Professional Documents
Culture Documents
Introduction To Security
Concepts
Overview
Computers today are used not only in the
home and office, but in a countless of crucial
and sensitive applications.
we rely on computers in our day today lives !
Computers are easily disrupted
◦ Accidental spill your cup of coffee on your
computer.
◦ A power loss lasting a fraction of a second may
cause a head crash of the hard disk,
2
Overview
Definitions
Security : “the quality or state of being free
from danger” Or “ measures taken to guard
against espionage, sabotage, crime, attack, or
escape.”
Computer Security: The prevention and
protection of computer from unauthorized
access, use, alteration, degradation, destruction,
and other threats.
3
Overview
Assets
◦ Things we might want to protect:
Hardware
Software
Data
5
Network Protocol & Security
Network protocols are a set of rules and
conventions that govern how data is
transmitted and received over a network.
These protocols define:
◦ format of data packets,
◦ error handling,
◦ addressing, and other aspects of network
communication.
6
TCP/IP Protocol Suite
It is the foundation of modern networking. It consists of
several layers, each with its own set of protocols.
7
Cont…
TCP/IP communication involves data
encapsulation, where data is wrapped in
various headers and trailers as it moves
down the protocol stack and is
unwrapped as it moves up. Each layer adds
its own header, addressing information,
and control data.
8
Cont…
Physical Layer Attack: Wiretapping or
eavesdropping on physical communication
channels.
◦ Countermeasure: Use secure physical cabling and
encryption technologies, like VPNs or TLS/SSL for
higher-layer data protection.
Data Link Layer Attack: MAC address
spoofing, ARP poisoning, or VLAN hopping.
◦ Countermeasure: Implement port security, use
MAC address filtering, employ ARP inspection,
and configure VLAN ACLs (Access Control Lists).
9
Cont…
Network Layer (IP Layer) Attack: IP spoofing,
DDoS attacks, or routing attacks.
◦ Countermeasure: Implement packet filtering, use
Access Control Lists (ACLs), and deploy intrusion
detection and prevention systems (IDPS) to
mitigate DDoS attacks.
Transport Layer Attack: Man-in-the-Middle
(MitM) attacks, session hijacking, and SYN
flooding.
◦ Countermeasure: Use Transport Layer Security
(TLS) for encryption, employ firewalls and
intrusion detection systems, and implement
SYN/ACK cookies to prevent SYN flooding.
10
Cont…
Application Layer Attack: SQL injection,
Cross-Site Scripting (XSS), and Cross-Site
Request Forgery (CSRF).
◦ Countermeasure: Input validation, output
encoding, and parameterized queries to
mitigate SQL injection; implement security
headers and input validation to prevent XSS
and CSRF attacks.
11
History
Until 1960s computer security was limited to
physical protection of computers.
the late 1960s and 1970s
◦ Evolutions
Computers became interactive
Multiuser/Multiprogramming & Networking was invented
More and more data started to be stored in computer databases
◦ Organizations and individuals started to worry about
What the other persons using computers are doing to their data
What is happening to their private data stored in large databases
◦ Remote access of data was possible opening up new
possibilities for abuse.
12
History
Computer security was almost non-existing before
1980s.(besides physical protection)
In the 1980s and 1990s
◦ Evolution
Personal computers were popularized
LANs and Internet invaded the world
Applications such as E-commerce, E-government and
E-health started to develop
Viruses become major threats
◦ Organizations/individuals started to worry
about
Who has access to their computers and data
Whether they can trust a mail, a website, etc.
Whether their privacy is protected in the connected world
13
History
In 2000s
◦ Computers become smaller
◦ Computers become parts of our life
◦ Security became a global concern .
In the past, computer security violations,
such as viruses were caused by
hackers(young adults who did this for fun)
Today, attacks on computers are planned
and funded by organized criminals and may
be devastating.
14
History: Famous security problems
16
History: Famous security problems…
In 2010,Wikileak
◦ began releasing classified cables that had been
sent to the U.S. State Department by 274 of
its consulates, embassies, and diplomatic
missions around the world. Dated between
December 1966 and February 2010,
◦ the cables contain diplomatic analysis from
world leaders, and the diplomats' assessment
of host countries and their officials.
17
Activity
18
Limitations
Lack of intelligence( can’t think )
Easy to break computer security than to build
fully secured computers.
◦ only one weakness is enough to launch an attack
Operating systems: different levels b/n
hardware and GUI(hidden malicious software).
◦ “Easy to use easy to misuse !”
Internet and its protocols: important Internet
protocols were developed in the 1970s and
1980s, before Internet security became a global
concern.
19
Basic concepts
21
Basic concepts…
Supplements to CIA:
Authentication
◦ How do I know it's really you?
Authorization
◦ Now that you are here, what are you allowed to
do?
Accountability
◦ Who did what, and, perhaps, who pays the bill?
22
Basic concepts…
Privacy
◦ “informational self-determination”
◦ This means that you get to control
information about you
◦ “Control” means many things:
Who gets to see it
Who gets to use it
What they can use it for
Who they can give it to
23
Basic concepts…
vulnerabilities, threats & countermeasures
Physical vulnerabilities
◦ break into your server room, device theft, steal backup
media and printouts,
◦ Locks, guards, Surveillance cams, Burglar alarms
Natural vulnerabilities
◦ vulnerable to natural disasters and to environmental
threats, power loss
◦ Natural disasters: fire, flood, earthquakes, lightning
◦ environmental threats: Dust, humidity, and uneven
temperature conditions
◦ air conditioning and heating systems……UPS,…..backups
25
Vulnerabilities…
Communication vulnerabilities
◦ Wires can be tapped, physically damaged, EMI
◦ Fiber optics
Human vulnerabilities
◦ the greatest vulnerability of all
◦ Employees, contractors
◦ Choose employees carefully
27
Threats
Threats fall into three main categories based
on the source: natural, unintentional, and
intentional.
Natural: fires, floods, power failures, and other
disasters
◦ fire alarms, temperature gauges, and surge
protectors
◦ backing up critical data off-site.
Unintentional threats: delete a file, change
of security passwords
◦ Training , security procedures and policies
28
Threats…
Intentional threats: outsiders and insiders
Outsiders may penetrate systems in a
variety of ways:
◦ simple break-ins of buildings and computer
rooms;
◦ disguised entry as maintenance personnel;
◦ anonymous, electronic entry through modems
and network connections;
◦ and bribery or coercion of inside personnel.
Although most security mechanisms protect
best against outside intruders, surveys
indicates that most attacks are by insiders.
29
Threats…
Estimates are that as many as 80 percent of
system penetrations are by fully authorized
users who abuse their access privileges to
perform unauthorized functions.
◦ "The enemy is already in, we hired them.”
Insiders are sometimes referred as living
Trojan horses
There are a number of different types of
insiders.
◦ fired or disgruntled employee might be trying to
steal revenge ; employee might have been
blackmailed or bribed by foreign or corporate
enemy agents.
30
Threats…
Interruption Interception
Modification Fabrication
33
Countermeasures
Authentication
Password,cards,biometrics
Encryption
Auditing
Administrative procedures
Standards
Physical security
Laws
Backups
34
Control
◦ Removing or reducing a vulnerability
◦ You control a vulnerability to prevent an
attack and block a threat.
35
Security services
AUTHENTICATION
◦ The assurance that the communicating entity is the
one that it claims to be
ACCESS CONTROL
◦ The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to a
resource, under what conditions access can occur,
and what those accessing the resource are allowed
to do).
DATA CONFIDENTIALITY
◦ The protection of data from unauthorized
disclosure.
36
Security services…
DATA INTEGRITY
◦ The assurance that data received are exactly
as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
NONREPUDIATION
◦ Provides protection against denial by one of
the entities involved in a communication of
having participated in all or part of the
communication.
37
Goals of security
Prevention : means that an attack will fail.
◦ Eg. passwords ( prevent unauthorized users from accessing
the system).
Detection : is most useful when an attack cannot be
prevented, but it can also indicate the effectiveness of
preventative measures.
◦ Detection mechanisms accept that an attack will occur;
◦ determine that an attack is underway, or has occurred, and
report it.
◦ The attack may be monitored, however, to provide data
about its nature, severity, and results.
38
Goals…
40
Malicious Software
What is Malicious Software
➢ Software deliberately designed to harm
computer systems.
➢ Malicious software program causes
undesired actions in information systems.
➢ Spreads from one system to another
through:
E-mail (through attachments)
Infected disks
Downloading / Exchanging of corrupted files
Embedded into computer games
42
Malicious Software - Categories
Malicious
Software
43
Types of Malicious Software
Virus : is a program that spread to other
software in the system .i.e., program that
incorporates copies of itself into other programs
Viruses are programs that spread malicious code to
other programs by modifying them
44
Rabbit : This malicious software
replicates itself without limits. Depletes
some or all the system’s resources.
45
Hoaxes : False alerts of spreading viruses.
❑ e.g., sending chain letters.
46
Trojan Horse : This is a malicious
program with unexpected additional
functionality. It includes harmful features
of which the user is not aware.
48
Spyware : is unwanted software that infiltrates
your computing device, stealing your internet
usage data and sensitive information.
❑ Spyware programs explore the files in an
information system.
❑ Information forwarded to an address specified in
Spyware.
❑ Spyware can also be used for investigation of
software users or preparation of an attack.
49
Trapdoor : Secret undocumented entry point to
the program.
❑ An example of such feature is so called back
door, which enables intrusion to the target by
passing user
authentication methods.
❑ A hole in the security of a system deliberately
left in place by designers or maintainers.
❑ Trapdoor allows unauthorized access to the
system.
❑ Only purpose of a trap door is to "bypass"
internal controls. It is up to the attacker to
determine how this circumvention of control can
be utilized for his benefit.
50
Worms :
❑ program that spreads copies of itself through a
network.
❑ Does irrecoverable damage to the computer
system.
❑ Stand-alone program, spreads only through
network.
❑ Also performs various malicious activities other
than spreading itself to different systems e.g.,
deleting files.
❑ Attacks of Worms:
1. Deleting files and other malicious actions on
systems.
2. Communicate information back to attacker e.g.,
passwords, other proprietary information.
3. Disrupt normal operation of system, thus denial
of service attack (DoS)
4. Worms may carry viruses with them.
51
Means of spreading Infection by Worms :
53
Detecting virus infected files/programs :
54
Places where viruses live :
▪ Boot sector
▪ Memory
▪ Disk – Applications and data stored on
disk.
▪ Libraries – stored procedures and classes.
▪ Compiler
▪ Debugger
▪ Virus checking program infected by virus –
unable to detect that particular virus
signature.
55
Effect of Virus attack on computer system
➢ Virus
may affect user’s data in memory –
overwriting.
56
Preventing infection by malicious software :
57
Questions?
Assignment 1: Virus writing
Study malicious program (virus) writing tutorials and
create a simple malicious (virus) program that
doesn’t spread but infects a particular file of your
choice.
Then write an antivirus program that detects your
malicious (virus) program.
You can use either java or python programming.
59
Authentication
60
Who Goes There?
How to authenticate a human to a machine?
Can be based on…
◦ Something you know
For example, a password
◦ Something you have
For example, a smartcard
◦ Something you are
For example, your fingerprint
61
Something You Know
Passwords
Lots of things act as passwords!
◦ PIN
◦ Social security number
◦ Date of birth
◦ Name of your pet, etc.
62
Why Passwords?
Why is “something you know” more
popular than “something you have” and
“something you are”?
Cost: passwords are free
Convenience: easier for SA to reset
pwd than to issue user a new thumb
63
Good and Bad Passwords
Bad passwords Good Passwords?
◦ frank ◦ jfIej,43j-EmmL+y
◦ Fido ◦ 09864376537263
◦ password ◦ P0kem0N
◦ 4444 ◦ FSa7Yago
◦ Pikachu ◦ 0nceuP0nAt1m8
◦ 102560 ◦ PokeGCTall150
◦ AustinStamp
64
Password Experiment
Three groups of users ⎯ each group advised to
select passwords as follows
◦ Group A: At least 6 chars, 1 non-letter
◦ Group B: Password based on passphrase
◦ Group C: 8 random characters
Results
◦ Group A: About 30% of pwds easy to crack
◦ Group B: About 10% cracked
Passwords easy to remember
◦ Group C: About 10% cracked
Passwords hard to remember
65
Password Experiment
User compliance hard to achieve
In each case, 1/3rd did not comply (and about
1/3rd of those easy to crack!)
Assigned passwords sometimes best
If passwords not assigned, best advice is
◦ Choose passwords based on passphrase
◦ Use pwd cracking tool to test for weak pwds
◦ Require periodic password changes?
66
Attacks on Passwords
Attacker could…
◦ Target one particular account
◦ Target any account on system
◦ Target any account on any system
◦ Attempt denial of service (DoS) attack
Common attack path
◦ Outsider → normal user → administrator
◦ May only require one weak password!
67
Password Retry
Suppose system locks after 3 bad
passwords. How long should it lock?
◦ 5 seconds
◦ 5 minutes
◦ Until SA restores service
What are +’s and -’s of each?
68
Dictionary Attack
Attacker pre-computes h(x) for all x in a
dictionary of common passwords
Suppose attacker gets access to password file
containing hashed passwords
◦ Attacker only needs to compare hashes to his pre-
computed dictionary
◦ Same attack will work each time
Can we prevent this attack? Or at least make
attacker’s job more difficult?
69
Other Password Issues
Too many passwords to remember
◦ Results in password reuse
◦ Why is this a problem?
Who suffers from bad password?
◦ Login password vs ATM PIN
Failure to change default passwords
Social engineering
Error logs may contain “almost” passwords
Bugs, keystroke logging, spyware, etc.
70
Passwords
71
Password Cracking Tools
Popular password cracking tools
◦ Password Crackers
◦ Password Portal
◦ L0phtCrack and LC4 (Windows)
◦ John the Ripper (Unix)
Admins should use these tools to test for weak
passwords since attackers will!
Good article on password cracking
◦ Passwords - Conerstone of Computer Security
72
Biometrics
73
Something You Are
Biometric
◦ “You are your key” ⎯ Schneier
❑ Examples
o Fingerprint
o Handwritten signature Are
o Facial recognition Have
Know
o Speech recognition
o Gait (walking) recognition
o “Digital doggie” (odor recognition)
o Many more!
74
Why Biometrics?
Biometrics seen as desirable replacement for
passwords
Cheap and reliable biometrics needed
Today, a very active area of research
Biometrics are used in security today
◦ Thumbprint mouse
◦ Palm print for secure entry
◦ Fingerprint to unlock car door, etc.
But biometrics not too popular
◦ Has not lived up to its promise (yet)
75
Biometric Modes
Identification ⎯ Who goes there?
◦ Compare one to many
◦ Example: The FBI fingerprint database
Authentication ⎯ Is that really you?
◦ Compare one to one
◦ Example: Thumbprint mouse
Identification problem more difficult
◦ More “random” matches since more comparisons
We are interested in authentication
76
Hand Geometry
❑ Popular form of biometric
❑ Measures shape of hand
o Width of hand, fingers
o Length of fingers, etc.
❑ Human hands not unique
❑ Hand geometry sufficient
for many situations
❑ Suitable for authentication
❑ Not useful for ID problem
77
Hand Geometry
Advantages
◦ Quick
◦ 1 minute for enrollment
◦ 5 seconds for recognition
◦ Hands symmetric (use other hand backwards)
Disadvantages
◦ Cannot use on very young or very old
◦ Relatively high equal error rate
78
Iris Patterns
79
Attack on Iris Scan
Good photo of eye can be scanned
◦ Attacker could use photo of eye
❑ Afghan woman was authenticated by
iris scan of old photo
80
Biometrics: The Bottom Line
Biometrics are hard to forge
But attacker could
◦ Steal Alice’s thumb
◦ Photocopy Bob’s fingerprint, eye, etc.
◦ Subvert software, database, “trusted path”, …
Also, how to revoke a “broken” biometric?
Biometrics are not foolproof!
That should change in the future…
81
Something You Have
82
2-factor Authentication
Requires 2 out of 3 of
1. Something you know
2. Something you have
3. Something you are
Examples
◦ ATM: Card and PIN
◦ Credit card: Card and signature
◦ Smartcard with password/PIN
83
End Of Chapter
Questions
84