Whenever I examine security technologies to determine their strengths and weaknesses I like to map my analysis back to the three core standards of net- work security: confidentiality, integrity, and availability. There is a reason that these standards have stood the test of time: They represent the most critical concepts of network/computer security and emphasize what is most impor- tant when trying to protect a network.
Confidentiality
Confidentiality deals with protecting, detecting, and deterring the unautho- rized disclosure of information. Confidentiality is what most people think about when you say “security.” A desire for confidentiality is what causes you to keep your financial records in a password-protected file, for example.
The main goal of cryptography is to take a plaintext message and garble it in such a way that only the intended recipient can read it and no one else. This is precisely the goal of confidentiality.
Because most people think of confidentiality when they think of security, it is no surprise that this was one of the first security problems addressed when the Internet, and more significantly the World Wide Web, took off. One of the first protection mechanisms put into Web browsers and servers was Secure Sockets Layer (SSL). SSL provides point-to-point encryption of critical infor- mation and directly addresses the need for confidentiality.
N OT E SSL is an application built into Web browsers that utilizes encryption to protect information in transit. SSL is only a partial solution for online
confidentiality because information is still unprotected before it is sent and after it arrives.
Integrity
Integrity deals with preventing, detecting, and deterring the unauthorized modification of information. It is a common misconception that if your data is protected and someone cannot read it, then they cannot modify it. Unfortu- nately, that is not true. Even if an attacker cannot read information, there is nothing stopping him or her from modifying it.
An integrity attack is potentially more dangerous than a confidentiality attack. With a confidentiality attack someone reads your secrets, but if the attacker does nothing with that information there may be no impact on your company. With an integrity attack, someone might, for example, tamper with your data to change the value of a key field to a false value, which creates an immediate threat. Your information is now invalid, which could have a serious impact on your company.
Imagine the spreadsheet that your HR department maintains to track peo- ple’s salaries across the company. The fields that contain the employee names and titles are in plaintext because that information is not considered secure; however, the salary field has been encrypted because that is secure informa- tion. Although I can’t read the salaries field to learn what other people are making, I can assume that the VP of Engineering makes more money than I do. Even though I can’t read the value in that field I can copy the encrypted con- tent from the VP’s salary field and paste it into my salary field. By making some logical guesses, I can perform an integrity attack, even though I am unable to perform a confidentiality attack.
Cryptography addresses integrity by performing verification and valida- tion of data. In essence, it performs a digital signature check across informa- tion; if any bit of data changes, the signature will be different. This use of crypto allows companies to perform integrity checks against their information to make sure that nothing has changed in transit.
N OT E A program called Tripwire has such an integrity-checking feature. Tripwire performs cryptographic hashes or digital signatures of all key files and lets you know if any of these files has been modified. More information can be found at www.tripwire.com/.
You can use methods of cryptography that use straight encryption to protect against integrity attacks but provide no confidentiality protection. That means that someone cannot read the information, but he or she can modify it. As you will see later, you can use other methods of cryptography such as digital sig- natures to provide both integrity and confidentiality for information.
Availability
Availability relates to preventing, detecting, or deterring the denial of access to critical information. Availability (or denial of service) attacks can be broken down into two general categories: incorrect data and resource exhaustion.
Incorrect data denial of service attacks involve sending data that a service or process is not expecting, which causes the system to crash. This type of attack can usually be fixed by applying a vendor patch or reconfiguring the system, and it can usually be prevented.
HIGH-TECH INTEGRITY ATTACKS
A similar attack was popular on UNIX systems a while back. Originally the etc/passwd file contained both the user IDs and associated encrypted passwords. If attackers wanted to gain root access (which is essentially God access on the computer) they needed to find out the root password. One way to accomplish this was to go in and create a new user account for which attackers created the password. They would then go into etc/passwd and take the encrypted value for the password for the account just created and copy it over the current value for root. (Usually attackers would save the original value of root so that they could put the system back to the way it was to cover their tracks). Essentially, attackers could change the password for the root without knowing what the original value was. Bottom line: There is no need to breach confidentiality in order to breach integrity.
Resource exhaustion attacks are the most popular form of availability attack and are extremely difficult to prevent. Essentially, a resource exhaustion attacker will try to send more data than your network, router, or server can handle. This will cause your network to be overloaded, and it will not be able to respond to legitimate requests. Preventing these types of attacks is very dif- ficult and usually involves acquiring additional resources.
Though cryptography can play a key role in preventing confidentiality and integrity attacks, it does little to protect a company from availability attacks. This should not be surprising: As stated in the introduction to this chapter, cryptography is close to a total security solution, but it is, in the end, not a sil- ver bullet. There is no silver bullet when it comes to network security. Cryp- tography must be combined with other defense measures to create a robust solution for your site, one that provides defense in depth.