Computer & Data Security

Computer & Data
Security
Prof. dr. Frederik Questier - Vrije Universiteit Brussel
Presented at:
Arba Minch University, Ethiopia, 03/2019

Main objectives
of computer security
➢
Confidentiality
➢
of data (secrecy)
➢
of persons (privacy)
➢
access only by authorized parties
➢
Integrity
➢
data only correctly modified or deleted by authorized parties
➢
Availability
➢
correctly accessible in a timely manner
➢
the failure to meet this goal is called a denial of service

Assignment
Risk analysis
Congratulations!
You are elected member of the newly
established computer and data security team
in the university.
Make a list of all possible risks that can have an
impact on the security and stability of your
internal and external IT services.

What can go wrong?
Nature
➢
lightning strike
➢
fire
➢
flood
➢
heat wave – cold wave
➢
storm weather, hurricane
➢
earthquake
➢
tsunami
➢
volcano eruption
➢
electro magnetic pulse from the sun
➢
disease of key employees

What can go wrong?
Infrastructure or services problems
➢
Failure of
➢
software (bugs; license expired, ...)
➢
hardware
➢
electricity
➢
power outage or power surge
➢
network (cable cut – saturation)
➢
airconditioning
➢
water pipes –> leak
➢
system upgrades
➢
service providers (e.g. cloud)
➢
Overload of CPU, memory, storage, network (spam)

What can go wrong?
Human errors
➢
Weak security
➢
Loss of laptops, smartphones, USB-sticks, …
➢
No encryption
➢
Passwords leaks or cracks
➢
Computer console left unlocked
➢
Misunderstanding computer interface or other mistakes
➢
Deleting data
➢
Corrupting data
➢
Confiscation of machines

What can go wrong?
Evil actions by people
➢
break in (hackers - crackers)
➢
social engineering
➢
phishing
➢
(identity) theft
➢
vandalism
➢
unhappy employees
➢
sabotage (time bomb), leaks
➢
cyber attack, e.g. (Distributed) Denial of Service
➢
terrorism
➢
war
➢
nuclear bomb

What can go wrong?
Malware (malicious software)
➢
Botnet
➢
Rootkit
➢
Back door
➢
Spyware
➢
keylogger
➢
network sniffer
➢
Dialer
➢
Ransomware

Business continuity planning
= how to stay in business in the event of disaster?
➢
Disaster recovery
●
Preventive measures
●
Detective measures
●
Corrective measures

Threat modeling
1) What do you want to protect?
2) Who/what do you want to protect it from?
3) How likely is it that you will need to protect it?
4) How bad are the consequences if you fail?
5) How much trouble are you willing to go through in
order to try to prevent those?

Tools for confidentiality
➢
Authorization - access policies - access control
➢
Authentication – identification
➢
Passwords
➢
…
➢
Encryption
➢
Virtual private networking
➢
Auditing – logging
➢
...

Tools for integrity
➢
Backups
➢
Checksums
➢
...

Tools for availability
➢
Disaster recovery planning
➢
Physical protections
➢
Anti-theft
➢
Uninterruptible Power Supply
➢
Redundancies
➢
Intrusion-detection systems
➢
Antivirus software
➢
Firewall
➢
...

Passwords
➢
Don't share them
➢
Not even with computer administrators
➢
Don't write them down
➢
Don't reuse them among different sites
➢
Change them often
➢
Select wise:
➢
Easy to remember
➢
Hard to guess (resistant to dictionary attacks)
➢
Password length
➢
Large set of characters (caps, lower case, numbers, symbols)

Some notorious password leaks
➢
2016: 500M Yahoo passwords
➢
2015: 30M Ashley Madison MD5 passwords etc
➢
2014: 5M Gmail passwords
➢
2013: 38M Adobe passwords (and source code)
➢
2013: 250K Twitter passwords
➢
2012: 12M Apple User IDs stolen by FBI, 1M leaked
➢
2012: 6M LinkedIn passwords
➢
2012: 450K plain text Yahoo passwords
➢
2012: 1.5M plain text Youporn passwords
➢
2009: 10K MS Hotmail, MSN and Live passwords

Johannes Weber, http://blog.webernetz.net/2013/07/30/password-strengthentropy-characters-vs-words/

Passphrases
are more secure than
passwords

Biometric identification
➢
Finger print
➢
Voice print
➢
Iris scan
➢
Retinal scan
➢
Convenient
➢
Relative safe
➢
But...

Danger of
biometric identification?

Danger of
biometric identification?
➢
You can't change your biometric password once it got leaked
➢
You can't legally refuse to give it, unlike a password (US fifth
amendment)
➢
Something like a fingerprint might be unusable as a password,
because you leave copies of your fingerprints on everything you
touch.
➢
Fingerprint is more like a login than like a password.

Lock your screen when you leave

Security issues in communication
PrivacyPrivacy
IntegrityIntegrity
AuthenticationAuthentication
Non-repudiationNon-repudiation
Interception Spoofing
Modification Proof of parties involved

Cipher
algorithm for performing encryption or decryption
➢
Example: Caesar cipher

Great if we can exchange
our messages encrypted!
But how can we safely
exchange our keys?

Symmetric encryption
Sender and receiver must both know the same secret key
How to exchange that key over distance???
Asymmetric encryption
Sender only needs to know the public key of receiver!

Public key encryption
The private key can unlock (decrypt)
what is locked (encrypted) with the public key

Public key encryption
Creation of keys

Man-in-the-middle attack
➢
How can Bob know
that Alice's key is really Alice's key
(and not Mallory's)?

Digital certificates
Version #
Serial #
Signature Algorithm
Issuer Name
Validity Period
Subject Name
Subject Public Key
Issuer Unique ID
Subject Unique ID
Extensions
Digital Signature

➢
CAcert.org is a community-driven certificate authority that
issues free public key certificates to the public (unlike
other certificate authorities which are commercial and sell
certificates).
➢
CAcert has over 200,000 verified users.
➢
These certificates can be used to digitally sign and encrypt
email, authenticate and authorize users connecting to
websites and secure data transmission over the Internet.

Web of trust
Keysigning parties

Belgian eID contains personal
authentication certificate
signature certificate
Two factor auth: possession of eID and knowledge of pin code

Private keys never leave eID!
Signatures are computed in eID on hash of file-to-be-signed
(SHA-1 = Secure Hash Algorithm)

Error detection - Checksum - cryptographic hash
e.g. CRC32 (cyclic redundancy check)
MD5 (message digest)
SHA-3 (Secure Hash Algorithm)

Belgian electronic medical prescriptions
are based on the e-ID
➢
Doctor is identified with e-ID
➢
Patient is identified with e-ID
➢
Doctor signs the prescription with e-ID
➢
Prescription is stored in national Recip-e database.
➢
Patient can consult prescriptions in patient portal with e-ID
➢
Pharmacist is identified with e-ID
➢
Pharmacist finds the prescription in the Recip-e database
with barcode on the paper version of the prescription.

➢
Encrypted protocols
➢
HTTPS
➢
SFTP
➢
SSH
➢
TOR
➢
VPN
➢
WEP
(Wired Equivalent Protocol. Weak!)
➢
WPA - WPA2
Wi-Fi Protected Access
➢
Non-encrypted protocols
➢
HTTP
➢
FTP
➢
TELNET
➢
BitTorrent

Telegram and Signal
➢
Free Open Source software
➢
End to end encryption
➢
Delete messages everywhere
➢
Self-destruct timer for messages
➢
VOIP
➢
User friendly
➢
For Android, iOS, …

Virtual drive in file container
Encrypted file
container.txt
Mountable as virtual drive
/media/encrypted-disk
/Volumes/encrypted-disk
E:

Virtual Private Networks
extends a private (hospital) network across a public (internet) network
encrypted to protect against network sniffing

Internet use through a VPN provider
Sarah A. Downey, http://www.abine.com/blog/2012/petraeuss-emails-werent-private-and-neither-are-yours/

(Free) VPNs?
➢
VPNs good for
➢
protection against nearby spying and MITM attack
➢
avoiding geoblocking
➢
But you need to trust your VPN provider
➢
The free VPNs might have a business model based on spying on
you.
➢
Don’t install their proprietary apps
➢
The good VPN providers support OpenVPN
➢
Best to install e.g. OpenVPN on your own server.

Firewall
Private versus Demilitarized zone

Task: check http://donttrack.us/

= The Onion Router
Free Open Source software for anonymity network

Edward Snowden:
“Encryption works.
Properly implemented
strong crypto systems
are one of the few
things that you can
rely on. Unfortunately,
endpoint security is so
terrifically weak that
NSA can frequently
find ways around it.”

➢
From the European Parliament investigation into the Echelon system (05/18/2001):
“If security is to be taken seriously, only those operating
systems should be used whose source code has been
published and checked, since only then can it be determined
with certainty what happens to the data.”

➢
Cryptographer, computer security expert Bruce Schneier:
“Secrecy and security aren't the same, even though it may
seem that way. Only bad security relies on secrecy; good
security works even if all the details of it are public."
“If researchers don’t go public, things don’t get fixed.
Companies don't see it as a security problem; they see it as a
PR problem.”
“Demand open source code for anything related to security”

The Borland Interbase example
➢
1992-1994: Borland inserted intentional back door into
Interbase (closed source database server) allowing local or
remote users root access to the machine
➢
07/2000: Borland releases source code (→ Firebird)
➢
12/2000: Back door is discovered

“Our products just aren’t engineered for security.”
Brian Valentine, Microsoft senior vice-president Windows Engineering, 2002

Backups
How would you optimize this backup strategy?
➢
Every night at 4 am, all university computers get a wake
up signal.
➢
The backup server takes over network a complete backup
of every hard disk of every computer.
➢
The backups are stored on a NAS (Network Attached
Storage) with 1000 hard disks.
➢
The backup server and the NAS are located in the data
center of the university (floor level -1).
➢
To save storage space, backups older than a year are
deleted.

Backup
Example: centralized over network

Backups
➢
First time and sometimes: full backup
➢
Most often: only incremental backup
➢
Use a good data retention scheme
➢
e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups
➢
+ Use off-site data protection = vaulting
➢
e.g. remote backup (compression, encryption!)
➢
Use offline backups as protection against ransomware
➢
Reflect about your time for full restore
➢
Test the restore procedure!
➢
“80% of backups fail to restore”

(Cheap) versioning
For important documents
save daily new version as:
thesis20190307.odt
This avoids overwriting backups with corrupt data
See also https://en.wikipedia.org/wiki/ISO_8601

Integrity checkers
➢
Tripwire
➢
Samhain

Uninterruptible Power Supply
UPS
1)Flywheel
2)Diesel generators
3)Batteries (UPS)

Your toilets are better locked
than your electrical switches

DDoS
Distributed Denial of Service

fault tolerance
high availability
redundancy
fail over

RAID: Redundant Array
of Independent Disks

Install software from trusted sources!
(avoid if possible P2P or web downloads)

Apply software updates and upgrades!

If you don’t apply
security fixes fast enough...
➢
Microsoft
➢
Patch Tuesday
➢
Exploit Wednesday

Principle of least privilege
Avoid privilege escalation

Intrusion Detection Systems (IDS)
➢
Fail2ban
➢
Snort
➢
real-time traffic analysis and packet logging
➢
detect probes or attacks
➢
Samhain
➢
Complete integrity check
➢
uses cryptographic checksums of files to detect modifications,
➢
can find rogue SUID executables anywhere on disk
➢
Centralized monitoring
➢
native support for logging to a central server via encrypted and authenticated connections
➢
Tamper resistance
➢
database and configuration files can be signed
➢
log file entries and e-mail reports are signed
➢
support for stealth operation
➢
Honey pots
➢
...

Subscribe to security mailing lists
of the critical software you are using

Assignments
➢
Make a risk analysis and threat modeling of the computer
and data systems at your organization. What are the
weakest and most unsecure parts?
➢
Risk ... probability * potential impact = total risk level
➢
Which actions will you take to increase the security at your
organization?
➢
Why are some operating systems more secure than others?
➢
Compare the security characteristics of the Linux operating
system and Windows

Windows versus Linux security
➢
Windows origin
➢
QDOS (Quick and Dirty Operating System, 1980)
➢
To fit in small 8086 Personal Computer all existing concepts
of security, network, multi-user, … where omitted.
➢
86-DOS
➢
MSDOS
➢
Windows
➢
Linux (1991)
➢
Modeled according to UNIX, with security, network and
multi-user concepts implemented from the beginning.

➢
Windows and its software
➢
Source code mostly secret
➢
Cannot be audited
➢
Microsoft’s self-inflicted curse of binary compatibility:
➢
Major design improvements are hard as Microsoft cannot
modify & recompile proprietary software by others
➢
Linux and its software
➢
Free Open Source
➢
Source code can be audited, bugs and backdoors found
➢
Major design improvements are easier to implement

➢
Windows software
➢
Often (illegal copies) downloaded from web or P2P
➢
No checksum or signature
➢
Often malware. No way to detect it.
➢
Installer = executable
➢
Any malware gets executed with admin privileges
➢
Linux
➢
Software is installed through package manager
➢
Package maintainers of the many distributions often audit code
and compile from source.
➢
Package maintainers sign the packages and provide checksums
➢
Package = compressed archive only unpacked by root

Updates
➢
Windows update manager is only updating Windows
(and other Microsoft software?)
➢
Linux update manager is updating all software installed
through the package manager, which is typically near
100%.

User attitudes towards updates & upgrades
➢
Windows users don’t like updates & upgrades
➢
Windows reboots for updates
➢
System cannot be used during installation of the updates
➢
Users have very little control over updates
➢
Updates often come with more anti-user features
➢
Microsoft forces GUI changes upon upgrades
➢
Users continue with outdated OS when they don’t like GUI of newer version
➢
Linux
➢
Software and kernel(!) updates can be installed without rebooting or
unavailability of the system
➢
Users have total control over updates
➢
User can select the GUI indepentdently from upgrades

Who gets updates
➢
Windows and its software
➢
Sometimes “pirate users” did not get updates
➢
➢
Users are never labeled as “pirates”
➢
Users are not denied updates

➢
Windows
➢
Not modular
➢
Most versions can’t be run without GUI
➢
No strict separation between kernel and GUI, webbrowser,
games, …
➢
Any bug in these can lead to crash or intrusion of the kernel
➢
➢
Modular
➢
GUI is an option
➢
Strict separation between kernel and user space

➢
Windows
➢
Decides if a file is executable based on extension
➢
Read and execute permissions are not distinct
➢
“50+ File Extensions that are Potentially Dangerous on Windows”
➢
Windows hides extensions by default, but only the last one
➢
file.jpg.exe is visible as file.jpg
➢
Mail attachments can infect you with malware
➢
Linux
➢
Decides if a file is executable based on execution bit
➢
Read and execute permissions are distinct
➢
Nobody was stupid enough to write a Linux mail client that sets
the execution permission on attachments.

➢
Windows
➢
Autorun software from CD and USB (until Windows 7)
➢
Linux
➢
Autorun is not default or asks user permission

➢
Windows
➢
Many users work day in day out with an admin account
➢
Linux
➢
Users get a big fat warning when they attempt to login in
the GUI as root
➢
Users get very low privileges
➢
Different crucial applications run on different user
accounts
➢
E.g. Apache web server runs as user www
➢
User www has only (write) access to its own files.

➢
Windows
➢
FAT and NTFS still don’t have the option to create a non-
executable partition?
➢
Linux
➢
/tmp can be set as noexec
➢
This prevents that malware uploaded through e.g.
webserver can be executed.

➢
Windows
➢
Monoculture
➢
Linux
➢
300+ distributions
➢
84+ window managers
➢
Many packaging systems
➢
Many mail clients
➢
The diversity slows down widespread malware infections
as these will not work for all Linux systems.

➢
Windows filesystems
➢
Not much more than FAT and NTFS
➢
Linux
➢
Supports tens of filesystems
➢
Including some high availability oriented ones such as
ZFS.

Matheus effect
➢
Windows
➢
Many users don’t care about security
➢
Linux
➢
Users caring about security will rather use Linux
➢
These users secure their systems more
➢
Linux get more attention by security caring developers

Credits
➢
Password Strength, Creative Commons BY-NC http://xkcd.com/936/
➢
Security, Creative Commons BY-NC http://xkcd.com/538/
➢
Zimmermann Telegram, 1917, no known copyright restrictions
➢
Assymetric and symmetric encryption by Jeremy Stretch,
http://packetlife.net/blog/2010/nov/23/symmetric-asymmetric-encryption-hashing/
➢
Orange blue public key cryptography, Creative Commons CC0 by Bananenfalter
➢
HTTPS SSL Exchange by Robb Perry,
http://coding.smashingmagazine.com/2012/05/17/backpack-algorithms-and-public-key-cryptography-made-easy/
➢
Bitcoin logo, Public Domain by bitboy
➢
Bitcoin Transaction Visual, Creative Commons CC0 by Graingert
➢
Question mark CC-by by Stefan Baudy
➢
GNU Head Joseph W. Reiss Free Art License or the GNU GPLv2

This presentation was made with 100% Free Software
No animals were harmed
Questier.com
Frederik AT Questier.com
www.linkedin.com/in/fquestie
www.diigo.com/user/frederikquestier
www.slideshare.net/Frederik_Questier
T
hank
you!
Q
uestions?

Computer & Data Security

More Related Content

What's hot (20)

Similar to Computer & Data Security (20)

More from Frederik Questier (20)

Recently uploaded (20)

Computer & Data Security