ta"en p%ace, thus ena(%in) an authori*ed entity with few privi%e)es to o(tain

extra privi%e)es (y ipersonatin) an entity that has those privi%e)es!

Rep%ay invo%ves the passive capture of a data unit and its su(sequent retransission to produce unauthori*ed effect!

-odification of essa)es sip%y eans that soe portion of a %e)itiate essa)e is

a%tered, or that essa)es are de%ayed or reordered, to produce an unauthori*ed effect! 3or

/


4/9

Counication 8ines and 9etwor"s &Cont'

exap%e, :A%%ow ;ohn Sith to read confidentia% fi%e accounts< is odified to :A%%ow

3red .rown to read confidentia% fi%e accounts

The denia% of service prevents or inhi(its the nora% use or ana)eent of

counication faci%ities! This attac" ay have a specific tar)et= for exap%e, an entityay suppress a%% essa)es directed to a particu%ar destination &e!)!, the security audit

service'! Another for of a service denia% is the disruption of an entire networ", either (ydisa(%in) the networ" or (y over%oadin) it with essa)es so as to de)rade perforance!

Active attac" is difficu%t to prevent, that>s why the ain )oa% is to detect attac" and to

recover fro any disruption caused (y it!

1R2TECTI29

The introduction of u%tipro)rain) %eads to resources sharin) (y any users! This

sharin) invo%ves not +ust the processor (ut a%so the fo%%owin)#

$! -eory! I42 devices, such as dis"s and printers/! 1ro)ras

0! 5ata

The a(i%ity to share these resources introduced the need for protection! 2peratin) systeay offer protection a%on) the fo%%owin) spectru#

• 9o protection# This is appropriate when sensitive procedures are (ein) run at

separate ties!

• Iso%ation# This approach ip%ies that each process operates separate%y fro

other processes, with no sharin) or counication! Each process has its own

address space, fi%es, and other o(+ects!

• Share a%% or share nothin)# The owner of an o(+ect &e!)!, a fi%e or a eory

se)ent' dec%ares it to (e pu(%ic or private! In the forer case, any process

ay access the o(+ect= in the %atter, on%y the owner>s processes ay access the

o(+ect!

• Share via access %iitations# The operatin) syste chec"s the perissi(i%ity of

each access (y a specific user to a specific o(+ect! The operatin) syste actsas a )uard (etween users and o(+ects, ensurin) that on%y authori*ed accesses

occur!

• Share via dynaic capa(i%ities# This extends the concept of access contro% to

a%%ow dynaic creation of sharin) ri)hts for o(+ects!

• 8iit use of an o(+ect# This for of protection %iits not +ust access (ut theuse to which the o(+ect ay (e put! 3or exap%e, a user ay (e a%%owed to

view a sensitive docuent, (ut not print it! Another exap%e is that a user ay (e a%%owed access to a data(ase to derive statistica% suaries (ut not to

deterine specific data va%ues!

0


5/9

1rotection of -eory

In a u%tipro)rain) environent, eory protection is essentia%! The concern here is

not +ust security, (ut the correct functionin) of the various processes!

The separation of the eory space of various processes is easi%y accop%ished with a

virtua% eory schee &se)entation, or pa)in), or co(ination of the two'! There ay (e provided a%so sharin) (y a%%owin) the sae se)ent or pa)e to appear in ore than

one ta(%e! There ay (e used hardware support for chec"in) va%idity of access of the process to the o(+ect (y coparison of the contro% "ey associated with the o(+ect, with the

access requirin) "ey associated with the process &e!)!, R18 and 518 for Inte% processors

usin) four priority rin)s'!

User72riented Access Contro%

The easures ta"en to contro% access in a data processin) syste fa%% into two cate)ories#

those associated with the user and those associated with the data!The ost coon technique for user access contro% on a shared syste or server is the

user %o) on, which requires (oth a user identifier &I5' and a password!

5ata72riented Access Contro%

3o%%owin) successfu% %o)on, the user has (een )ranted access to one or a set of hosts andapp%ications! This is )enera%%y not sufficient for a syste that inc%udes sensitive data in its

data(ase! Throu)h the user access procedure, a user can (e identified to the syste!

Associated with each user, there can (e a profi%e that specifies perissi(%e operations andfi%e accesses! The data(ase ana)eent syste, however, ust contro% access to specific

records or even portions of records! 3or exap%e, it ay (e perissi(%e for anyone inadinistration to o(tain a %ist of persona%, (ut on%y se%ected individua%s ay have accessto sa%ary inforation! 2peratin) syste ay )rant a user access to a fi%e or use an

app%ication, fo%%owin) which there are no ore security chec"s, whi%e the data(ase

ana)eent syste ust a"e a decision on each individua% access attept! Thatdecision wi%% depend not on%y on the user>s identity (ut a%so on the specific parts of data

(ein) accessed and even on the inforation a%ready divu%)ed to the user!

?


6/9

5ata72riented Access Contro% &Cont'

A )enera% ode% of access contro% as exercised (y a fi%e or data(ase ana)eent syste

is that of an access atrix#

3i%e $ 3i%e 3i%e / 3i%e 0 Account

$

Account

User A 2wn

R

@

2wn

R

@

Inquiry

credit

User . R 2wn

R

@

@ R Inquiry

de(it

Inquiry

credit

User C R

@

R 2wn

R @

Inquiry

de(it

Access contro% %ists for fi%es are o(tained fro access atrix (y ta"in) content of its

co%uns, and Capa(i%ity %ists &tic"ets' for users are o(tained fro the atrix (y ta"in) itsrows! 3or exap%e, Access contro% %ist for 3i%e $ is#

3i%e $ B AD2wn,R,@B B .DRB B CDR,@B

Capa(i%ity %ist for User . is#

User . B 3i%e $DRB B 3i%e D2wn, R,@B B 3i%e /D@B B 3i%e 0DRB

Such %ists a%%ow "eepin) sparse access atrix effective%y!The (asic e%eents of this ode% are as fo%%ows#

• Su(+ect# An entity capa(%e of accessin) o(+ects! enera%%y, the concept of su(+ect equates with that of process! Any user or app%ication actua%%y )ains

access to an o(+ect (y eans of a process that represents that user or app%ication

• 2(+ect# Anythin) to which access is contro%%ed! Exap%es inc%ude fi%es,

portions of fi%es, pro)ras, and se)ents of eory!

• Access ri)ht# The way in which an o(+ect is accessed (y a su(+ect! Exap%es

are read, write, and execute!

Capa(i%ity %ists &tic"ets' specify authori*ed o(+ect and operations for user! User ay (e

authori*ed to %oan or )ive the to others! .ecause tic"ets ay (e dispersed around the

syste, they present a )reater security pro(%e than access contro% %ists! In particu%ar,tic"ets ust (e un7for)ea(%e! 2ne way to accop%ish this is to have the operatin) syste

ho%d a%% tic"ets on (eha%f of users! These tic"ets wou%d have to (e he%d in a re)ion

inaccessi(%e to users!

F


7/9

I9TRU5ERS

2ne of the ost pu(%ici*ed threat to security is the intruder &the other is viruses',

)enera%%y referred to as hac"er or crac"er! There can (e identified three c%asses of

intruders#

• -asquerader# An individua% who is not authori*ed to use the coputer and who penetrates a syste>s access contro%s to exp%oit a %e)itiate

user>s account

• -isfeasor# A %e)itiate user who accesses data, pro)ras, or resources

for which such access is not authori*ed, or who is authori*ed for such

access (ut isuses his or her privi%e)es

• C%andestine user# An individua% who sei*es supervisory contro% of the

syste and uses this contro% to evade auditin) and access contro%s or tosuppress audit co%%ection!

The asquerader is %i"e%y to (e an outsider= the isfeasor )enera%%y is an insider= and the

c%andestine user can (e either an insider or an outsider!

I9TRUSI29 TECH9IGUES

The o(+ective of the intruder is to )ain access to a syste or to increase the ran)e of

privi%e)es accessi(%e on a syste! This requires the intruder to acquire inforation thatshou%d have (een protected! In ost cases, this inforation is in the for of a user

password! @ith "now%ed)e of soe other user>s password, an intruder can %o) in to a

syste and exercise a%% the privi%e)e accorded to the %e)itiate user!

Typica%%y, a syste ust aintain a fi%e that associates a password with each authori*eduser! If such a fi%e is stored with no protection, then it is an easy atter to )ain access to it

and %earn passwords! There is no password fi%e under -icrosoft @indows 9T44J1!-icrosoft @indows 9T44J1 stores encrypted password hashes in the @indowsRe)istry &http#44www!tech7faq!co4windows7password7fi%e!sht%'! The password fi%e for

Unix is %ocated in 4etc and is a text fi%e ca%%ed passwd

&http#44www!nrc!or)4pu(4faq4hac"faq4hac"faq7K!ht%'! The password fi%e can (e protected in one of two ways#

• 2ne7way encryption# The syste stores on%y an encrypted

for of the user>s password! @hen the user presents a password, the

syste encrypts that password and copares it with the stored va%ue! In practice, the syste usua%%y perfors a one7way transforation &not

reversi(%e' in which the password is used to )enerate a "ey for the

encryption function and in which a fixed7%en)th output is produced!• Access contro%# Access to the password fi%e is %iited to

one or very few accounts!

L

http://www.tech-faq.com/windows-password-file.shtmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.htmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.tech-faq.com/windows-password-file.shtmlhttp://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html


8/9

I9TRUSI29 TECH9IGUES &C29T'

If one or (oth of these countereasures are in p%ace, soe effort is needed for a potentia%

intruder to %earn passwords! The fo%%owin) techniques for %earnin) passwords are "nown#

$! Try defau%t passwords used with standard accounts

that are shipped with the syste! -any adinistrators do not (other tochan)e the!

! Exhaustive%y try a%% short passwords &those of one tothree characters'

/! Try words in the syste>s on%ine dictionary or a %ist

of %i"e%y passwords! Exap%es of the %atter are readi%y avai%a(%e on hac"er (u%%etin (oards &e!)!, http#44www!openwa%%!co4passwords4word%ists4'!

0! Co%%ect inforation a(out users, such as their fu%%

naes, the naes of their spouse and chi%dren, pictures in their office, and

(oo"s in their office that are re%ated to ho((ies!?! Try users> phone nu(ers, socia% security nu(ers,

and roo nu(ers!F! Try a%% %e)itiate %icense p%ate nu(ers for this

state!

L! Use Tro+an horse &descri(ed %ater' to (ypass

restrictions on access!K! Tap the %ine (etween a reote user and the host

syste!

The first six ethods are various ways of )uessin) a password! If an intruder has to

verify the )uess (y atteptin) to %o) in, it is tedious and countered eans of attac"! 3or exap%e, a syste can sip%y re+ect any %o)in after three password attepts, thus

requirin) the intruder to reconnect to the host to try a)ain! Under these circustances, it

is not practica% to try ore than handfu% of passwords! However, intruder is un%i"e%y to trysuch crude ethods! 3or exap%e, if an intruder can )ain access with a %ow %eve% of

privi%e)es to an encrypted password fi%e, then the strate)y wou%d (e to capture that fi%e

and then use the encryption echanis of that particu%ar syste at %eisure unti% a va%id password that provided )reater privi%e)es was discovered!

uessin) attac"s are feasi(%e, and indeed hi)h%y effective, when %ar)e nu(er of )uesses

can (e attepted autoatica%%y and each )uess verified, without the )uessin) process (ein) detecta(%e! 8ater we sha%% consider thwartin) )uessin) attac"!

The seventh ethod of attac" %isted ear%ier, the Tro+an horse, can (e particu%ar%y difficu%t

to counter! 3or exap%e, a %ow7privi%e)ed user produced a )ae pro)ra and invited the

syste operator to use it in his or her spare tie! The pro)ra did indeed p%ay a )ae,

(ut in the (ac")round it a%so contained code to copy password fi%e, which wasunencrypted (ut access protected, into the user>s fi%e! .ecause the )ae was runnin)

under the operator>s hi)h7privi%e)e ode, it was a(%e to )ain access to the password fi%e!The ei)hth attac" %isted, %ine tappin), is a atter of physica% security! It can (e countered

with %in" encryption technique!

@e turn now to a discussion of the two principa% countereasures# prevention anddetection! 1revention is a cha%%en)in) security )oa% and an uphi%% (att%e at a%% ties! The

difficu%ty stes fro the fact that the defender ust attept to thwart a%% possi(%e attac"s,

K

http://www.openwall.com/passwords/wordlists/http://www.openwall.com/passwords/wordlists/


9/9

whereas the attac"er is free to try to find the wea"est %in" in the defense chain and attac"

at that point! 5etection is concerned with %earnin) of an attac", either (efore or after its

success!

M

Documents

Security of Information Systems.doc