Chapter 1 - 1 ADCS CS262/0898/ V1 Chapter 1 An Introduction To Computer Security TOPICS • Introduction • Threats to Computer Systems – Threats, Vulnerabilities and Attacks – Characteristics of Computer Intrusion – Type of Threats – Points of Security Vulnerabilities – Methods of Defense • Categories of Computer Attacks – Using an Attack Taxonomy – Consideration in Selecting an Attack Taxonomy – Simple Attack Taxonomy – Risk Based Attack Taxonomy • Examples of Common Attack Methods • Attack Prevention Methods • Summary
22
Embed
Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chapter 1 - 1
ADCS
CS262/0898/V1
Chapter 1An Introduction To Computer Security
TOPICS
• Introduction• Threats to Computer Systems
– Threats, Vulnerabilities and Attacks– Characteristics of Computer Intrusion– Type of Threats– Points of Security Vulnerabilities– Methods of Defense
• Categories of Computer Attacks– Using an Attack Taxonomy– Consideration in Selecting an Attack
Taxonomy– Simple Attack Taxonomy– Risk Based Attack Taxonomy
• Examples of Common Attack Methods• Attack Prevention Methods• Summary
Chapter 1 - 2
ADCS
CS262/0898/V1
Introduction
• Computer security protects computer and everything associated with it - building, terminals, printers, cabling, disks and tapes.
• Most importantly, computer security protects the information stored in a system. Hence often known as information security.
Chapter 1 - 3
ADCS
CS262/0898/V1
Threats to Computer Systems
• Threats
• Vulnerabilities
• Attacks
Chapter 1 - 4
ADCS
CS262/0898/V1
Threats
• Is defined as any potential occurrence, malicious or a possible danger that can affect the assets and resources associated with a computer system.
Example:
A person - a system cracker or a spy,
A thing - a faulty equipment or
An event - a fire or a flood.
Chapter 1 - 5
ADCS
CS262/0898/V1
Vulnerabilities
• Is a point where a system is susceptible to attack. In other words the presence of vulnerabilities allows bad things to happen on a computer system.
Example:
Physical: buildings and computer rooms are vulnerable.
Natural: computers are very vulnerable to natural disasters such as fire, flood etc.
Human: people who administer and user computer system represent greatest vulnerability of all.
Chapter 1 - 6
ADCS
CS262/0898/V1
Attack
• An attack on a computer system is some action taken by a malicious intruder that involves the exploitation of certain vulnerabilities to cause an existing threat to occur.
Chapter 1 - 7
ADCS
CS262/0898/V1
Characteristic of Computer Intrusion
• The target of computer crime involves - hardware, software, media, data and people.
• In any system, the weakest point is the most serious vulnerability.
Chapter 1 - 8
ADCS
CS262/0898/V1
Types of Threats
• Confidentiality threat:– To protect information from
unauthorised disclosure.
– Also known as secrecy or privacy.
• Integrity threat:– To ensure that information is
accurate, complete and authentic.
– Accuracy is more important than confidentiality of information.
• Availability threat:– To ensure that the computer systems
work efficiently.
– Able to recover quickly and completely if a disaster occurs.
– Opposite of availability is denial of service.
Chapter 1 - 9
ADCS
CS262/0898/V1
Points of Security Vulnerabilities
• Attacks on hardware:– Computer hardware is so visible and
hence easy to attack.
– Includes power supply surge, unstable power supply etc.
• Attacks on Software:– Software can be destroyed maliciously
or modified, deleted or misplaced.
– Examples include time bomb, Trojan horse, computer bug etc.
• Attacks on data:– Available in many forms, such as
electronic, printout and media.
– Can be destroyed, changed, modified or deleted very easily.
Chapter 1 - 10
ADCS
CS262/0898/V1
Categories of Computer Attacks
• Attack Taxonomy:– Defined as any generalised
categorisation of potential attacks that might occur on given computer system.
– Classes of system like real-time systems, databases and local area networks.
• Consideration in selecting attack taxonomy:– Completeness
– Appropriateness
– Internal and External threats
Chapter 1 - 11
ADCS
CS262/0898/V1
Simple Attack Taxonomy
Programmers Internal External
Theft ofinformation
Unauthorisedaction
Via modem
Informationdestruction
Malicioussoftware
Malicioussoftware
Theft ofservices
Theft as user Unauthorisedaction
Via modem
Chapter 1 - 12
ADCS
CS262/0898/V1
Risk Based Attack Taxonomy
• External information theft
• External abuse of resources
• Masquerading
• Pest programs
• Bypassing of internal controls
Chapter 1 - 13
ADCS
CS262/0898/V1
Risk Based Attack Taxonomy
• External information theft:– Involves unauthorised access to
information without exploiting any mechanisms.
– Abuse of mechanisms without direct access to the system.
– Associated with disclosure threat.
– Example, an individual glancing at a colleague's terminal screen.
• External abuse of resources:– Involves physical destruction of
computer system hardware.
– Associated with the integrity threat.
– Example, direct vandalism.
Chapter 1 - 14
ADCS
CS262/0898/V1
Risk Based Attack Taxonomy
• External masquerading:– Involves a malicious intruder
successfully impersonating another user.
– Associated with disclosure, integrity or denial of service threats.
– Example, intruder tapping into a communication media.
• Pest Program:– Programs that cause subsequent harm
to computer systemcan be viewed as a time bomb.
– Requires mechanisms internal to the computer systemassociated with integrity threat.
– Example, Trojan horse and computer virus attacks.
Chapter 1 - 15
ADCS
CS262/0898/V1
Risk Based Attack Taxonomy
• Bypassing of Internal Controls:
– Involves the explicit avoidance of authorisation, access and authority controls.
– Associated with disclosure, integrity or denial of service threats.
– Example, cracking techniques that subvert protective approaches.
Chapter 1 - 16
ADCS
CS262/0898/V1
Examples of Common Attack Methods
• Password spoof program
• Password theft by clever reasoning
• Logic bomb mail
• Schedule file removal
• Field separate attack
• Insertion of compiler Trojan horse
Chapter 1 - 17
ADCS
CS262/0898/V1
Examples of Common Attack Methods
• Password spoof program:– Trojan horse program is used to fake
the normal login sequence.
– Involves spoofing a user for login and password information.
• Password theft by clever reasoning:– Users typically create passwords that
are mnemonic.
– Hackers gain access by guessing of password of individuals.
– Obtain a copy of password file and encryption function.
Chapter 1 - 18
ADCS
CS262/0898/V1
Examples of Common Attack Methods
• Logic bomb mail:– Programs that remain dormant until
some predetermined logical condition on the target system becomes true.
– May cause harm after the malicious intruder has escaped.
– The login spoof might be viewed as a logic bomb.
• Schedule file removal:– A useful file offered on many types of
operating systems.
– Used to schedule program to be run at predetermined time.
– Command can be combined with attack programs.
Chapter 1 - 19
ADCS
CS262/0898/V1
Examples of Common Attack Methods
• Field separate attack:– This attack relies on several technical
assumptions underlying operating system.
– Field separate can be redefined to include various characters.
– Also relies on existence of system program invoked by a normal user.
• Insertion of compiler Trojan horse:– Programs used by many different
users are the attractive target for Trojan horse for widespread damage.
– Hence, compilers are attractive targets for Trojan horse insertion.
Chapter 1 - 20
ADCS
CS262/0898/V1
Attack PreventionMethods
• Individual screening
• Physical security
• Care in operations
Chapter 1 - 21
ADCS
CS262/0898/V1
Attack Prevention Methods
• Individual screening:– Involves checking the background,
credentials and other personal attributes of individuals.
– Used to trust user not to spoof other user or create compiler Trojan horse.
• Physical security:– This method involves securing the
computer system facility.
– Computer centres that are guarded, locked and monitored demonstrate this type of security control.
– Advantage is external hardware damage is effectively controlled.
– Disadvantage is may not useful for remote access.
Chapter 1 - 22
ADCS
CS262/0898/V1
Attack Prevention Methods
• Care in operations:
– Involves individuals being careful in their day-to-day activities to avoid common types of attacks.
– Users can often avoid password spoof attacks by clearing the terminals before login into system.
– Similarly compiler attacks can be avoided by simple access and configuration controls.