© 2016 Pearson

Education, Inc.,
Hoboken, NJ. All rights
reserved.
 Chapter 1
Overview

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
The NIST Computer Security
Handbook defines the term
Computer Security as:

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
 Integ
iality

rity
ident

Data
Conf

and
services

© 2016
Pearson
Availability Education,
Inc., Hoboken,
NJ. All rights
 Key Security Concepts
Confidentiality Integrity Availability

• Preserving • Guarding against • Ensuring timely

authorized improper and reliable
restrictions on information access to and use
information modification or of information
access and destruction,
disclosure, including ensuring
including means information
for protecting nonrepudiation
personal privacy and authenticity
and proprietary
information

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
 Levels of Impact
Low Moderate High
The loss could be
The loss could be The loss could be
expected to have
expected to have expected to have
a severe or
a limited adverse a serious adverse
catastrophic
effect on effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
• Computer security is not as
simple as it might first
appear to the novice
• Potential attacks on the
security features must be
considered
• Procedures used to provide
particular services are often
counterintuitive
• Physical and logical
placement needs to be
determined
• Additional algorithms or
protocols may be involved
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
• Attackers only need to find
a single weakness, the
developer needs to find all
weaknesses
• Users and system managers
tend to not see the benefits
of security until a failure
occurs
• Security requires regular
and constant monitoring
• Is often an afterthought to
be incorporated into a
system after the design is
complete
• Thought of as an
impediment to efficient
and user-friendly operation
 Table 1.1

Computer
Security
Terminology
RFC 4949, Internet

Security Glossary,

May 2000

© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Owners Threat agents
value
wish to abuse
wish to impose and/or
minimize may damage
give
rise to
countermeasures assets

to
reduce

to to
risk threats
that
increase

Figure 1.1 Security Concepts and Relationships

© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Assets of a Computer
System
Hardware

Software

Data

Communication facilities and

networks

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
 Vulnerabilities, Threats
and Attacks
• Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality)
• Unavailable or very slow (loss of availability)

• Threats
• Capable of exploiting vulnerabilities
• Represent potential security harm to an asset

• Attacks (threats carried out)

• Passive – attempt to learn or make use of information from the system
that does not affect system resources
• Active – attempt to alter system resources or affect their operation
• Insider – initiated by an entity inside the security parameter
• Outsider – initiated from outside the perimeter
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
Countermeasures
Means used to
deal with
security attacks
• Prevent
• Detect
• Recover

Residual
vulnerabilities
may remain

Goal is to
May itself minimize
introduce new residual level of
vulnerabilities risk to the
assets
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
 Threat Consequence Threat Action (Attack)
Unauthorized Exposure: Sensitive data are directly released to an
Disclosure unauthorized entity.
A circumstance or Interception: An unauthorized entity directly accesses
event whereby an sensitive data traveling between authorized sources and Table 1.2
entity gains access to destinations.
data for which the Inference: A threat action whereby an unauthorized entity
entity is not indirectly accesses sensitive data (but not necessarily the Threat
authorized. data contained in the communication) by reasoning from
characteristics or byproducts of communications. Consequences,
Intrusion: An unauthorized entity gains access to sensitive
data by circumventing a system's security protections. and the
Deception Masquerade: An unauthorized entity gains access to a
A circumstance or system or performs a malicious act by posing as an Types of
event that may result authorized entity.
in an authorized entity Falsification: False data deceive an authorized entity. Threat Actions
receiving false data Repudiation: An entity deceives another by falsely denying
and believing it to be responsibility for an act. That Cause
true.
Each
Disruption Incapacitation: Prevents or interrupts system operation by
A circumstance or disabling a system component. Consequence
event that interrupts Corruption: Undesirably alters system operation by
or prevents the correct adversely modifying system functions or data.
operation of system Obstruction: A threat action that interrupts delivery of
services and system services by hindering system operation.
Based on
functions.
Usurpation Misappropriation: An entity assumes unauthorized logical RFC 4949
A circumstance or or physical control of a system resource.
event that results in Misuse: Causes a system component to perform a function
control of system or service that is detrimental to system security.
services or functions
by an unauthorized
entity.
**Table is on page 20 in the textbook. © 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Table 1.3
Computer and Network Assets, with Examples of Threats
Availability Confidentiality Integrity
Equipment is stolen or
An unencrypted CD-
Hardware disabled, thus denying
ROM or DVD is stolen.
service.
A working program is
modified, either to
Programs are deleted, An unauthorized copy cause it to fail during
Software
denying access to users. of software is made. execution or to cause it
to do some unintended
task.
An unauthorized read
of data is performed. Existing files are
Files are deleted,
Data An analysis of modified or new files
denying access to users.
statistical data reveals are fabricated.
underlying data.
Messages are destroyed Messages are modified,
Communication or deleted. Messages are read. The delayed, reordered, or
Lines and Communication lines traffic pattern of duplicated. False
Networks or networks are messages is observed. messages are
rendered unavailable. fabricated.
 Passive and Active
Attacks
Passive Attack
• Attempts to learn or make
use of information from the
system but does not affect
system resources
• Eavesdropping on, or
monitoring of, transmissions
• Goal of attacker is to obtain
information that is being
transmitted
• Two types:
o Release of message contents
o Traffic analysis © 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Active Attack
• Attempts to alter system
resources or affect their
operation
• Involve some modification
of the data stream or the
creation of a false stream
• Four categories:
o Replay
o Masquerade
o Modification of messages
o Denial of service
 Table 1.4

Security
Requirements

(FIPS PUB 200)

(page 1 of 2)

(Table can be found on page 26 in the

textbook.)
 Table 1.4

Security
Requirements

(FIPS PUB 200)

(page 2 of 2)

(Table can be found on page 27 in the

textbook.)
 Fundamental Security
Design Principles
Economy of Fail-safe Complete
Open design
mechanism defaults mediation

Least
Separation of Least Psychological
common
privilege privilege acceptability
mechanism

Isolation Encapsulation Modularity Layering

Least
astonishment
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
 Attack Surfaces
Consist of the reachable and exploitable
vulnerabilities in a system

Examples:

Code that
Open ports on processes An employee with
outward facing incoming data, access to sensitive
Services available
Web and other email, XML, office Interfaces, SQL, information
on the inside of a
servers, and code documents, and and Web forms vulnerable to a
firewall
listening on those industry-specific social engineering
ports custom data attack
exchange formats

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
Attack Surface Categories
Network
Attack Surface
Vulnerabilities over an
enterprise network, wide-area
network, or the Internet
Included in this category are
network protocol vulnerabilities,
such as those used for a denial-
of-service attack, disruption of
communications links, and
various forms of intruder attacks
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.
Software Human Attack
Attack Surface Surface
Vulnerabilities in application,
utility, or operating system
code
Vulnerabilities created by
personnel or outsiders, such as
social engineering, human
error, and trusted insiders
Particular focus is Web server
software
 Shallow
Medium High
Security Risk Security Risk
Layering

Low Medium
Deep

Security Risk Security Risk

Small Large
Attack Surface

Figure 1.3 Defense in Depth and Attack Surface

© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Bank Account Compromise

User credential compromise UT/U1a User surveillance

UT/U1b Theft of token and

handwritten notes

Malicious software
Vulnerability exploit
installation
UT/U3a Smartcard analyzers UT/U2a Hidden code

UT/U3b Smartcard reader UT/U2b Worms

manipulator
UT/U2c E-mails with
malicious code
UT/U3c Brute force attacks
with PIN calculators

CC2 Sniffing

User communication
UT/U4a Social engineering
with attacker
UT/U4b Web page
obfuscation

Redirection of
Injection of commands CC3 Active man-in-the communication toward
middle attacks fraudulent site
User credential guessing IBS1 Brute force attacks CC1 Pharming

IBS2 Security policy IBS3 Web site manipulation

violation

Use of known authenticated Normal user authentication CC4 Pre-defined session

session by attacker with specified session ID IDs (session hijacking)

Figure 1.4 An Attack Tree for Internet Banking Authentication

© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Computer Security Strategy

© 2016 Pearson Education, Inc.,

Hoboken, NJ. All rights reserved.
 Summary
• Computer security • Fundamental
concepts security design
o Definition principles
o Challenges
o Model • Attack surfaces
• Threats, attacks, and attack trees
o Attack surfaces
and assets o Attack trees
o Threats and attacks
o Threats and assets • Computer
• Security functional security strategy
o Security policy
requirements o Security
implementation
o Assurance and
evaluation
© 2016 Pearson Education, Inc.,
Hoboken, NJ. All rights reserved.