Professional Documents
Culture Documents
Computer security
Confidentiality Integrity Availability
Confidentiality
Keeping information secret from people who should not know it
Passwords, credit card details
Encompasses:
Privacy Secrecy
Integrity
Ensuring things are not altered without permission Similar to setting file permissions to readonly Can be compromised in many ways:
Someone changes the way something operates Someone intercepts and changes emails between people Someone breaks into a site and changes the web pages Accidental damage
Integrity (2)
Not always compromised by deliberate malicious actions
Accident or equipment failure
Detecting when integrity has been compromised is difficult Not all compromises involve breaking into a software system
E.g. data corrupted at source
25/11/2010
Integrity (3)
In general:
Integrity requires that only authorised users perform authorised actions on resources they are authorised to use Important to be able to verify the identity of the user
Digital signatures, passwords
Availability
Ensuring that legitimate users of a system have reasonable and reliable access to their systems
I.e. prevent a denial of service ISO 7498-2 standard defines this as:
Denial of service: The prevention of authorised access to resources or the delaying of timecritical operations
Authentication
Verifying the identity of someone Two reasons for authenticating users:
Users want to access files and programs
Therefore have to be distinguished by an identity
Password login
Once succeeded, all activities of user occur within scope of an identifier On UNIX username converted to a global unique userid (UID) On Windows username converted to a security-id (SID)
Only unique on a local host
Identification requires an initial introduction based on trust Authentication is the confirmation of a previously trusted identity
Types of Authentication
OSI security architecture (ISO 7498-2) defines:
Entity authentication
Checking the identity of an individual or entity
Origin authentication
Checking the location of an individual or entity
Unilateral authentication
Verifying the entity to the authenticator
Mutual authentication
Verifying both parties to one another
25/11/2010
Viruses
Computer programs which attach to or overwrite other programs in order to replicate themselves
Can be sent as email attachments Often disguised as audio/video files, games, etc.
Viruses (2)
Spread through sharing infected files
Email attachments Documents or files transferred between users
Famous viruses:
ILOVEYOU, May 2000 Cost billions of dollars Reached around 45 million users in 1 day!
Worms
Like viruses but dont need to be attached to another program to spread
Can spread across the network and infect files on their own
Ping Attacks
Internet datagrams should not exceed 64KB (RFC 791)
But some implementations of IP can send larger datagrams
ping s 65510 destinationHost But not all implementations can receive them
Possible to crash some older network interfaces by sending a ping request with a very large packet size
25/11/2010
TCP/IP Spoofing
Forging datagrams so that they appear to come from a third party host
Host A Host B
Attacker at host A creates a packet with destination address host B and source address host C
Host C
After Burgess, 2004
SYN Flooding
Also a type of IP spoofing
Used to create a Denial of Service attack So it cant reply with a reset
Host A chooses an address for host C that is not in use ... And repeatedly sends SYN packets (for new connections) on the same port and on other ports
RECV queue fills up quickly Cant be emptied because the connections cant be completed Therefore services are cut off
UDP fragment #2 0
a) Normal UDP Fragmentation
100
UDP fragment #1
UDP fragment #2
Size = 120 - 0
In a Teardrop attack:
Attacker forges two UDP datagrams so that they appear to be fragments of a larger packet
But they are given data offsets which overlap
25/11/2010
Summary
An introduction to security considerations Mechanisms whereby attacks on systems are made.
Reference
Principles of Network and System Administration, Mark Burgess, Wiley, 2004