Transcript ch11

Chapter 11
Security and Ethics
Understanding Operating Systems,
Fourth Edition
Objectives
You will be able to describe:
• The role of the operating system with regard to
system security
• The effects of system security practices on overall
system performance
• The levels of system security that can be
implemented and the threats posed by evolving
technologies
• The differences between computer viruses and
worms, and how they spread
• The difficulties of teaching ethics to user groups
and the role of education in system security
Understanding Operating Systems, Fourth Edition
2
Role of the
Operating System in Security
• Operating system plays a key role in computer
system security
– Any vulnerability at the operating system level opens
the entire system to attack
– The more complex and powerful the operating
system, the more likely it is to have vulnerabilities to
attack
• System administrators must be on guard to arm
their operating systems with all available defenses
against attack
Understanding Operating Systems, Fourth Edition
3
System Survivability
• Capability of a system to fulfill its mission, in a
timely manner, in the presence of attacks, failures,
or accidents
• Key properties of survivable systems:
–
–
–
–
Resistance to attacks
Recognition of attacks and resulting damage
Recovery of essential services after an attack
Adaptation and evolution of system defense
mechanisms to mitigate future attacks
Understanding Operating Systems, Fourth Edition
4
System Survivability (continued)
Table 11.1: Four key properties of a survivable system
Understanding Operating Systems, Fourth Edition
5
Levels of Protection
System administrator must evaluate the risk of intrusion for
each computer configuration, which in turn depends on the
level of connectivity given to the system
Table 11.2: A simplified comparison of security protection
required for three typical computer configurations
Understanding Operating Systems, Fourth Edition
6
Backup and Recovery
• Backup and recovery policies are essential for
most computing systems
• Many system managers use a layered backup
schedule
• Backups, with one set stored off-site, are crucial to
disaster recovery
• Written policies and procedures and regular user
training are essential elements of system
management
Understanding Operating Systems, Fourth Edition
7
Backup and Recovery
• Written security procedures should recommend:
–
–
–
–
–
–
–
Frequent password changes
Reliable backup procedures
Guidelines for loading new software
Compliance with software licenses
Network safeguards
Guidelines for monitoring network activity
Rules for terminal access
Understanding Operating Systems, Fourth Edition
8
Security Breaches
• A gap in system security can be malicious or not
• Intrusions can be classified as:
– Due to uneducated users and unauthorized access
to system resources
– Purposeful disruption of the system’s operation
– Purely accidental
• Examples: Hardware malfunctions, undetected errors
in OS or applications, or natural disasters
• Malicious or not, a breach of security severely
damages the system’s credibility
Understanding Operating Systems, Fourth Edition
9
Unintentional Intrusions
• Any breach of security or modification of data that
was not the result of a planned intrusion
• Examples:
– Accidental incomplete modification of data
• When nonsynchronized processes access data
records and modify some but not all of a record’s
fields
– Errors due to incorrect storage of data values
• e.g., When the field isn’t large enough to hold the
numeric value stored there
Understanding Operating Systems, Fourth Edition
10
Unintentional Intrusions (continued)
Figure 11.1: (a) Original data value in a field large enough to
hold it. If the field is too small, (b) FORTRAN replaces the
data with asterisks, (c) COBOL truncates the higher order
digits and stores only the digits that remain
Understanding Operating Systems, Fourth Edition
11
Intentional Attacks
• Types of Intentional attacks:
– Intentional unauthorized access
• e.g., denial of service attacks, browsing, wire tapping,
repeated trials, trap doors, and trash collection
–
–
–
–
Viruses and worms
Trojan Horses
Bombs
Blended threats
Understanding Operating Systems, Fourth Edition
12
Intentional Unauthorized Access
• Denial of service (DoS) attacks:
– Synchronized attempts to deny service to authorized
users by causing a computer to perform repeated
unproductive task
• Browsing:
– Unauthorized users gain access to search through
secondary storage directories or files for information
they should not have the privilege to read
Understanding Operating Systems, Fourth Edition
13
Intentional Unauthorized Access
(continued)
• Wire Tapping: Unauthorized users monitor or
modify a user’s transmission
– Passive wire tapping: Refers to just listening to the
transmission but not changing the contents, and
reasons include:
• To copy data while bypassing any authorization
procedures
• To collect specific information such as password
– Active wire tapping: Data being sent is modified
• Methods include “between lines transmission” and
“piggyback entry”
Understanding Operating Systems, Fourth Edition
14
Intentional Unauthorized Access
(continued)
• Repeated Trials: To enter systems by guessing
authentic passwords
• Trap doors: An unspecified and undocumented
entry point to the system
– Installed by a system diagnostician or programmer
for future use
– Leaves the system vulnerable to future intrusion
• Trash collection: Use of discarded materials such
as disks, CDs, printouts, etc., to enter the system
illegally
Understanding Operating Systems, Fourth Edition
15
Intentional Unauthorized Access
(continued)
Table 11.3: Average time required to guess passwords up to
ten alphabetic characters (A-Z) using brute force
Understanding Operating Systems, Fourth Edition
16
Intentional Unauthorized Access
(continued)
• Malicious attacks on computers may violate state
and federal law under the Federal Computer Fraud
and Abuse Act of 1986
• Those convicted have been sentenced to significant
fines and jail terms, as well as confiscation of their
computer equipment
• In the U.S., attempts to intrude into your system
should be reported to the FBI
Understanding Operating Systems, Fourth Edition
17
Viruses
• Small programs written to alter the way a computer
operates, without permission of the user
• Must meet two criteria: It must be self-executing and
self-replicating
• Usually written to attack a certain operating system
• Spread via a wide variety of applications
• Macro virus works by attaching itself to a template
(such as NORMAL.DOT), which in turn is attached
to word processing documents
Understanding Operating Systems, Fourth Edition
18
Viruses (continued)
Figure 11.2: A file infector virus attacks a clean file (a) by
attaching a small program to it (b)
Understanding Operating Systems, Fourth Edition
19
Viruses (continued)
Table 11.4: Types of viruses
Understanding Operating Systems, Fourth Edition
20
Viruses (continued)
Table 11.4 (continued): Types of viruses
Understanding Operating Systems, Fourth Edition
21
Worms and Trojan Horses
• Worm: A memory-resident program that copies
itself from one system to the next without requiring
the aid of an infected program file
– Results in slower processing time of real work
– Especially destructive on networks
• Trojan Horse: A destructive program that’s
disguised as a legitimate or harmless program
– Allows the program’s creator to secretly access
user’s system
Understanding Operating Systems, Fourth Edition
22
Bombs and Blended Threats
• Logic bomb: A destructive program with a fuse – a
certain triggering event (such as a keystroke or
connection with the Internet)
– Spreads unnoticed throughout a network
• Time bomb: A destructive program triggered by a
specific time, such as a day of the year
• Blended Threat: Combines into one program the
characteristics of other attacks
– e.g., including a virus, worm, Trojan Horse, spyware,
and other malicious code into a single program
Understanding Operating Systems, Fourth Edition
23
Blended Threats (continued)
Blended Threats: (continued)
• Characteristics of blended threat:
–
–
–
–
–
Harms the affected system
Spreads to other systems using multiple methods
Attacks other systems from multiple points
Propagates without human intervention
Exploits vulnerabilities of target systems
• Protection: Combination of defenses in
combination with regular patch management
Understanding Operating Systems, Fourth Edition
24
System Protection
• No single guaranteed method of protection
• System vulnerabilities include:
– File downloads, e-mail exchange
– Vulnerable firewalls
– Improperly configured Internet connections, etc.
• Need for continuous attention to security issues
• System protection is multifaceted and protection
methods include:
– Use of antivirus software, firewalls, restrictive access
and encryption
Understanding Operating Systems, Fourth Edition
25
Antivirus Software
• Software to combat viruses can be preventive,
diagnostic, or both
– Preventive programs may calculate a checksum for
each production program
– Diagnostic software compares file sizes, looks for
replicating instructions or unusual file activity
• Can sometimes remove the infection and leave the
remainder intact
• Unable to repair worms, Trojan horses, or blended
threats as they are malicious code in entirety
Understanding Operating Systems, Fourth Edition
26
Antivirus Software (continued)
Table 11.5: Websites containing current information on
systems security
Understanding Operating Systems, Fourth Edition
27
Antivirus Software (continued)
Figure 11.4: (a) Uninfected file; (b) file infected with a virus; (c) a
Trojan horse or worm consists entirely of malicious code
Understanding Operating Systems, Fourth Edition
28
Firewalls
• A set of hardware and/or software designed to
protect a system by disguising its IP address from
unauthorized users
• Sits between the Internet and network
• Blocks curious inquiries and potentially dangerous
intrusions from outside the system
• Mechanisms used by the firewall to perform various
tasks include:
– Packet filtering
– Proxy servers
Understanding Operating Systems, Fourth Edition
29
Firewalls (continued)
Figure 11.5: Firewall sitting between campus networks and
Internet, filtering requests for access
Understanding Operating Systems, Fourth Edition
30
Firewalls (continued)
• Typical tasks of the firewall are to:
– Log activities that access the internet
– Maintain access control based on senders’ or
receivers’ IP addresses
– Maintain access control based on services that are
requested
– Hide internal network from unauthorized users
– Verify that virus protection is installed and enforced
– Perform authentication based on the source of a
request from the Internet
Understanding Operating Systems, Fourth Edition
31
Firewalls (continued)
• Packet filtering:
– Firewall reviews header information for incoming and
outgoing Internet packets to verify authenticity of
source address, destination address, and protocol
• Proxy server:
– Hides important network information from outsiders
by making network server invisible
– Determines if request for access to the network is
valid
– Proxy servers are invisible to users but are critical to
the success of the firewall
Understanding Operating Systems, Fourth Edition
32
Authentication
• Authentication: A verification that an individual
trying to access a system is authorized to do so
• Kerberos: A network authentication protocol
– Need for password encryption to improve network
security led to development of Kerberos
– Designed to provide strong authentication for
client/server applications
– Uses strong cryptography
– Requires systematic revocation of access rights from
clients who no longer deserve to have access
Understanding Operating Systems, Fourth Edition
33
Authentication (continued)
Figure 11.6: Using Kerberos, when client A attempts to access
server B, user is authenticated (a) and receives a ticket for the
session (b). Once the ticket is issued, client and server can
communicate at will (c). Without the ticket, access is not granted
Understanding Operating Systems, Fourth Edition
34
Encryption
• Most extreme protection method for sensitive data
where data is put into a secret code
– To communicate with another system, data is
encrypted, transmitted, decrypted, and processed
– Sender inserts public key with the message
– Message receiver required to have private key to
decode the message
• Disadvantages:
– Increases system’s overhead
– System becomes totally dependent on encryption
process itself
Understanding Operating Systems, Fourth Edition
35
Sniffers and Spoofing
• Sniffers: Programs that reside on computers
attached to the network
– Peruse data packets as they pass by, examine each
one for specific information
– e.g., Particularly problematic in wireless networks
• Spoofing: Assailant fakes IP addresses of an
Internet server by changing the address recorded
in packets it sends over the Internet
– Used when unauthorized users want to disguise
themselves as friendly sites
Understanding Operating Systems, Fourth Edition
36
Password Management
• Most basic techniques used to protect hardware
and software investments include:
– Good passwords
– Careful user training
• Password Construction:
– Good password is unusual, memorable, and
changed often
– Password files normally stored in encrypted form
– Password length has a direct effect on the ability of
password to survive password cracking attempts
Understanding Operating Systems, Fourth Edition
37
Password Construction (continued)
Figure 11.8: Password verification flowchart
Understanding Operating Systems, Fourth Edition
38
Password Construction (continued)
Table 11.6: Number of combinations of passwords
depending on their length and available character set
Understanding Operating Systems, Fourth Edition
39
Password Construction (continued)
• Reliable techniques for generating a good
password:
– Use minimum of eight characters, including numbers
and nonalphanumeric characters
– Create a misspelled word or join bits of phrases into
a word that’s easy to remember
– Follow a certain pattern on the keyboard
– Create acronyms from memorable sentences
– Use upper and lowercase characters if allowed
– Never use a word that’s included in any dictionary
Understanding Operating Systems, Fourth Edition
40
Password Construction (continued)
• Dictionary attack: A method of breaking encrypted
passwords
– Requirements:
• A copy of the encrypted password file
• Algorithm used to encrypt the passwords
– Prevention:
• Some operating systems “salt” user passwords with
extra random bits to make them less vulnerable to
dictionary attacks
Understanding Operating Systems, Fourth Edition
41
Password Alternatives
• Use of a smart card
– A credit card-sized calculator that requires both
“something you have and something you know”
– Displays a constantly changing multidigit number
synchronized with an identical number generator in
the system
– User must type in the number that appears at that
moment on the smart card
– For added protection, user then enters a secret code
– User is admitted to the system only if both number
and code are validated
Understanding Operating Systems, Fourth Edition
42
Password Alternatives (continued)
• Biometrics:
– The science and technology of identifying individuals
based on unique biological characteristics of each
person
– Current research focuses on
• Analysis of the human face, fingerprints, hand
measurements, iris/retina, and voice prints
– Positively identifies the person being scanned
– Critical factor is reducing the margin of error
– Presently, biometric authentication is expensive
Understanding Operating Systems, Fourth Edition
43
Social Engineering
• A technique whereby system intruders gain access
to information about a legitimate user to learn
active passwords by
– Looking in and around the user’s desk for a written
reminder
– Trying the user logon ID as the password
– Searching logon scripts
– Telephoning friends and co-workers to learn the
names of user’s family members, pets, vacation
destinations, favorite hobbies, car model, etc.
Understanding Operating Systems, Fourth Edition
44
Social Engineering (continued)
• Phishing: Intruder pretends to be a legitimate
entity and contacts unwary users asking them to
reconfirm their personal and/or financial information
– Example: 2003 incident involving eBay customers
• Default passwords:
– Pose unique vulnerabilities because they are widely
known
– Routinely shipped with hardware or software
– Routinely passed from one hacker to the next
– Should be changed immediately
Understanding Operating Systems, Fourth Edition
45
Ethics
• Ethical behavior: Be good. Do good.
– IEEE and ACM issued a standard of ethics in 1992
– Apparent lack of ethics in computing is a significant
departure from other professions
• Consequences of ethical lapses:
– Illegally copied software can result in lawsuits and
fines
– Plagiarism is illegal and punishable by law
– Eavesdropping on e-mail, data, or voice
communications is sometimes illegal and usually
unwarranted
Understanding Operating Systems, Fourth Edition
46
Ethics (continued)
• Consequences of ethical lapses: (continued)
– Cracking (malicious hacking) causes system’s owner
and users to question the validity of system’s data
– Unethical use of technology is clearly the wrong
thing to do
• Specific activities to teach ethics can include:
– Publish policies that clearly state which actions will
and will not be condoned
– Teach a regular seminar on the subject including
real-life case histories
– Conduct open discussions of ethical questions
Understanding Operating Systems, Fourth Edition
47
Summary
• Can’t overemphasize the importance of keeping
the system secure
• System is only as good as the integrity of the data
that’s stored on it
• A single breach of security – whether catastrophic
or not, whether accidental or not – damages the
system’s integrity
• Damaged integrity threatens the viability of the
best-designed system, its managers, its designers,
and its users
• Vigilant security precautions are essential
Understanding Operating Systems, Fourth Edition
48