Transcript Information Security in the New Millennium

Got Security?
Information Assurance
Considerations for Your
Research, Course Projects, and
Everyday Life
James Cannady, Ph.D.
Assistant Professor
Information Security
 Those measures, procedures, or controls which provide an
acceptable degree of safety of information resources from
accidental or unauthorized intentional disclosure,
modification, or destruction.
 Based on the assumption that others either want your data
or want to prevent you from having it.
 Insecurity is the result of flaws, improper configurations,
errors and bad design.
 Patches and security add-ons merely address the
symptoms, not the cause.
Information Security Problem
 A large, rapidly growing international issue
 Key to growth of digital environments
 Critical infrastructure at risk
 True magnitude of the problem unknown
Why bother with Information Security??
 Some of our information needs to be protected against





unauthorized disclosure for legal and competitive reasons
All of the information we store and refer to must be
protected against accidental or deliberate modification
Information must be available in a timely fashion.
We must also establish and maintain the authenticity
(correct attribution) of documents we create, send and
receive
If poor security practices allow damage to our systems, we
may be subject to criminal or civil legal proceedings
Good security can be seen as part of the market
development strategy
The Changing Security Environment
The landscape for information security is
changing:
 From closed systems and networks to Internet
connectivity
 From manual to automated processes
 Increased emphasis of information security as
core/critical requirement
Evidence
 90%: businesses detected computer security breaches within
the last twelve months
 70%: reported a variety of serious computer security
breaches (e.g., theft of proprietary information, financial
fraud, system penetration from outsiders, denial of service
attacks and sabotage of data or networks)
 74%: acknowledged financial losses due to computer
breaches
 19%: reported ten or more incidents
Source: Computer Security Institute 2000 Computer Crime and Security Survey
Specific Security Issues & Solutions
The Four Big Issues:
 Authentication: Validation of transmissions,
messages, and users
 Confidentiality: Assurance that information is
not disclosed to unauthorized entities or processes
 Integrity: Assurance that information is not
modified by unauthorized entities or processes
 Reliability & Availability: Assurance that
information systems will function when required
Authentication
Validation of transmissions, messages, and users
 IP Spoofing:
– Filtering routers
 Fake Web Sites:
– Web Site Certification
– DNS certification
 Unauthorized Users:
– IP authentication
– Identification devices
– Intrusion Detection Systems
Confidentiality
Assurance that information is not disclosed to
unauthorized entities or processes
 Sniffing:
– Encryption
– Intrusion Detection
 Unauthorized File Access:
– Firewalls
– Intrusion Detection Systems
Integrity
Assurance that data or processes have not
been altered or corrupted by chance or by
malice
 Corrupted Web Sites:
– Web Site Certification
– Intrusion Detection
 Corrupted Data Bases:
– Encryption
– Intrusion Detection
Reliability & Availability
Assurance that information systems will
function when required
 Denial of Service Attacks (e.g. SYN
flooding):
– Bandwidth
– Attack Detection
– Redundancy
The Threat Environment
 Information technology is more vulnerable
than ever:
– Open
– Distributed
– Complex
– Highly Dynamic
 Attacks are becoming more sophisticated
 Tools to exploit system vulnerabilities are
readily available and require minimal expertise
Typical Threats
 Eavesdropping and “sniffing”
 System Penetration
 Authorization Violation
 Spoofing/Masquerading
 Tampering
 Repudiation
 Trojan Horse
 Denial of Service
Common Security Mechanisms
 Obscurity
 Firewalls
 Intrusion Detection
 Vulnerability/Security Assessment Tools
 Virus Detection
 Host Security
 Authentication Systems
 Cryptography
InfoSec Hard Problems
 1999 INFOSEC Research
Council
 Defines nine particularly
difficult security problems
impacting all aspects of IT.
InfoSec Hard Problems
1. Intrusion Detection
–
–
–
–
The timely and accurate detection of
network attacks
Extremely important
No shortage of COTS
Limited effectiveness and reliability
InfoSec Hard Problems
2. Intrusion Response
–
–
What do you do after an attack is
detected?
What do you do when you’re
wrong?
InfoSec Hard Problems
3. Malicious Code Detection
–
–
Trojan horses, “dead” code, etc.
Example: Windows 98
InfoSec Hard Problems
4. Controlled Sharing of Sensitive
Information
–
–
Sharing information from a variety of sources to
different recipients.
Classified information in an Open Environment
InfoSec Hard Problems
5. Application Security
–
–
How do the applications enforce their own
requirements?
How does it effect the rest of the network?
InfoSec Hard Problems
6. Denial of Service
–
–
Simple and effective
“Unfortunately there is currently no method
available of identifying and responding to a
denial of service attack in an efficient and
autonomous manner”
(National Research Council, 1998).
InfoSec Hard Problems
7.
Communications Security
–
Protecting information in transit
from unauthorized disclosure, and
providing support for anonymity in
networked environments.
InfoSec Hard Problems
Security Management Infrastructure
8.
–
Providing tools and techniques for managing
the security services in very large networks that
are subject to hostile attack.
InfoSec Hard Problems
Information Security for Mobile Warfare
9.
–
–
Developing information security techniques and
systems that are responsive to the special needs
of mobile tactical environments.
Wireless security
Advantages of InfoSec Research
 Important problem
– Touches all aspects of IT
 Little research has been done
– Large variety of potential dissertation topics
– Can be incorporated into other IT topics
 Opportunities for publications
– Growing number of publications
– Can add InfoSec to more traditional topic to increase
opportunities
 Huge job market for those with experience
– Job openings for network security professionals have increased 200
percent in the past six months
In Review
• Security
is a complex and growing area
of information technology
•There are numerous opportunities for
InfoSec research
•Demonstrated security experience can
be a key discriminator in any IT career
Ongoing Research at NSU
 Benedict Eu – Dynamic Computer
Defense in Depth
 Dennis Bauer – Intrusion detection
using evolution strategies
 Jim Dollens – Intrusion detection using
computer system DNA
 Al Fundaburk – Developing an
information security curriculum
Questions?
Dr. James Cannady
[email protected]
(954) 262-2085
http://scis.nova.edu/~cannady