Security - NYU Stern School of Business

Download Report

Transcript Security - NYU Stern School of Business

Security Requirements
• Confidentiality
– Requires information in a computer system only be accessible
for reading by authorized parties
• Integrity
– Assets can be modified by authorized parties only
• Availability
– Assets be available to authorized parties
• Authenticity
– Requires that a computer system be able to verify the identity
of a user
Threats
• Confidentiality
• Interception
– Unauthorized access
– wiretapping
• Integrity
• Modification
– Change or Delete: Data,
Messages, Programs
• Availability
• Interruption
– Hardware destruction
– Disable File Management
• Authenticity
• Fabrication
– Create data, messages ...
What it there to protect?
• Hardware
– Accidental and deliberate damage
– Tapping of Network lines
– Overload of networks
• Software
– Threats include deletion, alteration, damage
• Data
– Involves files
– Security concerns for availability, secrecy, and integrity
– Stealing of classified information
Protection
•
•
•
•
•
•
Limit Sharing
Limit Communication
Encryption of data
Control access
Electronic Signatures
Intrusion detection
Examples of Protection
• File systems
– Access control defined by user
– Most system files are not accessible for user
• Access control
– OS provides access control via Login and Password
• User privileges
– different user have different status (NT user groups)
• Clean Memory Partitioning
• Systematic backups
Sharing
• Sharing is the source of all evil!
• No sharing: Separation in time or place
• Share all or share nothing
– Owner of an object declares it public or private
• Share via access limitation
– Operating system checks the permissibility of each
access by a specific user/process to a specific object
– Operating system acts as the guard
Memory issues
• Bound registers for processes access to RAM
• Delete vs. erase
– If you delete a file it is not really gone
– OS only “forgot” that it was there
– You can still retrieve the content
• If you really want to erase thing:
– Reformat the device(not always possible)
– Delete files and save useless things until drive is full
– Beware when your sell you used computer, there may
be traces of sensitive information
Message encryption: Artistic Math
• Encode content x y=F(x,k1) and send y
• Receiver decodes the content with a function
x=D(x,k2)
• Public key & private: 2 different keys are used
(PGP)
• Secrete Key: k1=k2, D=F-1 ! Illusion of safety
• You can only read content if you know k2
• Simple letter replacement (Midterm)
– has about 4*10^26 possibilities but easy to guess
Electronic Signatures
• Became very important recently due to ecommerce
• Example: You sent and email to buy a stock
• stock crashes 1 hour later, you deny ever having
sent the email
• Legal issue: How to prove the authenticity of
electronic documents
• Similar to encryption: You calculate a complex
function from the message text, decode it using
your private and append it
Access Control Authentication
• Login
– Requires both a user identifier (ID) and a password
– Only admit known and matching ID and password
• User based or computer based
• Problems:
– Users can reveal their password to others either
intentionally or accidentally
– Hackers are skillful at guessing passwords
– ID/password file can be obtained (hard to decode)
ID Provides Security
• Determines whether the user is authorized to gain access
to a system
• Determines the privileges accorded to the user
– Guest or anonymous accounts have mover limited privileges
than others
• ID is used for discretionary access control
– A user may grant permission to files to others by ID
Intrusion Techniques
• Steal Id and Password
• Circumvent access control
– Use a Trojan horse to bypass restrictions on access
Techniques for Learning
Passwords
• Try default password used with standard accounts
shipped with computer
• Exhaustively try all short passwords license plates
• Try words in dictionary or a list of likely
passwords
• Collect information about users and use these
items as passwords
– address, names, relatives, SSN, phone numbers
• In a study 86% of password could be guessed
Techniques for Stealing Passwords
• Tap the line between a remote user and the host
system
• Watch user during login
• Intercept emails that contain passwords
Password Selection Strategies
• Computer generated passwords :-(
– Hard to remember, user write them down
• Reactive password checking strategy :-(
– System periodically runs password cracker to find
guessable passwords
– System cancels passwords that are guessed and notifies
user
– Consumes resources to do this, can be to late!
• Proactive password checker :-)
– The system checks at the time of selection if the
password is allowable
Types of Attacks
• Intrusion
– Somebody unauthorized manages to log into your
system
• Remote Attack
– Somebody changes the behavior of your computer
without being logged in
Intrusion Prevention
• Firewalls around network
• Limit the access type:
– telnet, ftp, http, ssh, rsh ….
• Limit access location
– allow access only from designated machines
– Machine ID: IP address
Intrusion Detection
• Assume the behavior of the intruder differs from
the legitimate user
• Statistical anomaly detection
– Collect data related to the behavior of legitimate users
over a period of time
– Statistical tests are used to determine if the behavior is
not legitimate behavior
• Rule-based detection
– Rules are developed to detect deviation form previous
usage pattern
– Expert system searches for suspicious behavior
Intrusion Detection Data
Collection
• Audit record
– Native audit records
• All operating systems include accounting software that
collects information on user activity
– Detection-specific audit records
• Collection facility can be implemented that generates audit
records containing only that information required by the
intrusion detection system
• Very common for Web services
– I can tell exactly what you did on blackboard
Remote attacks via Software
2 Types of Malicious Programs
• Those that need a host program
– Fragments of programs that cannot exist
independently of some application program, utility, or
system program
• Independent
– Self-contained programs that can be scheduled and
run by the operating system
Trojan Horse
• Useful program that contains hidden code that
when invoked performs some unwanted or
harmful function
• Can be used to accomplish functions indirectly
that an unauthorized user could not accomplish
directly
– User may set file permission so everyone has access
– can do anything the user could do
• Example: new exciting freeware game
• Does not need illegal access
Login Spoofing
• Setup a screen that looks exactly like login
• New user comes and tries to login
• Program reads in login information and mails is
to intruder
• Login fails, user thinks he misspelled and logs in
again
Logic Bomb
• Code embedded in a legitimate program that is set
to “explode” when certain conditions are met
– Presence or absence of certain files
– Particular day of the week
– Particular user running application
• Example: An employee had a program that
checked whether his name appeared on payroll
– After he was fired the bomb went off and destroyed
important software
– Potential of blackmail
Worms
• Use network connections to spread form system
to system
• Electronic mail facility
– A worm mails a copy of itself to other systems
• Remote execution capability
– A worm executes a copy of itself on another system
• Remote log-in capability
– A worm logs on to a remote system as a user and then uses
commands to copy itself from one system to the other
Zombie
• Program that secretly takes over another Internetattached computer
• It uses that computer to launch attacks that are
difficult to trace to the zombie’s creator
• Typical Windows NT problem: Recent case that
attacked the White House server
Viruses
• Program that can “infect” other programs by
modifying them
– Modification includes copy of virus program
– The infected program can infect other programs
Virus Stages
• Dormant phase
– Virus is idle
• Propagation phase
– Virus places an identical copy of itself into other
programs or into certain system areas on the disk
Virus Stages
• Triggering phase
– Virus is activated to perform the function for which it
was intended
– Caused by a variety of system events
• Execution phase
– Function is performed
Types of Viruses
• Parasitic
– Attaches itself to executable files and replicates
– When the infected program is executed, it looks for
other executables to infect
• Memory-resident
– Lodges in main memory as part of a resident system
program
– Once in memory, it infects every program that
executes
Types of Viruses
• Boot sector
– Infects boot record
– Spreads when system is booted from the disk
containing the virus
• Stealth
– Designed to hide itself form detection by antivirus
software
– May use compression
Types of Viruses
• Polymorphic
– Mutates with every infection, making detection by the
“signature” of the virus impossible
– Mutation engine creates a random encryption key to
encrypt the remainder of the virus
• The key is stored with the virus
Macro Viruses
• A macro is an executable program embedded in a word
processing document or other type of file
• Autoexecuting macros in Word
– Autoexecute
• Executes when Word is started
– Automacro
• Executes when defined event occurs such as opening or closing a
document
– Command macro
• Executed when user invokes a command (e.g., File Save)
• Dominantly Windows problem
E-mail Virus: Windows Issue
• Activated when recipient opens the e-mail
attachment
• Activated by open an e-mail that contains the
virus
• Uses Visual Basic scripting language
• Propagates itself to all of the e-mail addresses
known to the infected host
• Protection: Use email program that has very
limited privileges (Beware Outlook and Explorer)
Antivirus Approaches
•
•
•
•
Detection
Identification
Removal
Your antivirus program from yesterday is useless
for today’s virus!
• Stern approach: Every time the user logs in to his
machine the computer downloads the most
current version of antivirus software from the
network
How does Antivirus software work?
• Virus signature scanner
– Scan target code looking for known viruses
• CPU emulator
– Instructions in an executable file are interpreted by the
emulator rather than the processor
Internet Attacks
• One way to attack internet services is to create an
overload for the server
• Most server have a capacity that reflects normal
use requirements
• Tojan horse or worms get distributed onto many
machines
• At a specific time all infected machines start
sending requests to the same server
• Server goes down
• Big problem for online brokerage with time
sensitive information
Comparison UNIX to WINDOWS
• UNIX: targeted by access attacks since it is a
–
–
–
–
Multi-user environment
High degree of sharing
Constant network access
Sophisticated OS: hard to write malicious programs
• WINDOWS: targeted by remote attacks
– Singly user environment
– Less sophisticated OS: easier to write malicious
programs
– Switched off most of the time (used to be)
Security Design Principles
• Public system design
– It creates a false illusion if you think nobody knows
you architecture
• Default: no access
• Repetitive checks for current authority
– User might have forgotten to lock out, timeout
• Give the least privileges possible
• Security should be build in the lowest levels of
the system, security as add-on does not work well
Summary
• There is no safe system!
• Business decision
– How do I enforce save behavior from employees
– Security is very expensive
– Security get more expensive, the more flexibility ,
communication and sharing I allow
– Separate physical network for sensitive data
– Hire an ex-hacker to break into my system to test
security