Definition:
- System is secure if resources used and accessed as intended
- Threat is potential security violation
CIA Triad:
- Goal of cybersec
- Confidentiality: only authorized user has access to data
- includes encyprtion of network traffice, permissions to files, authentication to resources
- Integrity: ensure data is not changed unexpectedly
- data corruption, encrypt and black mail, accident
- Availability: users and services have access to the resources when needed
- uptime, network performance, access to resource
- backups, load balancing, low latency network
Security Threats and Attacks
Security violation categories:
- breach of confidentiality: unauthorized reading of data
- breach of integrity: modification
- availability: destruction
- theft of service: use of resources
- DDoS attack
- breach authentication
- reply attack: as is or with message modification
- man-in-the-middle attack
- Session hijacking
- priviledge escalation
Security measure levels: must occur at all 4 levels
- Physical: Data centers, servers, connected terminals
- guards, vaults, device data encryption
- Network: Intercepted communications, interruption, DOS
- Operating System: Protection mechanisms, debugging
- patches, reconfig, hardening
- Application: Benign or malicious apps can cause security problems
- sandbox, software restrictions
Program threats:
- Malware: software designed to exploit, disable, damage computer
- Trojan Horse: hides in the system
- Backdoor (trap door): bypass authentication, ecure remote access to a computer
- Virus:
- Code embedded in legitmate program
- self-replicate
- specific to CPU architecture, os, application
- Code Injection attack: system code is not malicious but has bugs allowing executable code to be added or modified
System threats:
- some system is “open” by default
Network threats: hard to detect, prevent
- more difficult to have a shared secret on which to base access
- No physical limits on system attached to internet (any can be a threat)
System and network threats:
- Worm: spawn mechanism
- Malicious program that will copy itself and spread from one system to another (not a piece of code like virus)
- Worm creation doesnt need human
- Spread fast
- No host is needed for spreading
- Port scanning: Automated attempt to connect to a range of ports on one or a range of IP addresses, example: nmap command
- Detection of answering service protocol
- Detection of OS and version running on system
- DDoS attack
- Masquerading: attacker disguise as sender, different from man-in-the-middle
Countermeasures to security attack
Computer security classification and defense summary:
- Four Divisions of Computer Security
- D – Minimal security
- C – Provides discretionary protection through auditing
- C1 identifies cooperating users with the same level of protection
- C2 allows user-level access control
- B – All the properties of C, however each object may have unique sensitivity labels
- Divided into B1, B2, and B3
- A – Uses formal design and verification techniques to ensure security
- By applying appropriate layers of defense, we can keep systems safe from all but the most persistent attackers:
- Educate users about safe computing, to prevent phishing attacks
- Use secure communication when possible
- Physically protect computer hardware
- Configure the operating system to disable all unused services
- Keep systems and applications up to date and patched
- Only run applications from trusted sources
- Enable logging and auditing; review the logs periodically
- Install and use antivirus software on systems susceptible to viruses, and keep the software up to date
- Use strong passwords and passphrases, and don’t record them where they could be found
- Use intrusion detection, firewalling, and other network-based protection systems as appropriate