System Security

 System Security

• The Security Problem
• Program Threats
• System and Network Threats
• Cryptography as a Security Tool
• User Authentication
• Implementing Security Defenses
• Firewalling to Protect Systems and Networks
• Computer-Security Classifications
• An Example: Windows XP

Objectives

• To discuss security threats and attacks
• To explain the fundamentals of encryption, authentication, and hashing
• To examine the uses of cryptography in computing
• To describe the various countermeasures to security attacks

The Security Problem

• Security must consider external environment of the system, and protect the
  system resources
• Intruders (crackers) attempt to breach security
• Threat is potential security violation
• Attack is attempt to breach security
• Attack can be accidental or malicious
• Easier to protect against accidental than malicious misuse

Security Violations

1. Security Violations

• Breach of confidentiality
• Breach of integrity
• Breach of availability
• Theft of service
• Denial of service

    2. Methods

• Masquerading (breach authentication)
• Replay attack  Message modification
• Man-in-the-middle attack
• Session hijacking

Standard Security Attacks

Security Measure Levels

1. Security must occur at four levels to be effective

• Physical
• Human Avoid social engineering, phishing, dumpster diving
• Operating System
• Network

     2.Trojan Horse

• Code segment that misuses its environment
• Exploits mechanisms for allowing programs written by users to be executed by
  other users
• Spyware, pop-up browser windows, covert channels

     3.Trap Door

• Specific user identifier or password that circumvents normal security procedures
• Could be included in a compiler

    4.Logic Bomb

• Program that initiates a security incident under certain circumstances

    5.Stack and Buffer Overflow

• Exploits a bug in a program (overflow either the stack or memory buffers)