ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Transcription

1 ACS / Computer Security And Privacy Fall 2018 Mid-Term Review

2 ACS-3921/ Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified from the original for the use in this course. The author of the text have make these slides available to all (faculty, students, readers) and they obviously represent a lot of work on their part. In return for use, please: If slides are being used (e.g., in a class) that the source be mentioned (after all, the author like people to use our book!) If any slides are being posted on a www site, note that they are adapted from (or perhaps identical to) the author original slides, and note their copyright of this material. All material copyright 2008, 2012, 2015, 2018 William Stalling and Lawrie Brown, All Rights Reserved

3 Chapter 1 Overview Computer security concepts Definition Challenges Model Threats,, and assets Threats and Threats and assets Security functional requirements Standards Fundamental security design principles Attack surfaces and attack trees Attack surfaces Attack trees Computer security strategy Security policy Security implementation Assurance and evaluation

4 Chapter 2 - Cryptographic Private Key encryption (Symmetric) Symmetric encryption Symmetric block encryption algorithms Stream ciphers Message authentication and hash functions Authentication using symmetric encryption Message authentication without message encryption Secure hash functions Other applications of hash functions Random and pseudorandom numbers The use of random numbers Random versus pseudorandom Public-key encryption (Asymmetric) Structure Applications for public-key cryptosystems Requirements for public-key cryptography Asymmetric encryption algorithms Digital signatures and key management Digital signature Public-key certificates Symmetric key exchange using public-key encryption Digital envelopes Practical Application: Encryption of Stored Data

5 Chapter 3 User Authentication Digital user authentication principles A model for digital user authentication Means of authentication Risk assessment for user authentication Password-based authentication The vulnerability of passwords The use of hashed passwords Password cracking of user-chosen passwords Password file access control Password selection strategies Token-based authentication Memory cards Smart cards Electronic identity cards Biometric authentication Physical characteristics used in biometric applications Operation of a biometric authentication system Biometric accuracy Remote user authentication Password protocol Token protocol Static biometric protocol Dynamic biometric protocol Security issues for user authentication

6 Chapter 4 Access Control Access control principles Access control context Access control policies Subjects, objects, and access rights Discretionary access control Access control model Protection domains Role-based access control RBAC reference models Attribute-based access control Attributes ABAC logical architecture ABAC policies Identity, credential, and access management Identity management Credential management Access management Identity federation Trust frameworks Traditional identity exchange approach Open identity trust framework

7 Chapter 5 - Database and Data Centre Security The need for database security Database management systems Relational databases Elements of a relational database system Structured Query Language SQL injection A typical SQLi attack The injection technique SQLi attack avenues and types SQLi countermeasures Database access control SQL-based access definition Cascading authorizations Role-based access control Inference Database encryption Data centre security Data centre elements Data centre security considerations TIA-492

8 Chapter 6 - Malicious Software Types of malicious software (malware) Broad classification of malware Attack kits Attack sources Advanced persistent threat Propagation-vulnerability exploit-worms Target discovery Worm propagation model The Morris Worm Brief history of worm State of worm technology Mobile code Mobile phone worms Client-side vulnerabilities Drive-by-downloads Clickjacking Payload-stealthing-backdoors, rootkits Backdoor Rootkit Kernel mode rootkits Virtual machine and other external rootkits Propagation-social engineering-span , Trojans Spam Trojan horses Mobile phone Trojans Payload-system corruption Data destruction Real-world damage Logic bomb Payload-attack agent-zombie, bots Uses of bots Remote control facility Payload-information theft-keyloggers, phishing, spyware Credential theft, keyloggers, and spyware Phishing and identity theft Reconnaissance, espionage, and data exfiltration Countermeasures Malware countermeasure approaches Host-based scanners Signature-based anti-virus Perimeter scanning approaches Distributed intelligence gathering approaches

9 Chapter 7 - Denial of Service Attacks Denial-of-service The nature of denial-ofservice Classic denial-of-service Source address spoofing SYN spoofing Flooding ICMP flood UDP flood TCP SYN flood Defenses against denial-ofservice Responding to a denial-ofservice attack Distributed denial-of-service Application-based bandwidth SIP flood HTTP-based Reflector and amplifier Reflection Amplification DNS amplification

10 Chapter 8 - Intrusion Detection Intruders Intruder behavior Intrusion detection Basic principles The base-rate fallacy Requirements Analysis approaches Anomaly detection Signature or heuristic detection Distributed or hybrid intrusion detection Intrusion detection exchange format Honeypots Host-based intrusion detection Data sources and sensors Anomaly HIDS Signature or heuristic HIDS Distributed HIDS Network-based intrusion detection Types of network sensors NIDS sensor deployment Intrusion detection techniques Logging of alerts Example system: Snort Snort architecture Snort rules

11 ACS-3921/ Questions?