Post on 05-Oct-2015
description
Fundamental of Security 41900
Welcome to the world of security!
Some admin stuff
Subject Coordinator Dr. Richard Xu
Lecturer: Richard Xu
Tutors: TBA
Subject Outline will be on each UTS Online
Assessment
2 Quiz (25%: 12.5% each)
At a unified time, week 6, week 10 , 40 min ( I will remind you again 2 weeks before, Please make arrangements)
Project (20%) Group-based Implementation, you can code it any language you prefer
assessment on individuals understanding
Exam (55%) you need to get at least 45/100 in the exam to pass the whole subject.
Textbook
Good news: There is NO textbook for this subject!
Some good reference you may find:
William Stalling, Network Security Essential, 5th Edition
William Stalling, Cryptography and Network Security, 4th Edition
Why study security? Important skill to have:
In terms of career development:
3,757 jobs contains the word security" under Information Communication Technology in SEEK.com @ 22/02/14
In contrast, 3,126 jobs contain the word network" under Information Communication Technology in SEEK.com @ 22/02/14
In terms of academic studies:
Prerequisite to many other subjects
A research path
A security path Security sub-major
Prerequisite for subjects:
48730: Network Security
48436: Digital Forensics
41890: Applying Network Security
SMJ10048 Network Security Sub-major
This sub-major gives students the opportunity to master both theoretical and practical aspect of modern security technologies and practices. It includes security fundamentals, network security, digital forensics, mobile networking, network planning and management.
48740 Communications Networks 6cp 31275 Mobile Networking 6cp 48750 Network Planning and Management 6cp 41900 Fundamentals of Security 6cp 48730 Network Security 6cp 48436 Digital Forensics 6cp CBK90366 ICT choice 18cp Total 54cp
Ok
Lets get started!
First of all: give a definition of Information Security
According to US Code: The term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
Confidentiality
Integrity
Availability
Lets look at these meanings in a minute
Course content
Introduction to Security (Today) Fundamental of Cryptography Symmetric Encryption Cryptographic mathematics Public-key cryptography Information security applications Intrusion Modelling and Detection Security for Network applications Memory Security File System Security Virus and Computer Security Advanced Information Security Topics
History of this subject Network
Security (old) (48730)
Network Security (new) (48730)
Introduction to network security Crypto Revision SSL and SSH protocols Windows and Linux Security DNS, Web Servers and SQL Databases Key Distribution and User
authentication Access control and wireless Vulnerabilities and pen Testing SNMP and WMI Electronic Mail and IP Security SNMP and WMI Firewalls
Fundamental of Security (41900)
Introduction to Security (Today) Fundamental of Cryptography Symmetric Encryption Cryptographic mathematics Public-key cryptography Information security applications Intrusion Modelling and Detection Security for Network applications Memory Security File System Security Virus and Computer Security Advanced Information Security Topics
Rest of Todays lecture
Firstly Lets examine the Security Design Principals and some of its techniques
Secondly, Lets look at the Security Goals
Lastly, lets look at some of the Security organizations
Security design principals and techniques
Imagine you are designing some security system from scratch
What best practices would you adopt?
Lets take a look at some examples of the techniques.
Design Principal and Techniques - Principle of least privilege
Each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.
A non-computer example: University environment
A Computer examples: Unix access control file permission
Some more extreme example: SE Linux
Type Enforcement: default: no access
allow :
();
allow a user process to execute a shell script:
allow user_t bin_t : file (read execute getattr);
SELinux TE Policy
SELinux Type Enforcement
TE rule:
alllow initrc_t snort_etc_t: file read;
Subjects (processes) in the initrc_t domain can read files labeled with the snort_etc_t
type, i.e. the SysV init process can read
the contents of the /etc/snort directory tree
Design Principal and Techniques Code Reviews and Unit Testing
These are approaches to make modules more secure.
Verify the functionality and security of a specific section of code, usually at the function level.
In an OO environment, this is usually at the class level
Large programming environment
1 #include 2 #include 3 4 void print( const char * ); 5 int main() 6 { 7 print( "Mitt Romney" ); 8 print( "Newt Gingrich" ); 9 print( "Rick Santorum" ); 10 print( "Ron Paul" ); 11 return 0; 12 } 13 void print( const char *name ) 14 { 15 int indent = 100 / (strlen(name) - 8) / 2; 16 for( int i = 0; i < indent; i++ ) 17 printf( " " ); 18 printf( "%s\n", name ); 19 }
Taking from: http://www.gimpel.com/html/newbugs/
Design Principal and Techniques - Defence in depth
Multiple layers of security controls (defence) are placed throughout an information technology (IT) system.
To provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
Defense in Depth
To defend a system against any particular attack using several independent methods:
Logging and auditing Packet filters Timed access control Internet Security Awareness Training Virtual private network (VPN) Sandboxing Intrusion Protection System
Anti virus software Authentication and password security Biometrics Demilitarized zones (DMZ) Firewalls (hardware or software) Hashing passwords Intrusion detection systems (IDS)
Design Principal and Techniques - Default secure settings
Design to "fail secure" rather than fail insecure
Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
For example, windows server 2008
For example: Packet Filtering Firewall Configurations
Exclusive : An exclusive firewall allows all traffic through except for the traffic matching the rule-set.
Inclusive : only allows traffic matching the rules through and blocks everything else.
Packet filtering firewalls are usually set up by a configuration file. The script allows and restricts access. There are two types of firewall script design.
Firewall Configuration Inclusive Type
Design Principal and Techniques - Audit trails
Tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.
Honeypot of IDS system
Design Principal and Techniques Full disclosure
To ensure that when bugs are found the "window of vulnerability" is kept as short as possible.
This is why encryptions algorithm are generally known to public
Next
We will discuss security goals.
Some of them are more applicable to network rather than general information security..
Goals of Network Security
Major Goals Confidentiality Integrity Availability Other Goals Entity Authentication Message Origin Authentication Timeliness Non-Repudiation Authorisation Access Control
Goals of Information Security (1) Confidentiality
A and B do not want their messages read by other people. This is the network security goal of confidentiality. The general technique used to ensure confidentiality is encryption of messages. An example of a breach of confidentiality : Someone reads the plaintext packets being exchanged between A and B by running a program such as Wireshark. If the packets are securely encrypted even though they are captured they cannot be read.
Goals of Information Security (2) Integrity
A and B do not want their messages changed by other people. This is the network security goal of integrity. The general techniques used to ensure integrity are hashes and Message Authentication Codes (MAC). The term Message Authentication is also used as a synonym for integrity.
Goals of Information Security (3) Availability
Availability refers to the ability for a service to be available. A wants to be able to connect to B (ignoring considerations of entity authentication etc.). A situation where B is deliberately sent a large number of false requests or other unnecessary traffic, making it difficult for a legitimate request for a connection is a Denial of Service (DOS) attack. When a lot computers are involved in sending the unnecessary traffic to B, it is a Distributed Denial of Service (DDOS).
Goals of Network Security (4) Entity Authentication
A wants to be sure that the entity saying it is B really is B and not an imposter. Similarly, B wants to be sure that the entity that says its A really is A. The general techniques used to ensure entity authentication are passwords, authentication protocols, key exchange protocols and third party certificates. Entity Authentication is also relevant in the context of users identifying themselves to use resources on a network or to log on to a particular host. Entity authentication is also called identification.
Goals of Network Security (5) Message Origin Authentication
A wants to be sure that the messages supposedly coming to it from B, really are coming from B. Similarly B wants to be sure that messages supposedly coming from A really are coming from A. This is Message Origin Authentication. It is sometimes called Data Origin Authentication. Techniques used to verify the origin of a message include Message Authentication Codes (MACs), digital signatures and appending an authenticator to a message before encryption.
Goals of Network Security (6) Timeliness
If A and B conduct a completely secure conversation over a network, it is conceivable that a third party may copy the conversation and use it to masquerade as either A or B in a future conversation. This is known as a replay attack. Timeliness means that a secure conversation cannot be used as a basis for a replay attack. Some of the techniques used to prevent a replay attack include timestamps, nonces and random numbers.
Goals of Network Security (7) Non-repudiation (origin)
(8) Non-repudiation (destination)
A may want to be sure that B cannot deny having sent a particular message to A. This feature is Non-repudiation (origin). A wants to be sure that B really received a particular message that A sent. This feature is Non-repudiation (destination).
Goals of Network Security (9) Authorisation
Authorization is official permission to carry out certain actions. For example, a particular computer on a network has resources that are available to a particular set of users. Not all users of the network are authorised users of the particular computer. Authorisation allows users to do certain things. Passwords are an authorisation technique. Upon entering their username and password, authorised users are given access to some resources on the computer. The concept is related to but different from access control.
Goals of Network Security (10) Access Control
Access control refers to the ability to restrict access to resources to certain users. The concept is closely related to authorisation but different. Access control restricts users from doing certain things. A good example of access control is the rights granted to users of database systems different users are restricted in what tables they can read and what tables they can write to. Only the database administrator has full rights over all tables. The restriction of the privileges of normal database users is an example of access control.
25/02/2015 Operating Systems for Network Security
(32523) 36
Some more depth in Access Control How do we control the level of access
that each agent has for each object in system?
What, and how, can an authenticated user use a resource or object?
Unix has permission bits that allow some control of access
rwxrwxrwx: discussed previously
Simplified version of Access Control Matrix
Not actually used in most general form
25/02/2015 Operating Systems for Network Security
(32523) 37
Example of Access Control Matrix
file1 file2 file3 printer
tom RW NONE NONE W
jerry RO NONE RW NONE
25/02/2015 Operating Systems for Network Security
(32523) 38
Access Control Matrix: Discussion
Full access control matrix would be huge
For UTS FEIT > 1200 users
> 1 000 000 objects
> 1GB storage required
Most entries in full matrix would be denials of access
Other entries show clear patterns
25/02/2015 Operating Systems for Network Security
(32523) 39
Storing Access Control Matrix
When permission bits are inadequate, elements of the matrix can be stored:
by row: Access Control Lists (ACL's)
by column: Capability Lists
Both solutions give equivalent protection, but have different effects
Systems often use a combined approach
25/02/2015 Operating Systems for Network Security
(32523) 40
Access Control Lists Each object e.g. a file or a class, has an
associated list saying which agent can use it, and how Rights to the object
Lists can be reduced by, e.g.: Common lists (e.g. all Bruce's C source files) Showing privileges for groups, instead of
individuals
Each entry in list will have: Agent or group id Permissions granted / denied
Examples: setfacl(1), Cisco ACLs
25/02/2015 Operating Systems for Network Security
(32523) 41
Capability Lists
Each agent has tickets allowing use of specified objects
Once acquired provides efficient access by agent to object
Tickets may be: Permanent or one-time
Transferable to other agents or restricted to original owner
Revokable
25/02/2015 Operating Systems for Network Security
(32523) 42
Comparison
ACLs are object-centric; capabilities are user-oriented
ACLs and capabilities offer similar levels of protection
Capabilities give least privilege
Take up about same amount of resources
ACLs seem easier
No problems of transferring between agents
Seem to be used for static privileges rather than dynamic e.g. one-time
Both approaches have been used in many systems
Summary of Terms
The terms we have looked at as Security Goals are widely used in Network Security literature.
The differences between some of them are often quite subtle.
You should understand each of them clearly.
They can often apply in non-computing scenarios.
Particular scenarios often involve the interaction of a number of security goals.
Scenario involving security goals
When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).
Scenario involving security goals
When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).
Scenario involving security goals
When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).
Scenario involving security goals
When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).
Scenario involving security goals
When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).
Lastly
We will be looking at the some of the security organizations
Security bodies: NIST - CSD National Institute of Standards and Technology (NIST) Computer Security Division's (CSD) Security Technology Group (STG) Involved in the development, maintenance, and promotion of a
number of standards and guidance that cover a wide range of cryptographic technology.
aims to develop a comprehensive Cryptographic Toolkit that will enable U.S. Government agencies and others to select cryptographic security components and functionality for protecting their data, communications, and operations.
41900 students, you may view the toolkit from this website:
http://csrc.nist.gov/groups/ST/toolkit/index.html
Security bodies: NIST - STG
http://csrc.nist.gov/groups/ST/toolkit/index.html The above website states the security method in which NIST approves. For examples, under Encryption algorithm, it states that: Currently, there exist three (3) Approved* encryption algorithms: AES, Triple DES, and Skipjack.
Security bodies: IETF
The Internet Society Professional membership society, 100+ organizations,
20,000+ individual members, 180+ countries.
Provides leadership in addressing issues that confront the future of the Internet
Organization home for the groups responsible for Internet infrastructure standards
Internet Engineering Task Force (IETF)
Internet Architecture Board (IAB)
Security bodies: IETF
http://tools.ietf.org/html/rfc3365 IETF has several security protocols and standards: IP Security (IPsec [RFC2411]) Transport Layer Security (TLS [RFC2246]) Simple Authentication and Security Layer (SASL [RFC2222] Generic Security Service Application Programming
Interface (GSSAPI [RFC2743])
Security bodies: ITU-T
ITU-T : International Telecommunication Union Telecommunication Sector
A UN specialised agency. Releases some standards relevant to network security. In particular the X.509 PKI (Public Key Infrastructure) standard and the X.800 Security Architecture Standard.
Some of the Australian Bodies
ASD - CSOC The Cyber Security Operations Centre (CSOC) was established in the Australian Signals Directorate (ASD). CSOC has two main roles:
provide government with a better understanding of sophisticated cyber threats against Australian interests
Coordinate and assist operational responses to cyber events of national importance across government and systems of national importance.
AISA The Australian Information Security Association (AISA) is an Australian representative industry body for the information security profession.