Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 434 Lecture 2 Spring 2012 Computer Security Overview.

Published byNigel Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCD 434 Lecture 2 Spring 2012 Computer Security Overview."— Presentation transcript:

1 CSCD 434 Lecture 2 Spring 2012 Computer Security Overview

2 Overview Security Defined – Traditional and Modern – Confidentiality, Integrity, Availability – Other views Threats to Computer Systems – How bad is it? Vulnerabilities – Defined, Statistics Examples

3 Traditional View Security Department of Defense (NSA, Others)‏ Dates back to the 1960's Multi-user systems, mainframes – Shared access for users with different clearances – Top-secret, secret, confidential, unclassified TS, S, C, U – Most concerned with keeping secrets, away from nation states level of adversaries China, Russia, Eastern Europe

4 Traditional View Security Military dominated computer security Obsessed with confidentiality – Funded research Prove secrets could remain secret in presence of unclassified people in multi-user environment – Concerned with detecting covert channels where spies or insiders would signal each other – Collection of early security papers http://seclab.cs.ucdavis.edu/projects/history/

5 Summary of Traditional View 1. Computers were not as networked Many standalone and mainframe systems 2. Multi-user systems Concerned with multi-level security Secrecy - confidentiality of primary concern Second, was data integrity and maintaining access 3. Adversaries were of the highest levels

6 Modern View of Security 1. Computers are Connected and Interdependent This codependency magnifies effects of any failures http://www.darknet.org.uk/2009/01/conficker-aka-downadup-or-kido- infections-skyrocket-to-an-estimate-9-million/ – March 2009 Conficker began in 2008. Conficker worm spikes, infects 1.1 million PCs in < 24 hours... What does it do? Worm allows its creators to remotely install software on infected machines, takes advantage of a Windows vulnerability, called MS08-067 – Allows sharing of local resources http://www.confickerworkinggroup.org/wiki/pmwiki.php/Main/HomePage http://en.wikipedia.org/wiki/Conficker

7 Conficker Continued How sophisticated is Conficker? “ Currently no one knows why the Conficker Worm was created, who is controlling it, or what it might do next However, one thing is for sure, if and when its creator does decide to use the worm, it will have the power to cause massive chaos” Are you infected? See below http://www.confickerworkinggroup.org/infection_te st/cfeyechart.html

8 Modern View of Security Other Examples – Slammer worm, 2003, infected 75,000 computers in 11 minutes Continued to scan 55 million computers / sec – Blaster worm, 2003, infected 138,000 in first 4 hours Over 1.4 million computers worldwide – Many others.... http://hardgeek.org/2009/09/10-worst-computer-virus-attacks-in- history/

9 Modern View of Security 2. Computing today is very Homogeneous – A single architecture and a handful of OS's dominate Linux, Mac OS and Windows In biology, homogeneous populations... terrible idea – A single disease or virus can wipe them out because they all share the same weakness – The disease needs one infection method!! Computers are the animals... think cows Internet provides the infection vector... virus that sickens cows... Mad Cow disease

10 Modern View of Security 3. Adversaries are all levels and Global – Range from script kiddies to serious groups such as those that steal defense secrets or industrial espionage – Global reach with many in countries where we can't extradite them China, Eastern Europe, Russia and S. America Hacker Timeline http://en.wikipedia.org/wiki/Timeline_of_computer_security_hack er_history

11 Security Defined System Secure if … – Has these properties Confidentiality Integrity Availability C.I.A

12 DDoS Attack Example July 21, 2008, Web site for president of Georgia was knocked offline by a distributed denial-of-service (DDOS) attack Georgia's presidential Web site was down for a day, starting early Saturday until Sunday Network experts said the attack was executed by a botnet Whats a botnet?

13 Botnet Defined A botnet is a large number of compromised computers that are used to generate spam, relay viruses or flood a network or Web server with excessive requests to cause it to fail The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet There is a thriving botnet business selling lists of compromised computers to hackers and spammers http://www.pcmag.com/encyclopedia_term/0,2542,t=botnet& i=38866,00.asp

14 Another DDoS Attack Example February 16th, 2007 Anti-phishing group, CastleCops.com was knocked out by a massive DDoS, – Volunteer-driven site, run by husband and wife team had been coping with on-and-off attacks since February 13 – An intense wave that began around 3:45 PM EST completely crippled the server capacity CastleCops.com just celebrated its fifth anniversary as a high-profile anti-malware community Comment: This site ceased operation Dec. 2008

15 Confidentiality Defined Confidentiality – What does it mean for data to be confidential? – Data must only be accessed, used, copied, or disclosed by persons who have been authorized To access, use, copy, or disclose information … – You ensure information is not accessed by unauthorized users

16 Confidentiality Example Communication between two people should not be compromised network Eavesdropping, packet sniffing, illegal copying Threats We have made an important discovery …

17 Definitions More on Confidentiality How do you prevent confidentiality loss? Confidentiality is preventing disclosure of information to unauthorized individuals or systems Example, credit card transaction on the Internet System enforces confidentiality by encrypting card number during transmission or limiting the places where it might appear

18 Integrity Defined Integrity – What is Data Integrity? – Data must not be Created Changed, or Deleted without authorization – Ensuring that information is not altered by unauthorized persons

19 Integrity Defined Messages should be received as originally intended network Intercept messages, tamper, release again I love you darling!! I don’t want to see you again Threats

20 Definitions More on Integrity – Integrity means that data cannot be modified without authorization – Example of violation – Integrity is violated When an employee (accidentally or with malicious intent) deletes important data files, When a computer virus infects a computer, When an employee is able to modify his own salary in a payroll database, When an unauthorized user vandalizes web site

21 Availability Defined Availability – Systems function correctly when information is provided when its needed – The opposite of availability is denial of service (DOS)‏

22 Availability Example Disrupting communications completely network Overwhelm or crash servers, disrupt infrastructure Threats

23 Definitions More on Availability – Information must be available when it is needed. – High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades – Example of violation? – Ensuring availability also involves preventing DoS attacks denial-of-service attacks

24 CIA While a good way to measure system security – DOD environment Not sufficient for modern computers – Today, computers are complex – Many more layers of applications and uses – More difficult to both define and measure security

25 Simple View Computer Security You have something you want to protect You have someone or something you want to protect it from You are willing to expend effort and resources in order to protect it

26 Question Is Computer Security a Process or a State?

27 Security Defined It is a process, not a state!!!! There is no fundamental point when system is secure Have Risk, Do Assessment Manage risk, Mitigate what can't be managed Need to identify what’s “Good Enough” Security is a tradeoff, can't protect everything

28 ATM Machine Example ATM machine – User asks for cash, spits it out – Door opens, user takes cash, door closes – What happens if user doesn’t take cash?

29 ATM Machine Example Assumption if this happens, subsequent user shouldn’t get cash that doesn’t belong to him – All following transactions, machine refuses to open door – Cash could go to wrong user – Creates a DoS for rest of users

30 Security Protocols Difficult Hard to get security protocols right Designers don’t anticipate everything that could go wrong – Users or attackers frequently seem to find the flaw Even something seemingly simple can have flaws

31 US Tax System Example Tax refunds, how hard is that? – Algorithm for processing form Verify identity of form filled out by a given person Verify income and with-holding are correct If these two steps ok && amount of Withholding > tax owed then send person refund check What could go wrong?

32 US Tax System Example Except, no rule against duplicate checks – Person could file for multiple refund checks under this system – And, that happened for a while – Was eventually caught …

33 Computer Security Threats

34 Threats to Computer Security So, what are the threats? Passive – Sniffing of data Viewing of information – physical Over your shoulder, taking pictures of screens – Dumpster diving – Social Engineering Active – Interception of data, injection of data – Virus, worm, trojan horse program – DOS or DDOS

35 Is Security that Bad? License

36 Is Security that Bad?

37 How big is the security problem? http://www.cert.org/stats/ CERT Vulnerabilities reported

38 Malware Over Time Number of new malicious programs has remained stable does not automatically imply any stabilization in the number of attacks http://www.securelist.com/en/analysis/204792161/ Kaspersky_Security_Bulletin_Malware_Evolution_2010

39 Malware 2010 Data from Kapersky Labs In 2010, total number of recorded incidents exceeded 1.5 billion for the first time since we began our observations! Attacks via browsers accounted for over 30% of these incidents, that’s over 500 million blocked attacks Vulnerabilities have really come to the fore in 2010 Exploiting vulnerabilities has become the prime method for penetrating users’ computers – Vulnerabilities in Microsoft products rapidly losing ground to those in Adobe and Apple products such as Safari, QuickTime and iTunes.

40 Malware 2010 More Statistics Increase in number of attacks via P2P networks P2P networks are now a major channel through which malware penetrates users’ computers. In terms of security incident rates, we estimate this infection vector to be second only to browser attacks. Practically all types of threats, including file viruses, Rogue AVs, backdoors and various worms spread via P2P-networks.

41 Malware Complexity 2010 Stuxnet worm – Experts needed 3 months – To understand its functionality – Stuxnet left all previously known malware behind in terms of the number of publications it generated – Malware author success = major security community attention

42 Malware in 2010 Used to be... – Users who have jailbroken their iPhones to install third-party applications increased risk to themselves – Now... even those installing native applications downloaded from Apple Store are also exposing themselves to a degree of threat – Several incidents involved legitimate Apple applications iPhone apps were detected covertly gathered data, sent it to software manufacturers

43 Why do threats succeed? Vulnerabilities !!! Is it because hackers are so smart, or is it just too easy?

44 Vulnerability Defined What is a security vulnerability? A vulnerability is an error or weakness in a component that allows it to be attacked Typically, something that runs in an OS or other application If exploited, each vulnerability can potentially compromise the system or network

45 Vulnerabilities Explained Software vulnerabilities highly specific – Classic vulnerability affects a single feature of one release of a software product installed under a specific operating system Out of trillions of lines of code running in networked systems, – A vulnerability may exist in a single line. – Like a unique grain of sand in a mile-long beach... – As the number of network components grows every year, so do the number of vulnerabilities

46 Vulnerability Example CVE-2005-3641 – Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. Impact – CVSS Severity: 7.0 (High) – Range: Remotely exploitable – Authentication: Not required to exploit – Impact Type: Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation, Allows disruption of service

47 Vulnerabilities True or False? – “Vulnerabilities that lead to system security breaches are a result of sloppy or ignorant programmers producing bad, error-prone code”

48 Vulnerabilities I f previous statement isn’t true, – What causes vulnerabilities? Software is one cause – Bugs, coding errors or incomplete specifications that didn’t account for security Network protocols – bad design – Incorrect assumptions about protocols and how they would be used … classic example is TCP/IP Human error – Social engineering and human ignorance Physical access – Insecure premises allowing unauthorized access

49 Steal cars with a laptop NEW YORK - Security technology created to protect luxury vehicles may now make it easier for tech-savy thieves to drive away with them. In April ‘07, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months How did they do it? … Beckham's BMW X5s were stolen by thieves who hacked into the codes for the vehicles' RFID chips … 49

50 Disable Cars Over the Internet Young man, used an Internet service to remotely disable ignitions and set off car horns of more than 100 cars – Ramos-Lopez used a former colleague's password to deactivate starters and set off car horns, police said – Several car owners said they had to call tow trucks and were left stranded at work or home – The Texas Auto Center dealership in Austin installs GPS devices that can prevent cars from starting System is used to repossess cars when buyers are overdue on payments Car horns can be activated when repo agents go to collect vehicles and believe the owners are hiding them

51 Human Vulnerabilities Social Engineering – Alive and well in spite of lots of publicity Email Scams – Investment schemes in African economy “Nigerian uncle has died intestate Need to transfer $8M to US with your assistance. You will get 10% of funds, need your bank info to initiate the transfer …” – Phishing Want to get your money!! “Your paypal account needs updating, please enter your username and password …”

52 Improving Security Design it in from the beginning – Security is typically an afterthought … still People more concerned with performance and nice features than security, want to sell products Microsoft ?? and Linux and Apple too.... – Security is often seen as something users don’t want – hinders their use of the system – Must create security requirements that need to be met along with other requirements

53 Security is Hard Security hard to define – Without good definition, almost impossible to achieve – One way to think of security, Consider system states – Think of security of a system as its ability to stay in good states – Be wary of anyone who says they have built a secure system How do they know?

54 Class Contributions Extra Credit !!! Any topic in class, 5 Points – If you can find relevant actual examples or news - must be current, past year – Example: If we are talking about Attackers Story must be about Attackers, within last year – You get to share it with the class!!!

55 The End Next Time – We will look at vulnerabilities in TCP/IP and other protocols – See reading assignment

Download ppt "CSCD 434 Lecture 2 Spring 2012 Computer Security Overview."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Computer Viruses.

Computer Viruses.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google