EE579T_GD/1 #1 Summer 2003 © 2000-2003, Richard A. Stanley WPI EE579T / CS525T Network Security 1: Course Overview and Computer Security Review Prof. Richard.

Summer 2003© 2000-2003, Richard A. Stanley

WPI EE579T_GD/1 #1

EE579T / CS525TNetwork Security

1: Course Overview and Computer Security Review

Prof. Richard A. Stanley


WPI EE579T_GD/1 #2

Overview of Tonight’s Class

• Administration

• Is network security a problem, or just an interesting topic?

• What is different between computer security and network security?

• Review of computer security


WPI EE579T_GD/1 #3

Administration


WPI EE579T_GD/1 #4

Some Observations

• Language is important. Some examples gleaned from exams:– loose (an adverb) vs. lose (a verb)

– sever (a verb) vs. severe (an adverb)

– supper computer vs. super computer (presumably, this is one that won’t eat your lunch?)

• It is a good idea to pay attention to the grammar and spelling hints Word offers


WPI EE579T_GD/1 #5

More Observations

• It is essential to pay attention to the little things. Exams were filled with correct, complex mathematical operations whose results were wrong because of simple arithmetical errors. Ditto for circuit diagrams.– I applied generosity in these cases, as I am

teaching concepts. The real world won’t.


WPI EE579T_GD/1 #6

Occam’s Razor

• Occam's Razor is a principle attributed to the 14th century logician and Franciscan friar, William of Occam

• “Entities should not be multiplied unnecessarily.”– For science: “When you have two competing

theories which make exactly the same predictions, the one that is simpler is the better.”

http://math.ucr.edu/home/baez/physics/General/occam.html


WPI EE579T_GD/1 #7

When Shall We Meet?

• Preference has been expressed for 3-7 PM or 4-8 PM– I can’t do all the classes at these times, but we

can do many of them that way– To do this, it will be easier to meet on Tuesday,

as in the fall I will have a 6-9 PM class on Mondays


WPI EE579T_GD/1 #8

Course Text

• Network Security Essentials, 2nd Ed., William Stallings, Prentice Hall, 2002 ISBN 0-13-035128-8

• Additional material will be in the form of handouts and pointers to research materials


WPI EE579T_GD/1 #9

Course Web Page

• For the moment, is a victim of security!– As we are on a different course schedule from

the campus, slides for this class will bear the suffix “_GD”

– Working on another location ASAP--you will be advised as soon as I have it locked down

• Slides will be made available before class, barring any unfortunate problems


WPI EE579T_GD/1 #10

Grading

• Course exam (30%)

• Homework (20%)

• Class participation (20%)

• Course project (30%)


WPI EE579T_GD/1 #11

Policies

• Homework is due at the class following the one in which it is assigned. It will be accepted--with a one grade penalty--up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly.

• There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such.


WPI EE579T_GD/1 #12

Is Network Security Really an Important Problem?


WPI EE579T_GD/1 #13

Network Security: What’s the Big Deal?

• Not a new problem

• Not just a creation of the press

• Not just for rocket scientists

• As professionals, failure to understand and implement appropriate security can come back to haunt you in terms of liability and reputation


WPI EE579T_GD/1 #14

Computer Securityversus

Network Security


WPI EE579T_GD/1 #15

Computer security involves preventing, detecting, and responding to unauthorized

actions on a computer system.

Network security means the same thing for a group of

networked computers

To understand network security, you must first understandcomputer security. There is no “easy” way around this.


WPI EE579T_GD/1 #16

One View

Computer Security

NetworkSecurity

WWWSecurity


WPI EE579T_GD/1 #17

Points to Ponder

• 90% of businesses reported attacks against their networks in 2002

• 80% reported financial losses• 44% were able to quantify their losses, averaging

more than $2M per organization• Majority of misuse formerly came from

authorized users, but external attacks rising in frequency and severity for fifth year in a row.

Source: "Issues and Trends: 2003 CSI/FBI Computer Crime and Security Survey"


WPI EE579T_GD/1 #18

What’s the Problem?

• Financial liability– Due diligence– Simple negligence– Gross negligence

• Goodwill

• One bad press release cancels 1000 attaboys

This is a “you bet your business” issue


WPI EE579T_GD/1 #19

Why Networks Matter• If computers cannot be secured individually,

the network cannot be secure

• Networking makes the most individually secure computer on the network only as secure as the least individually secure computer on the network.

• Networking offers new vulnerabilities

• Speed of mischief increases exponentially


WPI EE579T_GD/1 #20

And Most Especially...

• Mobile code is a basic staple of the internet, and other networks as well– This a wholly new paradigm

• Users are not usually aware of mobile code

• Novelty and convenience trump security every time– Consider the dancing pigs


WPI EE579T_GD/1 #21

Analogy• One can easily define the security perimeter of a

single computer. You can probably even literally “put your arms around it.”

• One cannot easily define the perimeter of a group of networked computers, except under a set of trivial conditions that are meaningless in practice.

• So, where to put the security? And HOW to make it happen?


WPI EE579T_GD/1 #22

Role of Technology

• Technology is a useful tool, not a panacea.

• A clear policy, evenly enforced, is the most critical element of success.

• Don’t ignore the fundamentals.– Caterpillar’s entire network was compromised

by not revoking a former employee’s password.

• Perfection does not exist in the real world


WPI EE579T_GD/1 #23

In theory, there is no difference between theory and practice.

In practice, there is. Yogi Berra

Why Isn’t This Topic More Theoretical?


WPI EE579T_GD/1 #24

Remember the Security Theorem

• Proving a computer to be secure required:– Knowledge of the security of each state

transition – An exhaustive catalog of all possible states– Knowledge of the initial conditions

• Now, how do we apply this approach to a network with changing topology?


WPI EE579T_GD/1 #25

Why Is A Proof Elusive?

• A secure network must be secure under all conditions of operation

• This demands proof that there is no condition under which it could operate that is insecure, i.e. the negative proposition.

• However, formal logic teaches us it is impossible to prove a negative

• Q.E.D.


WPI EE579T_GD/1 #26

Computer Security Review

Or: How I Learned to Stop Worrying and Love Uncertainty


WPI EE579T_GD/1 #27

Security Requirements

• Customers expect “reasonably secure” handling of their sensitive data

• The Devil is in the details– What is “reasonable?”– What is “secure?”– What data is “sensitive?”– When is it your responsibility?


WPI EE579T_GD/1 #28

A Curious Property of Information

• Information is the only thing that can be stolen and still leave the owner in possession of it

• This poses some serious problems, which the course will address

• Networks increase the seriousness of the problem, as compared to single computers


WPI EE579T_GD/1 #29

The Security Dilemma

• Security is something most users want, but that most know little about

• Security gets in the way of using the network

• The tighter the security, the harder the system is to use, and the more likely it is that the users will bypass security measures


WPI EE579T_GD/1 #30

The Totally Secure System

• Is relatively simple to build

• Is provably secure

• Is useless for any practical purposes

Our job is to learn how to design computer networks to provide the necessary level of security without

going overboard.


WPI EE579T_GD/1 #31

Security Needs, Threats

• Confidentiality• Integrity• Availability• Authenticity• Reliability and safety• Vulnerability

assessment• Risk management

• Interception• Modification• Denial of service• Spoofing• Dangerous conditions• Exploitation of

unguarded conditions• Wasted resources


WPI EE579T_GD/1 #32

Security Objectives

A – I - C

Integrity & Authenticit

y

Confidentiality

Availability

Protect, detect and recover from insecurities


WPI EE579T_GD/1 #33

Security = Asset protection

Protect

Detect

CorrectManage

Risk Analysis


WPI EE579T_GD/1 #34

Identification & Authentication

• Identification– A unique entity descriptor

• Authentication– verifying the claimed identification

• These are crucial to network security

These are two sides of the same coin, but they are NOT the same thing


WPI EE579T_GD/1 #35

Password

• Most commonly used

• Relatively easy to compromise or break

• Many threats

• Usability issues

• First line of defense, but not a very solid one


WPI EE579T_GD/1 #36

Password Problems

• Security/sharing• System is only as secure as the weakest link• Vulnerable to brute force attack

– Dictionary attacks easy, in any language

– Other intelligent searches

– Exhaustive attacks

• Password file vulnerable• Spoofing, man-in-the middle


WPI EE579T_GD/1 #37

Authentication

• Validates you are who you claim to be– Something you know– Something you have– Something you are– Something you do– Somewhere you are

• An intruder who has the authentication keys looks just like the real user!


WPI EE579T_GD/1 #38

Something You Know

• Password

• PIN

• Some other piece of information (e.g. your mother’s maiden name -- very popular)

• NB: anyone who obtains this information is -- so far as the computer knows -- you. Is there a problem here?


WPI EE579T_GD/1 #39

Something You Have

• Physical token– Physical key– Magnetic card– Smart card– Calculator

• What if you lose it?


WPI EE579T_GD/1 #40

Something You Are• Biometrics

– Fingerprints– Face geometry– Voiceprints– Retinal scanning– Hand geometry

• False positives, negatives

• User acceptance


WPI EE579T_GD/1 #41

Something You Do

• Mechanical tasks– Signature (pressure, speed)– Joystick

• False positives, negatives

• Potential for forgery, replay, etc.


WPI EE579T_GD/1 #42

Somewhere You Are

• Limit use by user location

• Vet location by GPS, etc.

• Reliability, dependability, complexity


WPI EE579T_GD/1 #43

But First: Security Awareness

• View the world as if you had to design a security solution for whatever situation you are in

• Even paranoiacs have real enemies

• Assumptions are your enemy


WPI EE579T_GD/1 #44

Access Control

• Provides limits on who can do what with objects on the computer

• Can’t happen without identification and authentication

• Is not the same as identification and authentication


WPI EE579T_GD/1 #45

Subjects and Objects

• Remember your English grammar

• Subjects act

• Objects are acted upon

• These roles are not graven in stone– If you hit the ball, you are the subject– If the ball hits you, you are the object

• It is just the same in computer science


WPI EE579T_GD/1 #46

Access Control Model

Subject RequestReferenceMonitor Object


WPI EE579T_GD/1 #47

Reference Monitor

• Makes access control work

• You can tell it– What a subject is allowed to do– What may be done with an object

• In order to specify these things, you need to know all the possibilities, or you need to define things narrowly so that what you don't know doesn’t become allowed


WPI EE579T_GD/1 #48

Access Control Matrix

• A = set of access operations permitted• S = set of subjects• O = set of objects

M M so s S o O M Aso

, ,


WPI EE579T_GD/1 #49

Security Model Types

• Formal (high-assurance computing)– Bell-LaPadula– Biba– Chinese Wall

• Informal (policy description)– Clark-Wilson


WPI EE579T_GD/1 #50

Bell-LaPadula

• Describes access policies and permissions

• S is the set of subjects

• O is the set of objects

• A is the set of access operations = {execute, read, append, write}={e,r,a,w}

• L is the set of security levels with partial ordering


WPI EE579T_GD/1 #51

BLP State Set

• B x M x F is the state set • B = P(S x O x A) is the set of current

accesses

• M = Mso is the set of access permission matrices

• F Ls x Lc x Lo is the set of security level assignments, c dominates s


WPI EE579T_GD/1 #52

Basic Security Theorem

• A state transition is secure if both the initial and the final states are secure, so

• If all state transitions are secure and the initial system state is secure, then every subsequent state will also be secure, regardless of which inputs occur. (Proof)


WPI EE579T_GD/1 #53

Security Kernel

• Can implement security policy according to the selected model(s)

• Is best implemented at the lowest possible level

• Depends on processor design features for implementation


WPI EE579T_GD/1 #54

Bell-LaPadula: So What?

• Bell and LaPadula provided a formal proof that a computer could be made provably secure under a specified set of conditions

• They postulated and proved rules for acting on information within a computer that preserved security

• This had not been done before


WPI EE579T_GD/1 #55

Operating System Security

Hardware

OS Kernel

Operating System

Services

Applications

Network security depends to a great degree on the security provided by the operating system.


WPI EE579T_GD/1 #56

TOCTTOU

• A tropical bird?

• Time Of Check To Time Of Use

• Critical security parameter in many instances, to avoid replay attacks, etc.

• Important in most security systems

• A particularly vexing problem in networks


WPI EE579T_GD/1 #57

Database Security

Technology isn’t everything!


WPI EE579T_GD/1 #58

Data vs. Information

• Data represents information

• Information is the interpretation of data

This is not as obvious as it appears on the surface!


WPI EE579T_GD/1 #59

Databases

• Collection of data

• Provides information to users– DBMS manages database– Think of information, vs. data in OS

• Consistency demanded– Internal--data follow prescribed rules– External--entries are correct


WPI EE579T_GD/1 #60

Database Vulnerabilities

• Inference (example)

• Aggregation– Inference (e.g. linking tables)– Cardinal (e.g. phone book in toto)

• Data integrity

• Trojan HorsesOn a network, the database(s) are often distributed.

This makes protecting the information even more challenging.


WPI EE579T_GD/1 #61

Statistical Database Security

• Aggregation and inference– Tracker attacks– Countermeasures

• suppress obviously sensitive info

• disguise data--randomly swap entries

• add small random perturbations

• static analysis

• All have disadvantages for legitimate users


WPI EE579T_GD/1 #62

All Sorts of Other Security Concerns


WPI EE579T_GD/1 #63

Controls

• Centralized– Simple to conceive and implement– Bottleneck

• Decentralized– May be more efficient– Difficult to implement and maintain

Where to put security tasks and enforcement in a network?


WPI EE579T_GD/1 #64

Network Security and the Law: What You Need to Know

• What is illegal

• What are the elements of proof

• What constitutes evidence

• How to protect the evidence

• Whom to call

• When to call them

• What to tell them


WPI EE579T_GD/1 #65

Why Do You Care?• Computer crime is one of -- if not THE --

fastest growing crime categories

• “That’s where the money is”

• Fraud loss in Southern NY area alone, Jan ‘95 to Jan ‘03: over $800,000,000

• This isn’t just victimless, white-collar crime: nearly 2/3 of those arrested were carrying automatic weapons


WPI EE579T_GD/1 #66

Personnel Security

• Most computer security issues arise from authorized users.

• Management has responsibility to assure due diligence exercised in screening staff

• Who should be screened?

• What should be checked?

• Legal issues

• Network issues with this?


WPI EE579T_GD/1 #67

Physical Access• Access control

– People– Things

• Protection against forcible attack• Concentric controlled perimeters

– Harder with desktops than with mainframes

• Entry logs• How to do over a network?


WPI EE579T_GD/1 #68

Physical Security

• Fortress concept– Controlled access– Concentric perimeters

• Linked to access control

• Exits need special attention

• Sensitive facilities need special treatment

• Network implications?


WPI EE579T_GD/1 #69

Electrical Power• Power quality issues

– surge suppression– interference– regulation– grounding

• Continuity issues– Uninterrupted power– Emergency power

?


WPI EE579T_GD/1 #70

Environmental Issues

• Heating and air conditioning

• Humidity control

• Physical protection of ducts

• Monitoring and emergency shutdown

• What if all the network elements don’t use the same approach or standards?


WPI EE579T_GD/1 #71

Disaster Control

• Risk assessment

• Fire– Different classes are important– Automatic fire suppression systems– Individual extinguishers– Media protection, recovery– Exits


WPI EE579T_GD/1 #72

Disaster Recovery

• Company-owned facilities

• Rented service bureau facilities

• Shared backup with another company

• Hot site

• Shell site

• Which to use depends on criticality of service continuity


WPI EE579T_GD/1 #73

Back Up

• Essential to continuous operations

• Frequency depends on criticality

• ALWAYS store off-site

• Transport to/from site is an issue– Physical– Electronic

• Goodness of backup needs to be tested


WPI EE579T_GD/1 #74

Line Security

• Cable integrity

• No multiple drops

• Use multiple conductor cables

• Phantom circuits treacherous

• Crosstalk

• Grounding and shielding

• Protection


WPI EE579T_GD/1 #75

Electronic Security

• Emanations (acoustic, RF, etc.)– Measuring– Assessing risk

• Technical surveillance– How to do it– Assessing risk

• Network issues?


WPI EE579T_GD/1 #76

Detection and Surveillance

• Threat monitoring

• Trend analysis

• Investigation

• Auditing

• Corrective action

• Hard to do at a single site. How to do when a distributed function?


WPI EE579T_GD/1 #77

Threat Assessment• Threat likelihood can be estimated from

historical data

• Often, the result must be modified by an experience factor (Finagle’s factor?)

• This is a subject on which much data and methodology exists; but it may not apply to your situation.

• How does one do this on a network?


WPI EE579T_GD/1 #78

Summary• Computer security is a real need in real

systems

• Without computer security, network security is a pipedream

• Network security is an even more difficult problem than computer security, for a number of reasons

• Absolute security does not exist


WPI EE579T_GD/1 #79

Assignment for Next Class

• Read course text, Chapters 1 and 2

EE579T_GD/1 #1 Summer 2003 © 2000-2003, Richard A. Stanley WPI EE579T / CS525T Network Security 1: Course Overview and Computer Security Review Prof. Richard.

Documents