Upload
gwendolyn-winters
View
48
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Distributed Computer Security. 8320 Advanced Operating Systems - Section 8.1 Qiong Cheng Fall 2007. Outline. Characteristics in Robust Systems Security Threats Examples: Denial-of-Service Layered Approach for Defense Security Policy, Mechanism and Model - PowerPoint PPT Presentation
Citation preview
Outline
Characteristics in Robust Systems Security Threats
Examples: Denial-of-Service
Layered Approach for Defense Security Policy, Mechanism and Model
Example: Enterprise Access Security Architecture
Security Issues in Distributed Systems
Distributed Computer Security Security and Fault Tolerance
Robust System Secrecy
Protection from unauthorized disclosure of system objects
IntegrityOnly authorized users modify system objects
AvailabilityAuthorized users are not prevented from accessing respective objects
Reliability and Safety are fault-tolerant features
Security Threats
Interruption (availability) Loss of data and denial of service
Interception Related to secrecy
Modification and Fabrication are violations of system integrity
Threats from Web/Network Client Side
What can the server do to the client? Fool it Install or run unauthorized software, inspect/alter files
Server Side What can the client do to the server?
Bring it down (denial of service) Gain access (break-in)
Network Is anyone listening? (Sniffing) Is the information genuine? Are the parties genuine?
Source : www.cse.sc.edu/~farkas/csce522-2003/lectures/csce522-lect22.ppt
Packet Sniffer
Client
Packet Sniffing (Network threat)
Server
NETWORK INTERFACE CARDALLOWS ONLY PACKETS
FOR THIS MAC ADDRESS
EVERY NETWORK INTERFACE CARD HAS A UNIQUE 48-BIT MEDIA ACCESS CONTROL (MAC) ADDRESS, e.g. 00:0D:84:F6:3A:10
24 BITS ASSIGNED BY IEEE; 24 BY CARD VENDOR
PACKET SNIFFER SETS HIS CARDTO PROMISCUOUS MODE TO
ALLOW ALL PACKETS THROUGH
Network Security Problem
SOURCE: CERT
REMOVABLEMEDIA
USER
MODEM +TELEPHONE
LOCAL AREANETWORK
REMOTELOCATION
INTERNETCONNECTION
“BACKDOOR”INTERNET
CONNECTION
ISP
REMOTEUSER
VENDORS ANDSUBCONTRACTORS
RADIOEMISSIONS
WIRELESS
USER
Denial-of-Service
Attack to disable a machine (server) by making it unable to respond to requests
Use up resources Bandwidth, swap space, RAM, hard disk
Some attacks yield millions of service requests per second
Three-Way Handshake
ClientServer
SYNSYN | ACK
ACK
1: Send SYN seq=x
2: Send SYN seq=y, ACK x+1
3: Send ACK y+1SOURCE: PETER SHIPLEY
SMURF ATTACK
INTERNET
PERPETRATORVICTIM
ICMP echo (spoofed source address of victim) Sent to IP broadcast address
ICMP echo reply
SOURCE: CISCO
ICMP = Internet Control Message Protocol
INNOCENTREFLECTOR SITES
BANDWIDTH MULTIPLICATION:A T1 (1.54 Mbps) can easilyyield 100 MBbps of attack
1 SYN
10,000 SYN/ACKs -- VICTIM IS DEAD
A Layered Approach for Defense Increases an attacker’s risk of detection Reduces an attacker’s chance of success
Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness
Guards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication
OS hardening, authentication, security update management, antivirus updates, auditing
Host
Network segments, NIDSInternal network
Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter
Strong passwords, ACLs, backup and restore strategy
Data
Security Policy
Access Control Policy Describes how objects are accessed by subjects
Flow Control Policy Regulates the information flow between objects and subjects
• SubjectsActive entities that access objects
• ObjectsPassive entities that must be protectedExamples: data, hardware, software and communication links
Security Mechanism
Authentication Verification
Authorization Extending permission
Fault Tolerance Sustaining faults
Encryption Prevents exposure of information and maintains privacy
Auditing Passive form of protection
Discretionary Provides separation of users and data E.g. access control matrix
Mandatory Requires access control of all subjects and orders under its control on a
system wide basis E.g. multilevel security, all subjects and objects in the system are assigned a
sensitivity label. The labels are used as the basis for mandatory access control decisions.
Security Model
Firewall A device placed between two networks or
machines All traffic in and out must pass through the firewall Only authorized traffic is allowed to pass The firewall itself is immune to penetration
Internet
FirewallCompany Network
SOURCE: ADAM COLDWELL
Enterprise Access Security
Web Server
Firewall
Authentication Server
RAS
Intranet
Mainframe
Enterprise
UNIXRSA Agent
Remote Access
InternetRSA
Agent
Internet Access
RSA Agent
Enterprise Access
RSA Agents
SOURCE: RSA
Security Issues in Distributed Systems
Interoperability and Transparency Gives rise to security issues
Approaches to Implementing New Services Add an additional layer of software that runs on top of the
existing system to provide the new services Redesign the system so that the new services can be
executed more efficiently in the kernel mode
Comprehensive Consideration
Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness
Guards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication
OS hardening, authentication, security update management, antivirus updates, auditing
Host
Network segments, NIDSInternal network
Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter
Strong passwords, ACLs, backup and restore strategy
Data