Introduction, Continued

Tom Kelliher, CS 325

Feb. 1, 2010

Administrivia

Announcements

Perl resources pointed to on class Web site.

Assignment

2.1-2.4 will be assigned once we finish our Perl introduction.

Write and run a small, standalone Perl program on phoenix, to familiarize yourself a bit with Perl and re-familiarize yourself with phoenix.

From Last Time

Introduction.

Outline

  1. Introduction, continued.

  2. Discussion/exercises.

Coming Up

Cryptography, Perl CGI and file I/O.

Introduction, Continued

Defense Mechanisms

  1. Prevent. Block attack (firewall) or close vulnerability (load new kernel).

  2. Deter. Make attack harder (use weak encryption).

  3. Deflect. Make another target more attractive (honeypot).

  4. Detect. At time of attack or later (intrusion detection).

  5. Recover. From the attack (backups).

Controls

  1. Encryption. Basic tool. Clear text; cipher text.

  2. Software controls:
    1. Internal security controls. Authentication and views within a DBMS. Apache global and local controls.

    2. Operating system and network controls. Traditional authentication and access measures. SE Linux. TCP wrappers.

    3. Independent control programs. John the Ripper, TripWire, ipChains, PAM.

    4. Development controls. Software design standards and methodologies.

  3. Hardware controls.
    1. Hardware encryption engines.

    2. Smart cards for authentication; biometrics.

    3. Locks and chains.

    4. Firewalls, bandwidth regulation systems, intrusion detection systems, network partitioning.

  4. Policies.

    Policies for programmers, administrators, and users.

  5. Physical controls.

    Controlled access to computing systems.

How do these relate to defense mechanisms?

Effectiveness of Controls

  1. Awareness of the problem.

  2. Likelihood of Use.

    Principle of effectiveness.

  3. Overlapping controls.

  4. Periodic review.

    Principle of weakest link.

Discussion/Exercises

  1. Do you currently use any computer security control measures? If so, what? Against what attacks are you trying to protect?

  2. When you say that software is of high quality, what do you mean? How does security fit into your definition of quality? Can an application be insecure and still be good?

  3. Cite a recent report of a security failure that exemplifies one or more of the principles we've discussed: easiest penetration, adequate protection, effectiveness, weakest link.



Thomas P. Kelliher 2010-01-29
Tom Kelliher