Part Three

Security Vulnerabilities, Policies, Services

and Mechanisms

Information Security
(BIS 321)
  Vulnerabilities(Attack Surface):- are weak points or loopholes
in security that an attacker can exploit in order to gain access to
the network or to resources on the network.
 The vulnerability is not the attack, but rather the weak point that is
exploited.
 Vulnerability is the intersection of three elements:
1. A system susceptibility or flaw,
2. attacker access to the flaw, and
3. attacker capability to exploit the flaw
 To be vulnerable, an attacker must have at least one applicable
tool or technique that can connect to a system weakness.
 A security risk may be classified as a vulnerability. But there are
vulnerabilities without risk, for example when the
2
affected asset has no value.
 Contd.
 A vulnerability with one or more known instances of working and
fully-implemented attacks is classified as an exploitable
vulnerability, a vulnerability for which an exploit exists.

3 Fig Threat agents, attack vectors, weakness, controls, IT asset and business
impact
Vulnerability Classification
Vulnerabilities are classified according to the asset class they related to:
1. Hardware 3. Network

  Unprotected communication
susceptibility to humidity
lines
 susceptibility to dust
 Insecure network architecture
 susceptibility to soiling
4. Personnel
 susceptibility to
 inadequate recruiting process
unprotected storage
 inadequate security awareness
2. Software
5. Site
 insufficient testing
 area subject to flood
 lack of audit trail
 unreliable power source

6. Organizational
4
 lack of regular audits
 Protocol Design
 Communication protocols sometimes have weak points. Attackers
use these to gain information and eventually gain access to systems.
Some known issues are:
 TCP/IP:- The TCP/IP protocol stack has some weak points that
allows:
 IP address spoofing

 TCP connection request (SYN) attacks

 ATM:- Security can be compromised by what is referred to as

"manhole manipulation“, direct access to network cables and
connections in underground parking garages and elevator shafts.
5
 Frame relay:- Similar to the ATM issue.
 Weak Password
 Password selection will always be a contentious point as long as users
have to select one.
 Users usually select commonly used passwords because they are easy to
remember, like anything from birthday to the names of loved ones. This
creates a vulnerability.
 A password is the key to a computer, a key much sought-after by hackers,
as a means of getting a foothold into a system.
 A weak password may give a hacker access not only to a computer, but to
the entire network to which the computer is connected.
 Users should treat their passwords like the keys to their homes.
 Switches and routers are easily managed by an HTTP Web interface or
through a command line interface.
 Coupled to the use of weak passwords it allows anybody with some
6
technical knowledge to take control of the device.
Security Policy
 is a document or set of documents that states an organization’s
intentions and decisions on what and how electronic
information should be secured.
 a statement of what is and what is not allowed.

 It is a set of rules and practices that specify or regulate how

a system or organization provides security services to

protect sensitive and critical system resources.
 Is also the set of rules laid down by the security authority

governing the use and provision of security services and

7 facilities.
 Security attacks, Mechanisms and Services
 Security attack: any action that will compromise the security of
information.
 These attacks take many forms, but in most cases, they seek to obtain

sensitive information, destroy resources, or deny legitimate users access

to resources.

 Security mechanism:- is a mechanism that is designed to

detect , prevent, or recover from a security attack.

 Security services: A service that enhances the security of data

processing systems and information transfers.
 A security service makes use of one or more security mechanisms.
8
 Security Attacks
 Is an assault on system security- an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a
system.
Information Information
source destination

a) Normal flow

b) Interruption
c) Interception

9 d) Modification e) Fabrication
 Contd.

Interruption

 The system is destroyed or becomes unavailable

 This is an attack on availability.
 This could be a destruction of a piece of hardware or
cutting a communication line.
10
 Contd.

Interception

 Unauthorized party gets access to information

 This is an attack on confidentiality
• Overhearing, eavesdropping over a communication line
 The attacker could be a person or program.
• Eg. of this could be unauthorized copying of files.
11
 Contd.
Modification

 An unauthorized party gains access to information and also

modifies it.
 This is an attack on integrity of information.
 Modification of program or date files to operate or contain
different information.
 Corrupting transmitted data or tampering with it before it reaches its
12 destination
 Contd.
Fabrication

 An unauthorized party injects fabricated information into

the system.
 That is, Faking data as if it were created by a legitimate and
authentic party
 This is an attack on authenticity.
 Examples of this is insertion of spurious messages, addition
13 of records to a file etc.
 Attack Types
1. Passive attacks:- are the type of attacks which do not
change or modify the information flowing between the parties.
 This type of attacks are hard to detect since it does not involve
the other party or alter the data.
 The objective of the opponent is to obtain the information that
is being transmitted.
 Passive attacks attempt to learn or make use of information
from the system but don’t affect the system resources.
 This kind of attack can be prevented rather than detected.
14
Examples are Eavesdropping or monitoring of traffic.
 Passive Attack Types
A. Release of Message Content:- Messages, such as telephone
conversation, an e-mail, and transferred file, may contain sensitive or
confidential information.
 An opponent may get to know the contents of the message.
 Prevent the opponent from learning the contents of these
transmission.

B. Traffic Analysis:- Analyzing or determining the location and

identity of hosts and paths to guess on the nature of communication
that is/was taking place.
 Here, the link traffic profile and information gathering is done by
15
the opponent.
 Contd.

16
 Contd.

2. Active attacks:- are types of attacks which attempt to alter

system resources or affect their operation

 Are easier to detect since the information stream is altered and
involves the other party.

 Harder to prevent since no absolute protection is available

with the current buggy systems.

 Involves some modification of the data stream or creation

of a false stream.
17
 Active Attack Types
A. Masquerading:- The entity pretends to be a different entity.

 It usually includes one of the other forms

B. Replay:- involves the passive capture of a data unit and its

subsequent retransmission to produce an authorized effect.

 Passive capture of data, alter and then retransmit.

C. Modification of Message:- Means some portion of the legitimate

message is altered, or the messages are delayed or reordered, to

produce an authorized effect.

D. Denial of Service:- Prevents or inhibits the normal use or

18 management of communications facilities.

Contd.

19
 Security Services
 A security service is the collection of mechanisms, procedures and

other controls that are implemented to help reduce the risk

associated with threat.

 For example, the identification and authentication service helps

reduce the risk of the unauthorized user threat.

 Some services provide protection from threats, while other services

provide for detection of the threat occurrence.

20  An example of this would be a logging or monitoring service.

 Security Services Types
A. Confidentiality (privacy):- is the protection of
transmitted data from passive attacks.
 The other aspect of confidentiality is the protection of
traffic flow from analysis.
 The attacker will not be able to observe the source and
destination, frequency, length or other characteristics of the
traffic on a communications facility.

B. Integrity (has not been altered):- ensures that the

messages are received with no duplication, insertion,
21
modification, reordering or replays.
 Contd.
 Connection oriented service:- addresses DoS and modifications

(duplication, insertion, modification and reordering problems

handled).

 Connectionless service:- deals with only individual messages and

only assures against modification. This is because it only deals with

individual packets.

C. Access Control:- This service controls who can have access to a

resource, under what conditions access can occur and what those
accessing the resources are allowed to do.

D. Non-repudiation:- Prevents either sender or receiver from denying a

22
transmitted message.
 Contd.
E. Authentication:- is the assurance that the communicating
entity is the one that it claims to be.
I. Peer Entity Authentication:- is used in association with a
logical connection to provide confidence in identity of the entities.
II. Data Origin Authentication:- In a connectionless transfer, it
provides assurance that the source of received data is as claimed

F. Audit:- Recording & analyses of participation, roles and actions in

information communication by relevant entities..

G. Availability:- having your data accessible and obtainable at all

times.
23
 Contd.
1. Confidentiality
Data Confidentiality
Traffic Confidentiality
Primary Services
2. Data Integrity
3. Authentication
Data Origin Authentication
Peer Authentication
4. Access Control
5. Non-Repudiation
Non-Repudiation of Origin
Non-Repudiation of Reception
6. Audit
7. Availability – an after-thought but increasingly important
24
 Security Mechanisms
1. Encipherment:- is the use of mathematical algorithms to transform

data into a form that is not readily intelligible.

2. Digital Signature:- is a mathematical scheme for demonstrating the

authenticity of a digital message or document.

 A valid digital signature gives a recipient reason to believe that the message

was created by a known sender, and that it was not altered in transit.

3. Access Control:- a variety of mechanisms that enforce access

rights to resources.
25
 Contd.
4. Data Integrity:- a variety of mechanisms used to assure the integrity
of data unit or stream of data units.
5. Authentication Exchange:- a mechanism intended to ensure the
identity of an entity by means of information exchange.

6. Traffic Padding:- The insertion of bits into gaps in a data stream to

frustrate traffic analysis attempt.

7. Routing Control:- Enables selection of particularly secure routes

from certain data & allows routing changes, especially when a
breach of security is suspended.

8. Notarization:- The use of a trusted 3rd party to assure certain

26 properties of a data exchange.
 Confidentiality
• Protection of information from disclosure to unauthorized entities
(organizations, people, machines, processes).
• Information includes data contents, size, existence, communication
characteristics, etc.

Service Types Protection Mechanisms

 Data Confidentiality / Disclosure  Data Encryption
Protection  Symmetric (Secret-Key)
 Connection Oriented  Asymmetric (Public-Key)
 Connectionless
 Selective Field
 Traffic Flow Confidentiality
 Origin Destination Association
 Message Size
 Transmission Patterns
27  Accompanied with Data Integrity
 Integrity
 Protection of data against creation, alteration, deletion,
duplication, re-ordering by unauthorized entities (organizations,
people, machines, processes).
 Integrity violation is always caused by active attacks.

Service Types Protection Mechanisms

Message Integrity Message Digests (Hashing)
Associated with Sequence Numbers
connectionless communication Nonce ID (Random Number)
Message Stream Integrity Time Stamps
Associated with
connection oriented
communication
28
 Authentication
• Communicating entities are provided with assurance & information
of relevant identities of communicating partners (people, machines,
processes).
• Personnel Authentication requires special attention.

Service Types Protection Mechanisms

 Data Origin Authentication  Password
 Associated with  Manual
Connectionless Communication  One-Time Password
 Peer Entity Authentication
 Key Sharing
 Associated with
 Manual
Connection Oriented Communication
 Symmetric Key (Tickets)
 Fundamental for access control
 Asymmetric Key (Certificates)
hence, confidentiality & integrity
 Challenge – Response
 Nonce Based
 Zero Knowledge Proof

29
 Access Control
Protection of information resources or services from access or use by unauthorized
entities (organizations, people, machines, processes).
 Privileges – rights to access or use resources or services
 Principles – entities own access control privileges
 Subjects – entities exercise access control privileges
 Objects / Targets – resources or services accessed/used by subjects
 Delegation – transfer of access control privileges among principals
 Authorization – transfer of access control privileges from principals to subjects

Service Types Protection Mechanisms

 Subject Based Typing  Access Control Lists (ACLs)
 Identity Based  Object Based Specification
 Role Based Ex.: UNIX File System
 Enforcement Based Typing  Capabilities
 Mandatory Access Control  Subject Based Specification
― Management Directed  Issue Tickets/Certificates
 Discretionary Access Control ―
30 Resource Owner Directed
 Non-Repudiation

 Protection against denial of participation by communicating

entities in all or part of a communication.

Service Types Protection Mechanisms

Non-Repudiation of Origin Notarization

Non-Repudiation of Reception 
Time Stamp
Digital Signature

31
 Audit
 Recording & analyses of participation, roles and actions in

information communication by relevant entities.

Service Types Protection Mechanisms

 Intrusion Monitors / Sensors
Off-line Analysis
 Common Intrusion Detection
(Computer Forensic)
Framework (CIDF)
On-line Analysis
 Common Information Model
(Real-time Intrusion Detection) (CIM)

32
 Service vs. Layer Mapping
Service / Layer 1 2 3 4 6 7
Confidentiality, Connectionless Y Y Y Y
Confidentiality, Connection Y Y Y Y Y
Confidentiality, Selected Field Y Y
Confidentiality, Traffic Flow Y Y
Authentication, Data Origin ? Y Y Y
Authentication, Peer Entity Y Y Y
Integrity, Message Y Y Y Y
Integrity, Message Stream ? Y Y Y
Access Control ? Y Y Y
Non-Repudiation, Origin Y
Non-Repudiation, Receipt Y
? = difference between IEEE802 and ISO
33
 A Model for Network Security

34
 Design Issues in the Model

1. Design an algorithm for performing the security-related

transformation.
 The algorithm should be such that an opponent cannot defeat its

purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret

information.

4. Specify a protocol to be used by the two principles that makes

use of the security algorithm and the secret information to

35 achieve a particular security service.

 Other Considerations
1. Network Design Considerations
 Designing for acceptable risk.

 Use of network models with security (LAN/WAN more secure, Dedicated/non-

dedicated, segregation and isolation)

2. Host hardening
 Firewalls, Packet filtering

3. Choice of network devices

 Choice of routers and other hardware

 Routing protocols

4. Intrusion detection systems (IDS)

 Host based IDS

36  Network based IDS

 Network Penetration Attacks and Firewalls

Passed Packet Attack

Internet Packet
Firewall
Hardened
Client PC Internet

Attacker

Dropped
Packet

Hardened
Server Internal
Log File Corporate
Network
37
 Intrusion Detection System

1.
4. Alarm Intrusion Suspicious
Detection Packet
System
Network
2. Suspicious
Administrator Internet
Packet Passed
Attacker

3. Log
Packet

Hardened
Server
Log File Corporate Network

38
 Encryption for Confidentiality

Encrypted
Message
“100100110001”

Client PC Server
Bob Alice
“100100110001”

Attacker (Eve) intercepts

Original but cannot read Decrypted
Message Message
“Hello” “Hello”

39
 Impersonation and Authentication

I’m Bob

Prove it!
Client PC Attacker (Authenticate Yourself)
Server
Bob (Eve) Alice

40
 Secure Dialog System

Secure Dialog

Client PC
Automatically Handles Server
Bob
Negation of Security Options Alice
Authentication
Encryption
Integrity
Attacker cannot
read messages, alter
messages, or impersonate

41
 Hardening Host Computers
1. The Problem
 Computers installed out of the box have known vulnerabilities
 Not just Windows computers
 Hackers can take them over easily
 They must be hardened—a complex process that involves many actions
2. Elements of Hardening
 Physical security
 Secure installation and configuration
 Fix known vulnerabilities
 Turn off unnecessary services (applications)
 Harden all remaining applications
 Manage users and groups
 Manage access permissions
 For individual files and directories, assign access permissions specific users and groups
 Back up the server regularly
42  Advanced protections