Thursday, September 1, 2011

COMPUTER SECURITY

INTRODUCTION TO COMPUTER SECURITY

Security is the process of protecting against threats to computing systems. A threat is an event that can cause harm to computers, data or programs, or computations.

 A failure of computer security occurs because of a vulnerability or Weakness in a computing system. A threat agent person, event, or circumstance exploits vulnerability.

 Computer Security involves protecting against failures of availability, integrity or correctness, and confidentiality or privacy.

 A failure of availability is also known as denial of service. Partial denial of service is lack of capacity or unacceptable responsiveness.



Computer users expect programs and data to be available on demand to meet computing needs.
Applications such as power generation, stock trading, and even airplane cockpit navigation and aspects of medical care have become so dependent on computing that loss of availability becomes a serious threat to life or society. Even on a less dramatic level, people have become dependent on computers in aspects of everyday life, and so maintaining expected availability of computers is probably the most important of the three goals of computer security.


PRINCIPLES OF COMPUTER SECURITY

Have several major principles that it strives to uphold:

1. Confidentiality: Protecting information from being read or copied by people who are not authorized by the information's owner to read or copy it. This includes pieces of information from which the confidential information can be inferred.

2. Data Integrity: Protecting information including programs, backup tapes, file creation times, documentation, etc. from being deleted or altered without the permission of the information's owner.

3. Availability: Ensuring that the computer services are not degraded or made unavailable without authorizations.


TECHNIQUES FOR COMPUTER SECURITY

The principles of information security are upheld using 3 main techniques, which are

1. Prevention:
Stopping a security breach from happening,often by identifying vulnerabilities in a system and putting in safeguards. Examples of this technique include access control (passwords), firewalls, and encryption. It is often impossible to completely prevent security breaches.

2. Detection: Discovering that a security breach has occurred or is occurring (detection), identifying the nature of the attack (localization), the identity and whereabouts
(Identification) and nature of the perpetrators (assessment) Examples of this technique include: intrusion detection systems, system logs, digital watermarking.
Detection allows Response.

3. Response: Mitigating the consequences of the security breach, or deterring attacks usually by punishment. Examples include: insurance and prosecution.



NEED FOR COMPUTER SECURITY


Confidentiality (secrecy)

Data is kept secret from those without the proper credentials, even if that data travels through an insecure medium. In practice, this means potential attackers might be able to see garbled data that is essentially “locked,” but they should not be able to unlock that data without the proper information. In classic cryptogra­phy, the encryption (scrambling) algorithm was the secret. In modern cryptogra­phy, that isn’t feasible. The algorithms are public, and cryptographic keys are used in the encryption and decryption processes. The only thing that needs to be secret is the key. In addition, as we will demonstrate a bit later,
There are com­mon cases in which not all keys need to be kept secret.

Integrity (anti-tampering)

The basic idea behind data integrity is that there should be a way for the recipi­ent of a piece of data to determine whether any modifications are made over a period of time. For example, integrity checks can be used to make sure that data sent over a wire isn’t modified in transit. Plenty of well-known checksums exist that can detect and even correct simple errors.
However, such checksums are poor at detecting skilled intentional modifications of the data. Several crypto­graphic checksums do not have these drawbacks if used properly.

Non-repudiation

Cryptography can enable one person A to prove that a message he received from B actually came from B. B can essentially be held accountable when she sends A such a message, as she cannot deny (repudiate) that she sent it. In the real world, you have to assume that an attacker does not compromise particular cryptographic keys. The SSL protocol does not support non-repudiation, but it is easily added by using digital signatures. These simple services can be used to stop a wide variety of network attacks.

Snooping (passive eavesdropping)
An attacker watches network traffic as it passes and records interesting data, such as credit card information.

Tampering
An attacker monitors network traffic and maliciously changes data in transit (for example, an attacker may modify the contents of an email message).

Spoofing
An attacker forges network data, appearing to come from a different network address than he actually comes from. This sort of attack can be used to thwart systems that authenticate based on host information (e.g. an IP address).

Hijacking
Once a legitimate user authenticates, a spoofing attack can be used to “hijack” the connection.

Capture-replay
In some circumstances, an attacker can record and replay network transactions to ill effect. For example, say that you sell a single share of stock while the price is high. If the network protocol is not properly designed and secured, an attacker could record that transaction, then replay it later when the stock price has dropped, and do so repeatedly until all your stock is gone.



AREAS OF SECURITY
Attacks are equally easy if you’re on the same local network as one of the endpoints. Talented high school students who can use other people’s software to break into machines and manipulate them can easily manage to use these tools to attack real systems. Moreover, authentication information could usually be among the information “snooped” off a network.

Identification and authentication
Identification is typically performed by logging in or entering a username. But after entering a name, a user may be asked to prove it, so that the system can be certain that one user is not trying to impersonate another. Techniques can use two or more approaches.
User passwords are commonly employed. Password guessing attacks use computers and actual dictionaries or large word lists to try likely passwords. Brute force attacks generate and try all possible passwords. To block these attacks, users should choose strong passwords.
Physical characteristics can be determined by biometric devices. In addition to fingerprints, voice recognition, retina patterns, and pictures are used.

Access control
The system uses a validated user identity to limit the actions the user can perform. An access control policy is a series of acceptable triples (user, object, action), such as (system administrator, password file, modify), meaning that the user "system administrator" is allowed to perform the action "modify" on the object "password file." An access control list (ACL) is a set of these triples. Access control lists can be represented as a two-dimensional matrix, as a set of rules, or in other ways.
Before permission to access an object is allowed, a reference monitor (also known as a reference validation mechanism or access control mechanism) checks that the access is allowable. A reference monitor must be complete (invoked to validate every reference permission), correct (made to implement the intended access control policy exactly), and tamperproof (unable to be disabled).
Reference monitors can simply process a representation of the access control policy in list or table form. Alternatively, they can process capabilities, which are revalidated access "tickets." The access control system gives a user a capability to perform a certain access on a particular object, and the user later presents the capability to a reference monitor, which will inspect the capability and allow the access. Capabilities are useful in networked and distributed systems, in which access control may be done at one point and actions on objects may be done elsewhere.

Security of Programs
Computer programs are both part of the protection and part of the things protected in computer security. Programs implement access controls and other technical security controls. But those same programs must be protected against accesses that would modify or disable their ability to protect. And those programs must be implemented correctly.
Correctness, completeness, and exactness
A computer program is correct if it meets the requirements for which it was designed. A program is complete if it meets all requirements. Finally, a program is exact if it performs only those operations specified by requirements. Computer security requires correct, complete, and exact programs, and nothing more. A program has inevitable side effects.
For example, a program inevitably assigns values to internal variables, uses computing time, and causes entries to be generated in audit logs. Although side effects seem benign, they can be used maliciously to leak information. The exactness requirement really concerns only those significant operations specified by requirements, but in security almost any side effect can be significant. Determining which additional actions are security relevant is difficult, if not impossible.
Correctness and completeness can be determined to some degree by careful testing, although with large or complex systems it may be infeasible to test all possible situations. It is difficult to test security systems appropriately, because they can be large and complex, and because it is hard to simulate all the environments and approaches by which systems can be attacked.

Malicious code
Computing is so fast and complex that users cannot know everything a program is doing. Programs can be modified or replaced by hostile forms, with the replacements seeming outwardly the same as the originals. The general term "malicious code" covers Trojan horses, viruses, worms, and trapdoors. Malicious code has been present in computing systems since the 1960s, and it is increasingly prevalent and serious in impact. Unfortunately, there are no known complete forms of protection against malicious code. A Trojan horse is a program that has an undocumented function in addition to an apparent function. For example, a program may ostensibly format and display electronic mail messages while also covertly transmitting sensitive data.

A virus is a program that replicates and transfers itself to another computing system. When executed, each copy can also replicate, so that the infection spreads at a geometric rate.
A virus typically inserts its replicated copy into another executable program so that when the other program is executed, so is the copy of the virus. Viruses often perform covert malicious actions.
A worm is a program that, like a virus, seeks to replicate and spread. However, the goal of the worm is only to spread and consume resources. The malicious effect of the worm is denial of service by exhaustion of resources. A trapdoor is an undocumented entry point into a program. The trapdoor is inserted by a programmer to allow discreet access to a program, possibly with exceptional privileges. A user who had legitimate access at one time might have installed the trapdoor as a means of obtaining access in the future. All these forms of malicious code are serious security threats for several reasons. First, malicious code can be relatively small, so that it is not readily detected. Second, its actions can be concealed: If a program fails to perform as it did, the change is evident, but an attacker can cause the change to be subtle, delayed, or sporadic, making it very difficult to detect, let alone diagnose and correct. The covert effect of malicious code can be almost anything: It can delete files, transmit messages or files, modify documents or data files, and block a user from accessing a computer system. The attack can be transmitted in pieces that activate only when the entire attack has been delivered.
Finally, protecting against malicious code is difficult: The only known totally effective countermeasure is not to accept any executable items from anyone else, a solution that is scarcely acceptable for current networking and information sharing environments.

Security of code
It is infeasible for a user to determine that a program is secure. The user has little evidence on which to base an opinion, an insecure program may intentionally hide its weaknesses, and many users have little control even over the sources from which programs are derived. Even well−intentioned programmers can fail. Beyond principles of good software



Database Security
A database is a collection of records containing fields, organized in such a way that a single user can be allowed access to none, some, or all of the data. Typically the data are shared among several users, although not every user will have access to every item of data. A database is accessed by a database management system that performs the user interface to the database.
Integrity is a much more encompassing issue for databases than for general applications programs, because of the shared nature of the data. Integrity has many interpretations, such as assurance that data are not inadvertently overwritten, lost, or scrambled.

No comments:

Post a Comment