Information Security - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Information Security

Description:

Hacker**jhttp://www.kernelthread.com/mac/osx/tools_hacker.html ... Worms infiltrate computers usually by exploiting holes in the security of networked systems. ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 21
Provided by: drmu51
Category:

less

Transcript and Presenter's Notes

Title: Information Security


1
Information Security
  • Xiangming Mu

2
What is Information Security
  • About information policy, information privacy,
    information ownership
  • About information integrity, accuracy,
    verifiability and qualities
  • About encryption, data assurance, practices in
    organizations
  • About techniques for assessing information value,
    risk assessment, scenarios
  • About the Denial of a system service (so that its
    legitimate users are not able to use it)

3
Evolution of information security
  • Ancient times (before 1990)
  • Networking is limited
  • Systems are trusting and open
  • Hack only as engineers hobby
  • Middle times (1990s)
  • Growing network
  • Many incidents of varying severity, but few that
    actually affected the "real" world
  • Modern times (2000 after)
  • Well-publicized security incidents that actually
    affected individuals
  • Hacker becomes professional
  • Support and recognition of security analyst as a
    separate professional category
  • professional security certifications

4
Trust and Security
  • Without trust, information systems cannot be
    builttoo complex
  • Trust abuse
  • security holes come from what you trust
  • Trust in a system could be defined as the level
    of confidence in its integrity.
  • Nevertheless, just like it is hard to provide
    computer security with reasonable guarantees, it
    is hard to have a system that can be trusted with
    a high level of confidence under all
    circumstances.
  • Insiders are the most dangerous threats to
    systems.

5
Security threats
  • Not all damages are related to security
  • Incidental damage--happens "by itself" during
    legitimate use, could be a result of
  • human error
  • hardware or software bugs encountered
  • power failure
  • hardware failure
  • Caused by natural disasters
  • such as earthquakes, floods, hurricanes, rain,
    snow, storms, tornadoes, etc

6
What in the digital world?
  • Viruses
  • Worms
  • Bacteria
  • Trojan Horses
  • Others

7
Other malicious programs and mechanisms
  • Logic Bombs
  • Backdoors
  • Spyware
  • Covert Channel
  • Race Conditions
  • Address Space Attacks
  • Waste Searching
  • File Vault on Mac OS X
  • Design Flaws and Oversights

8
Viruses
  • pieces of software that can attach themselves to
  • executable files
  • disk boot sectors
  • documents (whose loading is likely to cause
    embedded code execution at some point)
  • even additionally hide elsewhere in the operating
    system, including the kernel.
  • These "infected" entities become carriers of a
    virus's malicious code, and thereby allow it to
    self-replicate.
  • Viruses detection
  • detect viruses by looking for known strings,
    unique code sequences, etc. in suspected code.
  • signature-matching
  • by executing it within a restricted, virtualized
    environment, such as a sandbox.
  • others

9
Worms
  • A worm also self-replicates like a virus, but
    usually over a network.
  • Early and good worms intend to create useful
    programs that would utilize any otherwise idle
    machines.
  • Worms infiltrate computers usually by exploiting
    holes in the security of networked systems.
  • Worms usually attack programs that are already
    running.
  • The attack might result in creation of new
    processes, after which a worm can run
    independently, and self-propagate.
  • Unlike a virus, a worm may not change existing
    programs, but like a virus, a worm may have some
    "payload" code, which in turn may modify existing
    programs or system configuration.

10
Worms (cont)
  • Causing denial ( or degradation) of service
  • Sending emails allow spammers to use the
    victims machines for sending spam while hiding
    their own tacks
  • Removing information on the victim system
  • Installing backdoors for subsequent misuse

11
Bacteria and Trojan Horses
  • Bacteria
  • Programs that replicate themselves and feed off
    the host system by preempting system resources
    such as processor time and memory
  • Trojan Horses
  • Like the Greek Trojan horse, these programs have
    a hidden, negative, subversive, and thus
    potentially harmful aspect.
  • Trojan horses are programs that masquerade as
    useful programs, but contain malicious code to
    attack the system or leak information. An
    unsuspecting user would typically run a Trojan
    horse willingly, to use its supposed (advertised)
    features.

12
Logic Bombs
  • A logic bomb is a program that does something,
    usually malicious (it "explodes"), when some
    logical condition is satisfied.
  • If the condition is time-related, such programs
    could also be termed time bombs.
  • Some examples of logic bombs
  • Introduction of a deliberate error in a program,
    say, by a disgruntled employee, that will result
    in disaster in the future usually after the
    employee is gone.
  • A program that deletes your files on every
    full-moon night.
  • A disgruntled administrator changes
    (administrator) passwords for certain systems,
    and leaves the company.

13
Backdoors
  • A backdoor opens a system for access by an
    external entity
  • by overthrowing, or bypassing, the local security
    policies.
  • The goal of a backdoor usually is to allow remote
    access and control (over a network), although it
    may also work "locally".
  • Backdoors are sometimes referred to as trapdoors.
  • Backdoors may exist for various reasons
  • Explicitly programmed by the creators of the
    system, perhaps even as an undocumented feature
    a debugging aid, perhaps.
  • A result of a flaw in the design or
    implementation of a program.
  • Planted by an attacker once he has infiltrated a
    system, to facilitate easy entry in future.
  • Some specific, somewhat contrived, examples of
    backdoors
  • A network server, such as the web server or the
    mail server, could be modified to provide a shell
    (interactive or otherwise), when a request with a
    specific signature is received.

14
Spyware
  • Spyware is apparently useful software that
    transmits private user data to an external
    entity, without the user's consent or even
    knowledge.
  • The external entity stands to gain from the
    information thus harvested.
  • A common example is that it helps the external
    entity send targeted advertising to the user.
  • Spyware constitutes malware because it makes
    unauthorized use of a system's resources and
    leaks information (that is, violates privacy).
  • In certain cases, spyware may enter a system not
    through an apparently useful program, but as
    payload of another malicious program, such as a
    worm or a virus.

15
Covert Channel and Race Conditions
  • Covert Channel
  • an information channel might be used to transfer
    certain information, possibly malicious, in a way
    that was not intended by the system's designers.
  • Such a covert channel can be an effective
    mechanism to help in subversive activities.
  • Race Conditions
  • are flaws, either in design or implementation,
    that involve an attacker exploiting a window of
    time in a sequence of (privileged) non-atomic
    operations.
  • The window of time exists when a programs checks
    for a condition, and subsequently uses the result
    of the check, with the two being non-atomic.
  • Such flaws are also called Time Of Check To Time
    Of Use (TOCTOU) flaws.

16
Waste Searching
  • looking for sensitive information in areas that
    are traditionally unprotected, or weakly
    protected
  • scavenge printer ribbons, tapes, disk drives,
    floppy diskettes, garbage paper, and so on.
  • A system's swap space is another potentially
    lucrative area to look at for sensitive
    information.

17
Database security
  • Security Objectives
  • Confidentialityprevent/detect/deter improper
    disclosure of information or access to resource.
  • Integrityprevent/detect/deter improper
    modification of information
  • Availability prevent/detect/deter improper
    denial or access to resources provided by the
    system

18
Database security (cont)
  • Mechanism to achieve security objectives
  • Confidentiality
  • Access control policy and its enforcement,
    authentication, inference prevention,
    cryptography
  • Integrity
  • Integrity policy and its enforcement, auditing,
    cryptography
  • Availability
  • Fault-tolerant, intrusion detection

19
Security and Surveillance
  • Logging systems
  • Keystroke loggers (hardware software)
  • Backdoor
  • Van Eck radiation/Tempest
  • Network sniffing/wifi interception
  • DCS 2000, cell-phone cameras
  • Others?
  • Tracks in your word?

20
Security and Surveillance (cont)
  • Website Logs
  • Web bugs
  • Proxy logs
  • Cookies
  • Sniffers
Write a Comment
User Comments (0)
About PowerShow.com