1

Introduction to Computer Security

資訊安全導論

Lecture 01February 21, 2006

洪國寶

2

Outline

• Course information• Motivation• Computer Security Basics• Threats to Security • Risk analysis• Outline of the course

3

Course information (1/6)

• Instructor: Professor Gwoboa Horng• Basic assumption

– Little is assumed of the students except a general background in computing.

– I will cover the main aspects in enough detail for the students to understand the gist.

• Course web page: http://ailab.cs.nchu.edu.tw/course/IntroNetworkSecurity/94/main.htm

4

Course information (2/6)• Textbook

– Information Security Illuminated, Solomon and Chapple, Jones and Bartlett Publishers, Inc.2005. (開發圖書公司)

5

Course information (3/6)

• 參考書籍近代密碼學及其應用

賴溪松、韓亮、張真誠

松崗

旗標出版社

6

Course information (4/6)

• The objective of this course is to introduce to the students the most current and critical information security practices. On completion of this course students should be able to: – Display a breadth of knowledge of the security vulnerabilities

affecting computer systems.– Demonstrate an understanding of the importance of security models

with reference to the security of computer systems. – Describe the features and security mechanisms which are generally

used to implement security policies.

7

Course information (5/6)

• This class is – Not a lab or programming course

• But there will be programming assignments.

– Not a math course, either• But strong math background will help.

8

Course information (6/6)

• Grading (Tentative)

Homework/Quiz 15%Project 20% (Presentation and/or paper required) Midterm exam 25%Final exam 30%Class participation 10%

9

Outline

• Course information• Motivation• Introduction to security• Threats to Security• Risk analysis• Outline of the course

10

Motivation (1/10)

• Some real examples

11

Motivation (2/10)

12

Motivation (3/10)

13

Motivation (4/10)

14

Motivation (5/10)

15

Motivation (6/10)

16

Motivation (7/10)

17

Motivation (8/10)

18

Motivation (9/10)

19

Motivation (10/10)

• Some real examples– Hacker intrusion– Password compromise (access control)– Spam/hoax (data integrity)– Program security– Virus – Denial of service

20

Outline

• Course information• Motivation• Introduction to security• Threats to Security• Risk analysis• Outline of the course

21

Computer Security Basics

• What is computer security?– Answer depends upon the perspective of the person you’re

asking– Network administrator has a different perspective than an

end user or a security professional– “A computer is secure if you can depend on it and its

software to behave as you expect” [Garfinkel,Spafford]

22

Computer Security Basics (continued)

• CIA Triad (Security professionals)– Goals for implementing security practices– Confidentiality, Integrity, and Availability

• DAD Triad (Malicious individuals)– Goals for defeating the security of an organization– Disclosure, Alteration, and Denial

23

CIA Triad

24

CIA Triad (continued)

• Confidentiality – Confidential information should not be accessible to

unauthorized users

• Integrity– Data may only be modified through an authorized

mechanism

• Availability– Authorized users should be able to access data for

legitimate purposes as necessary

25

DAD Triad

26

DAD Triad (continued)

• Disclosure– Unauthorized individuals gain access to confidential

information

• Alteration– Data is modified through some unauthorized mechanism

• Denial– Authorized users cannot gain access to a system for

legitimate purposes

• DAD activities may be malicious or accidental

27

Introducing Networks

• In early days, computer security focused on protecting individual systems

• Advent of Local Area Networks (LANS) and Internet make the job much more difficult

• Security considerations include:– Protecting TCP/IP protocol– Firewalls – Intrusion detection systems

28

Outline

• Course information• Motivation• Introduction to security• Threats to Security• Risk analysis • Outline of the course

29

Threats to Security• Threats to security fall into three main categories:

– hackers, – malicious code objects, and – organizational insiders.

30

Threats to Security (continued)• Hacker

– Anyone who attempts to penetrate the security of an information system, regardless of intent

– There are a number of different reasons that people do this, and not all hackers are truly malicious.

31

Threats to Security (continued)• Malicious code object

– Virus, worm, Trojan horse– A computer program that carries out malicious actions

when run on a system

32

Threats to Security (continued)

• Malicious insider– Someone from within the organization that attempts to go

beyond the rights and permissions that they legitimately hold

– Security professionals and system administrators are particularly dangerous

33

Outline

• Course information• Motivation• Introduction to security• Threats to Security• Risk analysis• Outline of the course

34

Risk Analysis

• Actions involved in risk analysis:– Determine which assets are most valuable– Identify risks to assets– Determine the likelihood of each risk occurring– Take action to manage the risk

• Security professionals determine the risks to security in their organization and, based on this determination, to take actions that best mitigate potential threats.

35

Identifying and Valuing Assets

• First step of risk analysis process• Identify the information assets in the organization

– Hardware, software, and data

• Assign value to those assets using a valuation method• Assigning value to assets is the foundation for

decisions about cost/benefit tradeoffs

36

Identifying and Valuing Assets (continued)

• Common valuation methods– Replacement cost valuation

• Uses the replacement cost as the value of an asset

– Original cost valuation• Uses the original purchase price as the value of an asset

– Depreciated valuation• Uses the original cost less an allowance for value deterioration

– Qualitative valuation• Assigns priorities to assets without using dollar values

37

Identifying and Assessing Risks

• Second step in risk analysis process• Two major classifications of risk assessment

techniques– Qualitative– Quantitative

• Vulnerability – An internal weakness in a system that may potentially

be exploited– Not having antivirus software is an example

38

Identifying and Assessing Risks (continued)

• Threat – A set of external circumstances that may allow a

vulnerability to be exploited – The existence of a particular virus for example

• Risk– occurs when a threat and a corresponding vulnerability

both exist

39

Identifying and Assessing Risks (continued)

40

Identifying and Assessing Risk (continued)

• Qualitative Risk Assessment– Focuses on analyzing intangible properties of an asset

rather than monetary value– Prioritizes risks to aid in the assignment of security

resources– Relatively easy to conduct

41

Identifying and Assessing Risk (continued)

• Quantitative Risk Assessment– Assigns dollar values to each risk based on measures such

as asset value, exposure factor, annualized rate of occurrence, single loss expectancy, and annualized loss expectancy

– Uses potential loss amount to decide if it is worth implementing a security measure

42

Managing Risks• Risk Avoidance

– Used when a risk overwhelms the benefits gained from having a particular mechanism available

– Avoid any possibility of risk by disabling the mechanism that is vulnerable

– Disabling e-mail is an example of risk avoidance

• Risk Mitigation– Used when a threat poses a great risk to a system– Takes preventative measures to reduce the risk– A firewall is an example of risk mitigation

43

Managing Risk (continued)• Risk Acceptance

– Do nothing to prevent or avoid the risk– Useful when risk or potential damage is small

• Risk Transference– Ensure that someone else is liable if damage occurs– Buy insurance for example

• Combinations of the above techniques are often used

44

Considering Security Tradeoffs

• Security can be looked at as a tradeoff between risks and benefits– Cost of implementing the security mechanism and the

amount of damage it may prevent

• Tradeoff considerations are security, user convenience, business goals, and expenses

45

Considering Security Tradeoffs (continued)

• An important tradeoff involves user convenience– Between difficulty of use and willingness of users– If users won’t use a system because of cumbersome

security mechanisms, there is no benefit to having security– If users go out of their way to circumvent security, the

system may be even more vulnerable

46

Policy and Education

• Cornerstone of a security effort is to – Implement proper policies– Educate users about those policies

• Information security policies should be – Flexible enough not to require frequent rewrites– Comprehensive enough to ensure coverage of situations– Available to all members of the organization– Readable and understandable

47

Outline

• Course information• Motivation• Introduction to security• Threats to Security• Risk analysis • Outline of the course

48

Outline of the course

• Introducing Computer and Network Security• Access Control Methodologies• General Security Principles and Practices• The Business of Security• Cryptographic Technologies• Securing TCP/IP• Handling Security Incidents

49

Outline of the course (Cont.)

• Firewall Security• Operating System Security• Securing Operating Systems• Network and Server Attacks and Penetration• Security Audit Principles and Practices• Intrusion Detection Systems and Practices• System Security Scanning and Discovery

50

Summary• Textbook

– Information Security Illuminated, Solomon and Chapple, Jones and Bartlett Publishers, Inc. 2005. (開發圖書公司)

• Grading (Tentative)Homework/Quiz 15%Project 20% (Presentation and/or paper required) Midterm exam 25%Final exam 30%Class participation 10%

• Motivation

51

Summary (continued)

• CIA Triad summarizes the goals of security professionals (confidentiality, integrity, and availability)

• DAD Triad summarizes the goals of those who seek to evade security measures (disclosure, alteration, and denial)

• The explosion of networking has shifted focus from protecting individual computers to protecting interconnected computers

52

Summary (continued)• Threats to security include hackers, malicious code

objects, malicious insiders• Risk analysis is used to determine the cost/benefit

tradeoffs of implementing specific security measures– Valuation of assets– Identifying and assessing risks– Determining the likelihood and potential costs of risks– Determining how to manage risks given this information

• Setting effective policies and educating users about policies is key

53

Questions?

• Lecture notes• 高修學生