Computer and Network Security Concept

Chapter 1 Computer and Network Security Concepts

1 Computer Security

Computer Security: For an automated information system, safeguards are taken to ensure the integrity, availability, and confidentiality of information system (including hardware, software, firmware, information, and communications) resources.

The three core goals of computer security are: Confidentiality, Integrity, and Availability. The three become the CIA triplet

1. confidentiality

Data Confidentiality: Ensure that private or secret information is not leaked to or used by unauthorized persons (obtain clear text)

Privacy: Ensuring that individuals can control or determine what information about them is collected, stored, and by whom or to whom this information may be disclosed

1. integrity

Data Integrity: Ensuring that information and procedures can be changed in specific and authorized ways

System Integrity: Ensuring that the system performs its intended function in a normal manner, free from unauthorized manipulation, whether intentional or unintentional

1. Availability

Ensure that the system can work quickly and cannot deny service to authorized users

The triplet embodies the fundamental security goals of data, information, and computing services.

There are two other concepts in some security areas:

1. authenticity

An entity is the property of authenticity, verifiability, and trustworthiness. For the transmission of information, both the information and the source of the information are correct. This means being able to verify that the user is who he claims to be and that every input to the system comes from a trusted source

1. Traceability requires that an entity's actions can be traced back to that entity. This property supports non-repudiation, prevention, fault isolation, intrusion detection and prevention, time recovery, and legal action. Since a truly secure system cannot be obtained, we must be able to trace the party responsible for the security breach. The system must be able to keep a record of their activity and allow time for audit analysis to track security incidents or resolve disputes.

2 OSI Security Architecture

ITU-T recommends X.800, the OSI Security Framework, to provide an organizational method for security. Main concerns: Security attacks, security mechanisms and security services:

1. security attack

Any act of crisis information security

1. Security Mechanism

A process used to detect, prevent an attack, or restore from a supply state to a normal state

1. security service

A process or communication service that enhances the security of data processing systems and information transmissions for the purpose of countering attacks using one or more security mechanisms

Threats: The potential for breaching security, which, if circumstances, capabilities, behaviors, or time permitting, will breach and create security, that is, threats are the dangers of vulnerability being exploited.

Attack: An attack on system security, which originates from an intelligent threat, which in turn violates security services and violates system security policies (methods or technologies) by intelligent behavior.

2.1 Security Attacks

Security attacks are divided into passive attacks and active attacks.

Passive attacks attempt to obtain or exploit system information without affecting system resources. Active attacks attempt to alter system resources or affect system operation.

Passive attacks are characterized by eavesdropping and detection of transmissions. The attacker's goal is to obtain the transmitted information. Leakage of information content and traffic analysis are passive attacks.

Traffic analysis: When we encrypt the information, even if the data is eavesdropped, the plaintext cannot be obtained, but the data can still be analyzed to obtain the frequency and length of the transmitted message, as well as the identity and location of the communication host, so as to judge the communication. certain minds.

Passive attacks do not involve modification of data and are therefore difficult to detect. Encryption is usually used to prevent passive attacks. For passive attacks the focus is on prevention rather than detection (hard to detect)

Active attacks include modifying or forging data streams into: masquerading, replay, message modification, and denial of service.

Pretend: Refers to an entity pretending to be another entity. Masquerading attacks also include other forms of active attacks. For example, the authentication information is intercepted, and the authentication information is replayed after the legal verification is completed. Unauthorized entities can gain additional privileges by impersonating a privileged entity

Replay: Refers to the attacker replaying the intercepted information without authorization.

Message Modification: Values ​​modify part of a legitimate message without authorization, or delay the transmission of the message (without modifying the content), or change the order of the message.

Denial of Service: Organizing or prohibiting the normal use or management of communications equipment. for specific goals. Another form of denial of service is the destruction of the entire network, whether the network is small, or the network is overloaded to reduce its performance.

Passive attacks are difficult to detect but preventable, but active attacks are difficult to absolutely prevent, so the end point of active attacks is: detection, and recovery from the damage or delay caused by ancient attacks.

2.2 Security Services

X.800 defines a security service as: in a system with open communication, a protocol layer service that provides sufficient security for the system or data transmission.

RFC4949 defines a security service as a processing or communication service provided by the system for special protection of system resources.

Security services implement security policies through security mechanisms.

Security services are divided into 5 broad categories, with 14 specific specific services:

Certification

Guarantees that the entity communicating is what it claims to be

Authentication services are used to guarantee the integrity of communications. In a single message, an authentication service can assure the recipient that it really came from the sender it claims to be. For ongoing communication, there are two principals involved, the sender and the receiver.

1. First, during the initialization phase of the connection, the authentication service guarantees that the two entities are trusted, that is, each entity is who they claim to be

2. Secondly, the authentication service must ensure that the link is free from interference by a third party (interference: refers to the ability of a third party to pretend to be one of two legitimate subjects for unauthorized transmission or reception)

3. Peer Entity Authentication: Provides trust in the identity of connected entities when used for logical connections

4. Data Origin Authentication: In connectionless transmissions, the source of the information received is guaranteed to be the purported source

​

Access control

The ability to prevent unauthorized use of resources, restrict and control access to host references over a communication connection. Therefore, each entity trying to obtain access control must be identified and authenticated in order to obtain the corresponding permissions. This service controls who can access resources, under what conditions, and what those resources are used for

data confidentiality

Protect data from unauthorized disclosure, mainly passive attacks

1. Connection Confidentiality: Protects all user data in sequential connections
2. Connectionless Confidentiality: Protects all user data in a single data block
3. Choice and Confidentiality: Provides confidentiality for specified portions of data within a connection or a single block of data
4. Traffic Confidentiality: Protecting information that can be obtained by observing traffic

data integrity

Ensure that the data received is indeed the data sent by the authorized entity (not modified, inserted, deleted, or replayed)

Integrity services can be classified as: for information flow, for a single message or for a specific part of a message.

Or it can be divided into recoverable service and non-recovery service. Integrity services are concerned with active attacks and are therefore concerned with detection and recovery.

1. Connection Integrity with Restoration: Provides data integrity for all users in a single connection. Detects insertions, deletions, or replays within the entire data sequence and attempts to recover

2. Connection Integrity without Restoration: Same as above, but only provides detection, no restoration

3. Select Domain Connection Integrity: Provides the integrity of the specified part of the user data in a single data block in a transmission, and determines whether the specified part has been modified, inserted, deleted or replayed

4. Connectionless Integrity: Provides integrity protection for a single connectionless block of data and detects whether data has been modified. Also baldness with limited replay detection

5. Select Domain Connectionless Integrity: Provide integrity protection for the specified domain within a single connectionless data block, and determine whether it is formulated and modified

​

non-repudiation

To prevent denial by any communicating entity during the whole or part of the communication

Source non-repudiation: Proving that a message was sent by a specific party

Sink non-repudiation: the real name message is received by the characteristic party

2.3 Security Mechanism

There are two types of security mechanisms:

Implementation of specific protocol layers

1. encryption
2. Digital Signatures: Prevent Forgery
3. Access control
4. data integrity
5. Authentication exchange
6. Traffic Stuffing: Block Traffic Analysis
7. routing control
8. notarization

common security mechanism

1. Trusted function
2. safety label
3. event detection
4. more security audit
5. Safe recovery

X.800 distinguishes the encryption mechanism mechanism:

1. Can encrypt mechanism: data can be encrypted and decrypted
2. Unencryptable Mechanisms: User Digital Signatures and Message Authentication

3 Basic Safety Design Guidelines

Safe Design Guidelines:

1. The economy of the mechanism: It means that the security mechanism embedded in the hardware and software is designed to be as simple and short as possible. The more complex the design, the harder it is to find weaknesses and the more likely there are vulnerabilities.

Also the hardest rule to follow

1. Failsafe Default: Refers to access decisions based on access conditions. Access permissions should be denied when there is an error in the design or implementation of the security mechanism. in order to detect errors.

2. Complete Inspection: Every access in the access mechanism must be checked, and access decisions cannot be relied upon retrieved from the cache. That is to say, it should read full permissions in real time

3. Open Design: Design should be open

4. Privilege Separation: A guideline when multiple privilege attributes are required to access a restricted resource. Suitable for any program that needs to be divided into parts, each with different permissions, to mitigate potential damage when the computer is attacked

5. Least Privileges: Each process and user should operate with the minimum set of privileges required to perform the task.

6. Minimal Common Mechanism: Minimize the functions shared by different users in order to provide common security.

7. Psychological acceptance: While meeting the user's needs for authorized access, it should not interfere with the user's work excessively.

8. isolate

9. Encapsulation: A specific form of isolation based on facet objects.

10. Modularization: refers to the modularization of the development, mechanism design and implementation of security functions as independent modules.

11. Layering: The use of multiple, stacked protection methods to protect the people, technology, and operations of information systems. If any layer fails, the protection remains in effect.

12. Minimal Contingency: Minimize the response of the program or user structure to the handling of contingencies. (that is, the feeling of being transparent to the user)

4 Attack Surface and Attack Tree

The attack surface consists of a set of accessible and exploitable vulnerabilities in the system. mainly divided:

1. Network attack surface: Refers to the corporate network, the WAN, or the Internet. Vulnerabilities of the Wangkuo protocol included: and denial of service supply, terminal communication links, etc.
2. Software attack surface: Designing application, toolkit, or operating system vulnerabilities.
3. Human attack surface: Vulnerabilities mainly caused by system personnel or external personnel

An attack tree is a data structure that represents a branched and hierarchical set of possible techniques for exploiting security vulnerabilities.

Root node: attack purpose. The second layer is the target of the attack, and further down is the method of attack, etc.

The deeper the depth, the more specific. Therefore, leaf nodes are specific attack methods.

5 Cryptographic Algorithms

Cryptographic algorithms and protocols are divided into four areas:

1. Symmetric encryption

Encrypts the contents of data blocks or streams of any size, including messages, files, encryption keys and passwords

1. Asymmetric encryption

Encryption knows a block of data, such as an encryption key or the value of a hash function used in a digital signature

1. Data Integrity Algorithms

Protect the content of the data block from being modified (cannot be protected, it can only be detected after being modified)

1. Authentication Protocol

An authentication scheme designed based on a cryptographic algorithm to authenticate the identity of an entity