Академический Документы
Профессиональный Документы
Культура Документы
Security
Mrs Swati Joglekar
Associate Professor
Department of Computer
Science
Fergusson College, Pune
sw.joglekar@gmail.com
Web Sites
No applications
Static pages
Hard coded links
Browser
Web Server
Security Gap
Application
Developers and
QA Professionals
Dont Know
Security
As an Application
Developer, I can
build great features
and functions while
meeting deadlines,
but I dont know
how to develop my
web application
with security as a
feature.
Educate
Issue awareness, Training, etc
Mobile is everywhere:
1
2
3
4
5
Uniqueness of Mobile
Mobile
devices
are shared
more
often
Personal phones
and tablets
shared with family
Enterprise tablet
shared with coworkers
Social norms of
mobile apps vs.
file systems
Mobile
devices
have
multiple
personas
Work tool
Entertainment
device
Personal
organization
Security profile
per persona?
Mobile
devices
.are
diverse
OS immaturity for
enterprise mgmt
BYOD dictates
multiple OSs
Vendor / carrier
control dictates
multiple OS
versions
Mobile
devices
are used
in more
locations
A single location
could offer public,
private, and cell
connections
Anywhere,
anytime
Increasing
reliance on
enterprise WiFi
Mobile
devices
prioritize
the user
Conflicts with user
experience not
tolerated
OS architecture
puts the user in
control
Difficult to enforce
policy, app lists
77% growth in
Google Android
malware from Jun
2010 to Jan 2011
11
October 2012
2012 Tech Trends Report (Weighted by GMV IBM Proprietary) | IBM Market Insights | IBM Confidential
Designing &
Instituting an
Adaptive Security
Personal vs corporate
Data leakage into and out of the enterprise
Partial wipe vs. device wipe vs legally defensible wipe
Data policies
Application life-cycle
Static & Dynamic analysis
Call and data flow analysis
Application policies
Interrelated
Achieving Data
Separation &
Providing Data
Protection
Adapting to the
BYOD/
Consumerization of
IT Trend
Providing secure
access to
enterprise
applications & data
Developing Secure
Applications
Internet
Secure
endpoi
nt
device
and
data
Mobile
apps Develop,
test and
deliver
We
safe
b
applicatio
site
ns
s
Telecom
Provider
Achieve Visibility
and Enable
Adaptive Security
Posture
Securit Corporat
e
y
Gatewa Intranet
&
y
Secure
access
to
Systems
enterprise applications
and data
Device Management
and Security
Application Management
and Security
variants
Managed devices (B2E)
Data separation and protection
Threat protection
mobile entitlements
Policy management and
enforcement
Secure connectivity
Security intelligence and
reporting
At the Device
On the Network
Enroll
Authenticate
Develop
Configure
Encrypt
Test
Reconfigure
Control
Protect
De-provision
Block
Update
Intern
et
Corpora
te
Intranet
Business Need:
Business Need:
Business Need:
Enforce Corporate
Development Best Practices
Development tools
enforcing security
policies
Testing mobile apps for
exposure to threats
Penetration Testing
Vulnerability Testing
Provide Offline Access
Encrypted Local
Storage of
Credentials
Deliver mobile apps securely
Enterprise App Store
Prevent usage of
compromised apps
Detect and disable
compromised apps
Application Sandbox
The Android system assigns a unique user ID (UID)
to each Android application and runs it as that user
in a separate process.
When launching a new Activity, the new process
isnt going to run as the launcher but with its own
identity with the permission specified by the
developer.
The developer of that application has ensured that
it will not do anything the phones user didnt
intend. Any program can ask Activity Manager to
launch almost any other application, which runs
with that applications UID.
Ex. application A is not allowed to do something
malicious like to read application B's data or dial the
phone without permission.
All libraries, application runtime, and all applications
run within the Application Sandbox in the kernel.
Encryption
Encryption
Android 3.0+ provides full filesystem
encryption, so all user data can be
encrypted in the kernel
For a lost or stolen device, full filesystem
encryption on Android devices uses the
device password to protect the encryption
key, so modifying the bootloader or
operating system is not sufficient to access
user data without the users device
password.
Prevent
Permissions
Whitelist model
1.Allow minimal access by
default
2.Allow for user accepted
access to resources
Ask users less questions
Make questions more
understandable
194 permissions
o More granularity
o Less understandability
Detect
A lesser-impact security issue is still a security
issue
Internal detection processes
o Developer education
o Code audits
o Fuzzing
o Honeypot
Everyone wants security allow everyone to
detect issues
o Users
o Developers
o Security Researchers
External Reports
XDA Developers
o
User Reporting
A User Report
MemoryUp: mobile RAM optimizer
o faster, more stable, more responsive, less waiting time
o not quite
React
Autoupdaters are the best security tool since Diffie-Hellman
Every modern operating system should be responsible for:
o Automatically updating itself
o Providing a central update system for third-party
applications
Android's Over-The-Air update system (OTA)
o User interaction is optional
o No additional computer or cable is required
o Very high update rate
Security Philosophy
Finite time and resources
Humans have difficulty understanding risk
Safer to assume that
o Most developers do not understand security
o Most users do not understand security
Security philosophy cornerstones
o Need to prevent security breaches from occurring
o Need to minimize the impact of a security breach
o Need to detect vulnerabilities and security breaches
o Need to react to vulnerabilities and security breaches
swiftly
What is Biometrics?
The automated use behavioral and physiological
characteristics to determine or veiry an identity.
Rapid!
Know
Be
Have
Identification vs.
Authentication
Identification
Authentication
It determines the
identity of the person.
It determines whether
the person is indeed
who he claims to be.
Identity claim from the
user
One-to-one mapping.
The cost of computation
is independent of the
number of records of
users.
No identity claim
Many-to-one mapping.
Cost of computation
number of record of
users.
Captured biometric
signatures come from a
set of known biometric
feature stored in the
system.
Captured biometric
signatures may be
unknown to the system.
Types of Biometrics
Fingerprint
Face Recognition
Session III
Hand Geometry
Iris Scan
Voice Scan
Session II
Signature
Retina Scan
Infrared Face and Body Parts
Keystroke Dynamics
Gait
Odour
Ear
DNA
Biometrics
2D Biometrics (CCD,IR, Laser, Scanner)
1D Biometrics
Fingerprint
Hand Geometry
IrisCode
Face
Principal Component Analysis
Desired Properties
Universality
Uniqueness
Permanence
Collectability
Performance
Users Accpetability
Robustness against Circumvention
Compariso
n
Biometric Type
Accuracy
Ease of Use
User Acceptance
Fingerprint
High
Medium
Low
Hand Geometry
Medium
High
Medium
Voice
Medium
High
High
Retina
High
Low
Low
Iris
Medium
Medium
Medium
Signature
Medium
Medium
High
Face
Low
High
High
Multimodal Biometrics
Pattern Recognition
Concept
Sensors
Biometrics
Extractors
Image- and
signal- pro.
algo.
Classifiers
Negotiator
Threshold
Scores
Voice, signature
acoustics, face, 2D (bmp,
fingerprint, iris, tiff, png)
hand geometry, etc
Enrolment
Training
Submission
Decision:
Match,
Non-match
Inconclusiv
An Example:
A Multi-model
System
Sensors Extractors Classifiers Negotiator
Accept/
Reject
ID
Face
Face
Face
Extractor Feature MLP
2D (bmp)
AND
Voice
Voice
Voice
Extractor Feature MLP
1D (wav)
Abstraction
Negotiation
Logical AND
Learning-based
Classifiers
NN, SVM,
Extractors
Voice MLP
Voice Ex
Face MLP
Face Ex
Basic Operators
Cl-q
Ex-q
Data Representation
Biometrics
1D
Voice,
signature acoustics
2D
Face, Fingerprint,
Iris, Hand Geometry, etc.
3D
Face
cWaveOperator
1 1
Operators
cDataProcessing
Output data
Input data
Operants
1 1
cWaveObject
System Architecture in
Details
Visage
Normalisation Apprentissage et
+ Codage
Reconnaissance
Moment
-50
-50
0
Vert
Bleu
Hue
Saturation
Intensit
10
20
30
40
50
0
50
50
100
100
In te nsity
10
20
30
40
Grey Scale
150
150
200
200
250
250
Intensity
Extraction
Rseau des
neurones
w1
Accepter,
Rejeter
Identit
Voix
Frquence
Transformation de londelette
Effacer les
silences
Dcision
Normalisation Apprentissage et
+ Codage
Reconnaissance
w2
C0 C1 C2 C3 C4 C5 C6 C7
C9 C10 C11 C12
C13 C14
Temps
C15
Rseau des
neurones
Biometric Applications
Biometrics-enabled
Authentication Applications
1. Cell phones, Laptops, Work Stations,
PDA & Handheld device set.
2. Door, Car, Garage Access
Biometrics-enabled
Identification Applications
1. Forensic : Criminal Tracking
e.g. Fingerprints, DNA Matching
2. Car park Surveillance
3. Frequent Customers Tracking
Application by
Technologies
Biometrics
Vendo
rs
Market
Share
Applications
Fingerprint
90
34%
Hand
Geometry
26%
Face
Recognition
12
15%
Voice
Authenticat
ion
Iris
Recognition
32
11%
systems, physical
access
Transaction
authentication; picture
ID duplication
prevention;
surveillance
Security, V-commerce
9%
Commercial Products
The Head
The Eye
The Face
Eye-Dentify
Visionics
IriScan
Miros
Sensar
Viisage
Iridian
The Hand
The Fingerprint
Hand Geometry
Identix
Advanced
BioMouse
Biometrics
The FingerChip
Recognition
Veridicom
Systems
Other Information
Bertillonage
International Biometric Group
Palmistry
The Voice
iNTELLiTRAK
QVoice
VoicePrint
Nuance
Behavioral
BioPassword
CyberSign
PenOp
Introduction
Wireless stations, or nodes, communicate over a wireless
medium
Networks operating under infrastructure mode e.g., 802.11,
802.16, Cellular networks
Networks operating with limited or no infrastructural
support e.g., ad hoc networks in AODV mode
Introduction Wireless
Technologies
Different technologies have been
developed for different scenarios and
requirements
WiFi is technology for Wireless LANs and
short range mobile access networks
WiMAX is technology for last mile
broadband connectivity
Wireless USB is technology for Internet
connectivity on the go
Other technologies like Infrared (TV
remotes etc), Bluetooth (soon to be
obsolete) etc are short range
Extreme bandwidth but short range
technologies are Gigabit wireless etc
Introduction
Fixed Infrastructure
Base stations that are typically not resource
constrained.
Examples: sensor networks, and cellular
networks.
Mobility of nodes but not of base stations.
Introduction
Image from
www.microsoft.com
Introduction
Mixed mode
In between the two modes.
Some nodes exhibit ad hoc capability.
Introduction
To formalize study and solutions, need
good models for these networks.
Formal model to characterize the properties
and solutions
Models that are close to reality
Still allow for solution design and analysis.
Introduction
Solution properties
Light-weight
Have to use battery power wisely.
Other resources, such as storage, are also
limited.
Local control
Many cases, only neighbours are known.
Any additional information gathering is
expensive.
Introduction
Difficulty of modeling wireless networks
as opposed to wired networks:
Transmission
Interference
Resource constraints
Mobility
Physical carrier sensing
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
u'
v
Models of W ireless
Networks
R
u
R
u'
u
v'
v
w
v
w
u
v'
rt
v
rt
rt
v
w
ri
n2
ri
u'
u r
t
v
w
ri
u'
u r
t
v
w
b
a
v
rt(P)
w
c(v,w)
rt(P)
c(v, v')
ri(P)
Carrier Sensing
Virtual carrier sensing using RTS/CTS.
Physical Carrier Sensing
Provided by Clear Channel Assessment
(CCA) circuit.
Monitor the medium as a function of
Received Signal Strength Indicator (RSSI)
Energy Detection (ED) bit set to 1 if RSSI
exceeds a certain threshold
Has a register to set the threshold in dB
rst(T,P)
c(w,v) rst(T,
P)
v''
w
v
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions at
each layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
Functions of MAC
Scanning, Authentication, Association, WEP,
RTS/CTS, Power Save options, Fragmentation
DATA
802.11 MAC
Use Physical Carrier Sensing to sense for a
free medium.
Explicit ACKs to indicate reception of packet.
Results in the problem of hidden node.
Use Virtual Carrier Sensing using RTS/CTS.
C
D
DATA
MAC Layer
More recent solutions address issues
such as, especially with respect to ad
hoc networks
self-stabilization
Dynamism
Efficiency
Fairness
Application Layer
Notion of an application layer protocol
Email/Web/Games/SMS/MMS
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems
Denial of Service
Can hog the medium by sending noise
continuously.
Can be done without draining the power of the
adversary.
Depends on physical carrier sensing threshold.
A
z
Destination
Denial-of-service
Easy to mount in wireless network protocols.
One strategically adversary can generally
disable a dense part of the network.
A
z
s
t
RREQ
RREQ
s
t
Application Layer
Easy to infect mobile devices.
Rerouting content through the base
station poses privacy issues.
Bluetooth networks and ad hoc networks do
not have a base station facility.
Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each
Layer
Security Solutions
Open Problems
Security Solutions
Requirements
Encapsulate
802.11 Hdr
IV
Data
Decapsulate
Data
ICV
RC4 is a Vernam Cipher meaning primary operations are XOR with pseudorandom bytes
Per-packet encryption key is 24-bit IV concatenated to a pre-shared key
Integrity Check Vector (ICV) is CRC-32 over plain-text (used as Message
Authentication Code)
Data and ICV are encrypted using per-packet encryption key
Problem
RC4 is weak (as the IV is reused) and can allow an attacker to get the key stream
used
The ICV can enable one to check the validity of the key stream recovered
Wireless
Node
Shared secret distributed out of band
Challenge (Nonce)
Response (Nonce RC4 encrypted under shared
key)
Decrypted nonce OK?
Solution Requirements
Mutual authentication
Scalable key management for large
networks
Central authorization and accounting
Support for extended authentication like
smart cards
Key Management Issues
Need to dynamically manage keys to avoid
manual reconfiguration difficulties especially
for large networks
Broadcast Security
K1, K2, K3,
K4, K5
K1, K2, K4
K1, K3, K4
K2, K5, K3
K1, K5, K4
K1, K2, K3
K2, K5, K4
K1, K3, K5
K1, K2, K5
Message
MACK4(M) MACK5(M)
Broadcast Security
K1, K2, K3
K4, K5, K6,
K7, K8
K1, K2, K4
K1, K3, K4
K2, K5, K3
K1, K5, K4
K1, K2, K3
K2, K5, K4
K1, K3, K5
K1, K2, K5
Collusion is an issue
A larger pool of keys can be selected
For N users O(log N) keys can give good results
Scales well as the sender only needs to give a new subset of keys to a new user
Security Solutions
Privacy in a Peer-to-peer situation
Public-key cryptography can be of use but expensive
Key distribution is a major hurdle given that communicating
parties are not known in advance
Anyone can communicate with any one
Email Security
SMU
CSE 5349/49
Threats
Threats to the security of e-mail itself
Loss of confidentiality
E-mails are sent in clear over open networks
E-mails stored on potentially insecure clients
and mail servers
Loss of integrity
No integrity protection on e-mails; body can
be altered in transit or on mail server
CSE 5349/7349
SMU
CSE 5349/7349
SMU
CSE 5349/7349
SMU
CSE 5349/7349
Email SPAM
Cost to exceed $10 billion
SPAM filtering
Content based required hits
White list
Black list
Defang MIME
SMU
CSE 5349/7349
PGP
SMU
CSE 5349/7349
PGP
Functionality
Encryption for confidentiality.
Signature for non-repudiation/authenticity.
SMU
CSE 5349/7349
PGP Algorithms
Broad range of algorithms supported:
Symmetric encryption:
DES, 3DES, AES and others.
Hashing:
SHA-1, MD-5 and others.
Signature:
RSA, DSS, ECDSA and others.
SMU
CSE 5349/7349
Introduction
This presentation is designed to give you a brief
overview of the top 10 most critical Internet
Security threats.
These arent the only threats.just the most
common at the moment.
Hopefully, well eliminate these threats and
create a new list next year.
The Top 10 and Top 20 documents are in
Appendix A of this presentation.
ITTIP Seminar
123
Introduction
Well review the original Top 10 list first
Well review the new items in the Top 20
Well also provide a list of common ports
to filter or monitor.
ITTIP Seminar
124
ITTIP Seminar
125
ITTIP Seminar
126
ITTIP Seminar
127
ITTIP Seminar
128
ITTIP Seminar
129
Summary
Most of the successful system and network
attacks exploit a small set of vulnerabilities.
The Top 10 list briefly describes this set of
vulnerabilities and gives you references to
learning more about them.
More importantly, it gives you some suggested
fixes for the problem.
Our individual security depends on our mutual
security.
ITTIP Seminar
130
Windows Vulnerabilities
Unix Vulnerabilities
ITTIP Seminar
131
Top 20 Summary
General Affects all Systems
ITTIP Seminar
132
Top 20 Summary
Windows
W1: Unicode Vulnerability
W2: ISAPI Extension Buffer Overflows
W3: IIS RDS Exploit
W4: Unprotected NETBIOS Shares
W5: Null Sessions
W6: Weak Hashing in SAM (LM Hash)
ITTIP Seminar
133
Top 20 Summary
Unix
U1: RPC buffer Overflows
U2: Sendmail Vulnerabilities
U3: BIND
U4: R Commands
U5: LPD Buffer Overflow
U6: sadmind mountd Buffer Overflow
U7: Default SNMP
ITTIP Seminar
134
Datafication
Massive amounts of unstructured messy data
Otherwise unnoticed patterns
Indiscriminate collection
Indefinite retention for unpredictable future uses
Datafication
Foreign governments
Voluntary information sharing,
Reporting requirements
Government
Internal sharing
Reporting
External
sharing
Privacy and
security
requirements
Investigati
on
Institutio
n
Transparenc
y
requirement
s
Investigation
Surveillanc
e
Indiscriminate Collection
Big Data typically involves collecting diverse
types of data.
In an intelligence driven security model, the definition
of security data expands considerably. In this new
model, security data encompasses any type of
information that could contribute to a 360-degree view
of the organization and its possible business risks.
Sam Curry et al., Big Data Fuels Intelligence-Driven
Security (RSA, January 2013), 4,
http://www.emc.com/collateral/industryoverview/big-data-fuels-intelligence-driven-securityio.pdf.
Indefinite Retention,
Unpredictable Uses
The information is typically retained for a
long time
to use in unpredictable ways.
as the Pravochol/Paxil example illustrates.
The example also illustrates the rationale:
the discovery of patterns we might not
otherwise notice.
Loss of Informational
Privacy
Informational privacy is the ability to
determine for ourselves what information
about us others collect and what they do
with it.
None of the developments just outlined
can happen without a loss of control over
our data.
Our data
Businesses
Government
We can
determine
where you
work, how you
spend your
time, and with
whom, and
with 87%
certainty
where you'll be
next Thursday
at 5:35 p.m.
Increased
power to
control from
knowing
our location
data.
Courts
Refuse to see a mere invasion of privacy as a
compensable harm
Do not curtailed massive data collection, and
Rarely hold businesses liable for data breaches .
Claims:
1. Notice and Choice ensure free and informed
consent.
2. The pattern of free and informed consent
defines an acceptable tradeoff between privacy
and the benefits of information processing.
What We HaveContractually
Realized Notice and Choice
Advertisin
g
ecosyste
m
Business
Government
Consumer
Payment
system
Aggregator
s
Informed Consent
Impossible
Two features of the advertising
system make it impossible for a
Notice to contain enough
information:
Complexity, and
Long-term data retention.
Complexity
The specificity assumption: informed
consent requires knowing specific
detail about what happens with the
ones information.
The advertising system is too
complex for a Notice to provide the
required detail.
Data Restrictions
Proponents of Notice and Choice insist on
restrictions on data collection and use:
The Federal Trade Commission: Companies
should
limit data collection to that which is consistent
with the context of the transaction or the
consumers relationship with the business
implement reasonable restrictions on the
retention of data and should dispose of it once
the data has outlived the legitimate purpose for
which it was collected.
Informed Consent
A visitors consent is informed if the visitor
can make a reasonable evaluation of the
risks and benefits of disclosing information.
Suppose visitors know transactions are
governed by value-optimal norms, then:
they know that uses of the visitors
informationboth uses now and uses in the
unpredictable futurewill implement
tradeoffs between privacy and competing
goals that entirely consistent with their
values.
Tradeoffs
All informational normsvalue-optimal and
non-value-optimal alikeimplement a
tradeoff between privacy and competing
concerns.
They permit some information processing, and
thus secure some of its benefits, but they protect
privacy by allowing only certain processing.
Access Controls
From (ISC)2 Candidate Information
Bulletin:
Access control is the collection of
mechanisms that permits managers of a
system to exercise a directing or restraining
influence over the behavior, use, and
content of a system. It permits
management to specify what users can do,
which resources they can access, and what
operations they can perform on a system.
166
Access Controls
From (ISC)2 Candidate Information
Bulletin:
The candidate should fully understand
access control concepts, methodologies and
implementation within centralized and
decentralized environments across the
enterprises computer systems. Access
control techniques, detective and corrective
measures should be studied to understand
the potential risks, vulnerabilities, and
exposures.
167
Security Principles
The three main security principles
also pertain to access control:
Availability
Integrity
Confidentiality
169
170
Identification
Identification
Method of establishing the subjects
(user, program, process) identity.
Use of user name or other public
information.
Know identification component
requirements.
171
Authentication
Authentication
Method of proving the identity.
Something a person is, has, or does.
Use of biometrics, passwords,
passphrase, token, or other private
information.
Authentication
Biometrics
Verifies an identity by analyzing a
unique person attribute or behavior
(e.g., what a person is).
Authentication
Most common biometric systems:
Fingerprint
Palm Scan
Hand Geometry
Iris Scan
Signature Dynamics
Keyboard Dynamics
Voice Print
Facial Scan
Hand Topography
174
Authentication
Biometric systems can be hard to
compare.
Type I Error: False rejection rate.
Type II Error: False acceptance rate.
This is an important error to avoid.
175
Authentication
Passwords
User name + password most common
identification, authentication scheme.
Weak security mechanism, must
implement strong password protections
Implement Clipping Levels
176
Authentication
Techniques to attack passwords
Electronic monitoring
Access the password file
Brute Force Attacks
Dictionary Attacks
Social Engineering
Authentication
Passphrase
Is a sequence of characters that is
longer than a password.
Takes the place of a password.
Can be more secure than a password
because it is more complex.
178
Authentication
One Time Passwords (aka Dynamic
Passwords)
Used for authentication purposes and
are only good once.
Can be generated in software (soft
tokens), or in a piece of hardware
179
Authentication
Two types of Token Devices (aka
Password Generator)
Synchronous
Time Based
Counter Synchronization
Asynchronous
180
Authentication
Smart Cards and Memory Cards
Memory Cards: Holds but cannot process
information.
Smart Cards: Holds and can process
information.
Contact
Contactless
Hybrid
Combi
181
Authentication
Attacks on Smart Cards
Fault Generation
Microprobing
Side Channel Attacks (nonintrusive
attacks)
182
Authentication
Hashing & Encryption
Hash or encrypting a password to ensure
that passwords are not sent in clear text
(means extra security)
183
Authentication
Cryptographic Keys
Use of private keys or digital signatures
to prove identity
Private Key
Digital Signature
Beware digital signature vs. digitized
signature.
184
Authorization
Authorization
Determines that the proven identity has
some set of characteristics associated
with it that gives it the right to access
the requested resources.
185
Authorization
Access Criteria can be thought of as:
Roles
Groups
Location
Time
Transaction Types
186
Authorization
Authorization concepts to keep in
mind:
Authorization Creep
Default to Zero
Need to Know Principle
Access Control Lists
187
Authorization
Problems in controlling access to
assets:
Different levels of users with different
levels of access
Resources may be classified differently
Diverse identity data
Corporate environments keep changing
188
Authorization
Solutions that enterprise wide and single
sign on solutions supply:
User provisioning
Password synchronization and reset
Self service
Centralized auditing and reporting
Integrated workflow (increase in productivity)
Regulatory compliance
189
Authorization
Single Sign On Capabilities
Allow user credentials to be entered one
time and the user is then able to access all
resources in primary and secondary
network domains
191
192
193
194
195
196
Two types
Capability Table (bound to a subject)
Access Control List (bound to an object)
198
199
200
201
202
203
204
Supervisory Structure
Security Awareness Training
Testing
205
206
207
209
Accountability
Accountability is tracked by recording
user, system, and application
activities.
Audit information must be reviewed
Event Oriented Audit Review
Real Time and Near Real Time Review
Audit Reduction Tools
Variance Detection Tools
Attack Signature Tools
210
Accountability
Other accountability concepts
Keystroke Monitoring
Can review and record keystroke entries by a
user during an active session.
A hacker can also do this
May have privacy implications for an
organization
211
Emanation Security
Tempest
White Noise
Control Zone
213
Common Types
214
Intrusion Detection
Intrusion Prevention
Honeypots
Network Sniffers
Rule Based
215
216
Network sniffers
A general term for programs or devices
that are able to examine traffic on a LAN
segment.
217
Dictionary Attacks
Countermeasures include strong password policies,
strong authentication, intrusion detection and prevention
Spoofing at Logon
Countermeasures include a guaranteed trusted path,
security awareness to be aware of phishing scams, SSL
connection
218
Firewall topics
Why firewall?
What is a firewall?
What is the perfect firewall?
What types of firewall are there?
How do I defeat these firewalls?
How should I deploy firewalls?
What is good firewall architecture?
Firewall trends.
What is a firewall?
As many machines as it takes to:
be the sole connection between inside
and outside.
test all traffic against consistent rules.
pass traffic that meets those rules.
contain the effects of a compromised
system.
Firewall components
All of the machines in the firewall
are immune to penetration or
compromise.
retain enough information to recreate
their actions.
Easy to use
Secure
personal modems
vendor modems
partner networks
home networks
loose cannon
experts
employee hacking
reusable passwords
viruses
helpful
employees
off-site backup &
hosting
Ground-floor windows
mail servers
web Servers
old buggy daemons
account theft
vulnerable web browsers
Inside
Proxy
CACHE
Inside
Firewalls in multiple
locations
Store &
Forward
Inside
Critical Systems
Defined as critical to the mission of
the Laboratory, i.e. disruption may
have major impact on Laboratory
operations;
Most things do not fall in this category;
Your role - 2
Obey Strong Authentication Policy (Kerberos)
Dont run network services (login or read write ftp)
unless they demand Kerberos authentication
Treat your kerberos password as a sacred object (never
expose it over the network)
Data backup
Incidental use
Privacy
Offensive material
Licensing
Activities to Avoid
Large grey area, but certain activities
are over the line;
Illegal;
Prohibited by Lab or DOE policy;
Embarrassment to the Laboratory;
Interfere w/ performance of job;
Consume excessive resources;
Offensive Material on
computers
Many computer security complaints
are not;
Material in a computer is like material
in a desk;
With respect to both privacy and
appropriateness;
Software Licensing
Fermilab is strongly committed to
respecting intellectual property rights
Any use of unlicensed commercial
software is a direct violation of lab
policy
Thank you