Chapter 1
Overview
�Computer Security
Overview
The NIST Computer Security
Handbook defines the term Computer
Security as:
The protection afforded to an
automated information system in
order to attain the applicable
objectives of preserving the integrity,
availability and confidentiality of
information system resources
(includes hardware, software,
firmware, information/data, and
�The CIA Triad
Confidentiality
data
confidentiality
privacy
Integrity
- data integrity
- system integrity
Availabilit
y
�Key Security Concepts
�Computer Security Challenges
computer security is not
as simple as it might first
appear to the novice
potential attacks on the
security features must be
considered
procedures used to
provide particular
services are often
counterintuitive
physical and logical
placement needs to be
determined
additional algorithms or
protocols may be involved
attackers only need to find a
single weakness, the
developer needs to find all
weaknesses
users and system managers
tend to not see the benefits
of security until a failure
occurs
security requires regular
and constant monitoring
is often an afterthought to
be incorporated into a
system after the design is
complete
thought of as an
impediment to efficient and
user-friendly operation
�Table 1.1
Computer
Security
Terminolo
gy
RFC 2828,
Internet
Security
Glossary, May
2000
�Figure 1.2
Security Concepts and Relationships
�Vulnerabilities, Threats
and Attacks
categories of vulnerabilities
corrupted (loss of integrity)
leaky (loss of confidentiality)
unavailable or very slow (loss of availability)
threats
capable of exploiting vulnerabilities
represent potential security harm to an asset
attacks (threats carried out)
passive does not affect system resources
active attempt to alter system resources or affect their
operation
insider initiated by an entity inside the security
parameter
outsider initiated from outside the perimeter
�Countermeasures
�Table 1.2
Threat
Consequen
ces
�Figure 1.3
Scope of Computer Security
�Table 1.3
Computer and Network Assets
Examples of Threats
Table 1.3
Computer and Network Assets, with Examples of Threats.
�Passive and Active
Attacks
Passive attacks attempt to learn or make use of
information from the system but does not affect system
resources
eavesdropping/monitoring transmissions
difficult to detect
emphasis is on prevention rather than detection
two types:
release of message contents
traffic analysis
Active attacks involve modification of the data stream
goal is to detect them and then recover
four categories:
masquerade
replay
modification of messages
denial of service
�Table
1.4
(FIPS PUB
200)
Secu
rity
Requ
irem
ents
�Security Functional
Requirements
�Security Architecture For
Open Systems
ITU-T Recommendation X.800, Security
Architecture for OSI
systematic way of defining the requirements
for security and characterizing the
approaches to satisfying them
was developed as an international standard
focuses on:
security attacks action that compromises the
security of information owned by an
organization
security mechanism designed to detect,
prevent, or recover from a security attack
security service intended to counter security
�Security Services
X.800
defines a security
service as a service
that is provided by
a protocol layer of
communicating
open systems and
ensures adequate
security of the
systems or of data
transfers
defines a security
RFC 2828
service as a
processing or
communication
service that is
provided by a
system to give a
specific kind of
protection to
system resources;
security services
implement security
policies and are
implemented by
security
mechanisms
�Table 1.5
Security
Services
Source: From X.800, Security Architecture for OSI
� Data Origin Authentication
provides for the
Authentication
Service
concerned with assuring
that a communication is
from the source that it
claims to be from
must assure that the
connection is not
interfered with by a third
party masquerading as
one of the two legitimate
parties
corroboration of the
source of a data unit
does not provide
protection against the
duplication or
modification of data units
this type of service
supports applications like
Peer
email
where
there are no
Entity
Authentication
provides
for the corroboration
prior
interactions
of the identity
between
the of a peer entity
in an association
communicating
entities
provided for use at the
establishment of, or at times
during the data transfer phase
of, a connection
attempts to provide confidence
that an entity is not performing
either a masquerade or an
unauthorized replay of a
previous connection
�Access
Control
Service
the ability to limit and
control the access to host
systems and applications
via communications links
each entity trying to gain
access must first be
identified, or
authenticated, so that
access rights can be
tailored to the individual
Nonrepudiation
Service
prevents either
sender or receiver
from denying a
transmitted message
receiver can prove
that the alleged
sender in fact sent
the message
the sender can prove
� protects the traffic flow from
Data
Confidentiality
Service
analysis
this requires that an attacker
not be able to observe the
source and destination,
frequency, length, or other
characteristics of the traffic
on a communications facility
connectionless
confidentiality
the protection of transmitted
data from passive attacks
the broadest service protects
all user data transmitted
between two users over a
period of time
connection confidentiality
the protection of all user data
on a connection
protection of all user data in
a single data block
selective-field confidentiality
confidentiality of selected
fields within the user data on
a connection or a single data
block
traffic-flow confidentiality
protection of the information
� a connection-oriented
Data
Integrity
Service
integrity service assures
that messages are received
as sent, with no duplication,
insertion modification,
reordering, or replays
destruction of data is also
can apply to a stream of
messages, a single
message, or selected
fields within a message
a connectionless integrity
service generally provides
protection against
message modification only
covered under this service
addresses both message
stream modification and
denial of service
need to make a distinction
between the service with
and without recovery
concerned with detection
rather than prevention
the incorporation of
automated recovery
mechanisms is the more
attractive alternative
� a variety of attacks can
result in the loss of or
reduction in availability
Availability
Service
a service that protects a
system to ensure its
availability
defined as the property
of a system or a system
resource being accessible
and usable upon demand
by an authorized system
entity, according to
performance
specifications of the
system
some of these attacks
are amenable to
authentication and
encryption
some attacks require a
physical action to
prevent or recover from
loss of availability
X.800 treats availability as
a property to be
associated with various
security services
addresses the security
concerns raised by denialof-service attacks
depends on proper
management and control
�Table
1.6
X.800
Security
Mechanisms
�Figur
e 1.4
Securi
ty
Trend
s
�Figure 1.5
Security Technologies
Used
�Computer Security
Strategy
�Security Policy
formal statement of rules and practices
that specify or regulate how a system or
organization provides security services to
protect sensitive and critical system
resources
factors to consider:
trade-offs to
value of the assets
consider:
being protected
vulnerabilities of the
ease of use versus
system
potential threats and
the likelihood of
attacks
security
cost of security versus
cost of failure and
recovery
�Security Implementation
involves four
complementary
courses of
action:
�Assurance and
Evaluation
assurance
the degree of confidence one has that the security
measures work as intended to protect the system
and the information it processes
encompasses both system design and system
implementation
evaluation
process of examining a computer product or
system with respect to certain criteria
involves testing and formal analytic or
mathematical techniques
�Summary
security concepts
CIA triad
confidentiality preserving
the disclosure of information
integrity guarding against
modification or destruction
of information
availability ensuring timely
and reliable access to
information
terminology table 1.1
security architecture
security services enhances the
security of systems and
information transfers, table 1.5
security mechanisms
mechanisms designed to detect,
prevent, or recover from a
security attack, table 1.6
security attack any action that
compromises the security of
information owned by an
organization
threats exploits
vulnerabilities
attack a threat carried out
countermeasure means to
deal with a security attack
assets hardware, software,
data, communication lines,
networks
security trends
figure 1.4
security strategy
policy, implementation,
assurance and evaluation
