Transcript Overview of University of Tennessee at Chattanooga Li Yang Computer Science and Engineering Department at University of Tennessee at Chattanooga November 10, 2012

Overview of University of
Tennessee at Chattanooga
Li Yang
Computer Science and Engineering Department at
University of Tennessee at Chattanooga
November 10, 2012
UT Chattanooga -- Computer Science &
Engineering Program
• National Center of Academic Excellence on Information Assurance
Education (CAE-IAE)
• CNSS 4011: Information Systems Security (INFOSEC) Professionals
–
–
–
–
–
–
CRMJ 1100 – Criminal Justice
CPSC 1110 – Data Structure and Problem Solving
CPSC 3600 – Principles of Information Security and Assurance
CPSC 4550 – Computer Networks
CPSC 4620 – Computer Network
CPSC 4600 – Biometrics and Cryptography
• CNSS 4012: Senior System Managers
– CPSC 4660 – Vulnerability Analysis and Auditing
– CPSC 4670 – Database Security and Auditing
– CPSC 4680 – Computer Crime Investigation
11/7/2015
2
UT Chattanooga -- Computer Science &
Engineering Program
• B.S. degree with four concentrations
–
–
–
–
–
Information Security and Assurance (ISA) (ABET accredited)
Software Systems (ABET accredited)
Scientific Applications (ABET accredited)
Computer Engineering (ABET accredited)
Uteach
• Undergraduate Certificates
– CNSS 4011: Information Systems Security (INFOSEC)
Professionals
– CNSS 4012: Senior System Manager
• M.S. degree in General Computer Science and the
One with ISA Concentration
11/7/2015
3
Quality Program at Computer Science
Department
•
•
•
•
Small-class size
Low student/faculty ratio
Faculty work closely with students
Every student has an academic advisor through
their study
• Won several national awards from National
Science Foundation
• Supportive student organization and tutoring
programs
11/7/2015
4
Who hires our students?
11/7/2015
5
Future of Computer Science
Professionals
• Employment opportunities for those in Computer
Science design will increase a whopping 48.78% during
the 2008-18 decade, according to the U.S. Bureau of
Labor Statistics.
• The increasing reliance of business and everyday affairs
on computers is increasing, thus, career opportunities
for Computer Science graduates are limitless.
• Leading cyber experts warned of a shortage of
talented computer security experts in the United
States, making it difficult to protect corporate and
government networks at a time when attacks are on
the rise. The shortages appear to be in the 20,000s to
40,000s for years to come.
11/7/2015
6
Overview of Cyber Security
Overview of Cyber Security
•
•
•
•
•
Introduction
What is security?
Security threats and attacks
Perspectives of attacks
Tools and practices
11/7/2015
8
Introduction
• Me: Research and Teacher
– Information Security and Assurance
– Intrusion Detection
– Mobile Security
– Cryptography
– Trust Management
11/7/2015
9
Cases of Cyber Attacks
11/7/2015
10
Driving Forces
•
11/7/2015
Sarbanes–Oxley Act of 2002
11
Trends
• Social Networking
• Mobile Devices
• Non-Computing Devices (printers,
networked TV)
• Personal Electronic Devices in Office
• Wiki Leak-like occurrences
• Privacy concerns
• Cloud computing
• Malware creation
• “Hacktivism” (cyber protests)
• Social Engineering
•
•
•
•
•
•
•
•
Company investment
Maturing cyber security processes
Personal background checks
Portable device security
standards/procedures
Compliance testing
Employee security awareness training
Authentication based on use risk
classification
Centralized security information
management process
• PWC 2011 Global State of Information Security Survey ®
Networks Become Borderless, There Is No Perimeter
11/7/2015
12
Facts About Intrusions
Verizon 2010 Data Breach Investigation Report
WHO IS BEHIND DATA BREACHES?
• 48% were caused by insiders
• 11% implicated business partners
11/7/2015
WHAT COMMONALITIES EXIST?
• 85% of attacks were not considered highly difficult
• 61% were discovered by a third party
• 86% of victims had evidence of the breach in their log files
• 96% of breaches were avoidable through simple or
13
intermediate controls
Network Security Visualization – Web
Security
• Cross site scripting: attacker injects scripting code
into pages generated by a web application
– Script could be malicious code
– JavaScript (AJAX!), VBScript, ActiveX, HTML, or Flash
• Threats:
– Phishing, hijacking, changing of user settings, cookie
theft/poisoning, false advertising , execution of code on
the client, ...
• http://m6gatlinburg.com/tmp/xss/xss.html
11/7/2015
14
Network Security Visualization – Web
Security
• Clickjacking
– a malicious attacker can trick a Web user into clicking on
something different from what the user perceives they are
clicking on, thus potentially revealing confidential
information or taking control of the computer.
• Threats:
– Phishing, hijacking, changing of user settings, cookie
theft/poisoning, false advertising , execution of code on
the client, ...
• http://reinsmidt.com/research/intersec/clickjack.php
11/7/2015
15
Network Security Visualization –
Packet Sniffer
• Packet sniffer is a program that captures all of
the packets of data that pass through a given
network interface, and recognizes and
decodes certain packets of interest.
• http://williams.comp.ncat.edu/IA_visualizatio
n_labs/security_visual_tools/packet_sniffer/p
acket_sniffer.html
11/7/2015
16
Network Security Visualization -- Wireless
Network Attacks Simulator
• Eavesdropping
The attacker configures his/her network interface into promiscuous mode,
which allows a network device to read each network packet that arrives at
the device.
• Evil Twin
An evil twin is a wireless access point (AP) that masquerades as a
legitimate one.
• Man in the Middle
The attacker intercepts the traffic between two computers. The attacker
sniffs packets from the network, may modify the packets and inserts them
back into the network.
• ARP Cache Poisoning
Address Resolution Protocol (ARP) is a network layer protocol used to
associate an IP address with a MAC address. A network device has an ARP
cache, which contains all the IP addresses and MAC addresses the device
has already matched together.
• http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools
/wireless_attacks/wireless_attacks.html
11/7/2015
17
Network Security Visualization -- SYN Flood
• SYN Flood, one of Denial-of-Service attacks
• http://williams.comp.ncat.edu/IA_visualizatio
n_labs/security_visual_tools/SYNFloodDemo/i
ndex.htm
11/7/2015
18
11/7/2015
19
Incident Categories
• Crimes in which the computer is the target of the
attack
• Incidents in which the computer is a means of
perpetrating a criminal act
•
Combination of both:
– attack one computer to gain access to it
– use this computer to launch Denial-of-Service (DOS) attack
against other
11/7/2015
20
Attack Consequences
• A loss of confidentiality where information is
disclosed to unauthorized individuals
• A loss of integrity where information is modified by
unauthorized individuals
• A loss of availability where information or the
systems processing it are not available for authorized
users
11/7/2015
21
Types of Attacks
• Viruses, Worms, Trojans, Rootkits
• intruders
– hacker: script kiddy vs. elite hacker
• insider
– most harmful
•
criminal organization
– structured attack
• terrorist and information warfare
– targets critical infrastructure
11/7/2015
22
Viruses, Worms, Trojans, Rootkits
• Malware can be classified into several
categories, depending on propagation
and concealment
• Propagation
– Virus: human-assisted propagation
(e.g., open email attachment)
– Worm: automatic propagation
without human assistance
• Concealment
– Rootkit: modifies operating system to
hide its existence
– Trojan: provides desirable
functionality but hides malicious
operation
• Various types of payloads, ranging from
annoyance to crime
11/7/2015
Trojan
Horse
W
O
R
M
Virus
Bomb
23
Lessons from History
• as Internet became more prevalent, it became
vehicle for malicious exploits
• recent threats:
– email  spam
– websites
11/7/2015
24
Email attachment – file format
• executables
– .exe .cmd .bat .com .dll .pif .vbs…
• hidden extensions
• hidden double extensions
– .gif.exe …
• moreover:
– file type associations
• even seemingly innocent file types:
–
–
–
–
11/7/2015
.gif
.pdf
.wmf
.zip
25
Human Attacks
• Piggybacking and shoulder surfing
• Dumpster diving
• Social engineering
– gain trust of insider
• people generally want to help somebody who is
• requesting help
• people generally want to avoid confrontation
11/7/2015
26
Network Threats and Attacks
• Eavesdropping: the interception of information intended for
someone else during its transmission over a communication
channel.
Alice
11/7/2015
Bob
Eve
27
Network Threats and Attacks
• Alteration: unauthorized modification of information.
– Example: the man-in-the-middle attack, where a network
stream is intercepted, modified, and retransmitted.
Communication
channel
Sender
encrypt
Recipient
decrypt
plaintext M
plaintext M′
shared
secret
key
11/7/2015
ciphertext C ciphertext C′
Attacker
(intercepting)
shared
secret
key
28
Network Threats and Attacks
• Denial-of-service: the interruption or degradation of a data
service or information access.
– Example: email spam, to the degree that it is meant to
simply fill up a mail queue and slow down an email server.
Alice
11/7/2015
29
Network Threats and Attacks
• Masquerading: the fabrication of information that is
purported to be from someone who is not actually the
author.
“From: Alice”
(really is from Eve)
11/7/2015
30
Network Threats and Attacks
• Repudiation: the denial of a commitment or data receipt.
– This involves an attempt to back out of a contract or a
protocol that requires the different parties to provide
receipts acknowledging that data has been received.
11/7/2015
31
Public domain image from http://commons.wikimedia.org/wiki/File:Plastic_eraser.jpeg
Insider Attacks
• An insider attack is a security breach that is caused
or facilitated by someone who is a part of the very
organization that controls or builds the asset that
should be protected.
• In the case of malware, an insider attack refers to a
security hole that is created in a software system by
one of its programmers.
11/7/2015
32
Perspectives on Protection
• Provide user education
– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS
11/7/2015
33
Poor security practice
• Password selection
– harder passwords are harder to remember
• e-mail and web-surfing practices
• Installing unauthorized hardware and
software
11/7/2015
34
Perspectives on Protection
• Provide user education
– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS
11/7/2015
35
Access Control
• Protect infrastructure
– access to building
– access to computer
– access to network equipment
• Authentication
– Discretionary vs. mandatory access control
– Role-based access control
11/7/2015
36
Perspectives on Protection
• Provide user education
– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS
11/7/2015
37
Security Principles
• Fail-safe defaults states that the default configuration
of a system should have a conservative protection
scheme.
• Separation of privilege dictates that multiple conditions
should be required to achieve access to restricted
resources or have a program perform some action
• Least privilege means that each program and user of a
computer system should operate with the bare
minimum privileges necessary to function properly.
• Open design means that the security architecture and
design of a system should be made publicly available.
11/7/2015
38
Security Operations
• Policies
– Management statements of what the organization wants
to accomplish
• Procedures
– Step-by-step instructions on how employees are expected
to act in a given situation or to accomplish a specific task
• Standards
– Mandatory elements regarding the implementation of a
policy
• Guidelines
– Recommendations relating to a policy
11/7/2015
39
Operational Model of Computer Security
Access Control
Firewall
Cryptography
Audit Logs
IDS
Honey Pots
Backups
Incident Response Team
Computer Forensics
Every security technique and technology
falls into at least one of the three elements of the equation
11/7/2015
40
Summary of Concepts
• cyber security is a real concern
• human element is large
• protection is possible
– education
– tools and practices
11/7/2015
41