CS363
description
Transcript of CS363
CS363Week 1 - Wednesday
Last time
What did we talk about last time? Course overview Terminology
Threats Vulnerabilities Attacks Controls
CIA
Questions?
Security tidbit: In communist China, algorithms analyze you!
In the U.S., credit scores affect your life a great deal: mortgages, car loans, credit card interest rates, etc.
China is considering a "social credit" system, kind of like a Yelp! rating for…you
Each person will have a single number stating how good you are
China is evaluating eight companies that are issuing social credit as a pilot-program
Security tidbit continued The most high-profile project is run by Sesame Credit,
the financial wing of Alibaba Alibaba is the world's largest online shopping platform Kind of a cross between Amazon and eBay Your Sesame Credit social credit is kind of like your eBay
rating, but they also judge you based on the products you buy Chinese citizens with good credit scores praise the
system's convenience Security expert Bruce Schneier highlights the dangers of
secret algorithms to judge worth, especially when Liking the wrong thing on Facebook could lower your credit
Follow the story: http://www.bbc.com/news/world-asia-china-34592186
CIA
The basics of computer security:
Confidentiality
IntegrityAvailability
Confidentiality
You don’t want other people to be able to read your stuff Some of your stuff, anyway
Cryptography, the art of encoding information so that it is only readable by those knowing a secret (key or password), is a principle tool used here
Confidentiality is also called secrecy or privacy
Integrity
You don’t want people to mess up your stuff
You want to know: That your important data cannot be easily
changed That outside data you consider trustworthy
cannot be easily changed either There are many different ways that data
can be messed up, and every application has different priorities
Availability
You want to be able to use your stuff Many attacks are based on denial of
service, simply stopping a system from functioning correctly
Availability can mean any of the following: The service is present in usable form There is enough capacity for authorized users The service is making reasonable progress The service completes in an acceptable period
of time
Two other useful properties CIA covers a huge amount of ground,
but there are other properties that are not directly under that umbrella:
Authentication is being able to confirm the identity of a sender
Nonrepudiation is the flip side: being unable to deny that you sent something
Threats
There are many ways to classify threats
Nonhuman threats: natural disasters, hardware failures, etc.
Human threats: spilling a soft drink, entering the wrong data by mistake, intentionally hacking a system
Malicious vs. non-malicious Random vs. directed
Harm
• Someone read something they weren’t supposed to
Interception
• Something became unavailable or unusable
Interruption
• Someone changed something they weren’t supposed to
Modification
• Someone created fake thingsFabrication
Malicious, human-caused threats often involve one or more of the following kind of harm:
Advanced persistent threat An advanced persistent threat is
one that is organized, well-funded, and calculated to do maximum damage
These threats are getting more media coverage today as possibilities for terrorism or cyber warfare
Attacks on these threats come from governments, terrorist groups, and organized crime
Vulnerabilities
Hardware vulnerabilities
Adding or removing devices Intercepting the traffic to devices or
flooding them with too much traffic Physical attacks such as water, fire,
electricity, food particles, mice chewing through cables, dust, and blunt force trauma
These vulnerabilities can be exploited intentionally or unintentionally
Software vulnerabilities
Software deletion Accidental or otherwise
Software modification Accidental software changes due to
hardware errors or software bugs Trojan horses Viruses Trapdoors Information leaks
Software theft
Data vulnerabilities
Data confidentiality Wire tapping Van Eck phreaking Shoulder surfing Looking through trash
Data integrity Intercepting data and passing it along
with parts changed
Goals
Mechanisms are intended to accomplish one or more goals: Prevent an attack Detect an attack Recover from an attack
Other issues Networks can multiply the problems of computer
security by making data easy to intercept and change
Physical access to computer systems can allow people to use hardware and software for unauthorized benign or malignant purposes
People are problematic Someone has to design security systems, and they can’t
always be trusted Sometimes people are needed but unavailable People leave (or are fired) with valuable information People behave unpredictably People can be bribed
Attackers
Individuals Most computer criminals are amateurs
They commit crimes of opportunity Time-stealing is common
Disgruntled or recently fired employees can use their knowledge of a system to attack it
A malicious hacker is called a cracker Many crackers attempt to gain access to
other people’s computer systems for the fun or challenge of it They often brag about their exploits
Organized crime Most professional crackers are trained computer
scientists who have turned to crime In the early days of hacking and viruses,
destroying hardware, software, or data was the goal
Professional crackers now look to make money by stealing valuable data
There are connections to organized crime Many attacks come from Russia, Asia, and Brazil Professionals want to remain undetected so that
they can keep stealing data
Terrorists Modern terrorists are often computer savvy Four common forms of terrorist computer
usage are: Targets of attacks
Denial-of-service and defacement of websites Methods of attack
Using computers to launch an attack Enablers of attacks
Coordinating or initiating other forms of terrorism through websites, e-mail, etc.
Enhancers of attacksUsing the Internet to spread propaganda and recruit agents
Harm and risk
Harm is the bad thing that happens when the threat occurs
Risk management is about choosing which threats to control and which not to Remember that this is usually a financial
decisionResidual risk is the risk that is still
not controlled after risk management
Risk perception
What's the chance that a huge meteor will hit during our lifetimes? Small! Likelihood is the chance that a threat
will happen What will happen if a huge meteor
hits? Terrible things! Impact is the damage of a threat
Humans overestimate the likelihood of rare, dreaded events
Method, opportunity, motive As with traditional crime, a computer
attacker must have three things:• Skills and tools to perform
the attackMethod• Time and access to
accomplish the attackOpportunit
y• A reason to perform the
attackMotive
Controls
Controls There are five common ways of controlling attacks,
many of which can be used togetherPrevent• Remove the vulnerability from the system
Deter• Make the attack harder to execute
Deflect• Make another target more attractive (perhaps a decoy)
Detect• Discover that the attack happened, immediately or
laterRecover• Recover from the effects of the attack
Effects of controls
Many different controls can be used to achieve the five methods of defense
Physical controls
Physical controls can be inexpensive and effective Locks on doors Security guards Backup copies of data Planning for natural disasters and fires
Simple controls are often the best Attackers will always look for a weak
point in your defenses
Technical controls Software controls:
Passwords OS and network controls▪ Tools to protect users from each other
Independent control programs▪ Application programs that protect against specific vulnerabilities
Development controls▪ Quality control for creating software so that vulnerabilities are
not introduced Hardware controls
Smart cards on satellite or cable television set-top boxes Fingerprint or other biometric readers Firewalls
Encryption Encryption is the scrambling of data
Often a key or some other secret information is used to do the scrambling
Without knowledge of the secret, the data becomes useless
Modern encryption is one of the most powerful tools for preserving computer security
Most modern attacks do not depend on breaking encryption but on circumventing it
Encryption The process of encryption takes plaintext as
an input and produces ciphertext as an output
Plaintext (or cleartext) is not necessarily human readable, but its contents are not protected in any way
Using cryptography, we can build protocols to support confidentiality and integrity (and even availability indirectly)
As useful as it is, encryption is not a panacea
Procedural controls Human beings ultimately get involved It is important to have policies and
procedures to guide their actions, such as: Change passwords regularly Don’t give people your password Don’t allow coworkers access to data they
should not have Laws are important policies with
consequences, but they react slowly to the rapid changes in technology
Effectiveness of controls Many issues impact the effectiveness of controls
Awareness of problemUsers must be convinced that it is worth using the controls
Likelihood of useThe controls must be easy enough to use that the task performed is not seriously affected
Overlapping controlsOverlapping controls or defense in depth can help, but sometimes the controls negatively impact each other
Periodic reviewConditions change, and controls must be reviewed periodically and updated when needed
Sign up for Presentations
Upcoming
Next time…
Authentication Passwords Biometrics
Reminders
Read Section 2.1