Information security technology
Teemupekka Virtanen
Helsinki University of Technology
Telecommunication Software and
Multimedia Laboratory
teemupekka.virtanen@hut.fi
Content
• 1. Information security technology in general
– What, why, content • 2. Preventive systems
– Cryptography, Firewall, VPN, • Access control
– access control, authentication, authorization, key management, PKI
• 3. Detection Systems – IDS
• 4. Malicious content prevention Virus protection content filtering
Corporate Security
Physical Security
• Security domains
• Prevent outsiders from intruding – Fences, walls
• Authenticate the insiders – Keys, access control • Alarms
– Intrusion detection • Prevent intrusion
– Guards
Traditional security domain
Tamper resistant devices
• Tamper resistant devices combined physical security with information related services. • E.g. smartcards are desiged to store secret
information which never come out • The device authenticate user itself and can
make some operation on behalf of authorized user
• Good: excellent storage for secret keys and other information
Cryptography
• Passive methods to prevent
unauthorized access to the content
• Can also prevent unathorized
modification of the content
• Non-repudiation
Digital security domain
weyoiu h 7qyequ ye qwyediqwh dwqu uy u y iuwd yo iowiuey oiuey oiue y oiuyeoi ye iuqey oi q Tentt ikysymykse t 1. Määrittele 2. Kuinka 3. Salaujärje stelmä 4. Toimii Tenttikysymykset 1. Määrittele 2. Ku inka 3. Sa lau jä rjestelmä 4. Toimii
Digital signature
• In asymetric cryptography there are always two different keys binded together so that
– text encrypted with one key can be decrypted with other key and only with that
– one can’t find out what is the other key • If a text can be decrypted with a key we
know that the text is encrypted with another key of the pair
• If we know that another key is owned by a certain person we know that only him has been able to encrypt the message
Problems in digital signatures
• Signature is something that connects a
person to a document and states that
the person accepts the document
– If one put the name on the paper to show that he has seen a document it is not a signature
• In electronic environment a user have
no control what happens
– It can’t be a signature
Firewall
• There are several possible definitions. My definition is:
– A policy how information is allowed to flow between two domains and device(s) which are required to put that policy into use
• The first and often the only defence line against an intruder
• Often dedicated devices which have special features to define policies and rise security level
• Requires constant administration and monitoring
• Not a buy and forget –box
A protected network
VPN
• A trusted connection between secure
areas
• A cryptographically protected channel
• Good: one solution for all the
applications
• Bad: is the other site really secure
enough
A channel between protected
networks
Several protection layers
Access control
• Traditionally a method to decide if somebody has a permission to enter restricted zone
• Consists several areas – Identification - who is who – Authentication – who is going to enter – Authorization – does one have permission to
enter this area
– Auditing – collect information who has entered a certain zone
Authentication
• Connects identity to a subject • Can based on
– Something one has: the one time pad, the key, the device, ...
– Something one knows: the password, the answer, the protocol
– Something one is: the fingerprint, the voice, the eye, the signature, the face
• Several methods can be combined: – A device which requires a password – an id-card with correct face
Authorization
• Decides if the subject has permission
to certain object
• Access control based (ACL):
– -rw-r---- tpv users file.txt
• Capabilities based:
– tpv: file.txt(rw)
• In multilevel systems there are more
information in security labels
Key management
• Probably the weakest point of cryptography • In symmetric methods the same key has to
be distributed to all authorized persons and nobody else
• In asymmetric methods everyone needs only one pair of keys and the key management is easier
– secure creation of keys, initial distribution, secure strore of secret keys, secure publishing of public keys
PKI
• Public key infrastucture
• Method for digital signature
• Method to negotiate symmetric key
for encryption
• Certificates to create trust
• Method to revokate a certificate
Residual information
• A computer is used normally three years and during that time there have been several confidental files
• How to remove these files permanently when discarding a computer?
• There are also communicators and handheld computers which are gate to systems and strorages of information
Intrusion detection systems
• Systems which detect attempts to intrude • Server based IDS systems monitor one
server
• Network based systems monitor traffic in the network
• Try to find out known attacks – The database must be updated
• There must be some active response for alarms
Virus protection methods
• Traditional scanner
– Scans files and tried to find fingerprints – Databases mus be updated regularly • Heuristic scanner
– Tries to find typical elements of virus • Firewall type virus protection
– Removes all executables and Office-macros • Activity analyzer
– Notices if there are too many same attachments and puts them in hold
Virus protection
• In firewall
– Scans all the attachments, www-pages and FTP-transfers
– Good in prevention and in maintainability – Slow if there is lot of trafic
• In mail-server
– Scans all the attachments
– Almost all the viruses spread with mail – Efficient
• In file server – Scans all the files • In workstations
– Scans all the files
Content filtering
• ”Information firewall” which includes a policy and methods to put the policy in use • May block
– certain adresses: www.playboy.com,
www.enemy.com – certain filetypes *.mp3
– documents with certain strings: ”Secret”, ”project-X”
• Several protocols: HTTP, FTP, SMTP,... • Can open documents, zip-files, ...
Example of content filtering
ht tp:// ano n.fre e.anonymizer.com/http ://www.iltalehti.fi Con tent filterin g
pro xy F irew all
http:
ht tp: ht tp:
htt p://w ww.iltaleht i.fi
Co nten t filt erin g pro xy Firewall
h ttp:
http: http: music.mp 3
Problems with content
filtering
• Practical
– Requires plenty of maintenance and updates – Prevents often authorized work
• Ethical
– Who is allowed to decide acceptable content – For what reason
• Theoretical
– Is content filtering a method to decide what is acceptable: everything which is possible is also allowed
Centralized management
• Personal computer is not personal any more • Centralized user administration
• Centralized software distribution • Software inventory
• Spying users?
• Good: easier administration, support and asset management
• Bad: single point of failure, loss of confidence
Availability
• Availability is often more crucial
property than confidentiality
• Confidentiality and availability are
almost always conflicting properties
• Availability prevents loss of
Backup systems
• Backup is the basic protection method against losing information
• It can be done by every user with servers, floppy disks, CD-Rs, ...
• In the bigger systems the increased capacity is a problem
– There might be tens of tapes in a carousel – There are not hours enough in a day to transfer
all the information to the tapes • It is difficult to store only changed
information in a database system where everything is just a big file
RAID
• Several hard disks in one system
looking as an one hard disk
• RAID-1 several hard disks with the
same data
• RAID-2-5 several hard disks, data is
distributed to several disks and
equipped with checksums
HA-systems
• High availability systems are systems
which have duplicated components
• HA systems use standard components
and are therefore much cheaper than
real fault tolerant systems
• In some case it is also possible to
balance load between components
HA-system structure
Network
Synchronization network
Server A Server B RAID storage system
Conclusion
• There are several technical methods to provide security
• Every improvements one can buy are very cheap. If security could be improved by just bying a box everything would be in excellent condition
• All the methods have side effects