Info Security TheoryPractice
Info Security TheoryPractice ISA 562
Popular in Course
Popular in Information Security Assurance
This 36 page Class Notes was uploaded by Federico Kerluke on Monday September 28, 2015. The Class Notes belongs to ISA 562 at George Mason University taught by Michael Smeltzer in Fall. Since its upload, it has received 37 views. For similar materials see /class/215091/isa-562-george-mason-university in Information Security Assurance at George Mason University.
Reviews for Info Security TheoryPractice
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 09/28/15
Introduction E V GEOR FIRMS Who are the Attackers Script kiddies limited but numerous Elite hackers Characterized by technical expertise and dogged persistence not just a bag of tools Virus writers and releasers Criminals and organized crime Employees Consultants and Contractors Cyberterrorists Nationstate sponsored cyberwarfare n1GEORGE UNIVERSITYL7 Typical Attack Mechanisms 0 Virus Attaches to a host le which often replaces the original Spreads Via human interaction leverages media like USB sticks Executes itself Trojan Come with something good but does something bad e g eX ltration They don t replicate Worm Exist inside other les e g doc Leverages networks Replicate without the use of a host le D E 0 R G E or human interaction U N l V E R S I T Y 3 Threat vs Attack Threat A potential for violation of security and exploiting a vulnerability When trying to assess risk we consider Each threat Costs associated with a successful attack Probability of successful attack 0 Attack An assault attempting to evade security services Cyber Operations 0 What is the difference Computer Network Defense Protect Computer Network Attack Disrupt Computer Network Exploitation Exploit What Do We Need to Protect Data Data at rest Data in transit Resources Networks Reputation Business operations Key Security Objectives and services De nitions amp Security Services Con dentiality Concealing information or resources Authorization ie access control Cryptography What about identification and authentication Availability The ability to use information or resources Denial of Service and Distributed DOS Design are based on statistical models Integrity The trustworthiness of information or resources Data content correctness Data origin Data credibility Audit and backup What about nonrepudiation n1 GEORGE UNIVERSITYR Types of Attacks Passive attacks are eavesdropping amp do not affect system resources Release of message contents Traf c analysis Hard to detect try to prevent Active attacks change something or modify data Masquerade Replay capture and reuse Modi cation Denial of service e g blocking the message stream Harder to prevent try to detect amp recover n 1 G E 0 UNIVERSIT u m rn O 2 lt o Confusing Terminology Traf c Analysis Command or network structures 0 Side Channel Exploitation Timing of computations Power usage variations Electromagnetic leakage Acoustic noise variations 0 Covert Channels Threats Con dentiality Unauthorized Disclosure Exposure interception inference intrusion snooping key logging Integrity Deception Modi cation spoo ng repudiation Data Availability Disruption Incapacitation corruption obstruction Resource Availability Usurpation Misappropriation misuse delay DoS Malware Via the Internet Malware can get in host from a Virus worm or Trojan horse Spyware can record keystrokes web sites Visited ex ltrate info to a remote collection site Infected host can be enrolled in a botNet used for spam and DDoS attacks Some malware is selfreplicating Spread from an infected host seeks entry into other hosts Stuxnet A Cyber Weapon Targeted Virus that attacked Program Logic Controllers at Iran39s Natanz nuclear facility It manipulated the uranium enrichment centrifuges to make them selfdestruct Command and Control servers in Malaysia and Denmark Called home with detail on infected machines Provided new functionality to infected machines So how did it get into a nuclear facility not connected to the Internet D E o R UNIVERSITYl3 m rn Stuxnet The code includes stolen RealTek authentication certi cates for device drivers Installs itself through a zero day exploit in Windows explorer used by Siemens in their SCADA Spreads on the LAN via print spooler Searches for antivirus programs The code is designed to circumvent them or if this is not possible to deinstall itself Lodges itself into the part of the operating system that manages USB ash drives Both user mode and kernel mode root kits GE 0 R G E O UNIVERSITYM Rootkits De nition a set of software tools that conceal running processes les or system data like logs Originally loaded on UNIX machines to allow root access Without the system administrator knowing it Precompiled versions of ps netstat w and passwd Hide intruders presence No longer restricted to UNIX and include backdoors Types of Rootkits Firmware Persistent malware hidden in firmware Virtualized Mailcious SW loads before Virtual machine monitor or OS which allows interception of hardware calls from the guest OS 0 Blue Pill is an ultra thin hypervisori load on the y Kernel Run with kernel privileges Modify kernel code or augment it Via device drivers to hide backdoor access Bootkits compromised bootloader for FDE machines Library Interceptor replace system calls to hide attackers actions Application User Mode Add Trojans to applications mo R G Intercept and modify the standard behavior of APIs N UNIVERSITYl6 Rootkits A rootkit is a set of tools used by attackers to retain access to a computer system and hide their activities on that system A rootkit is not an exploit The machine has already been compromised A rootkit is not a virus troj an worm Sony rootkit Prevent ripping and limited copying Degraded performance Leveraged by hackers Policies and Mechanisms Policy says What is and is not allowed This de nes security for the system and site Mechanisms enforce policies Technical Non technical Composition of policies If policies con ict discrepancies may create security vulnerabilities XACML De nitions Let P be the set of all possible system states Let Q be the set of secure states as de ned by security policy Assume the security mechanism restricts the systems to some set of states R A mechanism is secure if R g Q A mechanism is precise if R Q A mechanism is broad ifEl reR and r g Q What can we say about a broad mechanism njGEOR UNIVERSITYl9 m rn Fundamental Policy Goals Prevention Prevent attackers from violating security policy Mechanisms that can t be circumvented 0 Detection Detect attackers violation of security policy 0 Recovery Stop attack assess and repair damage Continue to function correctly even if attack succeeds or IS 1n progress Policy Tradeoffs Internal Threat 9 Risk analysis types Two types Quantitative Qualitative Both provide valuable metrics Both required for a full picture Quantitative risk analysis Determine monetary value All elements must be quanti ed Dif cult to achieve Signi cant time and resource investment Quantitative Analysis Steps Estimate potential loss Types of loss physical destruction theft loss of data Cost if the attack succeeds Potential loss Asset Value asset loss when threat succeeds Conduct threat analysis Expected number of successful incidents per year Anticipated number of events per year Probability of individual attack s success Determine magnitude of risk Purpose Justify security countermeasures Risk Potential LossEXpected successes Threat Analysis Step Threat A B C D 1 Cost if the attack succeeds 500000 10000 100000 10000 2 Anticipated attacksyear 1 3 5 10 3 Probability of success 80 20 5 70 4 Threat severity 400000 6000 25000 70000 5 Countermeasure cost 100000 7000 2000 20000 6 Value of protection 300000 1000 23000 50000 7 Apply Yes No Yes Yes 8 Priority 1 NA Qualitative Risk Analysis Whatif scenario oriented 0 Usually stops short of comparing cost of protection to cost associated with a successful attack 0 Qualitative risk analysis factors Rank seriousness of threats and sensitivity of assets Perform a reasoned risk assessment Qualitative Ranking High negative impact to project Highly likely to occur H High negative impact to project Medium likely to occur H High negative impact to project Not likely to occur ML Medium negative impact to project Highly likely to occur M Medium negative impact to project Medium likely to occur ML Medium negative impact to project Not likely to occur L Low negative impact to project Highly likely to occur L Low negative impact to project Medium likely to occur L Low negative impact to project Not likely to occur L Risk mitigation options Risk Acceptance Risk Reduction 0 Risk Avoidance Operational Issues 0 CostBene t Analysis Is it cheaper to prevent or recover Risk Analysis Should we protect an asset How likely is the attack How likely is it the attack will succeed How much should we spend to protect it 0 Laws and Customs Are desired security measures illegal Will people do them Human Issues and Security Organizational Problems Responsibility without power Budget Enforcement Cost time and Visibility 0 People problems Outsiders and insiders Insiders know the security mechanisms Insiders may have inadequate security training Social engineering B1GEOR UNIVERSITY30 Security Awareness 0 Awareness training Remind employees of security responsibility Motivate personnel to comply with them Videos Newsletters Posters DoD regular refresher training B1GEOR UNIVERSITY31 Speci c Roles and Responsibilities Executive Management e g DOD CIO 7 Publish and endorse security policy 7 Establish goals and objectives 7 State overall responsibility for asset protection IS security professionals e g Commander STRATCOM Director DISA Director 7 Security design implementation management 7 Review of organization security policies Owner e g Heads of operational components 7 Information classi cation 7 Set user access conditions 7 Decide on business continuity priorities Custodian e g Designated Approving Authority 7 Entrusted With the security of the information IS Auditor e g Information Assurance Officer 7 Audit assurance guarantees User 7 Compliance With procedures and policies Security Systems Engineering How much can we trust a system Specification Requirements analysis Statement of desired functionality Design How system Will meet speci cation Implementation Programs systems that implement the design Veri cation Formal Methods vs Test Security Lifecycle Policy L Human ssues Specification L Design i Implementation Security Taxonomy OWASPS Top Ten 2010 Injection Exploit the syntax of the targeted interpreter Cross Site Scripting XSS Client trusts that the script received from a server is legitimate really a malicious source Broken authentication and session mana ement Sessions don t terminate without SSL a sniffer captures credentials Insecure direct object reference Increment account number to access the next account in sequence Cross Site Reguest Forgeg CSRF Server trusts that the client submitted the credential client submits it via malicious script Securig misconfiguration Default accounts or unpatched software Insecure cgptographic storage DB decrypts automatically on query Failure to restrict URL access Authorized user changes URL to privileged page Insufficient trans ort la er rotection Don t use SSL Unvalidated redirects and forwards valid link modified Google redirection G E o R G E