41900 lecture 1 information security design(1)

Fundamental of Security 41900

Welcome to the world of security!

Some admin stuff

Subject Coordinator Dr. Richard Xu

Lecturer: Richard Xu

Tutors: TBA

Subject Outline will be on each UTS Online

Assessment

2 Quiz (25%: 12.5% each)

At a unified time, week 6, week 10 , 40 min ( I will remind you again 2 weeks before, Please make arrangements)

Project (20%) Group-based Implementation, you can code it any language you prefer

assessment on individuals understanding

Exam (55%) you need to get at least 45/100 in the exam to pass the whole subject.

Textbook

Good news: There is NO textbook for this subject!

Some good reference you may find:

William Stalling, Network Security Essential, 5th Edition

William Stalling, Cryptography and Network Security, 4th Edition

Why study security? Important skill to have:

In terms of career development:

3,757 jobs contains the word security" under Information Communication Technology in SEEK.com @ 22/02/14

In contrast, 3,126 jobs contain the word network" under Information Communication Technology in SEEK.com @ 22/02/14

In terms of academic studies:

Prerequisite to many other subjects

A research path

A security path Security sub-major

Prerequisite for subjects:

48730: Network Security

48436: Digital Forensics

41890: Applying Network Security

SMJ10048 Network Security Sub-major

This sub-major gives students the opportunity to master both theoretical and practical aspect of modern security technologies and practices. It includes security fundamentals, network security, digital forensics, mobile networking, network planning and management.

48740 Communications Networks 6cp 31275 Mobile Networking 6cp 48750 Network Planning and Management 6cp 41900 Fundamentals of Security 6cp 48730 Network Security 6cp 48436 Digital Forensics 6cp CBK90366 ICT choice 18cp Total 54cp

Ok

Lets get started!

First of all: give a definition of Information Security

According to US Code: The term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:

Confidentiality

Integrity

Availability

Lets look at these meanings in a minute

Course content

Introduction to Security (Today) Fundamental of Cryptography Symmetric Encryption Cryptographic mathematics Public-key cryptography Information security applications Intrusion Modelling and Detection Security for Network applications Memory Security File System Security Virus and Computer Security Advanced Information Security Topics

History of this subject Network

Security (old) (48730)

Network Security (new) (48730)

Introduction to network security Crypto Revision SSL and SSH protocols Windows and Linux Security DNS, Web Servers and SQL Databases Key Distribution and User

authentication Access control and wireless Vulnerabilities and pen Testing SNMP and WMI Electronic Mail and IP Security SNMP and WMI Firewalls

Fundamental of Security (41900)

Introduction to Security (Today) Fundamental of Cryptography Symmetric Encryption Cryptographic mathematics Public-key cryptography Information security applications Intrusion Modelling and Detection Security for Network applications Memory Security File System Security Virus and Computer Security Advanced Information Security Topics

Rest of Todays lecture

Firstly Lets examine the Security Design Principals and some of its techniques

Secondly, Lets look at the Security Goals

Lastly, lets look at some of the Security organizations

Security design principals and techniques

Imagine you are designing some security system from scratch

What best practices would you adopt?

Lets take a look at some examples of the techniques.

Design Principal and Techniques - Principle of least privilege

Each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.

A non-computer example: University environment

A Computer examples: Unix access control file permission

Some more extreme example: SE Linux

Type Enforcement: default: no access

allow :

();

allow a user process to execute a shell script:

allow user_t bin_t : file (read execute getattr);

SELinux TE Policy

SELinux Type Enforcement

TE rule:

alllow initrc_t snort_etc_t: file read;

Subjects (processes) in the initrc_t domain can read files labeled with the snort_etc_t

type, i.e. the SysV init process can read

the contents of the /etc/snort directory tree

Design Principal and Techniques Code Reviews and Unit Testing

These are approaches to make modules more secure.

Verify the functionality and security of a specific section of code, usually at the function level.

In an OO environment, this is usually at the class level

Large programming environment

1 #include 2 #include 3 4 void print( const char * ); 5 int main() 6 { 7 print( "Mitt Romney" ); 8 print( "Newt Gingrich" ); 9 print( "Rick Santorum" ); 10 print( "Ron Paul" ); 11 return 0; 12 } 13 void print( const char *name ) 14 { 15 int indent = 100 / (strlen(name) - 8) / 2; 16 for( int i = 0; i < indent; i++ ) 17 printf( " " ); 18 printf( "%s\n", name ); 19 }

Taking from: http://www.gimpel.com/html/newbugs/

Design Principal and Techniques - Defence in depth

Multiple layers of security controls (defence) are placed throughout an information technology (IT) system.

To provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.

Defense in Depth

To defend a system against any particular attack using several independent methods:

Logging and auditing Packet filters Timed access control Internet Security Awareness Training Virtual private network (VPN) Sandboxing Intrusion Protection System

Anti virus software Authentication and password security Biometrics Demilitarized zones (DMZ) Firewalls (hardware or software) Hashing passwords Intrusion detection systems (IDS)

Design Principal and Techniques - Default secure settings

Design to "fail secure" rather than fail insecure

Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.

For example, windows server 2008

For example: Packet Filtering Firewall Configurations

Exclusive : An exclusive firewall allows all traffic through except for the traffic matching the rule-set.

Inclusive : only allows traffic matching the rules through and blocks everything else.

Packet filtering firewalls are usually set up by a configuration file. The script allows and restricts access. There are two types of firewall script design.

Firewall Configuration Inclusive Type

Design Principal and Techniques - Audit trails

Tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.

Honeypot of IDS system

Design Principal and Techniques Full disclosure

To ensure that when bugs are found the "window of vulnerability" is kept as short as possible.

This is why encryptions algorithm are generally known to public

Next

We will discuss security goals.

Some of them are more applicable to network rather than general information security..

Goals of Network Security

Major Goals Confidentiality Integrity Availability Other Goals Entity Authentication Message Origin Authentication Timeliness Non-Repudiation Authorisation Access Control

Goals of Information Security (1) Confidentiality

A and B do not want their messages read by other people. This is the network security goal of confidentiality. The general technique used to ensure confidentiality is encryption of messages. An example of a breach of confidentiality : Someone reads the plaintext packets being exchanged between A and B by running a program such as Wireshark. If the packets are securely encrypted even though they are captured they cannot be read.

Goals of Information Security (2) Integrity

A and B do not want their messages changed by other people. This is the network security goal of integrity. The general techniques used to ensure integrity are hashes and Message Authentication Codes (MAC). The term Message Authentication is also used as a synonym for integrity.

Goals of Information Security (3) Availability

Availability refers to the ability for a service to be available. A wants to be able to connect to B (ignoring considerations of entity authentication etc.). A situation where B is deliberately sent a large number of false requests or other unnecessary traffic, making it difficult for a legitimate request for a connection is a Denial of Service (DOS) attack. When a lot computers are involved in sending the unnecessary traffic to B, it is a Distributed Denial of Service (DDOS).

Goals of Network Security (4) Entity Authentication

A wants to be sure that the entity saying it is B really is B and not an imposter. Similarly, B wants to be sure that the entity that says its A really is A. The general techniques used to ensure entity authentication are passwords, authentication protocols, key exchange protocols and third party certificates. Entity Authentication is also relevant in the context of users identifying themselves to use resources on a network or to log on to a particular host. Entity authentication is also called identification.

Goals of Network Security (5) Message Origin Authentication

A wants to be sure that the messages supposedly coming to it from B, really are coming from B. Similarly B wants to be sure that messages supposedly coming from A really are coming from A. This is Message Origin Authentication. It is sometimes called Data Origin Authentication. Techniques used to verify the origin of a message include Message Authentication Codes (MACs), digital signatures and appending an authenticator to a message before encryption.

Goals of Network Security (6) Timeliness

If A and B conduct a completely secure conversation over a network, it is conceivable that a third party may copy the conversation and use it to masquerade as either A or B in a future conversation. This is known as a replay attack. Timeliness means that a secure conversation cannot be used as a basis for a replay attack. Some of the techniques used to prevent a replay attack include timestamps, nonces and random numbers.

Goals of Network Security (7) Non-repudiation (origin)

(8) Non-repudiation (destination)

A may want to be sure that B cannot deny having sent a particular message to A. This feature is Non-repudiation (origin). A wants to be sure that B really received a particular message that A sent. This feature is Non-repudiation (destination).

Goals of Network Security (9) Authorisation

Authorization is official permission to carry out certain actions. For example, a particular computer on a network has resources that are available to a particular set of users. Not all users of the network are authorised users of the particular computer. Authorisation allows users to do certain things. Passwords are an authorisation technique. Upon entering their username and password, authorised users are given access to some resources on the computer. The concept is related to but different from access control.

Goals of Network Security (10) Access Control

Access control refers to the ability to restrict access to resources to certain users. The concept is closely related to authorisation but different. Access control restricts users from doing certain things. A good example of access control is the rights granted to users of database systems different users are restricted in what tables they can read and what tables they can write to. Only the database administrator has full rights over all tables. The restriction of the privileges of normal database users is an example of access control.

25/02/2015 Operating Systems for Network Security

(32523) 36

Some more depth in Access Control How do we control the level of access

that each agent has for each object in system?

What, and how, can an authenticated user use a resource or object?

Unix has permission bits that allow some control of access

rwxrwxrwx: discussed previously

Simplified version of Access Control Matrix

Not actually used in most general form


(32523) 37

Example of Access Control Matrix

file1 file2 file3 printer

tom RW NONE NONE W

jerry RO NONE RW NONE


(32523) 38

Access Control Matrix: Discussion

Full access control matrix would be huge

For UTS FEIT > 1200 users

> 1 000 000 objects

> 1GB storage required

Most entries in full matrix would be denials of access

Other entries show clear patterns


(32523) 39

Storing Access Control Matrix

When permission bits are inadequate, elements of the matrix can be stored:

by row: Access Control Lists (ACL's)

by column: Capability Lists

Both solutions give equivalent protection, but have different effects

Systems often use a combined approach


(32523) 40

Access Control Lists Each object e.g. a file or a class, has an

associated list saying which agent can use it, and how Rights to the object

Lists can be reduced by, e.g.: Common lists (e.g. all Bruce's C source files) Showing privileges for groups, instead of

individuals

Each entry in list will have: Agent or group id Permissions granted / denied

Examples: setfacl(1), Cisco ACLs


(32523) 41

Capability Lists

Each agent has tickets allowing use of specified objects

Once acquired provides efficient access by agent to object

Tickets may be: Permanent or one-time

Transferable to other agents or restricted to original owner

Revokable


(32523) 42

Comparison

ACLs are object-centric; capabilities are user-oriented

ACLs and capabilities offer similar levels of protection

Capabilities give least privilege

Take up about same amount of resources

ACLs seem easier

No problems of transferring between agents

Seem to be used for static privileges rather than dynamic e.g. one-time

Both approaches have been used in many systems

Summary of Terms

The terms we have looked at as Security Goals are widely used in Network Security literature.

The differences between some of them are often quite subtle.

You should understand each of them clearly.

They can often apply in non-computing scenarios.

Particular scenarios often involve the interaction of a number of security goals.

Scenario involving security goals

When a customer checks into a hotel, he is required to present his/her passport (entity authentication). For an exam, student are required to sign the front page of each answer book (non-repudiation of origin). After receiving an email, the sender is requesting the recipient of his/her acknowledgement. (non-repudiation of destination). The sealed envelope used in ancient time. (Integrity ).

Lastly

We will be looking at the some of the security organizations

Security bodies: NIST - CSD National Institute of Standards and Technology (NIST) Computer Security Division's (CSD) Security Technology Group (STG) Involved in the development, maintenance, and promotion of a

number of standards and guidance that cover a wide range of cryptographic technology.

aims to develop a comprehensive Cryptographic Toolkit that will enable U.S. Government agencies and others to select cryptographic security components and functionality for protecting their data, communications, and operations.

41900 students, you may view the toolkit from this website:

http://csrc.nist.gov/groups/ST/toolkit/index.html

Security bodies: NIST - STG

http://csrc.nist.gov/groups/ST/toolkit/index.html The above website states the security method in which NIST approves. For examples, under Encryption algorithm, it states that: Currently, there exist three (3) Approved* encryption algorithms: AES, Triple DES, and Skipjack.

Security bodies: IETF

The Internet Society Professional membership society, 100+ organizations,

20,000+ individual members, 180+ countries.

Provides leadership in addressing issues that confront the future of the Internet

Organization home for the groups responsible for Internet infrastructure standards

Internet Engineering Task Force (IETF)

Internet Architecture Board (IAB)

Security bodies: IETF

http://tools.ietf.org/html/rfc3365 IETF has several security protocols and standards: IP Security (IPsec [RFC2411]) Transport Layer Security (TLS [RFC2246]) Simple Authentication and Security Layer (SASL [RFC2222] Generic Security Service Application Programming

Interface (GSSAPI [RFC2743])

Security bodies: ITU-T

ITU-T : International Telecommunication Union Telecommunication Sector

A UN specialised agency. Releases some standards relevant to network security. In particular the X.509 PKI (Public Key Infrastructure) standard and the X.800 Security Architecture Standard.

Some of the Australian Bodies

ASD - CSOC The Cyber Security Operations Centre (CSOC) was established in the Australian Signals Directorate (ASD). CSOC has two main roles:

provide government with a better understanding of sophisticated cyber threats against Australian interests

Coordinate and assist operational responses to cyber events of national importance across government and systems of national importance.

AISA The Australian Information Security Association (AISA) is an Australian representative industry body for the information security profession.

41900 lecture 1 information security design(1)

Documents