are designed for.Then we develop a general overall model within which the security services and mechanisms can be viewed. 中PREY NEXT◆
are designed for. Then we develop a general overall model within which the security services and mechanisms can be viewed
PREY NEXT◆ [Page 9(continued)] 1.1.Security Trends In 1994,the Intemnet Architecture Board(IAB)issued a report entitled "Security in the Intemet Architecture"(RFC 1636).The report stated the general consensus that the Intemet needs more and better security,and it identified key areas for security mechanisms.Among these were the need to secure the network infrastructure from unauthorized monitoring and control of network traffic and the need to secure end-user-to-end-user traffic using authentication and encryption mechanisms. [Page 10] These concerns are fully justified.As confirmation,consider the trends reported by the Computer Emergency Response Team(CERT) Coordination Center(CERT/CC).Figure 1.1a shows the trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These include security weaknesses in the operating systems of attached computers(e.g.,Windows,Linux)as well as vulnerabilities in Internet routers and other network devices.Figure 1.1b shows the number of security-related incidents reported to CERT.These include denial of service attacks;IP spoofing,in which intruders create packets with false IP addresses and exploit applications that use authentication based on IP;and various forms of eavesdropping and packet sniffing,in which attackers read transmitted information, including logon information and database contents. [Page 11] Figure 1.1.CERT Statistics (This item is displayed on page 10 in the print version) iew full size image]
[Page 9 (continued)] 1.1. Security Trends In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the Internet Architecture" (RFC 1636). The report stated the general consensus that the Internet needs more and better security, and it identified key areas for security mechanisms. Among these were the need to secure the network infrastructure from unauthorized monitoring and control of network traffic and the need to secure end-user-to-end-user traffic using authentication and encryption mechanisms. [Page 10] These concerns are fully justified. As confirmation, consider the trends reported by the Computer Emergency Response Team (CERT) Coordination Center (CERT/CC). Figure 1.1a shows the trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These include security weaknesses in the operating systems of attached computers (e.g., Windows, Linux) as well as vulnerabilities in Internet routers and other network devices. Figure 1.1b shows the number of security-related incidents reported to CERT. These include denial of service attacks; IP spoofing, in which intruders create packets with false IP addresses and exploit applications that use authentication based on IP; and various forms of eavesdropping and packet sniffing, in which attackers read transmitted information, including logon information and database contents. [Page 11] Figure 1.1. CERT Statistics (This item is displayed on page 10 in the print version) [View full size image]
4500 4000 3500 3000 2500 2000 1500 1000 500 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 (a)Vulnerabilities reported 140.000 130.000 120.000 110.000 100.000 90.000 80.000 70.000 60.000 50.000 40.000 30.000 20.000 10.000 1995 1996 1997 19981999 2000 2001 2002 2003 (b)Incidents reported Over time,the attacks on the Intemet and Internet-attached systems have grown more sophisticated while the amount of skill and knowledge required to mount an attack has declined(Figure 1.2).Attacks have become more automated and can cause greater amounts of damage
Over time, the attacks on the Internet and Internet-attached systems have grown more sophisticated while the amount of skill and knowledge required to mount an attack has declined (Figure 1.2). Attacks have become more automated and can cause greater amounts of damage
Figure 1.2.Trends in Attack Sophistication and Intruder Knowledge View full size imagel Sophisticated command and control Increase in worms Low Antiforensic techniques Home users targeted Intruder DDoS attacks knowledge Distributed attack tools Increase in wide-scale Trojan horse distribution e-mail propagation of malicious code Windows-based remote controllable Trojans (back office) "Stealth'Tadvanced scanning techniques- Widespread attacks on Widespread attacks using DNS infrastructure NNTP to distnbule attack Techniques to analyze code for vuls without source LExecutable code attacks (agains browsers) Widespread DoS attacks Automated widespread attacks GUI intruder tools Automated probes/scans Hijacking sessions Packet spoofing Sniffers High Internet social engineering attacks High Intruder Knowledge Low 1990 1991 1992 19931994 19951996 19971998 1999 2000 2001 Source:CERT This increase in attacks coincides with an increased use of the Internet and with increases in the complexity of protocols,applications,and the Internet itself.Critical infrastructures increasingly rely on the Internet for operations.Individual users rely on the security of the Internet. email,the Web,and Web-based applications to a greater extent than ever.Thus,a wide range of technologies and tools are needed to counter the growing threat.At a basic level,cryptographic algorithms for confidentiality and authentication assume greater importance.As well.designers need to focus on Intemet-based protocols and the vulnerabilities of attached operating systems and applications.This book surveys all of these technical areas. ◆PREY NEXT◆
Figure 1.2. Trends in Attack Sophistication and Intruder Knowledge [View full size image] This increase in attacks coincides with an increased use of the Internet and with increases in the complexity of protocols, applications, and the Internet itself. Critical infrastructures increasingly rely on the Internet for operations. Individual users rely on the security of the Internet, email, the Web, and Web-based applications to a greater extent than ever. Thus, a wide range of technologies and tools are needed to counter the growing threat. At a basic level, cryptographic algorithms for confidentiality and authentication assume greater importance. As well, designers need to focus on Internet-based protocols and the vulnerabilities of attached operating systems and applications. This book surveys all of these technical areas
◆PREY NEXT◆ [Page 12] 1.2.The OSI Security Architecture To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements.This is difficult enough in a centralized data processing environment;with the use of local and wide area networks,the problems are compounded. -Recommendation X..crtyArchitectredefine such a systemaic approacThe SIsecurity architectureis useful to managers as a way of organizing the task of providing security.Furthermore,because this architecture was developed as an international standard,computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms. [2]The International Telecommunication Union(ITU)Telecommunication Standardization Sector(ITU-T)is a United Nationssponsored agency that develops standards,called Recommendations,relating to telecommunications and to open systems interconnection(OSI). [3]The OSI security architecture was developed in the context of the OSI protocol architecture.which is described in Appendix H.However,for our purposes in this chapter,an understanding of the OSI protocol architecture is not required. For our purposes,the OSI security architecture provides a useful,if abstract,overview of many of the concepts that this book deals with. The OSI security architecture focuses on security attacks,mechanisms,and services.These can be defined briefly as follows: Security attack:Any action that compromises the security of information owned by an organization. Security mechanism:Aprocess(or a device incorporating such a process)that is designed to detect,prevent,or recover from a security attack. Security service:A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.The services are intended to counter security attacks,and they make use of one or more security mechanisms to provide the service. In the literature,the terms threat and attack are commonly used to mean more or less the same thingTable 1.1 provides definitions taken from RFC 2828,Internet Security Glossary. Table 1.1.Threats and Attacks(RFC 2828) Threat A potential for violation of security,which exists when there is a circumstance,capability,action,or event that could breach security and cause harm.That is,a threat is a possible danger that might exploit a vulnerability. Attack An assault on system security that derives from an intelligent threat;that is,an intelligent act that is a deliberate attempt(especially in the sense of a method or technique)to evade security services and violate the security policy of a system
[Page 12] 1.2. The OSI Security Architecture To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralized data processing environment; with the use of local and wide area networks, the problems are compounded. ITU-T [2] Recommendation X.800, Security Architecture for OSI, defines such a systematic approach. [3] The OSI security architecture is useful to managers as a way of organizing the task of providing security. Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms. [2] The International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a United Nationssponsored agency that develops standards, called Recommendations, relating to telecommunications and to open systems interconnection (OSI). [3] The OSI security architecture was developed in the context of the OSI protocol architecture, which is described in Appendix H. However, for our purposes in this chapter, an understanding of the OSI protocol architecture is not required. For our purposes, the OSI security architecture provides a useful, if abstract, overview of many of the concepts that this book deals with. The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as follows: Security attack: Any action that compromises the security of information owned by an organization. Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. In the literature, the terms threat and attack are commonly used to mean more or less the same thing. Table 1.1 provides definitions taken from RFC 2828, Internet Security Glossary. Table 1.1. Threats and Attacks (RFC 2828) Threat A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system