EE579T/1 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T / CS525T Network Security 1: Course Overview and Computer Security Review Prof. Richard

Spring 2002© 2000-2002, Richard A. Stanley

WPI EE579T/1 #1

EE579T / CS525TNetwork Security

1: Course Overview and Computer Security Review

Prof. Richard A. Stanley


WPI EE579T/1 #2

Overview of Tonight’s Class

• Administration

• Is network security a problem, or just an interesting topic?

• What is different between computer security and network security?

• Review of computer security


WPI EE579T/1 #3

Administration


WPI EE579T/1 #4

Organizational Details

• Prof. Stanley contact information– Office: A-K 009– Hours: by appointment– Phone: (508) 276-1060– Email: [email protected]


WPI EE579T/1 #5

Administrivia• Class will normally meet 6:00 - 8:50 PM

every Wednesday here. Please be on time.

• Break from approx. 7:15 to 7:30 PM

• If class is cancelled for bad weather, you should receive notice. Double-check with ECE Dept. (5231) or with me if in doubt.

• It may be necessary to cancel a class during the term. If so, you will be notified.


WPI EE579T/1 #6

Course Text

• Network Security Essentials, William Stallings, Prentice Hall, 1999 ISBN 0-13-016093-8

• Additional material will be in the form of handouts and pointers to research materials


WPI EE579T/1 #7

Course Web Page

• http://www.ece.wpi.edu/courses/ee579t/

• Slides will be posted to the page before class, barring any unfortunate problems


WPI EE579T/1 #8

Grading

• Mid-term exam (30%)

• Homework (20%)

• Class participation (20%)

• Course project (30%)


WPI EE579T/1 #9

Policies

• Homework is due at the class following the one in which it is assigned. It will be accepted up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly.

• There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such.


WPI EE579T/1 #10

Getting to Know You

• Your interests and expertise in this area

• My interest and experience in this area

• What you would like from the course


WPI EE579T/1 #11

Is Network Security Really an Important Problem?


WPI EE579T/1 #12

Network Security: What’s the Big Deal?

• Not a new problem

• Not just a creation of the press

• Not just for rocket scientists

• As professionals, failure to understand and implement appropriate security can come back to haunt you in terms of liability and reputation


WPI EE579T/1 #13

Points to Ponder

• 85% of businesses surveyed reported attacks against their networks in 2000

• 64% reported financial losses, totaling $378M -- this represents only the 186 companies willing to share this information!

• Theft of proprietary information and financial fraud top the list of losses

• Majority of attacks now from outside. Source: "Issues and Trends: 2001 CSI/FBI Computer Crime and Security Survey"


WPI EE579T/1 #14

More Statistics

• 91% detected employee misuse of systems

• 94% detected computer viruses

• 40% detected system penetration from outside

• 38% detected denial of service attacks

• 36% reported intrusions to law enforcement

Source: "Issues and Trends: 2001 CSI/FBI Computer Crime and Security Survey"


WPI EE579T/1 #15

What’s the Problem?

• Financial liability– Due diligence– Simple negligence– Gross negligence

• Goodwill

• One bad press release cancels 1000 attaboys

This is a “you bet your business” issue


WPI EE579T/1 #16

Computer Securityversus

Network Security


WPI EE579T/1 #17

Computer security involves preventing, detecting, and responding to unauthorized

actions on a computer system.

Network security means the same thing for a group of

networked computers

To understand network security, you must first understandcomputer security. There is no “easy” way around this.


WPI EE579T/1 #18

One View

Computer Security

NetworkSecurity

WWWSecurity


WPI EE579T/1 #19

Why Networks Matter• If computers cannot be secured individually,

the network cannot be secure

• Networking makes the most individually secure computer on the network only as secure as the least individually secure computer on the network.

• Networking offers new vulnerabilities

• Speed of mischief increases exponentially


WPI EE579T/1 #20

And Most Especially...

• Mobile code is a basic staple of the internet, and other networks as well– This a wholly new paradigm

• Users are not usually aware of mobile code

• Novelty and convenience trump security every time– Consider the dancing pigs


WPI EE579T/1 #21

Analogy• One can easily define the security perimeter of a

single computer. You can probably even literally “put your arms around it.”

• One cannot easily define the perimeter of a group of networked computers, except under a set of trivial conditions that are meaningless in practice.

• So, where to put the security? And HOW to make it happen?


WPI EE579T/1 #22

Role of Technology

• Technology is a useful tool, not a panacea.

• A clear policy, evenly enforced, is the most critical element of success.

• Don’t ignore the fundamentals.– Caterpillar’s entire network was compromised

by not revoking a former employee’s password.

• Perfection does not exist in the real world


WPI EE579T/1 #23

In theory, there is no difference between theory and practice.

In practice, there is. Yogi Berra

Why Isn’t This Topic More Theoretical?


WPI EE579T/1 #24

Remember the Security Theorem

• Proving a computer to be secure required:– Knowledge of the security of each state

transition – An exhaustive catalog of all possible states– Knowledge of the initial conditions

• Now, how do we apply this approach to a network with changing topology?


WPI EE579T/1 #25

Why Is A Proof Elusive?

• A secure network must be secure under all conditions of operation

• This demands proof that there is no condition under which it could operate that is insecure, i.e. the negative proposition.

• However, formal logic teaches us it is impossible to prove a negative

• Q.E.D.


WPI EE579T/1 #26

Computer Security Review

Or: How I Learned to Stop Worrying and Love Uncertainty


WPI EE579T/1 #27

Security Requirements

• Customers expect “reasonably secure” handling of their sensitive data

• The Devil is in the details– What is “reasonable?”– What is “secure?”– What data is “sensitive?”– When is it your responsibility?


WPI EE579T/1 #28

A Curious Property of Information

• Information is the only thing that can be stolen and still leave the owner in possession of it

• This poses some serious problems, which the course will address

• Networks increase the seriousness of the problem, as compared to single computers


WPI EE579T/1 #29

The Security Dilemma

• Security is something most users want, but that most know little about

• Security gets in the way of using the network

• The tighter the security, the harder the system is to use, and the more likely it is that the users will bypass security measures


WPI EE579T/1 #30

The Totally Secure System

• Is relatively simple to build

• Is provably secure

• Is useless for any practical purposes

Our job is to learn how to design computer networks to provide the necessary level of security without

going overboard.


WPI EE579T/1 #31

Security Needs, Threats

• Confidentiality• Integrity• Availability• Authenticity• Reliability and safety• Vulnerability

assessment• Risk management

• Interception• Modification• Denial of service• Spoofing• Dangerous conditions• Exploitation of

unguarded conditions• Wasted resources


WPI EE579T/1 #32

Security Objectives

A – I - C

Integrity & Authenticit

y

Confidentiality

Availability

Protect, detect and recover from insecurities


WPI EE579T/1 #33

Security = Asset protection

Protect

Detect

CorrectManage

Risk Analysis


WPI EE579T/1 #34

Identification & Authentication

• Identification– A unique entity descriptor

• Authentication– verifying the claimed identification

• These are crucial to network security

These are two sides of the same coin, but they are NOT the same thing


WPI EE579T/1 #35

Password

• Most commonly used

• Relatively easy to compromise or break

• Many threats

• Usability issues

• First line of defense, but not a very solid one


WPI EE579T/1 #36

Password Problems

• Security/sharing• System is only as secure as the weakest link• Vulnerable to brute force attack

– Dictionary attacks easy, in any language

– Other intelligent searches

– Exhaustive attacks

• Password file vulnerable• Spoofing, man-in-the middle


WPI EE579T/1 #37

Authentication

• Validates you are who you claim to be– Something you know– Something you have– Something you are– Something you do– Somewhere you are

• An intruder who has the authentication keys looks just like the real user!


WPI EE579T/1 #38

Something You Know

• Password

• PIN

• Some other piece of information (e.g. your mother’s maiden name -- very popular)

• NB: anyone who obtains this information is -- so far as the computer knows -- you. Is there a problem here?


WPI EE579T/1 #39

Something You Have

• Physical token– Physical key– Magnetic card– Smart card– Calculator

• What if you lose it?


WPI EE579T/1 #40

Something You Are• Biometrics

– Fingerprints– Face geometry– Voiceprints– Retinal scanning– Hand geometry

• False positives, negatives

• User acceptance


WPI EE579T/1 #41

Something You Do

• Mechanical tasks– Signature (pressure, speed)– Joystick

• False positives, negatives

• Potential for forgery, replay, etc.


WPI EE579T/1 #42

Somewhere You Are

• Limit use by user location

• Vet location by GPS, etc.

• Reliability, dependability, complexity


WPI EE579T/1 #43

But First: Security Awareness

• View the world as if you had to design a security solution for whatever situation you are in

• Even paranoiacs have real enemies

• Assumptions are your enemy


WPI EE579T/1 #44

Access Control

• Provides limits on who can do what with objects on the computer

• Can’t happen without identification and authentication

• Is not the same as identification and authentication


WPI EE579T/1 #45

Subjects and Objects

• Remember your English grammar

• Subjects act

• Objects are acted upon

• These roles are not graven in stone– If you hit the ball, you are the subject– If the ball hits you, you are the object

• It is just the same in computer science


WPI EE579T/1 #46

Access Control Model

Subject RequestReferenceMonitor Object


WPI EE579T/1 #47

Reference Monitor

• Makes access control work

• You can tell it– What a subject is allowed to do– What may be done with an object

• In order to specify these things, you need to know all the possibilities, or you need to define things narrowly so that what you don't know doesn’t become allowed


WPI EE579T/1 #48

Access Control Matrix

• A = set of access operations permitted• S = set of subjects• O = set of objects

M M so s S o O M Aso

, ,


WPI EE579T/1 #49

Security Model Types

• Formal (high-assurance computing)– Bell-LaPadula– Biba– Chinese Wall

• Informal (policy description)– Clark-Wilson


WPI EE579T/1 #50

Bell-LaPadula

• Describes access policies and permissions

• S is the set of subjects

• O is the set of objects

• A is the set of access operations = {execute, read, append, write}={e,r,a,w}

• L is the set of security levels with partial ordering


WPI EE579T/1 #51

BLP State Set

• B x M x F is the state set • B = P(S x O x A) is the set of current

accesses

• M = Mso is the set of access permission matrices

• F Ls x Lc x Lo is the set of security level assignments, c dominates s


WPI EE579T/1 #52

Basic Security Theorem

• A state transition is secure if both the initial and the final states are secure, so

• If all state transitions are secure and the initial system state is secure, then every subsequent state will also be secure, regardless of which inputs occur. (Proof)


WPI EE579T/1 #53

Security Kernel

• Can implement security policy according to the selected model(s)

• Is best implemented at the lowest possible level

• Depends on processor design features for implementation


WPI EE579T/1 #54

Bell-LaPadula: So What?

• Bell and LaPadula provided a formal proof that a computer could be made provably secure under a specified set of conditions

• They postulated and proved rules for acting on information within a computer that preserved security

• This had not been done before


WPI EE579T/1 #55

Operating System Security

Hardware

OS Kernel

Operating System

Services

Applications

Network security depends to a great degree on the security provided by the operating system.


WPI EE579T/1 #56

TOCTTOU

• A tropical bird?

• Time Of Check To Time Of Use

• Critical security parameter in many instances, to avoid replay attacks, etc.

• Important in most security systems

• A particularly vexing problem in networks


WPI EE579T/1 #57

Database Security

Technology isn’t everything!


WPI EE579T/1 #58

Data vs. Information

• Data represents information

• Information is the interpretation of data

This is not as obvious as it appears on the surface!


WPI EE579T/1 #59

Databases

• Collection of data

• Provides information to users– DBMS manages database– Think of information, vs. data in OS

• Consistency demanded– Internal--data follow prescribed rules– External--entries are correct


WPI EE579T/1 #60

Database Vulnerabilities

• Inference (example)

• Aggregation– Inference (e.g. linking tables)– Cardinal (e.g. phone book in toto)

• Data integrity

• Trojan HorsesOn a network, the database(s) are often distributed.

This makes protecting the information even more challenging.


WPI EE579T/1 #61

Statistical Database Security

• Aggregation and inference– Tracker attacks– Countermeasures

• suppress obviously sensitive info

• disguise data--randomly swap entries

• add small random perturbations

• static analysis

• All have disadvantages for legitimate users


WPI EE579T/1 #62

All Sorts of Other Security Concerns


WPI EE579T/1 #63

Controls

• Centralized– Simple to conceive and implement– Bottleneck

• Decentralized– May be more efficient– Difficult to implement and maintain

Where to put security tasks and enforcement in a network?


WPI EE579T/1 #64

Network Security and the Law: What You Need to Know

• What is illegal

• What are the elements of proof

• What constitutes evidence

• How to protect the evidence

• Whom to call

• When to call them

• What to tell them


WPI EE579T/1 #65

Why Do You Care?• Computer crime is one of -- if not THE --

fastest growing crime categories

• “That’s where the money is”

• Fraud loss in Southern NY area alone, Jan ‘95 to Jan ‘01: over $525,000,000

• This isn’t just victimless, white-collar crime: nearly 2/3 of those arrested were carrying automatic weapons


WPI EE579T/1 #66

Personnel Security

• Most computer security issues arise from authorized users.

• Management has responsibility to assure due diligence exercised in screening staff

• Who should be screened?

• What should be checked?

• Legal issues

• Network issues with this?


WPI EE579T/1 #67

Physical Access• Access control

– People– Things

• Protection against forcible attack• Concentric controlled perimeters

– Harder with desktops than with mainframes

• Entry logs• How to do over a network?


WPI EE579T/1 #68

Physical Security

• Fortress concept– Controlled access– Concentric perimeters

• Linked to access control

• Exits need special attention

• Sensitive facilities need special treatment

• Network implications?


WPI EE579T/1 #69

Electrical Power• Power quality issues

– surge suppression– interference– regulation– grounding

• Continuity issues– Uninterrupted power– Emergency power

?


WPI EE579T/1 #70

Environmental Issues

• Heating and air conditioning

• Humidity control

• Physical protection of ducts

• Monitoring and emergency shutdown

• What if all the network elements don’t use the same approach or standards?


WPI EE579T/1 #71

Disaster Control

• Risk assessment

• Fire– Different classes are important– Automatic fire suppression systems– Individual extinguishers– Media protection, recovery– Exits


WPI EE579T/1 #72

Disaster Recovery

• Company-owned facilities

• Rented service bureau facilities

• Shared backup with another company

• Hot site

• Shell site

• Which to use depends on criticality of service continuity


WPI EE579T/1 #73

Back Up

• Essential to continuous operations

• Frequency depends on criticality

• ALWAYS store off-site

• Transport to/from site is an issue– Physical– Electronic

• Goodness of backup needs to be tested


WPI EE579T/1 #74

Line Security

• Cable integrity

• No multiple drops

• Use multiple conductor cables

• Phantom circuits treacherous

• Crosstalk

• Grounding and shielding

• Protection


WPI EE579T/1 #75

Electronic Security

• Emanations (acoustic, RF, etc.)– Measuring– Assessing risk

• Technical surveillance– How to do it– Assessing risk

• Network issues?


WPI EE579T/1 #76

Detection and Surveillance

• Threat monitoring

• Trend analysis

• Investigation

• Auditing

• Corrective action

• Hard to do at a single site. How to do when a distributed function?


WPI EE579T/1 #77

Threat Assessment• Threat likelihood can be estimated from

historical data

• Often, the result must be modified by an experience factor (Finagle’s factor?)

• This is a subject on which much data and methodology exists; but it may not apply to your situation.

• How does one do this on a network?


WPI EE579T/1 #78

Summary• Computer security is a real need in real

systems

• Without computer security, network security is a pipedream

• Network security is an even more difficult problem than computer security, for a number of reasons

• Absolute security does not exist


WPI EE579T/1 #79

Assignment for Next Class

• Read course text, Chapters 1 and 2• Review your notes on cryptography

Documents

EE579T/1 #1 Spring 2002 © 2000-2002, Richard A. Stanley WPI EE579T / CS525T Network Security 1: Course Overview and Computer Security Review Prof. Richard