Lecture 1.

2 - Computer Security Basics

This lecture attempts to answer the basic question, What does it mean to say that a system
is secure? As with Lecturer 1.1, there are many terms defined here that will be used
throughout the remainder of the course.
Lecture 1.1 suggests that computer security is really based on the assurance of the information stored in
computers. But what are the key ingredients that assure the information and thereby provides computer
security? Security experts say there are three key ingredients:
integrity
confidentiality
availability
When information has integrity it means that this information is correct. Data with integrity has not been
corrupted in any way. In addition to information (or data) integrity, there is a second kind of integrity namely the authenticity of the data. A person is authentic if they are who they claim to be. Data is often
associated with an owner or sender, and authenticity integrity in these cases refers to data being owned or
sent by the user who is named as owner/sender. In other words, data integrity for a cell phone text message
means that the message (data) is received correctly, while authenticity means that the number of the sender
is received correctly.
The second ingredient of security is confidentiality. Information may be correct (i.e., have integrity), but it
is often just as important to be careful regarding who has access. Confidentiality is maintained exactly
when the users who should not have access do not have access.
The third, and too often overlooked, ingredient of security is availability. Confidentiality means that data
is not accessible to unwanted individuals; availability means that data is accessible to users who should
have access.
These three ingredients answer the key questions regarding information assurance:
Is the asset uncorrupt? (integrity - data)
Is the asset authentic? (integrity - authenticity)
Who has access to the asset? (confidentiality)
Is the asset accessible to those who should have access? (availability)
These concepts apply to our everyday world, as well. Every theft can be viewed as a crime against
availability. Vandalism is a crime of integrity. Fraud is a type of authenticity crimes. Revealing selected
government secrets is a criminal offense (of confidentiality) in most countries
Information, such as data stored in a file or transmitted through a network, is the ultimate asset to be
secured, but in order to secure information there are other assets that must be secured. Security
professionals also worry about
physical security - securing the computing devices themselves,
configuration security - preserving the integrity of a computer, network and file configuration,
identity security - maintaining the confidentiality of a persons information, and
privacy - keeping anything confidential.
Certainly, information (i.e., data) must have integrity. Integrity is lost when a file system fails to store data
correctly or when data is damaged while being transmitted across the Internet. Various operating system,
application software and physical vulnerabilities can result in the loss of integrity. Some well-known
classes of computer attack that result in the loss of integrity are viruses and worms that always destroy the
integrity of computer memory by causing an unintended program to execute, and may also damage the
integrity of the computers file system or other assets. When a computer has a virus, we say that it is
infected.

Two common attacks on authenticity are spoofing and relay attacks. Spoofing occurs whenever a process
or message impersonates someone falsely. For example, an email message can spoof a reply-to address or
a network packet can spoof the source IP address. A relay attack occurs when one computer attacks
another computer by transmitting all the attack transmission through a third computer, making this third
computer appear to be the source of the attack.
Confidentiality is defined according to NIST (a security standards group within the U.S. government) to be
assurance that information is not disclosed to unauthorized persons, processes or devices. Some common
attacks that are intended to damage confidentiality are shoulder surfing, network sniffing and vulnerability
scanning. Shoulder surfing is often a low tech (i.e., electronically unsophisticated) kind of attack that
steals passwords by watching or videoing someone as they type their password. A related kind of attack, is
called dumpster diving because the attacker steals information by literally sifting through garbage for
paper that contains confidential information. (A dumpster is a large garbage container.) Network sniffing
occurs any time one computer user examines someone elses network transmissions. Since much of the
Internets traffic (most email, for example) is sent in easily understood form, it is not difficult for an
attacker with sufficient intelligence and access to the right wires at the proper time to intercept someones
data. The United States, and many other countries, have declared that a company can lawfully inspect all
information on the computers owned by the company. Therefore, many companies legally inspect their
employees email. Vulnerability scanning is a kind of confidentiality attack that almost always precedes
the real attack. Vulnerability scanning software examines other computers to report on potential
configuration vulnerabilities that can be exploited. Most computer users would assume that such
information is confidential.
This is a good time for a brief aside. In this course we will spend a lot of time talking about attacks and
sometimes the tools attackers use. It is not my intention to teach anyone how to perform and attack.
However, it should be obvious that in order to secure a system you must first know how attackers work. A
second reason for talking about attack tools, is that many of these same tools are quite useful for providing
security. Security professionals talk about white hat and black hat uses. (These terms come from cowboy
movies in the early days of motion pictures. In these movies the good cowboys almost always wore large
white hats, while the bad cowboys nearly always wore black hats.) An attacker (black hat) might use a
vulnerability scanner as a way to discover how to attack a computer. However, the same vulnerability
scanner could be used for white hat purposes. A typical white hat usage would be for a companys
information technology department to use vulnerability scanners on company computers for the purpose of
mitigating the vulnerabilities that are discovered.
NIST defines availability as timely, reliable access to data and information services for authorized users.
Note the importance of the words timely and reliable. I have found websites in the U.S. to take an
extraordinarily long time to access from my office in China. They are not timely, so not truly available.
Similarly, my campus recently had a problem with student email servers. Since they were unreliable,
students mostly used free email accounts they configured at Google, Yahoo or Hotmail. The reliable
availability of email is critical to a university student.
Easily the most common attack on availability is called Denial of Service (DoS). A DoS attack is any
attack designed specifically to target computer(s) so that it(they) cannot perform as their user intends.
Often this happens by overwhelming the target (victim) computer with too much work or using up all of the
memory or disk space on the target. Its not hard to imagine how a novice attacker with a little
programming knowledge could mount a DoS attack by writing a program that transmits enormous numbers
of email messages to one user. If the attacker runs this program on several different computers
simultaneously, then a Distributed Denial of Service (DDOS) results because the attack is distributed to
many different sources.
Every security system can be viewed as a barrier to protect assets. Like a door lock prevents unwanted
entry, security barriers are designed to block attacks to some asset(s). But not every attempt to access the
assets should be blocked. The person with the key can unlock the door. So the security system (barrier)
must allow some attempts to access the assets to be successful and others must be unsuccessful (we say

they are blocked when they are unsuccessful). This means that there are two different ways that any
security system can fail. The obvious type of failure occurs when a security system fails to block an attack.
This is called a false negative. The terms negative and positive are used here to refer whether or not
the security system has detected a potential attack. If the security system detects an attack, that is called a
positive and if the security system believes there is no attack, that is called a negative. A false negative
means that the security system did not detect a potential attack, but it should have..
The second, and less obvious, type of security system failure is called a false positive. False positives
occur whenever a security system detects a potential attack when it should not. When a policeman arrests
the wrong person for a crime, this is a false positive. When a firewall blocks a message that should be
allowed passage, this is also a false positive. So security systems can fail to provide proper security by
being too weak (i.e., false negatives), or by being too strong (i.e., false positives) or both.
The final topic of this lecture is the key to all real security -- TRUST. No matter how advanced our
technology becomes, security still ultimately relies upon sufficient trust. We trust that our computers are
properly configured when they ship from Apple or Dell. We trust that our Internet providers are protecting
our transmissions confidentiality, integrity and availability. We trust that no criminal has a key to our
apartment. We trust that our web browser is actually connecting to the correct computer for the URL just
typed. Trust is essential.