Computer Security - PowerPoint PPT Presentation

About This Presentation

Title:

Computer Security

Description:

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability – PowerPoint PPT presentation

Number of Views:75

Avg rating:3.0/5.0

Slides: 42

Provided by: Tom4150

Learn more at: http://www.sba.oakland.edu

Category:

more less

Transcript and Presenter's Notes

Title: Computer Security

1
Computer Security

Prevention and detection of unauthorized actions
by users of a computer system
Confidentiality
Integrity
Availability

2
Access Control

Limiting and controlling access to a shared
resource
Two approaches 1) define what different
subjects are allowed to do and 2) define what can
be done to different objects
Access permissions Unix has read, write, and
execute Windows NT has read, write, execute,
delete, change permission, and change ownership

3
Software Reliability

How buggy software provides security
vulnerability
Why these problems are so common

4
The Ubiquity of Faulty Code

Estimates from SEI are 5-15 errors/1000 LOC
WIN2000 has 35-60 million LOC
Capers Jones study of errors in COBOL programs
Problem of getting people to install bug fixes

5
Risk

What is risk?
Magnitude of loss
Likelihood of loss
Exposure to loss
How well do people understand probability?

6
Vulnerabilities

Five steps to an attack
Identify the specific target to be attacked and
gather information about the target
Analyze the information and identify a
vulnerability in the target that will accomplish
the attack objectives
Gain the appropriate level of access to the
target
Perform the attack on the target
Complete the attack, which may include erasing
evidence of the attack, and avoid retaliation

7
The Vulnerability Landscape

Physical
Virtual
Trust Model
System Life Cycle

8
Countermeasures

Protection
Detection
Reaction

9
Threat Modeling

What are the threats?
How would a hacker think about attacking this
system?

10
Use of Threat Modeling

Risk Assessment
Security Design
Understand the real threats to the system and
assess the risk of these threats
Describe the security policy necessary to defend
against the threats
Describe the countermeasures that enforce the
policy

11
Security Policies

Good policies are appropriate for real threats
Security policies should be written
Security policies should specify security
measures and who is responsible for their
implementation, enforcement, audit, and review

12
The Internet
The global Internet has thousands of networks
Network
Webserver Software
Browser
Packet
Packet
Router
Route
Router
Router
Packet
13
Frames and Packets
Frame 1 Carrying Packet in Network 1
Packet
Router A
Frame 2 Carrying Packet in Network 2
Switch
Client PC
Frame 3 Carrying Packet in Network 3
Packet
Switch
Router B
Server
14
Frames and Packets

Like passing a shipment (the packet) from a truck
(frame) to an airplane (frame) at an airport.

Receiver
Shipper
Same Shipment
Airport
Airport
Truck
Truck
Airplane
15
Network Layered Architecture
TCP/IP
OSI
Hybrid TCP/IP-OSI
Application
Application
Application
Presentation
Session
Transport
Transport
Transport
Internet
Network
Internet
Subnet Access Use OSI Standards Here
Data Link
Data Link
Physical
Physical
16
Physical and Data Link Layers

Physical (Layer 1) defines electrical signaling
and media between adjacent devices
Data link (Layer 2) control of a frame through a
single network, across multiple switches

Physical Link
Frame
Switched Network 1
Data Link
17
Internet Layer

Governs the transmission of a packet across an
entire internet. Path of the packet is its route

Packet
Switched Network 1
Router
Switched Network 3
Route
Switched Network 2
18
Internet and Transport Layers
Transport Layer End-to-End (Host-to-Host)
Client PC
Server
Internet Layer (Usually IP) Hop-by-Hop
(Host-Router or Router-Router)
19
Hierarchical IP Address
Network Part (not always 16 bits) Subnet Part
(not always 8 bits) Host Part (not always 8
bits) Total always is 32 bits.
128.171.17.13
The Internet
UH Network (128.171)
CBA Subnet (17)
Host 13 128.171.17.13
20
Domain Name Service

Domain names and physical addresses
The DNS is a database that shows domain names and
physical addresses

21
IP Address Spoofing
1. Trust Relationship
3. Server Accepts Attack Packet
Trusted Server 60.168.4.6
Victim Server 60.168.47.47
2. Attack Packet Spoofed Source IP
Address 60.168.4.6 Attackers Identity is Not
Revealed
Attackers Client PC 1.34.150.37
22
Internet Protocol (IP)

IP Addresses and Security
IP address spoofing Sending a message with a
false IP address
Gives sender anonymity so that attacker cannot be
identified
Can exploit trust between hosts if spoofed IP
address is that of a host the victim host trusts

23
Transmission Control Protocol (TCP)

TCP Messages are TCP Segments
Flags field has several one-bit flags ACK, SYN,
FIN, RST, etc.

Window Size (16 bits)
Flag Fields (6 bits)
Reserved (6 bits)
Header Length (4 bits)
24
Communication During a TCP Session
PC Transport Process
Webserver Transport Process
1. SYN (Open)
Open (3)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
3-Way Open
25
Communication During a TCP Session
PC Transport Process
Webserver Transport Process
Normal Four-Way Close
13. FIN (Close)
Close (4)
14. ACK (13)
15. FIN
16. ACK (15)
Note An ACK may be combined with the next
message if the next message is sent quickly enough
26
Targeted System Penetration

Unobtrusive Information Collection
Whois database Information about responsible
person
Information about IP addresses of DNS servers, to
find firms IP address block

27
Targeted System Penetration

IP Address Spoofing Put false IP addresses in
outgoing attack packets
Attacker is blind to replies
Use series of attack platforms

28
Using a Chain of Attack Hosts
Allows Reading of Replies Without Exposing
Attacker
Replies
Attacker 1.4.5.6
Victim 60.77.8.32
Attack
Compromised Host 123.67.8.23
Compromised Host 123.67.33.4
29
Using a Chain of Attack Hosts
Attacker 1.4.5.6
Subsequent Trace Back
Successful
Connection Broken
Victim 60.77.8.32
Connection Broken
Compromised Host 123.67.8.23
Compromised Host 123.67.33.4
30
Denial-of-Service (DoS) Attacks

Flooding Denial-of-Service Attacks
SYN flooding
Try to open many connections with SYN segments
Victim must prepare to work with many connections
Victim crashes if runs out of resources at least
slows down
More expensive for the victim than the attacker

31
SYN Flooding DoS Attack
SYN
SYN
SYN
SYN
SYN
Attacker Sends Flood of SYN Segments Victim Sets
Aside Resources for Each Victim Crashes or Victim
Becomes Too Overloaded to Respond to the SYNs
from Legitimate Uses
Attacker 1.34.150.37
Victim 60.168.47.47
32
Distributed Denial-of-Service (DDoS)
Zombie
Handler
Attack Command
Attack Command
Attack Packet
Victim 60.168.47.47
Attacker 1.34.150.37
Attack Packet
Attack Command
Attack Command
Zombie
Attack Packet
Attack Command
Handler
Zombie
33
Types of Firewall Inspection

Packet Inspection
Examines IP, TCP,UDP, and ICMP header contents
Static packet filtering looks at individual
packets in isolation. Misses many attacks
Stateful inspection inspects packets in the
context of the packets role in an ongoing or
incipient conversation
Stateful inspection is the preferred packet
inspection method today

34
Types of Firewall Inspection

Denial-of-Service Inspection
Recognizes incipient DoS attacks and takes steps
to stop them
Limited to a few common types of attacks

35
Drivers of Performance Requirements Traffic
Volume and Complexity of Filtering
Complexity of Filtering Number
of Filtering Rules, Complexity Of rules, etc.
Performance Requirements
Traffic Volume (Packets per Second)
36
Stateful Inspection Firewalls

State of Connection Open or Closed
State Order of packet within a dialog
Often simply whether the packet is part of an
open connection

37
Stateful Inspection Firewalls

Static Packet Filter Firewalls are Stateless
Filter one packet at a time, in isolation
If a TCP SYN/ACK segment is sent, cannot tell if
there was a previous SYN to open a connection
But stateful firewalls can

38
DMZ