System Security


Published on

System Security:
1. Security problem & User Authentication
2. Program, network And system Threats
3. Handling the Security problem


Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

System Security

  1. 1. Presented By :Antarleena Sikdar [530]Reddhi Basu [559]Anjan Karmakar [562]
  2. 2. Protection is strictly an internal problem. But Security, on the otherhand, requires not only an adequate protection system but alsoconsideration of the external environment within which the systemoperates.We say that a system is Secure if its resources are used andaccessed as intended under all circumstances. Unfortunately totalsecurity can not be achieved. Nonetheless, we must havemechanisms to make security breaches a rare occurrence, ratherthan a norm.Security violations of the system can be categorized as –IntentionalAccidentalIt is easier to protect against accidental misuse than againstintentional misuse.
  3. 3. Intruder and Cracker: Those attempting tobreach the security.Threat: The potential for a security violationsuch as the discovery of a vulnerability.Attack: The attempt to break security.
  4. 4. Breach of confidentiality: This type of violation involvesunauthorized reading of data or theft of information.Capturing secret data from a system or a data stream, suchas credit card information or identity information for identitytheft can result directly in money for the intruder.Breach of integrity: This violation involves unauthorizedmodification of data. Such attacks can for example result inpassing of liability to an innocent party or modification of thesource code of an important commercial application.
  5. 5. Breach of availability: This violation involves unauthorizeddestruction of data. Web-site defacement is a commonexample of this type of security breach.Theft of service: This violation involves unauthorized useof resources.Denial of service: This violation involves preventinglegitimate use of the system. These attacks are sometimesaccidental.
  6. 6. Attackers use several methods in their attempts to breachsecurity:A. The most common is Masquerading, in which one participant in a communication pretends to be someone else(another host or a person).By masquerading, attackers breach authentication, the correctness of identification; they can gain access that they would not normally be allowed or escalate their privileges- obtain privileges to which they would not normally be entitled.B. Another common attack is to replay a captured exchange of data. A Replay Attack consists of the malicious or fraudulent repeat of a valid data transmission. Sometimes the replay comprises of the entire attack- for example, in a repeat of a request to transfer money. But frequently it is done along with message modification, again to escalate privileges.C. Yet another kind of attack is the man-in-the-middle attack, in which the attacker sits in the data flow of a communication, masquerading as the sender to the receiver and vice versa. In a network communication, a man in the middle attack may be preceded by a session hijacking in which an active communication session is intercepted.
  7. 7. 1)Physical:The site or sites containing the computer systems mustbe physically secured against armed or superstitious entry byintruders.2)Human: Authorization must be done carefully to assure thatonly appropriate users have access to the system.3)Operating System: The system must protect itself fromaccidental or purposeful security breaches.4)Network: Much computer data in modern systems travels overprivate leased lines, shared lines like the internet, wirelessconnections, or dial-up lines. Intercepting these data could bejust as harmful as breaking into a computer and interruption ofcommunications could constitute a remote denial-of-serviceattack, diminishing users use of and trust in the system.
  8. 8. If a system can not authenticate a user then authenticating that amessage came from the user is pointless.Thus a major securityproblem for operating systems is user authentication.So how do we determine whether a users identity is authentic?Generally user authentication is based on one or more of threethings:1)The users possession of something- a card or a key.2)The users knowledge of something- a user identifier and apassword3)An attribute of the user- fingerprint, retina pattern or signature.
  9. 9. The most commmon approach to authenticate a user identityis the use of Passwords. When the user identifies himself by userID or account name, he is asked for a passowrd.If the user-supplied password matches the password stored in thesystem, the system assumes that the account is being accessedby the owner of the account.Different passwords may be associated with different accessrights. But in practice most systems require only one passwordfor a user to gain full rights.
  10. 10. Passwords may be associated with different access rights. But inpractice most systems require only one password for a user to gainfull rights.Unfortunately, passwords can often be guessed, accidentallyexposed, sniffed or illegally transferred from an authorized user toan unauthorized one.
  11. 11. There are three common ways to guess a password:1. One way is for the intruder to know the user or to have informationabout the user. All too frequently people use obvious information astheir passwords.2. The other way is to use brute force, trying enumeration- or allpossible combinations of valid password characters until thepassword is found. Short passwords are especially vulnerable to thismethod.Enumeration is less successful where systems allow longer passwordsthat include both uppercase and lowercase letters along with allnumbers and punctuation characters.3.Passwords can also be exposed as a result of visual or electronicmonitoring.
  12. 12. One problem with all these approaches is the difficulty of keepingthe passwords secret within the computer.UNIX system uses encryption to avoid the necessity of keeping itspassword list secret.Each user has a password. The system contains a function that isextremely difficult-impossible to invert but easy to compute. Thisfunction is used to encode all the passwords. Only encodedpasswords are stored.When a user presents a password, it is encoded and comparedagainst the stored encoded password. Even if the stored encodedpassword be seen, it can not be decoded, so the password cantbe determined. Thus the password file does not need to be keptsecret.
  13. 13. This approach can be generalized to the use of an algorithm asa password. The algorithm might be an integer function, forexample. The system selects a random integer and presents it tothe user. The user applies a function and replies with the correctresult. The system also applies the same function. If the tworesults match , access is allowed.Yet another variation on the use of passwords for authenticationinvolves the use of biometric measures. Palm or hand readers arecommonly used to secure physical access. These readers matchstored parameters against what is being read from hand-readerpads. The parameters can include temperature maps, fingerlength, finger width and line patterns. But devices for biometricmeasures are currently too large and expensive to be used fornormal computer authentication.
  14. 14. •A Trojan horse is a code segment that misuses itsenvironment.•A Trojan, is a type of malware that masquerades asa legitimate file or helpful program possibly with thepurpose of granting a hacker unauthorized access toa computer.• According to a survey conducted by BitDefenderfrom January to June 2009, "Trojan-type malware ison the rise, accounting for 83-percent of the globalmalware detected in the world."
  15. 15. • Long search paths, such as arecommon on UNIX systems, exacerbatethe Trojan horse problem. Forinstance, the use of “.” character in asearch path, tells the shell to includethe current directory in the search.So, if an user A has “.” in his searchpath, has set his current directory touser B’s directory, and enters a normalsystem command, the commandwould be executed from user B’sdirectory instead. The program wouldrun on user B’s domain, allowing theprogram to do anything that the user isallowed to do, including deleting files.
  16. 16.  Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-Service attacks) Electronic Money theft Data Theft(e.g. retrieving passwords or credit card information) Installation of software, including third-party malware Downloading or uploading of files on the users computer Modification deletion of files Crashing the Computer Anonymizing Internet Viewing
  17. 17. NetbusSubseven or Sub7Y3K Remote AdministrationToolBack OrificeBeastZeusThe Blackhole Exploit KitFlashback Trojan
  18. 18. An unsuspecting user logs in ata terminal and notices that hehas apparently mistyped hispassword. He tries again and issuccessful. What has happenedis that his authentication keyand password have beenstolen by the login emulatorthat was left running on theterminal by the thief. Theemulator stored away thepassword, printed out a loginerror message, and exited; theuser was then provided with agenuine login prompt.
  19. 19. Trap Door is a type of security breach where the designer of aprogram or a system leaves a hole in the software that only he iscapable of using.A Trap Door is a secret entry point into a program that allowssomeone to gain access without normal methods of accessauthentication.Trapdoors can be included in the compiler as well. The compilercould generate standard object code as well as atrapdoor, regardless of the source code being compiled.Trapdoors pose a difficult problem since to detect them we haveto analyze all the source code for all components of a system.
  20. 20. Programmers have been arrested for embezzling from banks byincluding rounding errors in their code, and having theoccasional half cents credited to their accounts. This accountcrediting can add up to a large sum of money, considering thenumber of transactions that a large bank executes.
  21. 21. Stack or buffer overflow is the most common way for anattacker outside of the system, on a network or dial-upconnection to gain unauthorized access to the target system.This be used by the unauthorised user for privilege escalation.Buffer overflow attacks are especially pernicious as it can berun within a system and travel over allowed communicationschannels. They can even bypass the security added by firewalls.
  22. 22. The attacker exploits a bug in the program. The bug can be asimple case of poor programming, in which the programmerneglected to code bounds checking on an input field. In thiscase, the attacker sends more data than the program wasexpecting. Using trial and error, or by examination of the sourcecode of the attacked program if it is available, the attackerdetermines the vulnerability and writes a program to do thefollowing:1. Overflow an input field, command line argument, of input buffer until it writes into the stack.2. Overwrite the current return address on the stack with the address of the exploit code loaded in the next step.3. Write a simple setoff code for the next space in the stack that includes the commands that the attacker wishes to execute (e.g. spawn a shell)
  23. 23. A virus is a fragment of code embedded in a legitimateprogram unlike a worm which is structured as acomplete, standalone program. Spread Of VirusesViruses are spread by users downloading viral programs frompublic bulletin boards or exchanging disks containing aninfection.Exchange of Microsoft Office documents are a common formof virus transmission these days because these documentscontain so-called macros which are Visual Basic programs.
  24. 24. The Creeper virus wasfirst detected on ARPANET.Creeper was an experimentalself-replicating programwritten by Bob Thomas at BBNTechnologies in 1971. Creeperused the ARPANET to infectDEC PDP-10 computers runningthe TENEX operating system.Creeper gained access via theARPANET and copied itself tothe remote system where themessage, "Im thecreeper, catch me if you can!"was displayed. The Reaperprogram was created todelete Creeper.
  25. 25. On March 6, 1992, the517th birthday ofMichelangelo, theMichelangelo virus wasscheduled to erase infectedhard disk files. But because ofthe extensive popularitysurrounding the virus, most siteshad detected and destroyedthe virus before it wasactivated, so it caused little orno damage.
  26. 26. In 2000, the Love Bug becamevery widespread. It appearedto be a love note sent by thefriend of the receiver. Onceinvoked, by opening the VirtualBasic script, it propagated bysending itself to the first users inuser’s email contact list. It justclogged user’s inbox and emailsystems, but was relativelyharmless.
  27. 27.  A worm is a process that uses the spawn mechanism toclobber system performance. The worm spawns copies of itself, using up system resourcesand perhaps locking out system use by all other processes.Worms Spread: independently of human action usually by utilizing a security hole in a piece of software by scanning a network for another machine that has aspecific security hole and copies itself to the new machine usingthe security hole
  28. 28. Robert Tappan Morris is anAmerican computer scientist, bestknown for creating the Morris Wormin 1988, considered the firstcomputer worm on Internet - andsubsequently becoming the firstperson convicted under ComputerFraud and Abuse Act.
  29. 29. Denial of service does not involve stealing of resources or gaininginformation, but rather disabling legitimate use of a system or facilty.It is easier than breaking into a machine.They are network based.They fall into 2 categories:  1. An attack that uses so many facility resources that, in essence, no work can be done.  2. An attack that disrupts the network facility of the computer.It is impossible to prevent Denial of Service attacks. Frequently it isdifficult to determine if a system slowdown is due to surge in use or anattack.
  30. 30. MAJOR TechniquesDefense in DepthSecurity PolicyVulnerability AssessmentIntrusion DetectionVirus Protection
  31. 31. 􀂄 Broadest security tool available 􀂄 Source and destination of messages cannot be trustedwithoutcryptography 􀂄 Means to constrain potential senders (sources) and / orreceivers(destinations) of messages 􀂄 Based on secrets (keys)OperatingSymmetric and Asymmetric Encryption.
  32. 32.  A computer security policy defines the goals and elements ofan organizations computer systems. The definition can be highlyformal or informal. Security policies are enforced by organizationalpolicies or security mechanisms. A technical implementationdefines whether a computer system is secure or insecure. Theseformal policy models can be categorized into the core securityprinciples of: Confidentiality, Integrity and Availability.Formal policy modelsConfidentiality policy modelIntegrity policies modelHybrid policy model
  33. 33. A vulnerability assessment is the process ofidentifying, quantifying, and prioritizing (or ranking) thevulnerabilities in a system. Examples of systems for whichvulnerability assessments are performed include, but are notlimited to, information technology systems, energy supplysystems, water supply systems, transportation systems, andcommunication systems.Assessments are typically performed according to the followingsteps: Cataloging assets and capabilities (resources) in a system. Assigning quantifiable value (or at least rank order) andimportance to those resources. Identifying the vulnerabilities or threats to each resource. Mitigating or eliminating the most serious vulnerabilities for themost valuable resources.
  34. 34. An intrusion detection system (IDS) is a device or softwareapplication that monitors network or system activities for maliciousactivities or policy violations and produces reports to aManagement Station. Some systems may attempt to stop an intrusion attempt butthis is neither required nor expected of a monitoring system.Intrusion detection and prevention systems (IDPS) are primarilyfocused on identifying possible incidents, logging informationabout them, and reporting attempts. In addition, organizations use IDPSes for otherpurposes, such as identifying problems with securitypolicies, documenting existing threats and deterring individualsfrom violating security policies.
  35. 35. All Intrusion Detection Systems use one of two detection techniques:Statistical anomaly-based IDSA statistical anomaly-based IDS determines normal network activity likewhat sort of bandwidth is generally used, what protocols areused, what ports and devices generally connect to each other- andalert the administrator or user when traffic is detected which isanomalous(not normal).Signature-based IDSSignature based IDS monitors packets in the Network and compareswith pre-configured and pre-determined attack patterns known assignatures. The issue is that there will be lag between the new threatdiscovered and Signature being applied in IDS for detecting thethreat. During this lag time your IDS will be unable to identify the threat.
  36. 36. The problem of viruses can be dealt with by usingantivirus software. They work by searching all theprograms on a system for the specific pattern ofinstructions known to make up a virus. When they find aknown pattern, they remove theinstructions, disinfecting the program.The best protection against virus is the method of safecomputing : purchasing unopened software fromvendor and avoiding free or pirated copies from publicsources or disk exchange.
  37. 37. Protection Antivirus software can provide real-time protection, meaning it can preventunwanted processes from accessing your computer while you surf the Internet.Cleanup Antivirus software allows you to scan your computer for viruses and otherunwanted programs, and provides you with the tools to get rid of them.Alerts Antivirus programs can alert you when something is trying to access yourcomputer, or when something in your computer is trying to access something on theInternet.Updates Antivirus programs can update themselves, keeping your computersprotection up to date without you having to manually update it.Further Protection If an antivirus software finds an infected file that cannot be deleted, it canquarantine the file so that it cannot infect other files or programs on your computer.
  38. 38. A choke point of control and monitoringInterconnects networks with differing trustImposes restrictions on network services • only authorized traffic is allowedAuditing and controlling access • can implement alarms for abnormal behaviorItself immune to penetrationProvides perimeter defence
  39. 39. Useless against attacks from the inside • Evildoer exists on inside • Malicious code is executed on an internal machineOrganizations with greater insider threat • Banks and MilitaryProtection must exist at each layer • Assess risks of threats at every layerCannot protect against transfer of all virus infectedprograms or files • because of huge range of O/S & file typesCan be spoofed and Tunneled.
  40. 40. Book : Operating System Concepts [Galvin, Silverschatz, Gagne]Websites: www.wikipedia.comPictures : Google images