CS 5950/6030 Network Security Class 2 (F, 9/2/05

Leszek Lilien Department of Computer Science Western Michigan University [Using some slides prepared by: Prof. Aaron Striegel, University of Notre Dame Prof. Barbara Endicott-Popovsky and Prof. Deborah Frincke, University of Washington]

Section 1± Class 2
Class 1: 1.1. Course Overview ± Syllabus - Course Introduction 1.2. Survey of Students¶ Background and Experience 1.3. Introduction to Security 1.3.1. Examples ± Security in Practice 1.3.2. What is ÄSecurity?´ 1.3.3. Pillars of Security: Confidentiality, Integrity, Availability (CIA) ± PART 1

Class 2: 1.3.3. Pillars of Security: Confidentiality, Integrity, Availability (CIA) ² PART 2 1.3.4. Vulnerabilities, Threats, and Controls ± PART 1 Vulnerabilities, Threats, and Controls / Attacks Kinds of Threats (interception/interruption/modification/fabrication) Levels of Vulnerabilities / Threats A) Hardware level B) Software level
... To be continued ...

1.1. Course Overview (1)
CS 5950/6030: Network Security - Fall 2005
Department of Computer Science Western Michigan University Description: Survey of topics in the area of computer and network security with a thorough basis in the fundamentals of computer/network security. Class: Instructor: CEAS C0141, M W F 3:00 PM ± 3:50 PM Dr. Leszek (Leshek) Lilien, CEAS B-249, phone: 276-3116 Email: llilien@wmich.edu ± please use for urgent matters only
1) Only mail coming from a WMU account (ending with ³wmich.edu´ will be read). 2) Files submitted as attachments will not be read unless they are scanned with up-to-date anti-viral software, and the message including them contains the following statement: I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>>.

Office Hours: MW 4:30 PM -5:30 PM F 1:30 PM ± 2:30 PM


Web Pages: http://www.cs.wmich.edu/~llilien/cs5950-6030/index.html

. 4 ...

student) ________________ Major _____________________________________________________________________ PART 1. Experience (use.) 0 1 2 3 4 4 4 4 5 5 5 5 Any new students who did not fill out the survey? 5 .) 0 1 2 3 Cryptography (basic ciphers. Ph. IP.Fall 2005 Please print all your answers. First name: __________________________ Last name: _____________________________ Email _____________________________________________________________________ Undergrad. etc.2. etc./Year or Status (e. UDP. Background and Experience 1-1) Please rate your knowledge in the following areas (0 = None. DES.. administration.) 0 1 2 3 Computer Security (access control.) 0 1 2 3 Network Protocols (TCP. etc. RSA. security fundamentals. etc. PGP.g. 5 = Excellent). Survey of Students¶ Background and Experience (1) Background Survey CS 5950/6030 Network Security .1. UNIX/Linux/Solaris/etc.D./Year ________ OR:Grad.

.. 6 ..

1.3. [Barbara Edicott-Popovsky and Deborah Frincke. U.. Washington] 7 . Examples ± Security in Practice .3.. Introduction to Security (1) 1. CSSE592/492.1.

1.2. U.3. You Will Never Own a Perfectly Secure System. You Will Never Own a Perfectly Secure System. What is ÄSecurity?´ You Will Never Own a Perfectly Secure System. CSSE592/492. Washington] 8 . [Barbara Edicott-Popovsky and Deborah Frincke.

9 ....

U. CSSE592/492. Integrity.3. Barbara Edicott-Popovsky and Deborah Frincke.3. Washington] 10 . Availability (CIA) Confidentiality: Who is authorized? Integrity: Is the data Ägood?´ Availability: Can access data whenever need it? Confidentiality S Integrity Availability S = Secure [cf. Pillars of Security: Confidentiality.1.

Barbara Edicott-Popovsky and Deborah Frincke. integrity suffers due to lost updates) Ex: Have extensive data checks by different people/systems to increase integrity (confidentiality suffers as more people see data.Balancing CIA Biographical Data Payroll Data Health Data Confidentiality Integrity Sensitive Data Availability Need to balance CIA Ex: Disconnect computer from Internet to increase confidentiality (availability suffers. CSSE592/492. Washington] 11 . availability suffers due to locks on data under verification) Packet Switch Bridge File Server Gateway Other Networks [cf. U.

Class 1 ended here. Class 2 starts here. 12 .

g. use of a desktop  Confidentiality is: ± difficult to ensure ± easiest to assess in terms of success (binary in nature: Yes / No) 13 .Confidentiality  ³Need to know´ basis for data access ± How do we know who needs what data? Approach: access control specifies who can access what ± How do we know a user is the person she claims to be? Need her identity and need a gatekeeper to verify this identity Approach: identification and authentication  Analogously: ³Need to access/use´ basis for physical assets ± E. access to a computer room..

.means different things in different contexts Could mean any subset of these asset properties: { precision / accuracy / currency / consistency / meaningfulness / usefulness / .Integrity  Integrity vs..}  Types of integrity²an example ± Quote from a politician ± Preserve the quote (data integrity) but misattribute (origin integrity) 14 . Confidentiality ± Concerned with unauthorized modification of assets (= resources) Confidentiality .concered with access to assets ± Integrity is more difficult to measure than confidentiality Not binary ± degrees of integrity Context-dependent .

Full implemenation of availability for Internet users (with ensuring security)  Complex Context-dependent Could mean any subset of these asset (data or service) properties : { usefulness / sufficient capacity / progressing at a proper pace / completed in an acceptable period of time / .} [Pfleeger & Pfleeger] 15 ..Availability (1)  Not understood very well yet Ä[F]ull implementation of availability is security¶s next challenge´ E..g.

. deadlock control. .) [Pfleeger & Pfleeger] 16 ..Availability (2)  We can say that an asset (resource) is available if: ± Timely request response ± Fair allocation of resources (no starvation!) ± Fault tolerant (no total breakdown) ± Easy to use in the intended way ± Provides controlled concurrency (concurrency control.

Threats.3. Vulnerabilities. which tries to exploit one or more vulnerabilities ‡ Most of the class discusses various controls and their effectiveness [Pfleeger & Pfleeger] 17 .1. Threats. and Controls ± Vulnerability = a weakness in a security system ± Threat = circumstances that have a potential to cause harm ± Controls = means and ways to block a threat. and Controls  Understanding Vulnerabilities.4.

 Attack ± = exploitation of one or more vulnerabilities by a threat.6) ± New Orleans disaster (Hurricane Katrina): What were city vulnerabilities. ± Unsuccessful ‡ when controls block a threat trying to exploit a vulnerability [Pfleeger & Pfleeger]  Examples ± Fig. etc. and controls 18 . a system penetration. threats. 1-1 (p. tries to defeat controls ‡ Attack may be: ± Successful ‡ resulting in a breach of security.

Kinds of Threats  Kinds of threats: ± Interception ‡ an unauthorized party (human or not) gains access to an asset ± Interruption ‡ an asset becomes lost. unavailable. or unusable ± Modification ‡ an unauthorized party changes the state of an asset ± Fabrication ‡ an unauthorized party counterfeits an asset [Pfleeger & Pfleeger]  Examples? 19 .

since run on h/w  A) for hardware [Pfleeger & Pfleeger] 20 . h/w  C) for data ‡ Äon top´ of s/w.Levels of Vulnerabilities / Threats  D) for other assets (resources) ‡ including. s/w. since used by s/w  B) for software ‡ Äon top´ of h/w. people using data.

[Cambridge Dictionary of American English] ± Ex: Modification. real bugs) ‡ Steal the machine ‡ ÄMachinicide:´ Axe / hammer the machine ‡ .. wiretapping Snoop = to look around a place secretly in order to discover things about it or the people connected with it. mice.. 21 .A) Hardware Level of Vulnerabilities / Threats  Add / remove a h/w device ± Ex: Snooping.. alteration of a system ± ..  Physical attacks on h/w => need physical security: locks and guards ± Accidental (dropped PC box) or voluntary (bombing a computer room) ± Theft / destruction ‡ Damage the machine (spilled coffe.

. Barbara Edicott-Popovsky and Deborah Frincke.using chalk markings to show the presence and vulnerabilities of wireless networks nearby ± E. Warchalking. CSSE592/492.indicates a WLAN protected by Wired Equivalent Privacy (WEP) encryption [cf.g. U. Washington] 22 .Example of Snooping: Wardriving / Warwalking. a circled "W´ -.driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs  Warchalking -.  Wardriving/warwalking -.

Example of Snooping: Tapping Wireless http://www. U. Washington] 23 . Barbara Edicott-Popovsky and Deborah Frincke.com/cs/weblog/view/wlg/448 [cf.oreillynet. CSSE592/492.

[Barbara Edicott-Popovsky and Deborah Frincke. CSSE592/492. Washington] 24 . U.

com A legitimate transaction. U. Washington] 25 .Example of System Alteration: Skimming from ABC.. so it seems. CSSE592/492.. Magetizing the magnetic strip to complete produsing a counterfeit card. Barbara Edicott-Popovsky and Deborah Frincke. Making counterfeit Äblank´ credit card (with a blank magnetic strip). [cf. Stealing credit card data.

. . Viruses... Trapdoors.B) Software Level of Vulnerabilities / Threats  Software Deletion ± Easy to delete needed software by mistake ± To prevent this: use configuration management software  Software Modification ± Trojan Horses. etc. Logic Bombs.  Software Theft ± Unauthorized copying ‡ via P2P. Information Leaks (via covert channels). 26 .

k.. that propagates by infecting (i. Washington] 27 . U.Viruses  Virus A hidden. usually malicious logic. CSSE592/492. inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself. self-replicating section of computer software. Barbara Edicott-Popovsky and Deborah Frincke.a.e. it requires that its host program be run to make the virus active  Many kinds of viruses: Mass Mailing Viruses  Macro Viruses  ³Back Doors´ a. ³Remote Access Trojans´  Cell phone viruses  Home appliance viruses  [cf.

Washington] 28 . U. CSSE592/492. Barbara Edicott-Popovsky and Deborah Frincke.Types of Malicious Code Trapdoors X Files Trojan Horses Bacteria Bacteria Logic Bombs Worms Viruses Viruses [cf.

A hidden computer flaw known to an intruder. s Trapdoor .edu/~rslade/secgloss. sometimes by exploiting legitimate authorizations of a system entity that invokes the program. can propagate a complete working version of itself onto other hosts on a network. Logic bomb . but also has a hidden and potentially malicious function that evades security mechanisms. self-replicating section of computer software. other: http://www. Worm . Virus .org/rfc/rfc2828.txt] 29 . [«more types of malicious code exist«] [bacterium: http://sun. that propagates by infecting (i. A virus cannot run by itself. usually malicious logic.niu.A hidden. Trojan horse . Usage obscure. who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. inserting a copy of itself into and becoming part of) another program. Usually intended to cause denial of service or otherwise damage system X File resources. or a hidden computer mechanism (usually software) installed by an intruder.A computer program that appears to have a useful function. and may consume computer resources destructively.e.A specialized form of virus which does not attach to a specific file. it requires that its host program be run to make the virus active.soci.htm.ietf.Malicious [program] logic that activates when specified conditions are met.A computer program that can run independently.Bacterium ..

Class 3 30 .Continued .

Sign up to vote on this title
UsefulNot useful