Tải bản đầy đủ - 0 (trang)
Chapter 1. Is There a Security Problem in Computing?

Chapter 1. Is There a Security Problem in Computing?

Tải bản đầy đủ - 0trang

1.1.WhatDoes"Secure"Mean?

Howdoweprotectourmostvaluableassets?Oneoptionisto

placetheminasafeplace,likeabank.Weseldomhearofa

bankrobberythesedays,eventhoughitwasonceafairly

lucrativeundertaking.IntheAmericanWildWest,bankskept

largeamountsofcashonhand,aswellasgoldandsilver,which

couldnotbetracedeasily.Inthosedays,cashwasmuchmore

commonlyusedthanchecks.Communicationsand

transportationwereprimitiveenoughthatitmighthavebeen

hoursbeforethelegalauthoritieswereinformedofarobbery

anddaysbeforetheycouldactuallyarriveatthesceneofthe

crime,bywhichtimetherobberswerelonggone.Tocontrolthe

situation,asingleguardforthenightwasonlymarginally

effective.Shouldyouhavewantedtocommitarobbery,you

mighthaveneededonlyalittlecommonsenseandperhaps

severaldaystoanalyzethesituation;youcertainlydidnot

requiremuchsophisticatedtraining.Indeed,youusually

learnedonthejob,assistingotherrobbersinaformof

apprenticeship.Onbalance,allthesefactorstippedverymuch

inthefavorofthecriminal,sobankrobberywas,foratime,

consideredtobeaprofitablebusiness.Protectingassetswas

difficultandnotalwayseffective.

Today,however,assetprotectioniseasier,withmanyfactors

workingagainstthepotentialcriminal.Verysophisticatedalarm

andcamerasystemssilentlyprotectsecureplaceslikebanks

whetherpeoplearearoundornot.Thetechniquesofcriminal

investigationhavebecomesoeffectivethatapersoncanbe

identifiedbygeneticmaterial(DNA),fingerprints,retinal

patterns,voice,acompositesketch,ballisticsevidence,orother

hard-to-maskcharacteristics.Theassetsarestoredinasafer

form.Forinstance,manybankbranchesnowcontainlesscash

thansomelargeretailstoresbecausemuchofabank's

businessisconductedwithchecks,electronictransfers,credit



cards,ordebitcards.Sitesthatmuststorelargeamountsof

cashorcurrencyareprotectedwithmanylevelsofsecurity:

severallayersofphysicalsystems,complexlocks,multiplepartysystemsrequiringtheagreementofseveralpeopleto

allowaccess,andotherschemes.Significantimprovementsin

transportationandcommunicationmeanthatpolicecanbeat

thesceneofacrimeinminutes;dispatcherscanalertother

officersinsecondsaboutthesuspectstowatchfor.Fromthe

criminal'spointofview,theriskandrequiredsophisticationare

sohighthatthereareusuallyeasierwaysthanbankrobberyto

makemoney.



ProtectingValuables

Thisbookisaboutprotectingourcomputer-relatedassets,not

aboutprotectingourmoneyandgoldbullion.Thatis,weplanto

discusssecurityforcomputingsystems,notbanks.Butwecan

learnfromouranalysisofbanksbecausetheytellussome

generalprinciplesaboutprotection.Inotherwords,whenwe

thinkaboutprotectingvaluableinformation,wecanlearnalot

fromthewaywehaveprotectedothervaluablesinthepast.For

example,Table1-1presentsthedifferencesbetweenhow

peopleprotectcomputingsystemsandhowbanksprotect

money.Thetablereinforcesthepointthatwehavemany

challengestoaddresswhenprotectingcomputersanddata,but

thenatureofthechallengesmaymeanthatweneeddifferent

andmoreeffectiveapproachesthanwehaveusedinthepast.

Table1-1.ProtectingMoneyvs.ProtectingInformation.

Characteristic



Sizeand

portability



BankProtecting

Money



PeopleProtectingInformation



Sitesstoringmoneyare

large,unwieldy,notat

allportable.Buildings

requireguards,vaults,

manylevelsofphysical



Itemsstoringvaluableassetsare

verysmallandportable.The

physicaldevicesincomputingcan

besosmallthatthousandsof

dollars'worthofcomputinggearcan



securitytoprotect

money.



fitcomfortablyinabriefcase.



Abilitytoavoid Difficult.Whenbanks

physical

dealwithphysical

contact

currency,acriminal

mustphysicallydemand

themoneyandcarryit

awayfromthebank's

premises.



Simple.Wheninformationis

handledelectronically,nophysical

contactisnecessary.Indeed,when

bankshandlemoneyelectronically,

almostalltransactionscanbedone

withoutanyphysicalcontact.Money

canbetransferredthrough

computers,mail,ortelephone.



Valueofassets Veryhigh.



Variable,fromveryhightovery

low.Someinformation,suchas

medicalhistory,taxpayments,

investments,oreducational

background,isconfidential.Other

information,abouttroop

movements,salesstrategies,

buyingpatterns,canbevery

sensitive.Stillotherinformation,

suchasaddressandphonenumber,

maybeofnoconsequenceand

easilyaccessiblebyothermeans.



Protectingourvaluables,whethertheyareexpressedas

informationorinsomeotherway,rangesfromquite

unsophisticatedtoverysophisticated.WecanthinkoftheWild

Westdaysasanexampleofthe"unsophisticated"endofthe

securityspectrum.Andeventoday,whenwehavemore

sophisticatedmeansofprotectionthaneverbefore,westillsee

awiderangeinhowpeopleandbusinessesactuallyusethe

protectionsavailabletothem.

Infact,wecanfindfartoomanyexamplesofcomputersecurity

thatseemtobebackintheWildWestdays.Althoughsome

organizationsrecognizecomputersandtheirdataasvaluable

andvulnerableresourcesandhaveappliedappropriate

protection,othersaredangerouslydeficientintheirsecurity

measures.Insomecases,thesituationisevenworsethanthat

intheWildWest;asSidebar1-1illustrates,someenterprises



donotevenrecognizethattheirresourcesshouldbecontrolled

andprotected.Andassoftwareconsumers,wefindthatthe

lackofprotectionisallthemoredangerouswhenwearenot

evenawarethatwearesusceptibletosoftwarepiracyor

corruption.



Sidebar1-1:ProtectingSoftwareinAutomobileControl

Systems

Theamountofsoftwareinstalledinanautomobilegrowslargerfromyearto

year.Mostcars,especiallymoreexpensiveones,usedozensofmicrocontrollers

toprovideavarietyoffeaturestoenticebuyers.Thereisenoughvariationin

microcontrollerrangeandfunctionthattheSocietyofAutomotiveEngineers

(Warrendale,Pennsylvania)hassetstandardsfortheU.S.automotiveindustry's

software.Softwareinthemicrocontrollersrangesthroughthreeclasses:

lowspeed(classAlessthan10kbpersecond)forconveniencefeatures,

suchasradios

mediumspeed(classB10to125kbpersecond)forthegeneraltransferof

information,suchasthatrelatedtoemissions,speed,orinstrumentation

highspeed(classCmorethan125kbpersecond)forreal-timecontrol,

suchasthepowertrainorabrake-by-wiresystem

Thesedigitalcarsusesoftwaretocontrolindividualsubsystems,andthenmore

softwaretoconnectthesystemsinanetwork[WHI01].

However,theengineersdesigningandimplementingthissoftwareseenoreason

toprotectitfromhackers.Whitehorn-Umphresreportsthat,fromtheengineers'

pointofview,thesoftwareistoocomplicatedtobeunderstoodbyahacker."And

eveniftheycould[understandit],theywouldn'twantto."

Whitehorn-Umphrespointsoutamajordifferenceinthinkingbetweenhardware

designersandsoftwaredesigners."Ashardwareengineers,theyassumedthat,

perhapsasidefrombolt-onaftermarketparts,everythingelseisandshouldbea

blackbox."Butsoftwarefolkshaveadifferenttake:"Asasoftwaredesigner,I

assumethatalldigitaltechnologiesarefairgameforbeingplayedwith....it

takesaspecialkindofpersonalitytolookatasoftware-enableddeviceandsee

thepotentialformanipulationandchangeahackerpersonality."

Hepointsoutthathot-roddersandautoenthusiastshavealonghistoryof

tinkeringandtailoringtomakespecializedchangestomass-producedcars.And

theunprotectedsoftwarebeckonsthemtocontinuethetradition.Forinstance,

therearereportsofrecalibratingthespeedometeroftwotypesofJapanese

motorcyclestofoolthebikeabouthowfastitisreallygoing(andthereby

enablingfaster-than-legalspeeds).Whitehorn-Umphresspeculatesthatsoonyou

willbeableto"downloadnewignitionmappingsfromyourPC.Thenextstepwill

betoportthePCsoftwaretohandheldcomputerssoastomakeon-the-road

modificationsthatmucheasier."



Thepossibilityofcrimeisbadenough.Butworseyet,inthe

eventofacrime,someorganizationsneitherinvestigatenor

prosecuteforfearthattherevelationwilldamagetheirpublic

image.Forexample,wouldyoufeelsafedepositingyourmoney

inabankthathadjustsufferedaseveralmillion-dollarloss

throughcomputer-relatedembezzlement?Infact,thebreachof

securitymakesthatbankpainfullyawareofallitssecurity

weaknesses.Oncebitten,twiceshy;aftertheloss,thebankwill

probablyenhanceitssecuritysubstantially,quicklybecoming

saferthanabankthathadnotbeenrecentlyvictimized.

Evenwhenorganizationswanttotakeactionagainstcriminal

activity,criminalinvestigationandprosecutioncanbehindered

bystatutesthatdonotrecognizeelectromagneticsignalsas

property.Thenewsmediasometimesportrayscomputer

intrusionbyteenagersasapranknomoreseriousthantipping

overanouthouse.But,asweseeinlaterchapters,computer

intrusioncanhurtbusinessesandeventakelives.Thelegal

systemsaroundtheworldarerapidlycomingtogripswiththe

natureofelectronicpropertyasintellectualpropertycriticalto

organizationalormissionsuccess;lawsarebeingimplemented

andcourtdecisionsdeclaredthatacknowledgethevalueof

informationstoredortransmittedviacomputers.Butthisarea

isstillnewtomanycourts,andfewprecedentshavebeen

established.

Throughoutthisbook,welookatexamplesofhowcomputer

securityaffectsourlivesdirectlyandindirectly.Andweexamine

techniquestopreventsecuritybreachesoratleasttomitigate

theireffects.Weaddressthesecurityconcernsofsoftware

practitionersaswellasthoseprofessionals,managers,and

userswhoseproducts,services,andwell-beingdependonthe

properfunctioningofcomputersystems.Bystudyingthisbook,

youcandevelopanunderstandingofthebasicproblems

underlyingcomputersecurityandthemethodsavailabletodeal



withthem.

Inparticular,wedothefollowing:

examinetherisksofsecurityincomputing

consideravailablecountermeasuresorcontrols

stimulatethoughtaboutuncoveredvulnerabilities

identifyareaswheremoreworkisneeded

Inthischapter,webeginbyexaminingwhatkindsof

vulnerabilitiescomputingsystemsareproneto.Wethen

considerwhythesevulnerabilitiesareexploited:thedifferent

kindsofattacksthatarepossible.Thischapter'sthirdfocusis

onwhoisinvolved:thekindsofpeoplewhocontributetothe

securityproblem.Finally,weintroducehowtopreventpossible

attacksonsystems.



CharacteristicsofComputerIntrusion

Anypartofacomputingsystemcanbethetargetofacrime.

Whenwerefertoacomputingsystem,[1]wemeana

collectionofhardware,software,storagemedia,data,and

peoplethatanorganizationusestoperformcomputingtasks.

Sometimes,weassumethatpartsofacomputingsystemare

notvaluabletoanoutsider,butoftenwearemistaken.For

instance,wetendtothinkthatthemostvaluablepropertyina

bankisthecash,gold,orsilverinthevault.Butinfactthe

customerinformationinthebank'scomputermaybefarmore

valuable.Storedonpaper,recordedonastoragemedium,

residentinmemory,ortransmittedovertelephonelinesor

satellitelinks,thisinformationcanbeusedinmyriadwaysto



makemoneyillicitly.Acompetingbankcanusethisinformation

tostealclientsoreventodisruptserviceanddiscreditthebank.

Anunscrupulousindividualcouldmovemoneyfromoneaccount

toanotherwithouttheowner'spermission.Agroupofcon

artistscouldcontactlargedepositorsandconvincethemto

investinfraudulentschemes.Thevarietyoftargetsandattacks

makescomputersecurityverydifficult.

[1]Inthisbook,boldfaceidentifiesnewtermsbeingintroduced.



Anysystemismostvulnerableatitsweakestpoint.Arobber

intentonstealingsomethingfromyourhousewillnotattempt

topenetrateatwo-inch-thickmetaldoorifawindowgives

easieraccess.Similarly,asophisticatedperimeterphysical

securitysystemdoesnotcompensateforunguardedaccessby

meansofasimpletelephonelineandamodem.Wecancodify

thisideaasoneoftheprinciplesofcomputersecurity.

PrincipleofEasiestPenetration:Anintrudermustbe

expectedtouseanyavailablemeansofpenetration.The

penetrationmaynotnecessarilybebythemostobvious

means,norisitnecessarilytheoneagainstwhichthe

mostsoliddefensehasbeeninstalled.Anditcertainly

doesnothavetobethewaywewanttheattackerto

behave.

Thisprincipleimpliesthatcomputersecurityspecialistsmust

considerallpossiblemeansofpenetration.Moreover,the

penetrationanalysismustbedonerepeatedly,andespecially

wheneverthesystemanditssecuritychange.People

sometimesunderestimatethedeterminationorcreativityof

attackers.Rememberthatcomputersecurityisagamewith

rulesonlyforthedefendingteam:Theattackerscan(andwill)

useanymeanstheycan.Perhapsthehardestthingforpeople

outsidethesecuritycommunitytodoistothinklikethe

attacker.Onegroupofcreativesecurityresearchers



investigatedawirelesssecuritysystemandreporteda

vulnerabilitytothesystem'schiefdesigner,whoreplied"that

wouldwork,butnoattackerwouldtryit"[BON06].Don't

believethatforaminute:Noattackisoutofbounds.

Strengtheningoneaspectofasystemmaysimplymake

anothermeansofpenetrationmoreappealingtointruders.For

thisreason,letuslookatthevariouswaysbywhichasystem

canbebreached.



1.2.Attacks

Whenyoutestanycomputersystem,oneofyourjobsisto

imaginehowthesystemcouldmalfunction.Then,youimprove

thesystem'sdesignsothatthesystemcanwithstandanyof

theproblemsyouhaveidentified.Inthesameway,weanalyze

asystemfromasecurityperspective,thinkingaboutwaysin

whichthesystem'ssecuritycanmalfunctionanddiminishthe

valueofitsassets.



Vulnerabilities,Threats,Attacks,andControls

Acomputer-basedsystemhasthreeseparatebutvaluable

components:hardware,software,anddata.Eachofthese

assetsoffersvaluetodifferentmembersofthecommunity

affectedbythesystem.Toanalyzesecurity,wecanbrainstorm

aboutthewaysinwhichthesystemoritsinformationcan

experiencesomekindoflossorharm.Forexample,wecan

identifydatawhoseformatorcontentsshouldbeprotectedin

someway.Wewantoursecuritysystemtomakesurethatno

dataaredisclosedtounauthorizedparties.Neitherdowewant

thedatatobemodifiedinillegitimateways.Atthesametime,

wemustensurethatlegitimateusershaveaccesstothedata.

Inthisway,wecanidentifyweaknessesinthesystem.

Avulnerabilityisaweaknessinthesecuritysystem,for

example,inprocedures,design,orimplementation,thatmight

beexploitedtocauselossorharm.Forinstance,aparticular

systemmaybevulnerabletounauthorizeddatamanipulation

becausethesystemdoesnotverifyauser'sidentitybefore

allowingdataaccess.

Athreattoacomputingsystemisasetofcircumstancesthat

hasthepotentialtocauselossorharm.Toseethedifference



betweenathreatandavulnerability,considertheillustrationin

Figure1-1.Here,awallisholdingwaterback.Thewatertothe

leftofthewallisathreattothemanontherightofthewall:

Thewatercouldrise,overflowingontotheman,oritcouldstay

beneaththeheightofthewall,causingthewalltocollapse.So

thethreatofharmisthepotentialforthemantogetwet,get

hurt,orbedrowned.Fornow,thewallisintact,sothethreatto

themanisunrealized.



Figure1-1.Threats,Controls,andVulnerabilities.



However,wecanseeasmallcrackinthewallavulnerabilitythat

threatenstheman'ssecurity.Ifthewaterrisestoorbeyondthe

levelofthecrack,itwillexploitthevulnerabilityandharmthe

man.

Therearemanythreatstoacomputersystem,including

human-initiatedandcomputer-initiatedones.Wehaveall

experiencedtheresultsofinadvertenthumanerrors,hardware

designflaws,andsoftwarefailures.Butnaturaldisastersare

threats,too;theycanbringasystemdownwhenthecomputer

roomisfloodedorthedatacentercollapsesfroman

earthquake,forexample.

Ahumanwhoexploitsavulnerabilityperpetratesanattackon



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 1. Is There a Security Problem in Computing?

Tải bản đầy đủ ngay(0 tr)

×