WRITTEN BY CHINEDU JAMES E.
COMPUTER SECURITY
ABSTRACT
Security is one of the most vital thing the
both the Government, private and individual are not suppose to joke with
because it is important that life and properties are secured. In computer
security is necessary in such away that if you fail to secure your company or
business or your information you are in chances to lose them.
Information is power and I know that no
reasonable person want to lose his information to the wrong person or to thief’s.
Companies do not want to link their
information to another competitor so as not to go out of the market or lose the
market share and as well fail in their position.
This report tells you why you must secure
your information and why you must secure them properly.
It tells you why computer security is
important to all.
Also
it unveils the important of cyber security because this century and centuries
to come are computerized and the word is going technologically.
TABBLE OF CONTENT
Dedication
Acknowledgement
Abstract
CHAPTER ONE
1.0 INTRUCTION
1.1 Vulnerabilities
1.2 Backdoors
1.3 Denial-of-service
attack
1.4 Direct access
attack
1.5 Eavesdropping
1.6 Exploits
1.7 Indirect
attacks
2.0
INTRODUCTION
Social engineering and human error
2.1 Cloud computing
2.2 Aviation
2.3 Medium password security using SHA algorithms
CHAPTER
THREE
3.0
INTRODUCTION
Financial cost of security breaches
3.1 Reasons
3.2 Typical cyber security job titles and
descriptions
3.3 Chief
Information Security Officer
3.4 Security
Consultant/Specialist
CHAPTER
FOUR
4.0
INTRODUCTION
Computer protection
4.1 Security and
systems design
4.2 Security
measures
4.3 Difficulty with
response
4.4 Reducing
vulnerabilities
4.5 Security by
design
4.6 Security
architecture
4.7 Hardware
protection mechanisms
4.8 Secure
operating systems
4.9 Secure coding
4.10 Capabilities
and access control lists
4.11 Hacking back
CHAPTER FIVE
SUMMARY AND CONCLUTION
REFERENCE
CHAPTER
ONE
1.0 INTRUCTION
Computer security (also
known as cyber security or IT security) is information
security as applied to computing devices such as computers and smart phones,
as well as computer
networks such as private and public networks, including
the Internet.
The field covers all the
processes and mechanisms by which computer-based equipment, information and a
service are protected from unintended or unauthorized access, change or
destruction, and is of growing importance in line with the increasing reliance
on computer systems of most societies worldwide.
1.1
Vulnerabilities
To understand the
techniques for securing a computer system, it is important to first understand
the various types of "attacks" that can be made against it. These threats can
typically be classified into one of these seven categories:
1.2
Backdoors
A backdoor in
a computer system, a cryptosystem or
an algorithm, is a method of bypassing normal authentication, securing remote
access to a computer, obtaining access to plaintext, and so on, while
attempting to remain undetected. The backdoor may take the form of an installed
program (e.g., Back Orifice), or could be a modification to an existing program
or hardware device. A specific form of backdoor is a root kit,
which replaces system binaries and/or hooks into the function calls of an
operating system to hide the presence of other programs, users, services and
open ports. It may also fake information about disk and memory usage.
1.3
Denial-of-service attack
Unlike other exploits, denial
of service attacks is not used to gain unauthorized access or control of a
system. They are instead designed to render it unusable. Attackers can deny
service to individual victims, such as by deliberately entering a wrong
password enough consecutive times to cause the victim account to be locked, or
they may overload the capabilities of a machine or network and block all users
at once. These types of attack are, in practice, very hard to prevent, because
the behavior of whole networks needs
to be analyzed, not only the behavior of small pieces of code. Distributed
denial of service (DDoS) attacks are common, where a
large number of compromised hosts (commonly referred to as "zombie computers",
used as part of a bot net with,
for example; a worm,
trojan horse, or backdoor
exploit to control them) are used to flood a target system
with network requests, thus attempting to render it unusable through resource
exhaustion. Another technique to exhaust victim resources is through the use of
an attack amplifier, where the attacker takes advantage of poorly designed
protocols on third-party machines, such as FTP or DNS, in order to instruct
these hosts to launch the flood. Some vulnerabilities in applications or
operating systems can be exploited to make the computer or application
malfunction or crash to create a denial-of-service.
1.4
Direct access attack
Common consumer devices
that can be used to transfer data surreptitiously.
Someone who has gained
access to a computer can install different types of devices to compromise
security, including operating system modifications,
software worms, key loggers,
and covert
listening devices. The attacker can also easily download large
quantities of data onto backup media, for instance CD-R/DVD-R, tape;
or portable devices such as key drives, digital cameras or digital
audio players. Another common technique is to boot an
operating system contained on a CD-ROM or
other bootable media and read the data from the hard drive(s)
this way. The only way to defeat this is to encrypt the storage media and store
the key separate from the system.
1.5
Eavesdropping
Eavesdropping is the act of
surreptitiously listening to a private conversation, typically between hosts on
a network. For instance, programs such as Carnivore and Narus In sight have
been used by the FBI and NSA to
eavesdrop on the systems of internet
service providers. Even machines that operate as a closed
system (i.e., with no contact to the outside world) can be eavesdropped upon
via monitoring the faint electro-magnetic transmissions
generated by the hardware such as TEMPEST.
1.6
Exploits
An exploit (from the same
word in the French language, meaning "achievement", or
"accomplishment") is a piece of software, a chunk of data, or
sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or
unanticipated behavior to occur on computer software, hardware, or something
electronic (usually computerized). This frequently includes such things as
gaining control of a computer system or allowing privilege
escalation or a denial of service attack. The term
"exploit" generally refers to small programs designed to take
advantage of a software flaw that has been discovered, either remote or local.
The code from the exploit program is frequently reused in trojan
horses and computer viruses.
In some cases, a vulnerability can lie in certain programs' processing of a
specific file type, such as a non-executable media file. Some security web
sites maintain lists of currently known unpatched vulnerabilities found in
common programs (see "External links" below).
1.7
Indirect attacks
An
indirect attack is an attack launched by a third-party computer. By using
someone else's computer to launch an attack, it becomes far more difficult to
track down the actual attacker. There have also been cases where attackers took
advantage of public anonymizing systems, such as the tor
onion router system
CHAPTER TWO
2.0 INTRODUCTION
Social engineering and human error
A
computer system is no more secure than the human systems responsible for its
operation. Malicious individuals have
regularly penetrated well-designed, secure computer systems by taking advantage
of the carelessness of trusted individuals, or by deliberately deceiving them,
for example sending messages that they are the system administrator and asking
for passwords. This deception is known as social engineering.
In
the world of information technology there are different types of cyber
attack–like code injection to a website or utilizing malware (malicious
software) such as virus, Trojans, or similar. Attacks of these kinds are
counteracted managing or improving the damaged product. But there is one last
type, social engineering, which does not directly affect the computers but
instead their users, which are also known as "the weakest link". This
type of attack is capable of achieving similar results to other class of cyber
attacks, by going around the infrastructure established to resist malicious
software; since being more difficult to calculate or prevent, it is many times
a more efficient attack vector.
The
main target is to convince the user by means of psychological ways to disclose
his or her personal information such as passwords, card numbers, etc. by, for
example, impersonating the services company or the bank.[2]
Vulnerable
areas
Computer security is
critical in almost any technology-driven industry which operates on computer
systems. The issues of computer based systems and addressing their countless
vulnerabilities are an integral part of maintaining an operational industry.[3]
2.1
Cloud computing
Security in the cloud is
challenging, due to varied degrees of security features and management schemes
within the cloud entities. In this connection one logical protocol base needs
to evolve so that the entire gamut of components operates synchronously and
securely.
2.2
Aviation
The aviation industry is
especially important when analyzing computer security because the involved
risks include human life, expensive equipment, cargo, and transportation
infrastructure. Security can be compromised by hardware and software
malpractice, human error, and faulty operating environments. Threats that
exploit computer vulnerabilities can stem from sabotage, espionage, industrial
competition, terrorist attack, mechanical malfunction, and human error.[4]
The consequences of a
successful deliberate or inadvertent misuse of a computer system in the
aviation industry range from loss of confidentiality to loss of system
integrity, which may lead to more serious concerns such as exfiltration (data
theft or loss), network and air
traffic control outages, which in turn can lead to
airport closures, loss of aircraft, loss of passenger life. Military systems
that control munitions can pose an even greater risk.
A proper attack does not
need to be very high tech or well funded; for a power outage at an airport
alone can cause repercussions worldwide.[5] One
of the easiest and, arguably, the most difficult to trace security
vulnerabilities is achievable by transmitting unauthorized communications over
specific radio frequencies. These transmissions may spoof air traffic controllers
or simply disrupt communications altogether. These incidents are very common,
having altered flight courses of commercial aircraft and caused panic and
confusion in the past. Controlling aircraft over oceans is especially
dangerous because radar surveillance only extends 175 to 225 miles offshore.
Beyond the radar's sight controllers must rely on periodic radio communications
with a third party.
Lightning, power fluctuations, surges, brownouts, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.
2.3 Medium password security using SHA algorithms
The SHA (Secure Hash Algorithm) is
a family of cryptographic hash functions. It is very similar to MD5 except
it generates more strong hashes. However these hashes are not
always unique, and it means that for two different inputs we could have equal
hashes. When this happens it’s called a “collision”. Chances of collision in
SHA is less than MD5. But, do not worry about these collisions because they are
really very rare.
Java
has 4 implementations of SHA algorithm. They generate following length hashes
in comparison to MD5 (128 bit hash):
§ SHA-1
(Simplest one – 160 bits Hash)
§ SHA-256
(Stronger than SHA-1 – 256 bits Hash)
§ SHA-384
(Stronger than SHA-256 – 384 bits Hash)
§ SHA-512
(Stronger than SHA-384 – 512 bits Hash)
CHAPTER THREE
3.0
INTRODUCTION
Financial
cost of security breaches
Serious financial damage
has been caused by security breaches,
but because there is no standard model for estimating the cost of an incident,
the only data available is that which is made public by the organizations involved.
“Several computer security consulting firms produce estimates of total
worldwide losses attributable to virus and worm attacks
and to hostile digital acts in general. The 2003 loss estimates by these firms
range from $13 billion (worms and viruses only) to $226 billion (for all forms
of covert attacks). The reliability of these estimates is often challenged; the
underlying methodology is basically anecdotal.”[6]
Insecurities in operating systems have
led to a massive black market for rogue software.
An attacker can use a security hole to
install software that tricks the user into buying a product. At that point,
an affiliate
program pays the affiliate responsible for generating that
installation about $30. The software is sold for between $50 and $75 per
license.[7]
3.1
Reasons
There are many similarities
(yet many fundamental differences) between computer and physical security.
Just like real-world security, the motivations for breaches of computer
security vary between attackers, sometimes called hackers or
crackers. Some are thrill-seekers or vandals (the
kind often responsible for defacing web sites); similarly, some web
site defacements are done to make political statements.
However, some attackers are highly skilled and motivated with the goal of
compromising computers for financial gain or espionage. An example of the
latter is Markus Hess (more
diligent than skilled), who spied for the KGBand was ultimately caught because of the
efforts of Clifford
Stoll, who wrote a memoir, The Cuckoo's Egg,
about his experiences.
For
those seeking to prevent security breaches, the first step is usually to
attempt to identify what might motivate an attack on the system, how much the
continued operation and information security of the system are worth, and who
might be motivated to breach it. The precautions required for a home personal computer are
very different for those of banks' Internet banking systems, and different
again for a classified military network.
Other computer security writers suggest that, since an attacker using a network
need know nothing about you or what you have on your computer, attacker
motivation is inherently impossible to determine beyond guessing. If true,
blocking all possible attacks is the only plausible action to take.
The
cyber security job market
Cyber Security is a fast-growing
[54] field
of IT concerned
with reducing organizations' risk of hack or data breach. Commercial,
government and non-governmental all employ cyber security professional, but the
use of the term "cyber security" is government job descriptions is
more prevalent than in non-government job descriptions, in part due to
government "cyber security" initiatives (as opposed to corporation's
"IT security" initiatives) and the establishment of government
institutions like the US Cyber Command and the UK Defence Cyber Operations
Group.
3.2 Typical cyber security job titles and descriptions include:
Security
Analyst
Analyzes and assesses
vulnerabilities in the infrastructure (software, hardware, networks),
investigates available tools and countermeasures to remedy the detected
vulnerabilities, and recommends solutions and best practices. Analyzes and
assesses damage to the data/infrastructure as a result of security incidents,
examines available recovery tools and processes, and recommends solutions.
Tests for compliance with security policies and procedures. May assist in the
creation, implementation, and/or management of security solutions.
Security Engineer
Performs security
monitoring, security and data/logs analysis, and forensic analysis, to detect
security incidents, and mounts incident response. Investigates and utilizes new
technologies and processes to enhance security capabilities and implement
improvements. May also review code or perform other security
engineering methodologies.
Security Architect
Designs a security system
or major components of a security system, and may head a security design team
building a new security system.
Security Administrator
Installs and manages
organization-wide security systems. May also take on some of the tasks of a
security analyst in smaller organizations.
3.3
Chief Information Security Officer
A high-level management
position responsible for the entire information security division/staff. The
position may include hands-on technical work.
3.4
Security Consultant/Specialist
Broad titles that encompass
any one or all of the other roles/titles, tasked with protecting computers,
networks, software, data, and/or information systems against viruses, worms,
spyware, malware, intrusion detection, unauthorized access, denial-of-service
attacks, and an ever increasing list of attacks by hackers acting as
individuals or as part of organized crime or foreign governments.
Student programs are also
available to people interested in beginning a career in cyber security
CHAPTER
FOUR
4.0
INTRODUCTION
Computer
protection
There are numerous ways to
protect computers, including utilizing security-aware design techniques,
building on secure operating systems and installing hardware devices designed
to protect the computer systems.
4.1
Security and systems design
Although there are many
aspects to take into consideration when designing a computer system,
security can prove to be very important. According to Symantec,
in 2010, 94 percent of organizations polled expect to implement security
improvements to their computer systems, with 42 percent claiming cyber security as
their top risk.[8]
At the same time, many
organizations are improving security and many types of cyber criminals are
finding ways to continue their activities. Almost every type ofcyber attack is
on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey
admitted that malware infections, denial-of-service
attacks, password sniffing, and web
site defacements were significantly higher than in the
previous two years.[9]
4.2
Security measures
A state of computer
"security" is the conceptual ideal, attained by the use of the three
processes: threat prevention, detection, and response. These processes are
based on various policies and system components, which include the following:
·
Firewalls are
by far the most common prevention systems from a network security perspective
as they can (if properly configured) shield access to internal network
services, and block certain kinds of attacks through packet filtering.
Firewalls can be both hardware- or software-based.
·
Intrusion
Detection Systems (IDSs) are designed to detect network
attacks in progress and assist in post-attack forensics,
while audit trails and logs serve
a similar function for individual systems.
·
"Response" is necessarily defined
by the assessed security requirements of an individual system and may cover the
range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the
like. In some special cases, a complete destruction of the compromised system
is favored, as it may happen that not all the compromised resources are
detected.
Today, computer security
comprises mainly "preventive" measures, like firewalls or an exit procedure. A
firewall can be defined as a way of filtering network data between a host or a
network and another network, such as the Internet,
and can be implemented as software running on the machine, hooking into
the network
stack(or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel)
to provide real time filtering and blocking. Another implementation is a
so-called physical
firewall which consists of a separate machine filtering
network traffic. Firewalls are common amongst machines that are permanently
connected to the Internet.
However, relatively few
organisations maintain computer systems with effective detection systems, and
fewer still have organised response mechanisms in place. As result, as Reuters
points out: “Companies for the first time report they are losing more through
electronic theft of data than physical stealing of assets”.[10] The
primary obstacle to effective eradication of cyber crime could be traced to
excessive reliance on firewalls and other automated "detection"
systems. Yet it is basic evidence gathering by using packet
capture appliances that puts criminals behind bars.
4.3
Difficulty with response
Responding forcefully to
attempted security
breaches (in the manner that one would for attempted
physical security breaches) is often very difficult for a variety of reasons:
·
Identifying attackers is difficult, as they
are often in a different jurisdiction to
the systems they attempt to breach, and operate through proxies, temporary
anonymous dial-up accounts, wireless connections, and other anonymising
procedures which make backtracing difficult and are often located in yet
another jurisdiction. If they successfully breach security, they are often able
to delete logs to
cover their tracks.
·
The sheer number of attempted attacks is so
large that organisations cannot spend time pursuing each attacker (a typical
home user with a permanent (e.g.,cable modem)
connection will be attacked at least several times per day, so more attractive
targets could be presumed to see many more). Note however, that most of the
sheer bulk of these attacks are made by automated vulnerability
scanners and computer worms.
·
Law
enforcement officers are often unfamiliar with information
technology, and so lack the skills and interest in pursuing
attackers. There are also budgetary constraints. It has been argued that the
high cost of technology, such as DNA testing, and improved forensics mean
less money for other kinds of law enforcement, so the overall rate of criminals
not getting dealt with goes up as the cost of the technology increases. In
addition, the identification of attackers across a network may require logs
from various points in the network and in many countries, the release of these
records to law enforcement (with the exception of being voluntarily surrendered
by a network
administrator or a system
administrator) requires a search warrant and,
depending on the circumstances, the legal proceedings required can be drawn out
to the point where the records are either regularly destroyed, or the
information is no longer relevant.
4.4
Reducing vulnerabilities
Computer code is
regarded by some as a form of mathematics.
It is theoretically possible to prove the correctness of certain classes of
computer programs, though the feasibility of actually achieving this in
large-scale practical systems is regarded as small by some with practical
experience in the industry; see Bruce Schneier et
al.
It is also possible to
protect messages in transit (i.e., communications)
by means of cryptography.
One method of encryption—the one-time pad—is
unbreakable when correctly used. This method was used by the Soviet Union
during the Cold War, though flaws in their implementation allowed some cryptanalysis;
see the Venona
project.
The method uses a matching pair of key-codes, securely distributed, which are
used once-and-only-once to encode and decode a single message. For transmitted
computer encryption this method is difficult to use properly (securely), and
highly inconvenient as well. Other methods of encryption,
while breakable in theory, are often virtually impossible to directly break by
any means publicly known today. Breaking them requires some non-cryptographic
input, such as a stolen key, stolen plaintext (at either end of the
transmission), or some other extra cryptanalytic information.
Social engineering and
direct computer access (physical) attacks can only be prevented by non-computer
means, which can be difficult to enforce, relative to the sensitivity of the
information. Even in a highly disciplined environment, such as in military
organizations, social engineering attacks can still be difficult to foresee and
prevent.
In practice, only a small
fraction of computer program code is mathematically proven, or even goes
through comprehensive information
technology audits or inexpensive but extremely
valuable computer
security audits, so it is usually possible for a determined
hacker to read, copy, alter or destroy data in well secured computers, albeit
at the cost of great time and resources. Few attackers would audit applications
for vulnerabilities just to attack a single specific system. It is possible to
reduce an attacker's chances by keeping systems up to date, using a security
scanner or/and hiring competent people responsible for security. The effects of
data loss/damage can be reduced by careful backing up and insurance.
4.5
Security by design
Security by design,
or alternately secure by design, means that the software has been designed from
the ground up to be secure. In this case, security is considered as a main
feature.
Some of the techniques in
this approach include:
·
The principle
of least privilege, where each part of the system has only the
privileges that are needed for its function. That way even if an attacker gains
access to that part, they have only limited access to the whole system.
·
Code reviews and unit testing,
approaches to make modules more secure where formal correctness proofs are not
possible.
·
Defense
in depth, where the design is such that more than one subsystem
needs to be violated to compromise the integrity of the system and the
information it holds.
·
Default secure settings, and design to
"fail secure" rather than "fail insecure" (see fail-safe for
the equivalent in safety
engineering). Ideally, a secure system should require a
deliberate, conscious, knowledgeable and free decision on the part of
legitimate authorities in order to make it insecure.
·
Audit trails tracking
system activity, so that when a security breach occurs, the mechanism and
extent of the breach can be determined. Storing audit trails remotely, where
they can only be appended to, can keep intruders from covering their tracks.
·
Full disclosure of all
vulnerabilities, to ensure that the "window
of vulnerability" is kept as short as possible when bugs
are discovered.
4.6
Security architecture
The Open Security
Architecture organization defines IT security architecture as "the
design artifacts that describe how the
security controls (security countermeasures) are positioned, and how they
relate to the overall information technology architecture. These controls serve
the purpose to maintain the system's quality attributes: confidentiality,
integrity, availability, accountability and assurance
services".[11]
4.7
Hardware protection mechanisms
While hardware may be a
source of insecurity, such as with microchip vulnerabilities maliciously
introduced during the manufacturing process,[12][13] hardware-based
or assisted computer security also offers an alternative to software-only
computer security. Using devices and methods such as dongles, trusted
platform modules, intrusion-aware cases, drive locks,
disabling USB ports, and mobile-enabled access may be considered more secure
due to the physical access (or sophisticatedbackdoor
access) required in order to be compromised. Each of these is
covered in more detail below.
·
USB dongles are typically used in
software licensing schemes to unlock software capabilities,[14] but
they can also be seen as a way to prevent unauthorized access to a computer or
other device's software. The dongle, or key, essentially creates a secure
encrypted tunnel between the software application and the key. The principle is
that an encryption scheme on the dongle, such as Advanced
Encryption Standard (AES) provides a stronger measure of
security, since it is harder to hack and replicate the dongle than to simply
copy the native software to another machine and use it. Another security
application for dongles is to use them for accessing web-based content such as
cloud software or Virtual
Private Networks (VPNs).[15] In
addition, a USB dongle can be configured to lock or unlock a computer.[16]
·
Trusted
platform modules (TPMs) secure devices by integrating
cryptographic capabilities onto access devices, through the use of
microprocessors, or so-called computers-on-a-chip. TPMs used in conjunction
with server-side software offer a way to detect and authenticate hardware devices,
preventing unauthorized network and data access.[17]
·
Computer
case intrusion detection refers to a push-button switch which is
triggered when a computer case is opened. The firmware or BIOS is programmed to
show an alert to the operator when the computer is booted up the next time.
·
Drive locks are essentially software tools to
encrypt hard drives, making them inaccessible to thieves.[18] Tools
exist specifically for encrypting external drives as well.[19]
·
Disabling USB ports is a security option for
preventing unauthorized and malicious access to an otherwise secure computer.
Infected USB dongles connected to a network from a computer inside the firewall
are considered by Network World as the most common hardware threat facing
computer networks.[20]
·
Mobile-enabled access devices are growing in
popularity due to the ubiquitous nature of cell phones. Built-in capabilities
such as Bluetooth,
the newer Bluetooth
low energy (LE), Near
field communication (NFC) on non iOS devices and biometric validation
such as thumb print readers, as well as QR code reader
software designed for mobile devices, offer new, secure ways for mobile phones
to connect to access control systems. These control systems provide computer
security and can also be used for controlling access to secure buildings.[21]
4.8
Secure operating systems
One use of the term
"computer security" refers to technology that is used to implement secure operating systems.
Much of this technology is based on science developed in the 1980s and used to
produce what may be some of the most impenetrable operating systems ever.
Though still valid, the technology is in limited use today, primarily because
it imposes some changes to system management and also because it is not widely
understood. Such ultra-strong secure operating systems are based on operating
system kernel technology that can guarantee that
certain security policies are absolutely enforced in an operating environment.
An example of such a Computer
security policy is the Bell-LaPadula
model. The strategy is based on a coupling of special microprocessor hardware
features, often involving thememory
management unit, to a special correctly implemented
operating system kernel. This forms the foundation for a secure operating
system which, if certain critical parts are designed and implemented correctly,
can ensure the absolute impossibility of penetration by hostile elements. This
capability is enabled because the configuration not only imposes a security
policy, but in theory completely protects itself from corruption. Ordinary
operating systems, on the other hand, lack the features that assure this
maximal level of security. The design methodology to produce such secure
systems is precise, deterministic and logical.
Systems designed with such
methodology represent the state of the art[clarification needed] of
computer security although products using such security are not widely known.
In sharp contrast to most kinds of software, they meet specifications with
verifiable certainty comparable to specifications for size, weight and power.
Secure operating systems designed this way are used primarily to protect
national security information, military secrets, and the data of international
financial institutions. These are very powerful security tools and very few
secure operating systems have been certified at the highest level (Orange Book A-1) to operate over
the range of "Top Secret" to "unclassified" (including
Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN). The assurance of
security depends not only on the soundness of the design strategy, but also on
the assurance of correctness of the implementation, and therefore there are
degrees of security strength defined for COMPUSEC. The Common Criteria quantifies
security strength of products in terms of two components, security
functionality and assurance level (such as EAL levels), and these are specified
in a Protection
Profile for requirements and a Security Target for
product descriptions. None of these ultra-high assurance secure general purpose
operating systems have been produced for decades or certified under Common
Criteria.
In USA parlance, the term
High Assurance usually suggests the system has the right security functions
that are implemented robustly enough to protect DoD and DoE classified
information. Medium assurance suggests it can protect less valuable
information, such as income tax information. Secure operating systems designed
to meet medium robustness levels of security functionality and assurance have
seen wider use within both government and commercial markets. Medium robust
systems may provide the same security functions as high assurance secure
operating systems but do so at a lower assurance level (such as Common Criteria
levels EAL4 or EAL5). Lower levels mean we can be less certain that the
security functions are implemented flawlessly, and therefore less dependable.
These systems are found in use on web servers, guards, database servers, and
management hosts and are used not only to protect the data stored on these
systems but also to provide a high level of protection for network connections
and routing services.
4.9
Secure coding
If the operating
environment is not based on a secure operating system capable of maintaining a
domain for its own execution, and capable of protecting application code from
malicious subversion, and capable of protecting the system from subverted code,
then high degrees of security are understandably not possible. While such
secure operating systems are possible and have been implemented, most
commercial systems fall in a 'low security' category because they rely on
features not supported by secure operating systems (like portability, and
others). In low security operating environments, applications must be relied on
to participate in their own protection. There are 'best effort' secure coding
practices that can be followed to make an application more resistant to
malicious subversion.
In commercial environments,
the majority of software subversion vulnerabilities result
from a few known kinds of coding defects. Common software defects include buffer overflows, format
string vulnerabilities, integer overflow,
and code/command
injection. These defects can be used to cause the target system to
execute putative data. However, the "data" contain executable
instructions, allowing the attacker to gain control of the processor.
Some common languages such
as C and C++ are vulnerable to all of these defects (see Seacord, "Secure
Coding in C and C++").[22] Other
languages, such as Java, are more resistant to some of these defects, but are
still prone to code/command injection and other software defects which
facilitate subversion.
Another bad coding practice
occurs when an object is deleted during normal operation yet the program
neglects to update any of the associated memory pointers, potentially causing
system instability when that location is referenced again. This is called dangling pointer,
and the first known exploit for this particular problem was presented in July
2007. Before this publication the problem was known but considered to be
academic and not practically exploitable.[23]
Unfortunately, there is no
theoretical model of "secure coding" practices, nor is one
practically achievable, insofar as the code (ideally, read-only) and data
(generally read/write) generally tends to have some form of defect.
4.10
Capabilities and access control lists
Within computer systems,
two security models capable of enforcing privilege separation are access
control lists (ACLs) and capability-based
security. Using ACLs to confine programs has been proven to be
insecure in many situations, such as if the host computer can be tricked into
indirectly allowing restricted file access, an issue known as the confused
deputy problem. It has also been shown that the promise of
ACLs of giving access to an object to only one person can never be guaranteed
in practice. Both of these problems are resolved by capabilities. This does not
mean practical flaws exist in all ACL-based systems, but only that the
designers of certain utilities must take responsibility to ensure that they do
not introduce flaws
Capabilities have been
mostly restricted to research operating systems,
while commercial OSs still use ACLs. Capabilities can, however, also be
implemented at the language level, leading to a style of programming that is
essentially a refinement of standard object-oriented design. An open source
project in the area is the E
language.
The most secure computers
are those not connected to the Internet and shielded from any interference. In
the real world, the most secure systems are operating systems where security is
not an add-on.
4.11
Hacking back
There has been a
significant debate regarding the legality of hacking back against digital
attackers (who attempt to or successfully breach an individual's, entity's, or
nation's computer). The arguments for such counter-attacks are based on notions
of equity, active defense, vigilantism, and the Computer
Fraud and Abuse Act(CFAA). The arguments against the practice
are primarily based on the legal definitions of "intrusion" and
"unauthorized access", as defined by the CFAA. As of October 2012,
the debate is ongoing.[24]
CHAPTER
FIVE
SUMMARY AND CONCLUTION
Security can be a deep and complex issue to solve
correctly in your application. Fortunately, Symfony's Security component
follows a well-proven security model based around authentication and authorization.
Authentication, which always happens first, is handled by a firewall whose job
is to determine the identity of the user through several different methods
(e.g. HTTP authentication, login form, etc). In the cookbook, you'll find
examples of other methods for handling authentication, including how to implement
remember me" cookie functionality.
Once a user is authenticated, the authorization layer can
determine whether or not the user should have access to a specific resource.
Most commonly, roles are applied to URLs, classes or
methods and if the current user doesn't have that role, access is denied. The
authorization layer, however, is much deeper, and follows a system of
"voting" so that multiple parties can determine if the current user
should have access to a given resource.
1.
Storing the text password with hashing is
most dangerous thing for application security today.
2.
MD5 provides basic hashing for generating
secure password hash. Adding salt make it further stronger.
3.
MD5 generates 128 bit hash. To make it more
secure, use SHA algorithm which generate hashes from 160-bit to 512-bit long.
512-bit is strongest.
4.
Even SHA hashed secure passwords are able to
be cracked with today’s fast hardwares. To beat that, you will need algorithms
which can make the brute force attacks slower and minimize the impact. Such
algorithms are PBKDF2, BCrypt and SCrypt.
5.
Please take a well considered thought before
applying appropriate security algorithm.
REFERENCE
3. Jump up^ J.
C. Willemssen, "FAA Computer Security". GAO/T-AIMD-00-330. Presented
at Committee on Science, House of Representatives, 2000.
No comments:
Post a Comment