Comp Security- Week 2 Flashcards
Where is security a concern?
Business env.- shareholder confidence, cashflow
Medical env.- patient records, equipment safety
Military env.- weapon access, communication secrecy
Households.- privacy, security alarms
Society.- transportation, communication
Software Security
Low level; security of the programming language itself
Attacker goal: Take over target machine by executing arbitrary code by hijacking applications control flow
Operating System Security
Os attacker: control malicious files and applications
Network security
People
application
transport
network
data link
physical
web security and privacy
Attacker goal: set up malicious site visited by victim, no control of network
Aspects of security:
Distributed system: computers connected by networks (ex blockchain)
Communications/Network security: addresses security of communication links
Computer security: addresses security of end systems
Application security: relies on the 2 to provide secure services to end users
Security management: how to deploy security technologies
Types of frauds/attacks
- insider fraud
- identity fraud- espionage
- password sniffing
- tcp session hijacking- send messages appearing to be from trusted host
- denial of service- tcp syn flooding by creating half open tcp requests
Security strategies
- prevention
- detection
- reaction
Security objectives/properties:
- confidentiality- prevent unauthorized discolsure of info
- integrity- prevent unauthorized modification of ino
- availability- prevent unauthorized withholding of info/resources
- authenticity- know who youre talking to
- accountability- prove an entity was involved in some event
- access control- restricting access to resources to privileged entities
confidentiality
prevent unauthorized reading
secrecy: protection of data belonging to an organization
integrity
prevent unauthorized writing
data integrity: when computerized data is the same as source document and hasnt been exposed to accidental or malicious alteration or destruction
detect and correct
availability
being accessible upon demand by authorized entity
accountability , at os level and at distributed systems
if an actual link between a user and user identity can be established then user can be held accountable
at os level: audit logs
in distributed systems: non repudiation mechanisms
non repudiation services and the 2 types
non repudiation services: provide unforgeable evidence that a specific action occurred
non repudiation of origin: prevents against sender denying data was sent
non repudiation of delivery: prevents against receiver denying data was received
Security attacks
- interception- access system they are not allowed to (confidentiality)
- interruption- disrupt a service and prevent it from functioning (availability)
- Modification- attacker tampers with a system (integrity)
- fabrication- attacker creates a false record ex fraud or phishing (integrity)
Eavesdropping
Getting info intended for someone else during transimission over communication channel (confidentiality)
Alteration
Modification of info ex man in middle attack (data integrity)
denial of service
interruption of data or info access (availability)
masquerading
spoofing identity or sending something on their behalf (origin identity)
Individual attacks follow this 5 step plan:
- Reconnaissance (Surveying) - learns all they can about target (mac or windows)
- Scanning- pre attack phase searches for vulnerabilities (what version, open ports)
- gain access- exploits vulnerability to gain access (inject malware)
- maintain access- deliver payload (plant spyware etc)
- cover tracks- hide evidence, modifies log files
