Presentation on theme: "Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities."— Presentation transcript:
Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities and Attacks –Characteristics of Computer Intrusion –Type of Threats –Points of Security Vulnerabilities –Methods of Defense Categories of Computer Attacks –Using an Attack Taxonomy –Consideration in Selecting an Attack Taxonomy –Simple Attack Taxonomy –Risk Based Attack Taxonomy Examples of Common Attack Methods Attack Prevention Methods Summary
Chapter 1 - 2 ADCS CS262/0898/V1 Introduction Computer security protects computer and everything associated with it - building, terminals, printers, cabling, disks and tapes. Most importantly, computer security protects the information stored in a system. Hence often known as information security.
Chapter 1 - 3 ADCS CS262/0898/V1 Threats to Computer Systems Threats Vulnerabilities Attacks
Chapter 1 - 4 ADCS CS262/0898/V1 Threats Is defined as any potential occurrence, malicious or a possible danger that can affect the assets and resources associated with a computer system. Example: A person - a system cracker or a spy, A thing - a faulty equipment or An event - a fire or a flood.
Chapter 1 - 5 ADCS CS262/0898/V1 Vulnerabilities Is a point where a system is susceptible to attack. In other words the presence of vulnerabilities allows bad things to happen on a computer system. Example: Physical: buildings and computer rooms are vulnerable. Natural: computers are very vulnerable to natural disasters such as fire, flood etc. Human: people who administer and user computer system represent greatest vulnerability of all.
Chapter 1 - 6 ADCS CS262/0898/V1 Attack An attack on a computer system is some action taken by a malicious intruder that involves the exploitation of certain vulnerabilities to cause an existing threat to occur.
Chapter 1 - 7 ADCS CS262/0898/V1 Characteristic of Computer Intrusion The target of computer crime involves - hardware, software, media, data and people. In any system, the weakest point is the most serious vulnerability.
Chapter 1 - 8 ADCS CS262/0898/V1 Types of Threats Confidentiality threat: –To protect information from unauthorised disclosure. –Also known as secrecy or privacy. Integrity threat: –To ensure that information is accurate, complete and authentic. –Accuracy is more important than confidentiality of information. Availability threat: –To ensure that the computer systems work efficiently. –Able to recover quickly and completely if a disaster occurs. –Opposite of availability is denial of service.
Chapter 1 - 9 ADCS CS262/0898/V1 Points of Security Vulnerabilities Attacks on hardware: –Computer hardware is so visible and hence easy to attack. –Includes power supply surge, unstable power supply etc. Attacks on Software: –Software can be destroyed maliciously or modified, deleted or misplaced. –Examples include time bomb, Trojan horse, computer bug etc. Attacks on data: –Available in many forms, such as electronic, printout and media. –Can be destroyed, changed, modified or deleted very easily.
Chapter 1 - 10 ADCS CS262/0898/V1 Categories of Computer Attacks Attack Taxonomy: –Defined as any generalised categorisation of potential attacks that might occur on given computer system. –Classes of system like real-time systems, databases and local area networks. Consideration in selecting attack taxonomy: –Completeness –Appropriateness –Internal and External threats
Chapter 1 - 12 ADCS CS262/0898/V1 Risk Based Attack Taxonomy External information theft External abuse of resources Masquerading Pest programs Bypassing of internal controls
Chapter 1 - 13 ADCS CS262/0898/V1 Risk Based Attack Taxonomy External information theft: –Involves unauthorised access to information without exploiting any mechanisms. –Abuse of mechanisms without direct access to the system. –Associated with disclosure threat. –Example, an individual glancing at a colleague's terminal screen. External abuse of resources: –Involves physical destruction of computer system hardware. –Associated with the integrity threat. –Example, direct vandalism.
Chapter 1 - 14 ADCS CS262/0898/V1 Risk Based Attack Taxonomy External masquerading: –Involves a malicious intruder successfully impersonating another user. –Associated with disclosure, integrity or denial of service threats. –Example, intruder tapping into a communication media. Pest Program: –Programs that cause subsequent harm to computer system can be viewed as a time bomb. –Requires mechanisms internal to the computer system associated with integrity threat. –Example, Trojan horse and computer virus attacks.
Chapter 1 - 15 ADCS CS262/0898/V1 Risk Based Attack Taxonomy Bypassing of Internal Controls: –Involves the explicit avoidance of authorisation, access and authority controls. –Associated with disclosure, integrity or denial of service threats. –Example, cracking techniques that subvert protective approaches.
Chapter 1 - 16 ADCS CS262/0898/V1 Examples of Common Attack Methods Password spoof program Password theft by clever reasoning Logic bomb mail Schedule file removal Field separate attack Insertion of compiler Trojan horse
Chapter 1 - 17 ADCS CS262/0898/V1 Examples of Common Attack Methods Password spoof program: –Trojan horse program is used to fake the normal login sequence. –Involves spoofing a user for login and password information. Password theft by clever reasoning: –Users typically create passwords that are mnemonic. –Hackers gain access by guessing of password of individuals. –Obtain a copy of password file and encryption function.
Chapter 1 - 18 ADCS CS262/0898/V1 Examples of Common Attack Methods Logic bomb mail: –Programs that remain dormant until some predetermined logical condition on the target system becomes true. –May cause harm after the malicious intruder has escaped. –The login spoof might be viewed as a logic bomb. Schedule file removal: –A useful file offered on many types of operating systems. –Used to schedule program to be run at predetermined time. –Command can be combined with attack programs.
Chapter 1 - 19 ADCS CS262/0898/V1 Examples of Common Attack Methods Field separate attack: –This attack relies on several technical assumptions underlying operating system. –Field separate can be redefined to include various characters. –Also relies on existence of system program invoked by a normal user. Insertion of compiler Trojan horse: –Programs used by many different users are the attractive target for Trojan horse for widespread damage. –Hence, compilers are attractive targets for Trojan horse insertion.
Chapter 1 - 20 ADCS CS262/0898/V1 Attack Prevention Methods Individual screening Physical security Care in operations
Chapter 1 - 21 ADCS CS262/0898/V1 Attack Prevention Methods Individual screening: –Involves checking the background, credentials and other personal attributes of individuals. –Used to trust user not to spoof other user or create compiler Trojan horse. Physical security: –This method involves securing the computer system facility. –Computer centres that are guarded, locked and monitored demonstrate this type of security control. –Advantage is external hardware damage is effectively controlled. –Disadvantage is may not useful for remote access.
Chapter 1 - 22 ADCS CS262/0898/V1 Attack Prevention Methods Care in operations: –Involves individuals being careful in their day-to-day activities to avoid common types of attacks. –Users can often avoid password spoof attacks by clearing the terminals before login into system. –Similarly compiler attacks can be avoided by simple access and configuration controls.