Title: CS 477 Computer Security
1CS 477 Computer Security Prof. W. A.
Zuniga-Galindo E-mailwzuniga_at_mail.barry.edu Phon
e (305) 899-3616 Office Garner 210 Home page
http//Euclid.barry.edu/zuniga
2References
- Textbook
- William Stallings, Network Security Essentials,
Second Edition, Prentice Hall, 2002 - Charles P. Pfleeger, and Shari Lawrence Pfleeger,
Security in Computing, Third Edition, 2003
3Structure of Course
- Core
- Introduction (Basics ideas and Vocabulary)
- Symmetric Encryption
- Introduction to Number Theory
- Public-Key Encryption
- PGP
4Structure of Course
- Student Presentations
- Security In NetworksÂ
- Authentication Applications
- IP Security
- Web Security
- Administering Security
- Intruder and Viruses
- Legal and ethical Issues in Computer Security
5Introduction
- Computer Security is a generic name for the
collection of tools designed to protect data and
to thwart (frustrate) hackers. - A collection of interconnected networks is called
an internet - This course is dedicated to Network Security (or
internet Security), which consists of measures to
deter, prevent, detect, and correct security
violations that involve the transmission of
information. -
5
6Examples of Security Violations
- User A transmits a file to user B. The file
contains sensitive information (e.g. payroll
records) that is to be protected from
disclosure. User C, who is not authorized to read
the file, is able to monitor the transmission and
captures a copy of the file during its
transmission.
7Examples of Security Violations
- A network management application, D, transmits a
message to a computer, E, under its management.
The message instructs computer E to update an
authorization file to include the identities of a
number of new users who are to be given access to
that computer. User F intercepts the message,
alters its contents to add or delete entries, and
then forwards the message to E, which accepts the
message as coming from the manager D and updates
its authorization file accordingly.
8Examples of Security Violations
- An employee is fired without warning. The
personnel manager sends a message to a server
system to invalidate the employees account. When
the invalidation is accomplished, the server is
to post a notice to the employees file as
confirmation of the action. The employee is able
to intercept the message and delay it long enough
to make a final access to the server to retrieve
sensitive information.The message is then
forwarded, the action is taken, and the
confirmation posted. The employees action may go
unnoticed for some considerable time.
9Examples of Security Violations
- A message is sent from a customer to a
stockbroker with instructions for various
transactions. Subsequently, the investments lose
value and the customer denies sending the
message.
10Attacks, Services, and Mechanisms
Security Attack Any action that compromises
the security of information owned by an
organization. Security Mechanism A mechanism
that is designed to detect, prevent, or recover
from a security attack. Security Service A
service that enhances the security of data
processing systems and information transfers of
an organization. A security service makes use of
one or more security mechanisms.
10
11Security Attacks
- Attacks on the security of a computer system or
network are best characterized by viewing the
function of the computer system as providing
information. - In general there is a flow of information from a
source, such as a file , to a destination, such
as a hard disk.
12Security Attacks
- Interruption An asset of the system is
destroyed or becomes unavailable or
unusable.This is an attack on availability. - Example the destruction of a piece of hardware,
such as a hard disk, the cutting of a
communication line, or the disabling of the file
management system.
13Security Attacks
- Interception An unauthorized user (party) gain
access to an asset. This is an attack on
confidentiality. The unauthorized user may be a
person, computer or program. - ExamplesWiretapping to capture data in a
network, and the unauthorized copying of files or
programs.
14Security Attacks
- Modification An unauthorized user (party) not
only gains access to but tampers with an asset.
This is an attack on integrity.. - Examples Changing data in a data file, altering
a program so that it performs differently, and
modifying the content of messages being
transmitted on a network.
15Security Attacks
- Fabrication An unauthorized user (party)
inserts counterfeit objects into the system.
This an attack on authenticity.. - ExamplesInsertion of spurious messages in a
network or the addition of records to a file.
16Security Attacks
- A useful categorization of the above mentioned
attacks is in terms of passive and active
attacks. - Passive Attacks
- Passive attacks are in the nature of
eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to
obtain information that is being transmitted.
There are two types of passive attacks (1)
release of message contents and (2) traffic
analysis. - Examples(traffic analysis) Creating a customer
profile of a user by using information about the
sites that he or she visits.
1717
18Security Attacks
- Active Attacks
- These attacks involve some modification of the
data stream or the creation of a false stream. - Categories masquerade, replay, modification of
messages, denial service. - A masquerade takes place when one entity pretends
to be a different entity. - Replay involves the passive capture of a data
unit and its subsequent retransmission to produce
an unauthorized effect.
19Security Attacks
- Modification of messages simply means that some
portion of a legitimate message is altered, or
that messages are delayed or reordered, to
produce an unauthorized effect. - The denial of service prevents or inhibits the
normal use or management of communications
facilities. - Exercise To classify the security attacks
presented in page 3 of the textbook.
20Security Services
- Confidentiality (privacy) confidentiality is
the protection of transmitted data from passive
attacks - Authentication the authentication service is
concerned with assuring the identity of the
sender (who created or sent the data) - Integrity integrity service is the protection
of data from unauthorized modifications during
the transmission - Non-repudiation this service prevents either
sender or receiver from denying transmitted
message.
20
21Security Services
- Access control in the context of network
security, access control is the ability to limit
and control the access to host systems and
applications via communications links. To achieve
this control, each entity trying to gain access
must first be identified, so that access rights
can be tailored to the individual. - Availability This service is concerned with
assuring the permanence of a service or data
for authorized users - - Denial of Service Attacks
- - Virus that deletes files
22(No Transcript)
23- Exercise What class of security mechanism can be
used to deter, prevent,and detect the security
attacks presented in page 3 of the textbook.
24Viruses, Worms, and Trojan Horses
Virus - code that copies itself into other
programs Worm - a program that replicates itself
across the network (usually riding on email
messages or attached documents (e.g., macro
viruses). Trojan Horse - instructions in an
otherwise good program that cause bad things to
happen (sending your data or password to an
attacker over the net). Logic Bomb - malicious
code that activates on an event (e.g.,
date). Trap Door (or Back Door) - undocumented
entry point written into code for debugging that
can allow unwanted users.
24
25Virus Protection
Have a well-known virus protection program,
configured to scan disks and downloads
automatically for known viruses. Do not execute
programs (or "macro's") from unknown sources
(e.g., PS files, HyperCard files, MS Office
documents, Java, ...), if you can help it. Avoid
the most common operating systems and email
programs, if possible.
25
2626
2727