1. Computer & Data
Security
Prof. dr. Frederik Questier - Vrije Universiteit Brussel
Presented at:
Arba Minch University, Ethiopia, 03/2019
2.
3. Main objectives
of computer security
➢
Confidentiality
➢
of data (secrecy)
➢
of persons (privacy)
➢
access only by authorized parties
➢
Integrity
➢
data only correctly modified or deleted by authorized parties
➢
Availability
➢
correctly accessible in a timely manner
➢
the failure to meet this goal is called a denial of service
4. Assignment
Risk analysis
Congratulations!
You are elected member of the newly
established computer and data security team
in the university.
Make a list of all possible risks that can have an
impact on the security and stability of your
internal and external IT services.
5. What can go wrong?
Nature
➢
lightning strike
➢
fire
➢
flood
➢
heat wave – cold wave
➢
storm weather, hurricane
➢
earthquake
➢
tsunami
➢
volcano eruption
➢
electro magnetic pulse from the sun
➢
disease of key employees
6. What can go wrong?
Infrastructure or services problems
➢
Failure of
➢
software (bugs; license expired, ...)
➢
hardware
➢
electricity
➢
power outage or power surge
➢
network (cable cut – saturation)
➢
airconditioning
➢
water pipes –> leak
➢
system upgrades
➢
service providers (e.g. cloud)
➢
Overload of CPU, memory, storage, network (spam)
7. What can go wrong?
Human errors
➢
Weak security
➢
Loss of laptops, smartphones, USB-sticks, …
➢
No encryption
➢
Passwords leaks or cracks
➢
Computer console left unlocked
➢
Misunderstanding computer interface or other mistakes
➢
Deleting data
➢
Corrupting data
➢
Confiscation of machines
8. What can go wrong?
Evil actions by people
➢
break in (hackers - crackers)
➢
social engineering
➢
phishing
➢
(identity) theft
➢
vandalism
➢
unhappy employees
➢
sabotage (time bomb), leaks
➢
cyber attack, e.g. (Distributed) Denial of Service
➢
terrorism
➢
war
➢
nuclear bomb
9. What can go wrong?
Malware (malicious software)
➢
Botnet
➢
Rootkit
➢
Back door
➢
Spyware
➢
keylogger
➢
network sniffer
➢
Dialer
➢
Ransomware
10. Business continuity planning
= how to stay in business in the event of disaster?
➢
Disaster recovery
●
Preventive measures
●
Detective measures
●
Corrective measures
11. Threat modeling
1) What do you want to protect?
2) Who/what do you want to protect it from?
3) How likely is it that you will need to protect it?
4) How bad are the consequences if you fail?
5) How much trouble are you willing to go through in
order to try to prevent those?
17. Passwords
➢
Don't share them
➢
Not even with computer administrators
➢
Don't write them down
➢
Don't reuse them among different sites
➢
Change them often
➢
Select wise:
➢
Easy to remember
➢
Hard to guess (resistant to dictionary attacks)
➢
Password length
➢
Large set of characters (caps, lower case, numbers, symbols)
18. Some notorious password leaks
➢
2016: 500M Yahoo passwords
➢
2015: 30M Ashley Madison MD5 passwords etc
➢
2014: 5M Gmail passwords
➢
2013: 38M Adobe passwords (and source code)
➢
2013: 250K Twitter passwords
➢
2012: 12M Apple User IDs stolen by FBI, 1M leaked
➢
2012: 6M LinkedIn passwords
➢
2012: 450K plain text Yahoo passwords
➢
2012: 1.5M plain text Youporn passwords
➢
2009: 10K MS Hotmail, MSN and Live passwords
25. Danger of
biometric identification?
➢
You can't change your biometric password once it got leaked
➢
You can't legally refuse to give it, unlike a password (US fifth
amendment)
➢
Something like a fingerprint might be unusable as a password,
because you leave copies of your fingerprints on everything you
touch.
➢
Fingerprint is more like a login than like a password.
36. Great if we can exchange
our messages encrypted!
But how can we safely
exchange our keys?
37. Symmetric encryption
Sender and receiver must both know the same secret key
How to exchange that key over distance???
Asymmetric encryption
Sender only needs to know the public key of receiver!
38. Public key encryption
The private key can unlock (decrypt)
what is locked (encrypted) with the public key
45. Digital certificates
Version #
Serial #
Signature Algorithm
Issuer Name
Validity Period
Subject Name
Subject Public Key
Issuer Unique ID
Subject Unique ID
Extensions
Digital Signature
47. ➢
CAcert.org is a community-driven certificate authority that
issues free public key certificates to the public (unlike
other certificate authorities which are commercial and sell
certificates).
➢
CAcert has over 200,000 verified users.
➢
These certificates can be used to digitally sign and encrypt
email, authenticate and authorize users connecting to
websites and secure data transmission over the Internet.
52. Belgian electronic medical prescriptions
are based on the e-ID
➢
Doctor is identified with e-ID
➢
Patient is identified with e-ID
➢
Doctor signs the prescription with e-ID
➢
Prescription is stored in national Recip-e database.
➢
Patient can consult prescriptions in patient portal with e-ID
➢
Pharmacist is identified with e-ID
➢
Pharmacist finds the prescription in the Recip-e database
with barcode on the paper version of the prescription.
54. Telegram and Signal
➢
Free Open Source software
➢
End to end encryption
➢
Delete messages everywhere
➢
Self-destruct timer for messages
➢
VOIP
➢
User friendly
➢
For Android, iOS, …
65. Virtual Private Networks
extends a private (hospital) network across a public (internet) network
encrypted to protect against network sniffing
66. Internet use through a VPN provider
Sarah A. Downey, http://www.abine.com/blog/2012/petraeuss-emails-werent-private-and-neither-are-yours/
67. (Free) VPNs?
➢
VPNs good for
➢
protection against nearby spying and MITM attack
➢
avoiding geoblocking
➢
But you need to trust your VPN provider
➢
The free VPNs might have a business model based on spying on
you.
➢
Don’t install their proprietary apps
➢
The good VPN providers support OpenVPN
➢
Best to install e.g. OpenVPN on your own server.
72. = The Onion Router
Free Open Source software for anonymity network
73. Edward Snowden:
“Encryption works.
Properly implemented
strong crypto systems
are one of the few
things that you can
rely on. Unfortunately,
endpoint security is so
terrifically weak that
NSA can frequently
find ways around it.”
74.
75. ➢
From the European Parliament investigation into the Echelon system (05/18/2001):
“If security is to be taken seriously, only those operating
systems should be used whose source code has been
published and checked, since only then can it be determined
with certainty what happens to the data.”
76. ➢
Cryptographer, computer security expert Bruce Schneier:
“Secrecy and security aren't the same, even though it may
seem that way. Only bad security relies on secrecy; good
security works even if all the details of it are public."
“If researchers don’t go public, things don’t get fixed.
Companies don't see it as a security problem; they see it as a
PR problem.”
“Demand open source code for anything related to security”
77. The Borland Interbase example
➢
1992-1994: Borland inserted intentional back door into
Interbase (closed source database server) allowing local or
remote users root access to the machine
➢
07/2000: Borland releases source code (→ Firebird)
➢
12/2000: Back door is discovered
86. Backups
How would you optimize this backup strategy?
➢
Every night at 4 am, all university computers get a wake
up signal.
➢
The backup server takes over network a complete backup
of every hard disk of every computer.
➢
The backups are stored on a NAS (Network Attached
Storage) with 1000 hard disks.
➢
The backup server and the NAS are located in the data
center of the university (floor level -1).
➢
To save storage space, backups older than a year are
deleted.
88. Backups
➢
First time and sometimes: full backup
➢
Most often: only incremental backup
➢
Use a good data retention scheme
➢
e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups
➢
+ Use off-site data protection = vaulting
➢
e.g. remote backup (compression, encryption!)
➢
Use offline backups as protection against ransomware
➢
Reflect about your time for full restore
➢
Test the restore procedure!
➢
“80% of backups fail to restore”
89.
90. (Cheap) versioning
For important documents
save daily new version as:
thesis20190307.odt
This avoids overwriting backups with corrupt data
See also https://en.wikipedia.org/wiki/ISO_8601
105. Intrusion Detection Systems (IDS)
➢
Fail2ban
➢
Snort
➢
real-time traffic analysis and packet logging
➢
detect probes or attacks
➢
Samhain
➢
Complete integrity check
➢
uses cryptographic checksums of files to detect modifications,
➢
can find rogue SUID executables anywhere on disk
➢
Centralized monitoring
➢
native support for logging to a central server via encrypted and authenticated connections
➢
Tamper resistance
➢
database and configuration files can be signed
➢
log file entries and e-mail reports are signed
➢
support for stealth operation
➢
Honey pots
➢
...
107. Assignments
➢
Make a risk analysis and threat modeling of the computer
and data systems at your organization. What are the
weakest and most unsecure parts?
➢
Risk ... probability * potential impact = total risk level
➢
Which actions will you take to increase the security at your
organization?
➢
Why are some operating systems more secure than others?
➢
Compare the security characteristics of the Linux operating
system and Windows
108. Windows versus Linux security
➢
Windows origin
➢
QDOS (Quick and Dirty Operating System, 1980)
➢
To fit in small 8086 Personal Computer all existing concepts
of security, network, multi-user, … where omitted.
➢
86-DOS
➢
MSDOS
➢
Windows
➢
Linux (1991)
➢
Modeled according to UNIX, with security, network and
multi-user concepts implemented from the beginning.
109. Windows versus Linux security
➢
Windows and its software
➢
Source code mostly secret
➢
Cannot be audited
➢
Microsoft’s self-inflicted curse of binary compatibility:
➢
Major design improvements are hard as Microsoft cannot
modify & recompile proprietary software by others
➢
Linux and its software
➢
Free Open Source
➢
Source code can be audited, bugs and backdoors found
➢
Major design improvements are easier to implement
110. Windows versus Linux security
➢
Windows software
➢
Often (illegal copies) downloaded from web or P2P
➢
No checksum or signature
➢
Often malware. No way to detect it.
➢
Installer = executable
➢
Any malware gets executed with admin privileges
➢
Linux
➢
Software is installed through package manager
➢
Package maintainers of the many distributions often audit code
and compile from source.
➢
Package maintainers sign the packages and provide checksums
➢
Package = compressed archive only unpacked by root
111. Windows versus Linux security
Updates
➢
Windows update manager is only updating Windows
(and other Microsoft software?)
➢
Linux update manager is updating all software installed
through the package manager, which is typically near
100%.
112. Windows versus Linux security
User attitudes towards updates & upgrades
➢
Windows users don’t like updates & upgrades
➢
Windows reboots for updates
➢
System cannot be used during installation of the updates
➢
Users have very little control over updates
➢
Updates often come with more anti-user features
➢
Microsoft forces GUI changes upon upgrades
➢
Users continue with outdated OS when they don’t like GUI of newer version
➢
Linux
➢
Software and kernel(!) updates can be installed without rebooting or
unavailability of the system
➢
Users have total control over updates
➢
User can select the GUI indepentdently from upgrades
113. Windows versus Linux security
Who gets updates
➢
Windows and its software
➢
Sometimes “pirate users” did not get updates
➢
Linux and its software
➢
Users are never labeled as “pirates”
➢
Users are not denied updates
114. Windows versus Linux security
➢
Windows
➢
Not modular
➢
Most versions can’t be run without GUI
➢
No strict separation between kernel and GUI, webbrowser,
games, …
➢
Any bug in these can lead to crash or intrusion of the kernel
➢
Linux and its software
➢
Modular
➢
GUI is an option
➢
Strict separation between kernel and user space
115. Windows versus Linux security
➢
Windows
➢
Decides if a file is executable based on extension
➢
Read and execute permissions are not distinct
➢
“50+ File Extensions that are Potentially Dangerous on Windows”
➢
Windows hides extensions by default, but only the last one
➢
file.jpg.exe is visible as file.jpg
➢
Mail attachments can infect you with malware
➢
Linux
➢
Decides if a file is executable based on execution bit
➢
Read and execute permissions are distinct
➢
Nobody was stupid enough to write a Linux mail client that sets
the execution permission on attachments.
116. Windows versus Linux security
➢
Windows
➢
Autorun software from CD and USB (until Windows 7)
➢
Linux
➢
Autorun is not default or asks user permission
117. Windows versus Linux security
➢
Windows
➢
Many users work day in day out with an admin account
➢
Linux
➢
Users get a big fat warning when they attempt to login in
the GUI as root
➢
Users get very low privileges
➢
Different crucial applications run on different user
accounts
➢
E.g. Apache web server runs as user www
➢
User www has only (write) access to its own files.
118. Windows versus Linux security
➢
Windows
➢
FAT and NTFS still don’t have the option to create a non-
executable partition?
➢
Linux
➢
/tmp can be set as noexec
➢
This prevents that malware uploaded through e.g.
webserver can be executed.
119. Windows versus Linux security
➢
Windows
➢
Monoculture
➢
Linux
➢
300+ distributions
➢
84+ window managers
➢
Many packaging systems
➢
Many mail clients
➢
The diversity slows down widespread malware infections
as these will not work for all Linux systems.
120. Windows versus Linux security
➢
Windows filesystems
➢
Not much more than FAT and NTFS
➢
Linux
➢
Supports tens of filesystems
➢
Including some high availability oriented ones such as
ZFS.
121. Windows versus Linux security
Matheus effect
➢
Windows
➢
Many users don’t care about security
➢
Linux
➢
Users caring about security will rather use Linux
➢
These users secure their systems more
➢
Linux get more attention by security caring developers
122. Credits
➢
Password Strength, Creative Commons BY-NC http://xkcd.com/936/
➢
Security, Creative Commons BY-NC http://xkcd.com/538/
➢
Zimmermann Telegram, 1917, no known copyright restrictions
➢
Assymetric and symmetric encryption by Jeremy Stretch,
http://packetlife.net/blog/2010/nov/23/symmetric-asymmetric-encryption-hashing/
➢
Orange blue public key cryptography, Creative Commons CC0 by Bananenfalter
➢
HTTPS SSL Exchange by Robb Perry,
http://coding.smashingmagazine.com/2012/05/17/backpack-algorithms-and-public-key-cryptography-made-easy/
➢
Bitcoin logo, Public Domain by bitboy
➢
Bitcoin Transaction Visual, Creative Commons CC0 by Graingert
➢
Question mark CC-by by Stefan Baudy
➢
GNU Head Joseph W. Reiss Free Art License or the GNU GPLv2
123. This presentation was made with 100% Free Software
No animals were harmed
Questier.com
Frederik AT Questier.com
www.linkedin.com/in/fquestie
www.diigo.com/user/frederikquestier
www.slideshare.net/Frederik_Questier
T
hank
you!
Q
uestions?