Security Final

Vulnerability

weakness that could exploited to cause harm/attack surface - need to be controlled

Threats

Circumstances that could cause harm - is limited - are blocked by control of vulnerabilities

Controls

prevents threats from exercising vulnerabilities

3 properties of security

Confidentiality, Integrity, Availability

Confidentiality

asset is viewed by authorized parties

* who + what + how

Integrity

asset is modified only by authorized parties

availability

asset can be used by any authorized parties

types of attackers

terrorist, hacker, individual, group

Securing Weakest Link

attackers are more likely to attack a weak spot - Risk \= Probability X Impact ; eg. admins, users, tech support are the weakest

Defense in Depth

Layer security defenses with multiple mechanisms

Failing Securely

unless given explicit access, deny user access. when system fails, undo changes and secure defaults to deny information

Separation of Privilege

system should not be granted permission based on a single condition - multiple security checks

Economy of Mechanism

mechanisms should be as simple as possible, reduce number of choke points - bridge

Least Common Mechanism

mechanisms used to access resources should not be shared

Reluctance To Trust

assume environment is insecure, not trustworthy

Never Assuming that your secret are safe

design should not be secret, don’t depend on attackers not knowing

Complete Mediation

all accesses to object to be checked to ensure that they are allowed, system wide view of access control

Psychological Acceptability

security cannot hinder usability of app and should be transparent

Promoting Privacy

prevent attackers from accessing private information

3 types of tools

authentication, access control (authorization), cryptography

identification

who the person is (username)

authentication

proving an asserted identify (password)

ACL - Access Control Lists

list of permissions attached to an object - token created

ACD - access control directory

one directory pointing to ACL per user

ACM - access control matrix

matrix containing all permissions and all users - inefficient to search

Symmetric Keys

using the same key to encrypt and decrypt

Asymmetric keys

using different keys to encrypt and decrypt - public and private

Stream Cipher

encrypts each unit of data of stream + speed, low error

Block Ciphers

encypts groups of data as a block, fixed in size + high diffusion, can insert

AES

* substitution, shift, mix, permutation, XOR
* 1999
* 128 bits block size
* 128,192,256 bits key
* operations: 10,12,14
* open design/rationale
* dutch
* symmetric 128 bit block cipher

public key (assymmetric)

same symmetric key, one user has public and private key

* n \* (n-1)/2 = number of keys
* unlimited key size
* slower algo

MITM

intercepts and substitutes a return address meant for the other person

Hash Codes/Checksum/Message Digest

computed with every change of the message to detect if the message was tampered with

* SHS/SHA algorithm to compute

Digital Signatures

authentic/unforgeable and not alterable or reusable

* public key cryptography + message digest
* Need: file, proof of non alteration (hash), identification of signer (private key), validation, connection of signature to file

Certificate

public key + identity and signed by certificate authority

certificate authority

who accurately verifies identities before generating certificates

Buffer Overflow

When data is written beyond the space allocated for it

Command Injection

User input intended to be data is instead interpreted as a command

cross site scripting

Unique to web-based applications where a user's data tied to a vulnerable web server (e.g. a cookie) is disclosed to a malicious third party - command injection with html and get requests

Format String Problems

a string that formats data for display or storage - not specificied and allows attacker to read from or write to specific memory location

Integer Range Errors

arithmetic operation creates a value too large to be stored

SQL Injection

Using an input as a SQL command to get information from the dataset

Trusting Network Name Resolution

Resolution of website names to IP addresses, usually through Domain Name System (DNS)

Failing to Protect Network Traffic

Network attacks can come in many forms • Eavesdropping - Listening and/or recording conversations • Replay - Replaying information such as providing authentication information • Spoofing - Mimicking a party • Tampering - Manipulating data • Hijacking - Cutting out one of the parties

Failing to store and protect data

Protected data in the system not in transit, ACLs, privileges, allow vs. deny

Weak Random Numbers

improper seeding to create predictable seeds and numbers - throws off crypto algos

Improper File Access

Three types of errors: • A race condition where a window of vulnerability is exploited between Time Of Check and the Time Of Use (TOCTOU • Opening a file without regard for the nature of the file; it could actually be a simlink placed by an attacker • Giving attackers some control of filenames so they can updated and access sensitive information

Improper Use of SSL and TLS

server authentication performed poorly using public key infrastructure through ssl and tls

Use of weak password based systems

not using social engineering, side channel problems

Unauthenticated key exchange

man in the middle attack

Signal Race Conditions

two executions are changing a resources and interfering with each other

Use of magic URLS and hidden forms

urls storing important data

Failure to handle errors

failing securely

Poor usability

presenting security info to users, not being simple and clear

Information leakages

side channels, timing ang storage providing too much info .

3 Types of Malware

virus, worm, trojan horse

transient virus

has a life span dependent on its host program

resident virus

resides in memory and can run as a standalone program

virus

program that can replicate itself and pass on malicious code by modifying other programs

worm

A program that spreads copies of itself through a network

trojan horse

program with no apparent effect but second hidden effect

Zero-Day Attacks

active malware that exploits a product vulnerability where the software provider has no countermeasure available or has not been implemented

Four Aspects (Properties) of Malicious Code

Harm (How they affect users and systems), Transmission and Propagation (How they are transmitted and replicated), Activation (How they gain control and install themselves so they can reactivate), Stealth (How they avoid detection)

3 Types of Harm

Nondestructive, Destructive, Commercial or criminal intent

Man-in-the-Browser

Trojan horse, reads, copies and redirects data when user enters browser; attack on a browser

Keystroke-logger

hardware or software recording keystrokes (malware)

Page-in-the-middle

directed to a different page than intended; attack on a website.

Program download substitution

page with programs to download, installs malware

User-in-the-middle

clickbait to trick users into solving captcha’s

Substitute Content (malicious)

type of malicous web content that replaces parts of a web site with malicious intent in a way that doesn’t attract attention.

Web Bug

similar to cookies to send data to web bug owner

Clickjacking

pop-up adds that have the user click on them

Drive-By Download

code downloaded without user knowing, through clickjacking, fake code, program download substitution

OS Loading

BIOS, Bootstrap

Virtualization

OS presents each user with just the resources that user should see

Fence

Confine a user to one side of a boundary

Separation and Sharing

keeping one user’s objects seperate from another user. physical, temporal, logical, cryptographic

Base Registers

identify the starting address for a program

Bounds register

upper bound if necessary to manage allocation of memory - prevents programs from overwriting code

Paged Segementation

dividing programs into logical segments and physically storing them in fixed size pages

Rootkits

taking advange of identity of the most powerful user, owning all sensitive system resources - part of the os

OSI Model (Open System Interconnection)

APSTNDP → how senders and receivers process messages

Dos Attacks

Denial of Service → targets availability through high, rapid attacks → ping of death, smurf attack (echo request), echo-chargen (looping echo packet), teardrop attack(inconsistent fragments), dns spoofing, rerouting routing (all traffic one node), session hijacking (src address change)

Botnets

isolates attacker from attacks, continuous attacks from an hierarchy

WEP

client and access points have a pre-shared key → encrypts a key, AP decrypts and client is authenticated

SSL Session

request on SSL session with a server, responds with a public key cert, returns a symmetric session key encrypted server’s public key

Onion Routing

knows immediate/last sender, next recipient

Packet Filtering Gateway

examines the control information of every packet - src, dest,

Stateful Inspection Firewall

judges multiple packets (ping to multiple ports)

Application Proxy

looks at messages (app layer) and runs pseudo-apps to inspect

Circuit-Level Gateway

one network is extension of another through virtual gateway - establishes vpns through circuits

Guard

interprets data and responds - implements rules (emails, bandwidth, filters docs)

Personal Firewalls

enforces set policies and works with other firewalls

DMZ

containing firewall, web page, email, ftp services

FldM Process Sequence

federated identity management access requestauthentication/authorization requestauthentication requestauthentication credentialsauthorization responseaccess response

SaML

security assertion markup language web browser single sign on to exchange user identity and privileged information - authentication standard → browsers

OAuth

allows 3rd party apps to access API’s and account resources → native apps

OIDC

single set of credentials for all internet sites - better support for native apps + identity token; requires TLS

Copyrights

* expression of ideas
* made public to promote publication
* requirement to distribute
* 75-100 years

\

Patent

* invention
* made public for design at patent office
* 19 years