Computer Networks Security

Lecture 1
Computer Security Concepts

ECEG 4192 1
 Introduction
• Computer security: technique used to protect
• Damage of hardware
• Loss/damage of data
• Computer security is defined as the protection afforded
to an automated information system in order to attain
the applicable objectives of preserving the integrity,
availability, and confidentiality of information system
resources (includes hardware, software, data, and
telecommunications).
• Network security is also a similar concept but it ensures
that only non-malicious data packets are exchanged
ECEG 4192 2
 Why systems are not secured?
• The Internet was initially designed for connectivity
– Trust assumed
– We do more with the Internet nowadays
– Security protocols are added on top of the TCP/IP
• Most developers and operators concerned with
correctness (achieving desired behavior) of a system
– Preventing undesired behavior (security)  not much!
• SW and HW have bugs/defects in design,
implementation or human errors
– Difficult/costly to fix all the bugs
• E.g: Operating Systems have millions of LOC
ECEG 4192 3
 The best way to protect our systems
from every thing…
→Protection from everything: unplug our computer
systems and lock them away so no one can touch them
 NOT EVEN US!

→But NOT THE BEST! Even not a solution!

→The best way for protection is
• Understanding major requirements/practices of security
and systematic use of proper techniques
• You can’t secure your system completely!
• make the attacker’s job so difficult, risky, and costly
• security requires regular monitoring, follow up of your system
ECEG 4192 4
The security arm race

ECEG 4192 5
 Security models
• Security by Obscurity
– Hiding the system
– if no one knows that a system exists, then it won't be subject to
attack
– Never works in long run. Once detected, completely vulnerable
• The Perimeter Defense
– analogous to a castle surrounded by a moat
– harden or strengthen perimeter systems and
border routers
• E.g: protecting a network from external network using
Firewall
• Can prevent intruders but attacks from the inside network
are still possible
ECEG 4192 6
 Cont’d
• The Defense in Depth
– Hardening and monitoring each system
– Extra measures are still taken on the perimeter
systems
– Provides protection against an internal attacker as
well
– Most robust approach but more difficult to achieve

ECEG 4192 7
 Why Do Attackers Attack?
• To gain control of machines
• To gain access to private information, e.g., credit
card numbers
• To punish/embarrass individuals and institutions,
• To educate and advocate
• To earn reputation in the cracking community,
e.g., hackers vs. script kiddies

ECEG 4192 8
 Terminologies
• Hacker: is a skilled programmer, technically proficient
• Cracker: is a malicious hacker.
– One who breaks security on a systems with malicious intent.
– They are out for personal gain: fame, profit, and even revenge.
– They modify, delete, and steal critical information
• Script Kiddie: refers to crackers who use scripts and
programs written by others to perform their intrusions.
– assumed to be incapable of producing their own tools
– lack proper understanding of exactly how the tools work.
• White-hat/black-hat/gray-hat
– Used by security professionals
ECEG 4192 9
 Cont’d
• White-hat hackers: good guys, report vulnerabilities
– use their abilities for good, ethical, and legal purposes
– Hired by organization to hack their systems and report back
how they gained access
– Use the same tools, techniques as the crackers or bad guys
– Also called Ethical hackers
• Black Hat : Bad guys, exploit vulnerabilities for personal
gain, regardless of impact
– Hack for personal gain
– Exploit vulnerabilities to themselves and do not notify the
general public or the manufacturer for patches to be applied
• Gray Hat : falls somewhere between
– Do not hack for their personal gain, but may gain access
unauthorized
ECEG 4192 10
 Security types
• Security is a holistic; requires physical, technological,
policies and procedures
• Physical Security: physical access restriction
– devices should be behind locked doors, and only authorized
ones should have access
– can employ security cameras, card readers and biometric locks
to limit access to authorized ones
– Protecting against information leakage and document theft
– E.g: Dumpster Diving -gathering sensitive information from the
company’s garbage

11
ECEG 4192
 Cont’d
• Technological Security:
– Application security: eg configure webserver correctly (local
files)
– OS security: Security patches for bugs
– Network security: mitigate malicious traffic using Firewalls and
Intrusion Detection/Prevention Systems
• Policies and Procedures: to be followed by users
– E.g: passwords must not be shared
– Awareness of social engineering attacks, etc
– Social engineering: taking advantage of unsuspecting
employees (e.g. attacker gets employee to provide his
username & password)

ECEG 4192 12
Ultimate Goal of the Developer

ECEG 4192 13
Security services

ECEG 4192 14
 Primary goals
• Remember the definition of computer security
• Three primary goals of computer security
– Confidentiality : keeping data private
– Integrity : data has not been modified in the transit
– Availability: measure of data’s accessibility

• These three concepts form what is

often referred to as the CIA triad
• Additional concepts are needed to
present a complete security

ECEG 4192 15
 Security services (cont’d)
• Seven Key Security services
– Authentication
– Authorization
– Confidentiality
– Data / Message Integrity
– Accountability
– Availability
– Non-Repudiation

ECEG 4192 16
 Fictitious characters
• We will discuss the security services with the
help of few fictitious characters that are often
used in the field of computer security
– Alice & Bob –“good guys”. Alice and Bob want to
communicate “securely”.
– Eve –a “passive” eavesdropper
– Mallory –an “active” eavesdropper
– Trent –trusted by Alice & Bob

ECEG 4192 17
 1. Authentication
• Is the act of verifying someone’s identity (identity
verification )
• If Bob wants to communicate with Alice, how can he be
sure that he is communicating with Alice and not to
someone trying to impersonate her?
• Authentication can be achieved based on three types of
methods:
– Something you know
– Something you have
– Something you are

ECEG 4192 18
 1.1. Something you know
• Bob can ask Alice for some secret only she should know,
such as a password/PIN
– If Alice produces the right password, then Bob can assume he
is communicating with her
• Passwords :
– Pros: Simple to implement , Simple for users to
understand
– Cons: Easy to crack (unless users choose strong
ones), Passwords are reused many times
• One-time Passwords (OTP): different password used
each time, but it is difficult for user to remember all of
them
ECEG 4192 19
 1.2. Something you have
• based on something that the user has (e.g smart card,
ATM card, etc).
• ATM cards: are usually used as a two-factor
authentication.
– have magnetic stripes that have the user’s name and account
number.
– When the card is used, the user is required to enter not only
the card into the teller machine, but also a PIN
– If both the ATM card and the PIN are stolen, then the security
is compromised
• Strength of authentication depends on difficulty of
forging the ATM or smart cards
ECEG 4192 20
 1.3. Something you are
• based on something that the user is.
• Most of the authentication techniques that fall into this
category are biometric techniques
• Two factors to consider: effectiveness and social
acceptability
– Palm scan: person’s hand and fingers, and the curves that exist on
their palm
– Retinal scan: infrared light is shot into a user’s eyes, and the pattern
of retinal blood vessels is read
– Iris scan: camera takes a picture of a person’s iris to find features
– Finger print: scans the set of curves that makes up one’s fingerprint
– Voice recognition: electrically coded signals of the user’s voice
– Face recognition: involves a camera taking a picture of a person’s
face and trying to recognize its features
– Signature dynamics: user’s signature and the pressure and timing of
signing
21
ECEG 4192
Cont’d

ECEG 4192 22
 1.2. Authorization
• Checking whether a user has permission to conduct
some action
• level of authorization basically determines what you're
allowed to do once you are authenticated
• E.g: Alice authenticates herself at an ATM
– Alice may want to deduct $500, but may only be authorized to
deduct a maximum of $300 per day. If Alice enters $500, the
system will not authorize her transaction even if she
successfully authenticates herself.
• Access Control List: mechanism used by many operating
systems to determine whether users are authorized to
conduct different actions
ECEG 4192 23
 ACL
Permissions/privileges for files., e.g: UNIX based ACL
User Resource Privilege

Alice /home/Alice/* Read, write, execute

Bob /home/Bob/* Read, write, execute

ACL showing privileges of a user for a resource

• Users can have read, write or execute permissions.
• User on UNIX/Linux based systems can have three groups: owner, group, and
public or world.

ECEG 4192 24
 Displaying permissions
• Use ls -l command to list files
– E.g tek@tek:~$ ls -l /home/tek
-rw-rw-r-- 1 tek tek 181248 Mar 1 08:03 BasicSecurity.ppt
-rw-rw-r-- 1 tek tek 886878 Dec 8 12:20 creating gmail account.pdf

ECEG 4192 25
 Modifying permissions
Use chmod command

tek@tek:~$ chmod ug+xw new_file.text Letter Permission Value

tek@tek:~$ ls -l new_file.text R read 4
-rwxrwxr-- 1 tek tek 0 Mar 10 10:38 new_file.text
W write 2
tek@tek:~$
X execute 1
Or
- none 0
tek@tek:~$ chmod 755 new_file1.text
tek@tek:~$ ls -l new_file1.text
-rwxr-xr-x 1 tek tek 0 Mar 10 10:42 new_file1.text
tek@tek:~$

ECEG 4192 26
 1.3. Confidentiality
• The goal is to keep the contents of a transient communication or
data on temporary or persistent storage secret.
• If Alice and Bob want to exchange some information that they do
not want Eve to see, the challenge is to make sure that Eve is not
able to understand that information, even if Eve can see the bits
that are being transferred over the network
• Encryption technology is used to achieve confidentiality.
• A key (a secret sequence of bits) that Alice and Bob know (or
share) that is not known to potential attackers is used.
• An encryption algorithm will take the key as input, in addition to
the message that Alice wants to transfer to Bob, and will scramble
the message .
• The message is scrambled such that when Eve sees the scrambled
communication, she will not be able to understand its contents.
ECEG 4192 27
 1.4. Message/Data Integrity
• When Alice and Bob exchange messages, they have to
make sure that a third party such as Mallory is unable to
modify the contents of their messages
• Mallory has capabilities similar to Eve
– but Eve Eve is able to see the zeros and ones go by, she is
unable to modify them. Eve therefore cannot modify any part
of the conversation.
– On the other hand, Mallory has the ability to modify, inject, or
delete the zeros and ones, and thus change the contents of
the conversation
• One approach to maintain message integrity is to add
redundancy to their messages.
– CRC and Message Authentication Codes
ECEG 4192 28
 1.5. Accountability
• Refers to the ability to track or audit what an individual
or entity is doing
– Does the system maintain a record of functions performed,
files accessed, and information altered ?
• In the case something goes wrong, accountability
techniques must determine who the attacker is
• Most systems achieve accountability through
authentication and the use of logging and audit
– write log entries every time a user authenticates
– use the log to keep a list of all the actions that the user
conducted.
– the logs cannot be deleted or modified
– provides accurate timestamping

ECEG 4192 29
 1.6. Availability
• Availability assures that systems work promptly
and service is not denied to authorized users
• An attacker that is interested in reducing the
availability of a system typically launches a
denial-of-service (DoS) attack
• One method to achieve availability is to add
redundancy to eliminate any single point of
failure
– E.g: redundant servers, routers
• If one of the servers is attacked or failed, the others will
continue to serve.
ECEG 4192 30
 1.7. Non-repudiation
• To prevent entities from denying (repudiating) that
– information, data, or files were sent or received or that
information or files were accessed or altered.
• A trusted third party, such as Trent, can be used to
accomplish this
– i.e. Alice wants to prove to Trent that she did communicate
with Bob
• Trent is playing the role of an agent
• Generate evidence / receipts (digitally signed
statements)
• Often not implemented in practice

ECEG 4192 31
Malware types

ECEG 4192 32
 Introduction
• Malware: Malicious software, used by cybercriminals
and hackers
– to disrupt computer operations
– steal personal or professional data
– bypass access controls
– cause harm/damage systems
• Different malware types
– Virus
– Worms
– Trojans
– Key loggers
– Bots, etc
ECEG 4192 33
 Virus
• Harmful programs which can self-replicate
• Are attached to an executable file
– The virus can remain inactive on the host system and will not be spread
until a user runs or opens the malicious content.
• If someone inserts a disk into a computer that is infected
with a virus, that virus may copy itself into programs that
are on the disk.
• Then, when that disk is inserted into other computers, the
virus may copy itself and infect the new computers.
• Once the infected program has been run or installed the
virus is activated and begins to spread itself to other
programs on the current system.
– This is often followed by damage to additional areas, for example
the deletion of critical files within the operating system.
ECEG 4192 34
 Worms

• Worm is a virus that uses a network to copy itself

onto other computers
• Unlike viruses, worms operate as a stand-alone
program and transmit themselves across a
network directly
• Faster rate of infection/spread

ECEG 4192 35
 Trojans
• Trojan purposefully performs an action that the user
doesn’t expect.
• Trojan claims to perform one function but performs an
additional or different function than advertised once
installed.
– This often involves providing remote access to the infected
machine, allowing attackers to steal data, install additional
malware or monitor user activity.
– For example, a program that appears to be a game but really
deletes a user’s hard disk is an example of a Trojan.

ECEG 4192 36
 Ransomware
• Restricts access to the computer system it infects
• The program demands a ransom be paid to the
creator
– The programs encrypt files on the system's hard drive
or simply lock the system
– Display messages intended to persuading the user
into paying the fee
– Allowing the malware author being the only individual
with access to the necessary decryption key.

ECEG 4192 37
 Key loggers
• Monitors user keyboard or mouse input and
reports the activity to an adversary
• Unlike other forms of malware, key loggers
present no threat to the system itself.
– However, they can be used to intercept passwords
and other confidential information entered via the
keyboard.
– The stolen confidential information can be used to
perform online fraud

ECEG 4192 38
 Bots
• Form of malware generated to automatically perform
specific operations
• Multiple bots communicating together are termed a
‘botnet’
– can be used to execute DoS attacks against websites or send
out thousands of spam email messages
• Computers infected with bots are commanded and
controlled by the botnet's operator
– Communication is based on command and control (CC)
infrastructure i.e. the remote user provides instruction for the
bot

ECEG 4192 39
 Important malwares
• Morris worm: was able to infect over 6,000 computers
in just a few hours
• Created in 1988
• Used the internet to propagate and didn’t need human
assistance to spread
• Took advantage of a vulnerability in a UNIX program
• Generated enormous amount of traffic for scanning to
infect
• Caused a lot of damage (around $10 million in
downtime and cleanup procedures)
ECEG 4192 40
 Important malwares
• The Code Red Worm: exploited buffer overflow
vulnerability in the Microsoft Internet
Information Services (IIS) web server
– The web server had a feature turned on by default
• Once it infected a particular machine, it
randomly scans other IP addresses to connect to
other IIS web servers.
– It spread from one web server to another quickly
(over 2,000 hosts per minute)
• Caused around $2.6 Billion in damages
• Surfaced in 2001 ECEG 4192 41
 Important malwares
• Nimda Worm: made it a lot worse than the Code
Red worm
• Not only spread from web server to web server,
but it also spread from web servers to web
clients
– Whenever a web browser downloads an infected file
from the web server, it also became infected
– Sent out e-mails from the infected client to other
machines containing the worm’s code as a payload.

ECEG 4192 42
 Important malwares
Witty worm: used a vulnerability in firewall
running Internet Security Systems software
• In 2004, within a half-hour it infected 12,000
computers
• Once Witty infects a host, the host sends 20,000
packets by generating packets with a random
addresses.
• Deleted contents of hard drive

ECEG 4192 43
 Important malwares
• My Doom: in 2004, it scattered exponentially via e-mail
with random senders’ addresses and subject lines
• Infected some 2 million computers and brought a huge
denial of service attack which smashed the cyber world
for some time.
– Transmitted as being bounced error message as it reads “Mail
Transaction Failed.”
– If message is clicked , the attachment is executed and the
worm is transferred to e-mail addresses found in user’s
address book.
• Caused a damage of around $38 billion

ECEG 4192 44
 Important malwares
• Stuxnet: believed to be jointly built by American-Israeli
cyber weapon to sabotage Iran’s nuclear program, in
2009/2010
• specifically targets PLCs, which allow the automation of
electromechanical processes
• Exploited vulnerability in Siemens Step7 software
• It has
– Collected information on industrial systems
– Caused the fast-spinning centrifuges to tear
themselves apart.
– Ruined almost one-fifth of Iran's nuclear centrifuges
ECEG 4192 45
Secure design principles

ECEG 4192 46
 Introduction
• Some security design principles
– The Principle of Least Privilege
– Diversity-in-Defense
– Securing the Weakest Link
– Secure by default
– Simplicity
– Open Design
– Usability

47
ECEG 4192
 The Principle of Least Privilege
• States that a user should be given the least amount of
privileges necessary to accomplish a task
– E.g. if you are implementing a web server that is only
responsible for serving read-only marketing pages to web
users, the web server should only be given access to the exact
set of files that the web server serves to its clients.
– The web server should not be given privileges to access any
other resources other than the marketing pages.
– By following this approach, if anyone breaks into the web
server, the attacker will be able to do is read the files that make
up the marketing pages
– Obey Least Privilege: Don’t run server under root!
• Highly elevated privileges unnecessary
– If attacker breaks in to our system  gets more power
system becomes more vulnerable
ECEG 4192 48
 Diversity-in-Defense
• Is about using multiple heterogeneous systems that do
the same thing
• Don’t rely on homogenous systems for security
– E.g. use of multiple operating systems within a corporation to
defend against virus attacks: It is unlikely that a virus would
attack all the OSs
– E.g. Second firewall (different vendor) between server & DB

• Diversity-in-defense does come at a cost

– Managing different technologies may have a burden on the IT
experts

ECEG 4192 49
 Securing the Weakest Link
• The weakest link is the part of a system that is the most
vulnerable or easiest to attack
• A system is only as strong as its weakest link
• Common Weak Links:
– Weak Passwords: easy to crack
– People: Social Engineering Attacks
• Weak Passwords:
– One-third of users choose a password that could be found in
the dictionary
– Attacker can employ a dictionary attack and will eventually
succeed in guessing someone’s password
ECEG 4192 50
 Securing the Weakest Link (1)
• People:
– Employees could fall for social engineering attacks (e.g.
someone calls them pretending to be the “sys admin” and asks
for their password)
• Especially a problem for larger companies

– What about the programmers themselves?

• Malicious programmers can put back doors into their
programs, which can give them control of the system after it
is deployed.
– To help deal with such people-related threats, a company
should create a culture in which their employees enjoy what
they do, believe in the goals of the company, etc.
ECEG 4192 51
 Secure by default
• Only enable 20% of products’ features that are
used by 80% of user population
• “Hardening” a system:
– All unnecessary services off by default
– More enabled features means more potential exploits
and decreased security
• Example: Windows OS
– There were lot of viruses like Code Red and Nimda
which exploited IIS vulnerability which had features
enabled by default

ECEG 4192 52
 Simplicity
• Complex software is likely to have many more bugs and
security holes than simple software
• Designer tries to add useful features which in turn
introduces vulnerability in the process
• If a design and implementation are simple, fewer
possibilities exist for errors.
• A simpler design and fewer lines of code can mean less
complexity, better understandability, and better
auditability.
• Think about security implications of “features”

ECEG 4192 53
 Open Design
• States that the security of a system should not depend on
the secrecy of its design or implementation
– b/c: can be discovered through technical analysis or other
means
– E.g. Cryptographic systems should always follow this open
design principle, i.e, algorithms must be public
• On the other hand, companies may not want their
designs made public
– As their competitors might use them
– But if hiding their implementations is for the purpose of
security, then it is to be finally compromised

ECEG 4192 54
 Usability
• Recognizes the human element in computer security
• States that security mechanisms should not make the
resource more difficult to access than if the security
mechanisms were not present
• Security features should be turned on by default, or else
they will rarely be enabled at all
• Security systems should not be inconvenient to the point
that users will shut them off

ECEG 4192 55