Spring 2009 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Making security...

Spring 2009 1R. Smith - University of St Thomas - Minnesota

CISC 210 - Class TodayCISC 210 - Class Today

• Making security decisionsMaking security decisions• IntroductionsIntroductions• Security perimetersSecurity perimeters• AssignmentAssignment


Making security decisionsMaking security decisions

• Do you always lock:Do you always lock:– A car doorA car door

– A room doorA room door

– A house doorA house door

• If not If not alwaysalways, what decides , what decides otherwise?otherwise?


Decision Making StrategiesDecision Making Strategies

• Rule basedRule based– I’m told that’s what we do, and I follow that rule (Passwords)I’m told that’s what we do, and I follow that rule (Passwords)

• Relativistic Relativistic – My friend does it, so I do, too.My friend does it, so I do, too.– My neighbor has a fence and locks his front door. Me, too.My neighbor has a fence and locks his front door. Me, too.– We all use super-strong Kryptonite bike locksWe all use super-strong Kryptonite bike locks

• ““Security Theater”, hunter’s dilemmaSecurity Theater”, hunter’s dilemma• MAD - DeterrenceMAD - Deterrence

• RationalRational– We look at the risks and choose security measures We look at the risks and choose security measures

accordinglyaccordingly– If an incident occurs, it should prove cheaper than the long-If an incident occurs, it should prove cheaper than the long-

term cost of protecting against itterm cost of protecting against it– Reassess risks as part of the “life cycle” of the assetReassess risks as part of the “life cycle” of the asset


Decision making in a life cycleDecision making in a life cycle

• Identify your practical goalsIdentify your practical goals– What “real” things do you want to accomplish?What “real” things do you want to accomplish?– What risks interfere with them?What risks interfere with them?

• Choose the security that fitsChoose the security that fits– What weaknesses exist?What weaknesses exist?– What security measures might work?What security measures might work?– What are the trade-offs against goals?What are the trade-offs against goals?

• Measure successMeasure success– Monitor for attacks or other failuresMonitor for attacks or other failures– Recover from problemsRecover from problems– Reassess goals and trade-offsReassess goals and trade-offs


So what will the class look at?So what will the class look at?

• How to assess security in generalHow to assess security in general• Analyzing trade-offs (risk, cost, effectiveness)Analyzing trade-offs (risk, cost, effectiveness)• Specific security issues and techniquesSpecific security issues and techniques

– WorkstationsWorkstations– LANsLANs– Distributed networksDistributed networks– Internet accessInternet access– E-commerceE-commerce– If time, DRM and ‘extreme security’If time, DRM and ‘extreme security’

• LabsLabs– Some exist, scheduling may be trickySome exist, scheduling may be tricky


Who are you, who am IWho are you, who am I

• Ask your neighbor:Ask your neighbor:– Name, majorName, major

– Why are you taking this class?Why are you taking this class?

– Do you “0wn” a computer?Do you “0wn” a computer?

• I.e. can you log in as admin?I.e. can you log in as admin?

– Give a personal, security related fact.Give a personal, security related fact.

• Experience, skill, incident, etc.Experience, skill, incident, etc.


The Class On-LineThe Class On-Line

• Web home pageWeb home page– courseweb.stthomas.edu/resmith links to itcourseweb.stthomas.edu/resmith links to it– Course schedule with homework assignmentsCourse schedule with homework assignments– Links to lecture notesLinks to lecture notes

• BlackboardBlackboard– Link to course home pageLink to course home page– GradesGrades– Links to copyrighted materialLinks to copyrighted material

• Draft book chaptersDraft book chapters


The SyllabusThe Syllabus

• Concepts we’ll coverConcepts we’ll cover– ““Practical” security planning and assessmentPractical” security planning and assessment– Risk trade offs - the conceptRisk trade offs - the concept– Role of security policiesRole of security policies

• Environments - in order of breadthEnvironments - in order of breadth– Personal desktop/laptopPersonal desktop/laptop– Access control on shared computerAccess control on shared computer– Desktop encryptionDesktop encryption– Local networkLocal network– Internet access from LANInternet access from LAN– Distributed LANsDistributed LANs– E-commerceE-commerce


Textbook(s)Textbook(s)

• The main text is The main text is Internet CryptographyInternet Cryptography– We don’t need it yet, probably not till MarchWe don’t need it yet, probably not till March– Buy a cheap copyBuy a cheap copy

• The initial readings are draft chaptersThe initial readings are draft chapters– I’m writing a security text bookI’m writing a security text book– 3 chapters are all finished3 chapters are all finished– 3-5 more chapters may be used in this class3-5 more chapters may be used in this class– Draft Chapters are posted on BlackboardDraft Chapters are posted on Blackboard

• Print them, or read on-line, as you preferPrint them, or read on-line, as you prefer


Reading the Draft ChaptersReading the Draft Chapters

• Usually starts with a ‘scenario’Usually starts with a ‘scenario’– People involved in a security relevant activityPeople involved in a security relevant activity

• ““Body” of the chapter Body” of the chapter – Concepts and techniquesConcepts and techniques– What to do - How to do it - How things are relatedWhat to do - How to do it - How things are related– Examples of things to do in exercisesExamples of things to do in exercises

• Process examplesProcess examples– Follow a security situation through the 6-step processFollow a security situation through the 6-step process– Sometimes computer-related, sometimes notSometimes computer-related, sometimes not

• Resources, Review and ExercisesResources, Review and Exercises– Study the review questions –source of quiz/exam questionsStudy the review questions –source of quiz/exam questions– Exercises – numbered with ‘E’ – typical homeworkExercises – numbered with ‘E’ – typical homework


Personal Computer SecurityPersonal Computer Security

• Share a dorm room?Share a dorm room?• Share an apartment?Share an apartment?• Share a home?Share a home?

• ““My” computer - a security objectiveMy” computer - a security objective

• ““I’ll kill you if you touch it” I’ll kill you if you touch it” – a policy statement?a policy statement?


Extreme Workstation SecurityExtreme Workstation Security

Does this achieve our goals? Does this achieve our goals?


A real world exampleA real world example

• There is a companyThere is a company• Thieves walk into their buildings every dayThieves walk into their buildings every day• The front door is unlocked all day longThe front door is unlocked all day long• Valuable company property is just lying aroundValuable company property is just lying around• The thieves pick it up and carry it awayThe thieves pick it up and carry it away• Most thieves, but not all, get away!Most thieves, but not all, get away!

• WHAT IS THIS STUPID COMPANY?WHAT IS THIS STUPID COMPANY?• Why don’t they lock the door, at least?Why don’t they lock the door, at least?


The Security ProcessThe Security Process

1.1. Identify your assetsIdentify your assets• What assets and capabilities do you require?What assets and capabilities do you require?

2.2. Analyze the risks of attackAnalyze the risks of attack• What can happen to damage your assets? What can happen to damage your assets? • What is the likelihood of damage?What is the likelihood of damage?

3.3. Establish your security policyEstablish your security policy• Trade off of risks, cost of damage, cost of protectionTrade off of risks, cost of damage, cost of protection• Identify the protections you intend to useIdentify the protections you intend to use

4.4. Implement your defensesImplement your defenses

5.5. Monitor your defensesMonitor your defenses

6.6. Recover from attacksRecover from attacks


The Process ItselfThe Process Itself

• Based on industrial modelsBased on industrial models– ““System engineering” processSystem engineering” process

• We can apply it at a high levelWe can apply it at a high level– Examples sprinkled through the text: Bob, 9/11, Troy, etc.Examples sprinkled through the text: Bob, 9/11, Troy, etc.

• We also apply steps in detailWe also apply steps in detail– Numerical risk assessmentsNumerical risk assessments– Policy planningPolicy planning– Security implementation plansSecurity implementation plans


Security analysis: your PCSecurity analysis: your PC

• The PC itself isn’t the assetThe PC itself isn’t the asset– Most often, we value what it Most often, we value what it doesdoes, not what it , not what it isis

• Hardware is interchangeableHardware is interchangeable

• Assets: resources, things that empower usAssets: resources, things that empower us– Focus on what the assets empower us to achieve:Focus on what the assets empower us to achieve:– Get homework done, socialize, manage finances, etc.Get homework done, socialize, manage finances, etc.

• Risks: things that interfere with assetsRisks: things that interfere with assets– What can interfere with our achievements?What can interfere with our achievements?– Assess likelihood and impactAssess likelihood and impact

• We identify risks by looking at We identify risks by looking at threats threats and and vulnerabilitiesvulnerabilities


Asset

Threats & VulnerabilitiesThreats & Vulnerabilities

Threat

Defense,Safeguard, or

“Countermeasure”

An attempt to steal or harm the asset is an attackattack

Vul

nera

bilit

yV

ulne

rabi

lity


Simple risk analysis: your PCSimple risk analysis: your PC

• Threats?Threats?– Who, why?Who, why?

• Vulnerabilities?Vulnerabilities?– What bad can happen?What bad can happen?– What allows the badness to happen?What allows the badness to happen?

• Can we just lock it up?Can we just lock it up?– Put it in a roomPut it in a room– Put a lock on the door.Put a lock on the door.– Don’t share the keyDon’t share the key

• Does this work?Does this work?


Deciding on ProtectionDeciding on Protection

• Policy: what protections we needPolicy: what protections we need– If possible, identify defensive perimetersIf possible, identify defensive perimeters– Identify other defenses to reduce impact of risks Identify other defenses to reduce impact of risks – Balance against how we use the assetBalance against how we use the asset– Balance against cost of protectionBalance against cost of protection


Physically securing an areaPhysically securing an area

• What is a secure perimeter?What is a secure perimeter?– Contiguous - no breaksContiguous - no breaks– A barrier - actually blocks some attacksA barrier - actually blocks some attacks– Minimal number of openingsMinimal number of openings– Access restrictions on the openingsAccess restrictions on the openings

• Example: my houseExample: my house– Wooden frame building - keeps out wild dogsWooden frame building - keeps out wild dogs– Glass windows with storms - dittoGlass windows with storms - ditto– Locked doors - dittoLocked doors - ditto– Metal fence - dittoMetal fence - ditto– Gates in the fence - dittoGates in the fence - ditto


Security AnalysisSecurity Analysis

• What are the threats?What are the threats?– Wild dogsWild dogs– BurglarsBurglars– People collecting for nasty charitiesPeople collecting for nasty charities

• What are the defenses?What are the defenses?

• Are there effective attacks on them?Are there effective attacks on them?– Effective = threats might use themEffective = threats might use them


Is this a complete list of threats?Is this a complete list of threats?

• Of course not.Of course not.– Study history, the news, experience, introspectionStudy history, the news, experience, introspection– Generate a ‘better’ listGenerate a ‘better’ list

• A notion of “threats”A notion of “threats”– Threat = anyone with strongly different goalsThreat = anyone with strongly different goals– Example: Burger King vs McDonald’sExample: Burger King vs McDonald’s

• Both “sort of” have the same goal: sell burgersBoth “sort of” have the same goal: sell burgers• In fact, BK wants to sell BK burgers, while Mac In fact, BK wants to sell BK burgers, while Mac

wants to sell Mac burgerswants to sell Mac burgers• BK people are not trusted in McDonald’s placesBK people are not trusted in McDonald’s places


Potential vs Real ThreatsPotential vs Real Threats

• Potential Threat = strongly different goalsPotential Threat = strongly different goals– Not a member of the family, company, communityNot a member of the family, company, community– Member of competing entityMember of competing entity– But not necessarily motivated to do you harmBut not necessarily motivated to do you harm

• Real Threat = history of attacksReal Threat = history of attacks– ““Good” neighborhood = neighbors not a threatGood” neighborhood = neighbors not a threat– ““Bad” neighborhood = neighbors have caused Bad” neighborhood = neighbors have caused

trouble in the pasttrouble in the past


Now, the DefensesNow, the Defenses

• Physical worldPhysical world– Physical barriers, slows them down a lotPhysical barriers, slows them down a lot– Locks - slow them down, restricts accessLocks - slow them down, restricts access– Alarms - calls for helpAlarms - calls for help– Warnings - shows you careWarnings - shows you care

• Computer worldComputer world– Examples?Examples?


What defenses are “effective”?What defenses are “effective”?

• Concept of “work factor”Concept of “work factor”– How hard does the attacker have to work to overcome the How hard does the attacker have to work to overcome the

defense?defense?– May be computed in hoursMay be computed in hours– May be computed in likelihood over timeMay be computed in likelihood over time

• Example: average of 3 days, $.25M to crack DESExample: average of 3 days, $.25M to crack DES

• Effective =Effective =– Work Factor > threat’s motivation or skillWork Factor > threat’s motivation or skill– My Home ExampleMy Home Example

• Wild dogs motivated but not resourcefulWild dogs motivated but not resourceful• Charity people resourceful but not motivatedCharity people resourceful but not motivated• Burglars may be both, but hopefully not too much soBurglars may be both, but hopefully not too much so

– Or, deterred by the alarm, and the large dogOr, deterred by the alarm, and the large dog


How does this relate to How does this relate to computers?computers?

• Defenses are always a trade offDefenses are always a trade off

• The same reasoning applies to bothThe same reasoning applies to both

• All security begins with physical securityAll security begins with physical security


Evolution of Evolution of Attacks and DefensesAttacks and Defenses

Attacks Defenses

Remote TerminalsMasquerade

PasswordsSteal the Password File

Password HashingGuessing

Guess DetectionKeystroke Sniffing

Memory ProtectionPassword Sharing

Password TokensNetwork Sniffing

One-Time Passwords??

Example: Passwords on Computers


The homework assignmentThe homework assignment

• First, Read Draft Chapter 1First, Read Draft Chapter 1– Posted on BlackboardPosted on Blackboard

• Second, do Exercise E5 at the end of the Second, do Exercise E5 at the end of the chapter: analyze the perimeter of some chapter: analyze the perimeter of some commercial or other business location.commercial or other business location.


Creative Commons LicenseCreative Commons License

This work is licensed under the Creative This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United Commons Attribution-Share Alike 3.0 United

States License. To view a copy of this license, States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-visit http://creativecommons.org/licenses/by-

sa/3.0/us/ or send a letter to Creative sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Commons, 171 Second Street, Suite 300, San

Francisco, California, 94105, USA.Francisco, California, 94105, USA.

Spring 2009 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Making security...

Documents

Transcript of Spring 2009 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Making security...