Computer Security:
Computer Security:
Principles and Practice
Principles and Practice
First Edition First Edition
by William Stallings and Lawrie Brown by William Stallings and Lawrie Brown
Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown
Chapter 1 –
Overview
Overview
Computer Security:
Computer Security:
protection afforded
protection afforded
to an automated information system in
to an automated information system in
order to attain the applicable objectives of
order to attain the applicable objectives of
preserving the integrity, availability and
preserving the integrity, availability and
confidentiality of information system
confidentiality of information system
resources (includes hardware, software,
resources (includes hardware, software,
Computer Security Challenges
Computer Security Challenges
1.
1. not simplenot simple 2.
2. must consider potential attacksmust consider potential attacks 3.
3. procedures used counter-intuitiveprocedures used counter-intuitive 4.
4. involve algorithms and secret infoinvolve algorithms and secret info 5.
5. must decide where to deploy mechanismsmust decide where to deploy mechanisms 6.
6. battle of wits (intelligence) between attacker / adminbattle of wits (intelligence) between attacker / admin 7.
7. not perceived on benefit until failsnot perceived on benefit until fails 8.
8. requires regular monitoringrequires regular monitoring 9.
9. too often an after-thoughttoo often an after-thought 10.
10. regarded as impediment (weakness) to using regarded as impediment (weakness) to using
Vulnerabilities and Attacks
Vulnerabilities and Attacks
system resource vulnerabilities may
system resource vulnerabilities may
be corrupted (loss of integrity)be corrupted (loss of integrity)
become leaky (loss of confidentiality)become leaky (loss of confidentiality)
become unavailable (loss of availability)become unavailable (loss of availability)
attacks are threats carried out and may be
attacks are threats carried out and may be
passivepassive
activeactive
insiderinsider
Countermeasures
Countermeasures
means used to deal with security attacks
means used to deal with security attacks
preventprevent
detectdetect
recoverrecover
may result in new vulnerabilities
may result in new vulnerabilities
will have residual vulnerability
will have residual vulnerability
Threat Consequences
Threat Consequences
unauthorized disclosure
unauthorized disclosure
exposure, interception, inference, intrusionexposure, interception, inference, intrusion
deception
deception
masquerade, falsification, repudiationmasquerade, falsification, repudiation
disruption
disruption
incapacitation, corruption, obstructionincapacitation, corruption, obstruction
usurpation
usurpation
Network Security Attacks
Network Security Attacks
classify as passive or activeclassify as passive or active
passive attacks are eavesdroppingpassive attacks are eavesdropping release of message contentsrelease of message contents
traffic analysistraffic analysis
are hard to detect so aim to preventare hard to detect so aim to prevent active attacks modify/fake dataactive attacks modify/fake data
masquerademasquerade replayreplay
modificationmodification
denial of servicedenial of service
Security Functional
Security Functional
Requirements
Requirements
technical measures:technical measures:
access control; identification & authentication; system & access control; identification & authentication; system &
communication protection; system & information integrity communication protection; system & information integrity
management controls and procedures management controls and procedures
awareness & training; audit & accountability; certification, awareness & training; audit & accountability; certification,
accreditation, & security assessments; contingency accreditation, & security assessments; contingency planning; maintenance; physical & environmental planning; maintenance; physical & environmental
protection; planning; personnel security; risk assessment; protection; planning; personnel security; risk assessment; systems & services acquisition
systems & services acquisition
overlapping technical and management:overlapping technical and management:
configuration management; incident response; media configuration management; incident response; media
X.800 Security Architecture
X.800 Security Architecture
X.800,
X.800,
Security Architecture for OSI
Security Architecture for OSI
systematic way of defining requirements
systematic way of defining requirements
for security and characterizing approaches
for security and characterizing approaches
to satisfying them
to satisfying them
defines:
defines:
security attacks - compromise security security attacks - compromise security
security mechanism - act to detect, prevent, security mechanism - act to detect, prevent,
recover from attack recover from attack
Computer Security Strategy
Computer Security Strategy
specification/policy
specification/policy
what is the security scheme supposed to do?what is the security scheme supposed to do? codify in policy and procedurescodify in policy and procedures
implementation/mechanisms
implementation/mechanisms
how does it do it?how does it do it?
prevention, detection, response, recoveryprevention, detection, response, recovery
correctness/assurance
correctness/assurance
Summary
Summary
security concepts
security concepts
terminology
terminology
functional requirements
functional requirements
security architecture
security architecture
security trends
