Chapter 1 Introduction and Security Trends - PowerPoint PPT Presentation

1 / 47
About This Presentation
Title:

Chapter 1 Introduction and Security Trends

Description:

Love Letter Worm (May 2000) The worm spread via e-mail with the ... Similar to the Melissa virus, the Love Letter Worm spread via attachment to e-mails. ... – PowerPoint PPT presentation

Number of Views:794
Avg rating:3.0/5.0
Slides: 48
Provided by: MAST2
Category:

less

Transcript and Presenter's Notes

Title: Chapter 1 Introduction and Security Trends


1
Chapter 1 Introduction andSecurity Trends
2
Learning Objectives
  • By the end of this sessions, students should be
    able to-
  • Understand the meaning of security in computer
    systems
  • Understand security problems associated with
    computer systems
  • Define and explain general security concepts
  • Define and differentiate various methods of
    defense to secure computer systems

3
Sub-topics
  • 1.1 What Does Secure Mean?
  • 1.2 The Security Problem
  • 1.3 General Security Concepts
  • 1.4 Methods of Defense

4
1.1What Does Secure Mean?
5
  • What secure mean to you? Security?
  • Example Banks in the American Wild West
  • Protection? What things to protect?
  • How to commit a crime?
  • Protecting valuables.
  • Protecting money vs protecting information.
  • Things to be protected.
  • Why? the end result of computer breached
  • How?

6
Characteristics of computer intrusion
  • Computer
  • As a tool to commit a crime
  • As a target of a crime
  • As a repository and database for information
    hiding
  • Computing system a collection of hardware,
    software, storage media, data, network and
    people.
  • Often some parts are mistakenly assume not
    valuable.
  • Weakest point principle of easiest penetration.
  • Security specialist must consider all possible
    means of penetration.
  • No attack is out of bounds.

7
1.2The Security Problem
8
Yesterday and today
  • Fifty years ago
  • Few people had access to a computer system or a
    network
  • Securing these systems was easier.
  • Companies did not conduct business over the
    Internet.
  • Today, companies rely on the Internet to operate
    and conduct business.

9
  • Networks are used to transfer vast amounts of
    money in the form of bank transactions or credit
    card purchases.
  • When money is transferred via networks, people
    try to take advantage of the environment to
    conduct fraud or theft.
  • There are various ways to attack computers and
    networks to take advantage of what has made
    shopping, banking, investment, and leisure
    pursuits a matter of dragging and clicking for
    many people.
  • Identity theft is common today.

10
Security incidents
  • By examining some of the crimes that have been
    committed over the last dozen or so years, we
    can
  • Understand the threats and the security issues
    that surround the computer systems and networks.
  • FBI statistics reported on book (2005)
  • Of all the computer crimes, only 1 are detected,
    and 7 of the detected crimes are reported.
  • Jail sentences, which are usually short-term,
    amount to only 3.
  • A 75 increase per year has been reported in
    computer intrusions.
  • Computer crime has increased to 36.

11
The Morris Worm (November 1988)
  • Robert Morris, a graduate of Cornell University,
    released The Internet Worm (or the Morris Worm).
  • The worm infected 10 percent of the machines
    (approximately 6,000) connected to the Internet
    at that time.
  • The virus caused an estimated 100 million in
    damage, though this number has been the subject
    of wide debate.

12
Citibank and Vladamir Levin (June October 1994)
  • From June 1994 through October, Vladimir Levin,
    of St. Petersburg, made a number of bank
    transfers.
  • When he and his accomplices were caught, they had
    transferred an estimated 10 million.
  • Eventually all but about 400,000 was recovered.
  • Levin reportedly accomplished the break-ins by
    dialing into Citibanks cash management system.

13
Kevin Mitnick (February 1995)
  • Kevin Mitnicks computer activities occurred over
    a number of years from the 1980s through 1990s.
  • Mitnick admitted to having gained unauthorized
    access to a number of computer systems belonging
    to companies such as Motorola, Novell, Fujitsu,
    and Sun Microsystems.

14
Omega Engineering Timothy Lloyd (July 1996)
  • On July 30, 1996, a software time bomb at Omega
    Engineering deleted all design and production
    programs of the company. This severely damaged
    the small company forcing the layoff of 80
    employees.
  • The program was traced back to Timothy Lloyd who
    had left it in retaliation for his dismissal.

15
Jester and the Worcester Airport (March 1997)
  • In March 1997, airport services to the FAA
    control tower as well as emergency services at
    the Worcester Airport and the community of
    Rutland, Massachusetts, were cut off for six
    hours.
  • This disruption occurred as a result of a series
    of commands sent by a teenage computer hacker
    who went by the name of jester.
  • The individual gained unauthorized access to the
    loop carrier system operated by NYNEX.

16
Melissa Virus (March 1999)
  • Melissa is the best known of the early macro type
    of virus that attaches itself to documents, which
    contain programs with a limited macro programming
    capability.
  • The virus was written and released by David
    Smith.
  • This virus infected about a million computers and
    caused an estimated 80 million in damages.

17
  • This virus clogged networks with the traffic and
    caused problems for e-mail servers worldwide.
  • It attached itself to Microsoft Word 97 and Word
    2000 documents.
  • Whenever a file was opened, a macro caused it to
    infect the current host and also sent itself to
    the first fifty addresses in the individuals
    address book.
  • To avoid infection by Melissa, users should not
    open the attached file.

18
Love Letter Worm (May 2000)
  • The worm spread via e-mail with the subject line
    ILOVEYOU.
  • The number of infected machines worldwide may
    have been as high as 45 million.
  • Similar to the Melissa virus, the Love Letter
    Worm spread via attachment to e-mails. In this
    case, instead of utilizing macros, the
    attachments were VBScript programs.

19
Code-Red Worm (2001)
  • On July 19, 2001, over 350,000 computers
    connected to the Internet were infected by the
    Code-Red worm. The incident took only 14 hours to
    occur.
  • Damages caused by the worm (including variations
    of the worm released on later dates) exceeded
    2.5 billion.
  • The vulnerability exploited by the Code-Red worm
    had been known for a month.

20
Adil Yahya Zakaria Shakour (Aug 2001-May 2002)
  • Shakour accessed several computers without
    authorization, including
  • Eglin Air Force Base (where he defaced the web
    site)
  • Accenture (a Chicago-based management consulting
    and technology services company)
  • Sandia National Laboratories (a Department of
    Energy facility)
  • Cheaptaxforms.com
  • At Cheaptaxforms.com, Shakour obtained credit
    card and personal information, which he used to
    purchase items worth over 7,000 for his own use.

21
Slammer Worm (2003)
  • The Slammer virus was released on Saturday,
    January 25, 2003.
  • It exploited a buffer-overflow vulnerability in
    computers running Microsoft's SQL Server or
    Microsoft SQL Server Desktop Engine.
  • This vulnerability was not new.
  • It had been discovered in July 2002.
  • Microsoft had released a patch for the
    vulnerability even before it was announced.
  • By the next day, the worm had infected at least
    120,000 hosts and caused network outages and
    disruption of airline flights, elections, and
    ATMs.

22
Security trends
  • The biggest change in security over the last 30
    years has been the change in the computing
    environment.
  • Large mainframes are replaced by highly
    interconnected networks of much smaller systems.
  • Security has switched from a closed environment
    to one in which computer can be accessed from
    almost anywhere.

23
  • The type of individual who attacks a computer
    system or a network has also evolved over the
    last 30 years.
  • The rise of non-affiliated intruders, including
    script-kiddies, has greatly increased the
    number of individuals who probe organizations
    looking for vulnerabilities to exploit.
  • Another trend that has occurred is as the level
    of sophistication of attacks has increased, the
    level of knowledge necessary to exploit
    vulnerabilities has decreased.

24
  • One of the best-known security surveys is the
    joint survey conducted annually by the Computer
    Security Institute (CSI) and the FBI.
  • The two most frequent types of attacks have
    remained constant with viruses and insider abuse
    of net access being the most common.

25
  • The number of organizations that have reported
    unauthorized use of their computer systems has
    been declining slowly (from 70 in 2000 to 56 in
    2003).
  • The number of organizations that have reported
    attacks from Internet connections has increased
    (from 59 in 2000 to 78 in 2003).
  • Organizations citing independent hackers as a
    likely source of attacks have also increased
    (from 77 in 2000 to 82 in 2003).

26
  • With the exception of Denial-of-Service attacks
    and telecom frauds, all categories had recorded a
    steady increase from 2000 through 2002, but then
    took a sharp decline in 2003.
  • The average loss as a result of theft of
    proprietary information hit a high of 6.57
    million in 2002 but was only 2.70 million in
    2003.
  • Financial fraud plunged from 4.63 million in
    2002 to 328 thousand in 2003.
  • Today's statistics?

27
1.3General Security Concepts
28
Security Goals
  • Computer security addressing 3 aspects
  • Confidentiality ensures that computer-related
    assets are accessed only by authorized parties.
  • Integrity assets can be modified only by
    authorized parties in authorized ways.
  • Availability assets are accessible to
    authorized parties at appropriate times.
  • The 3 goals can be independent, can be overlap
    and mutually exclusive.

29
Relationship between the 3 goals
Secure
30
Confidentiality
  • Only authorized people or systems can access
    protected data.
  • Who determine which people or systems are
    authorized?
  • By accessing data is it mean can access a
    single bit? Or the whole data?
  • Can someone authorized disclose those data to
    other parties?
  • Example?

31
Loss of Confidentiality
Secret
Interception
32
Integrity
  • If we have preserved the integrity of an item, we
    may mean
  • Precise
  • Accurate
  • Unmodified
  • Modified only in acceptable ways
  • Modified only by authorized people
  • Modified only by authorized processes
  • Consistent
  • Internally consistent
  • Meaningful and usable

33
Loss of Integrity
Ideal route of the message
Actual route of the message
Transfer 100
Transfer 1000
Modification
34
Availability
  • Applies both to data and to services (information
    and to information processing).
  • A data item, service or system is available if
  • Timely response to request
  • Resources are allocated fairly
  • Can be used easily in the way it was intended to
    be used
  • Concurrency is controlled simultaneous access,
    deadlock and exclusive access.

35
Attack on availability(denial of service)
Interruption
36
Authentication
  • Some mechanism to prove that you are who you
    claim to be.
  • 3 general methods to verify identity
  • Something you know
  • Something you have
  • Something you are
  • Problem? Weakness? How?

37
Absence of authentication
X
I am user
Fabrication
38
Access Control
  • The ability of a subject (such as an individual
    or a process running on a computer system) to
    interact with an object (such as a file or
    hardware device).
  • To prevent unauthorized access.
  • It may be confused with authentication.
  • Example
  • Log in to e-community
  • What authentication applied?
  • Where access control plays it roles?

39
1.4Methods of Defense
40
  • Basic concepts to deal with harm
  • Prevent it block attack or close the vulnerable
  • Deter it make the attack harder but not
    impossible
  • Deflect it make another target more attractive
  • Detect it as it happens or after the attack
  • Recover - from its effects
  • More than one of the above can be done at once.
  • Why? Example?

41
Controls or countermeasures
  • Use a combination of controls to secure valuable
    resources.
  • Selection of controls value, effort of an
    intruder, cost compare with risk of loss, easy to
    use or implement.

42
Encryption
  • We want to protect hardware, software and data
    valuable resources.
  • Make the data useless by scrambling or encoding
    it.
  • Use encryption hard for an intruder to find
    data useful.
  • It address
  • confidentiality data cannot be read easily if
    not knowing the encoding used
  • integrity data cannot be read generally cannot
    easily be changed in a meaningful manner
  • and nullify the value of interception,
    modification or fabrication.

43
Software controls
  • Programs are second facet of computer security.
  • Programs must be secure, developed and
    maintained
  • Internal program controls part of program that
    enforce security restrictions e.g. limitations in
    a database
  • Independent control programs application
    programs e.g. password checker, intrusion
    detection utilities, virus scanner, firewall and
    others
  • Development controls quality standards which a
    program is designed, coded, tested and maintained
    to prevent software faults from exploitable
    vulnerabilities

44
Hardware controls
  • Hardware devices
  • Hardware or smart card implementations of
    encryption
  • Locks or cables limiting access or deterring
    theft
  • Devices to verify users identities
  • Firewalls
  • Intrusion detection systems
  • Circuit boards that control access to storage
    media

45
  • Policies and procedures
  • e.g. Frequent changes of passwords
  • After establishment of policies - training and
    administration
  • Physical controls
  • Locks on doors
  • Guards at entry points
  • Backup copies of important software and data
  • Physical site planning that reduces risk of
    natural disasters

46
Learning Objectives
  • By the end of this sessions, students should be
    able to-
  • Understand the meaning of security in computer
    systems
  • Understand security problems associated with
    computer systems
  • Define and explain general security concepts
  • Define and differentiate various methods of
    defense to secure computer systems

47
  • QA
  • Thank you.
Write a Comment
User Comments (0)
About PowerShow.com