Friday, 15 May 2009

LEARN HOW TO USE YOUR COMPUTER AND SECURE YOUR HOME

ACKNOWLEDGEMENT
I expressed my appreciation and gratitude to all my friends who have been involved in
making this work successful, my regard to Mr. Aneke I.C, the lecturer of this course, who
gave me the privilege of knowing how to write text book and my parents who gave me
financial support. I will not also forget friends Tochukwu (De Prince), Elechi Jude for
their advice but my special thanks goes to Almighty God who gave me life and healthy
up till date because some of my mate have passed away. To God be the Glory.
3
ABSTRACT
Computer security is a branch of technology known as information security as applied to
computer(s). The objective of computer security can include protection of information
from theft or corruption, or the preservation of availability, as defined in the security
policy.
Computer security imposes requirements on computers that are different from most
system requirements because they often take the form of constraints on what computers
are not supposed to do. This makes computer security particularly challenging because it
is hard enough just to make computer programs do everything they are designed to do
correctly. Furthermore, negative requirements are deceptively complicated to satisfy and
require exhaustive testing to verify, which is impractical for most computer programs.
Computer security provides a technical strategy to convert negative requirements to
positive enforceable rules. For this reason, computer security is often more technical and
mathematical than some computer science fields.
Typical approaches to improving computer security (in approximate order of strength)
can include the following:
· Physically limit access to computers to only those who will not compromise security.
· Hardware mechanisms that impose rules on computer programs, thus avoiding depending
on computer programs for computer security.
· Operating system mechanisms that impose rules on programs to avoid trusting computer
programs.
· Programming strategies to make computer programs dependable and resist subversion.
4
Table of content
Abstract …………………………………………………………………… i
Acknowledge ……………………………………………………………… ii
Table of content…………………………………………………………… iii
Chapter 1
1.0 Introduction……………………………………………………………… 1-2
Chapter 2
2.0 Things you ought to know………………………………………………. 2-4
2.1 Information in the clear…………………………………………………. 5
Chapter 3
3.0 Pir – control floodlights………………………………………………… 6-7
3.1 Energy conservation…………………………………………………… 7
3.2 How to use Pir property………………………………………………… 7
3.2 Customized security solution ………………………………………….. 7-9
3.3 Use care when reading e mail with attachment………………………… 9-14
3.4 Now, what can you do………………………………………………….. 14-15
Chapter 4
4.0 Importance of computer in our home…………………………………… 16-17
4.1 Secure operating system ……………………………………………….. 17-19
4.2 Security architecture……………………………………………………. 19
Chapter 5
5.0 Security by design ……………………………………………… …….. 20-21
5.1 Early history of security design………………………………………… 21-22
5.2 Secure coding…………………………………………………………… 22-25
Conclusion………………………………………………………………….. 26
Reference…………………………………………………………………… 27
5
CHAPTER 1
1.0 INTRODUCTION
Your home computer is a popular target for intruders. Why? Because intruders want what
you’ve stored there. They look for credit card numbers, bank account information, and
anything else they can find. By stealing that information, intruders can use your money to buy
themselves goods and services. But it’s not just money-related information they’re after.
Intruders also want your computer’s resources, meaning your hard disk space, your fast
processor, and your Internet connection. They use these resources to attack other computers on
the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement
to figure out where the attack is really coming from. If intruders can’t be found, they can’t be
stopped, and they can’t be prosecuted.
Why are intruders paying attention to home computers? Home computers are typically not
very secure and are easy to break into. When combined with high-speed Internet connections
that are always turned on, intruders can quickly find and then attack home computers. While
intruders also attack home computers connected to the Internet through dial-in connections,
high-speed connections (cable modems and DSL modems) are a favorite target.
No matter how a home computer is connected to the Internet, intruders’ attacks are often
successful. Many home computer owners don’t realize that they need to pay attention to
computer security. In the same way that you are responsible for having insurance when you
drive a car, you need to also be responsible for your home computer’s security. This document
explains how some parts of the Internet work and then describes tasks you can do to improve
the security of your home computer system. The goal is to keep intruders and their programs
off your computer.
How do intruders break into your computer? In some cases, they send you email with a virus.
Reading that email activates the virus, creating an opening that intruders use to enter or access
your computer. In other cases, they take advantage of a flaw or weakness in one of your
computer’s programs – a vulnerability – to gain access.
6
Once they’re on your computer, they often install new programs that let them continue to use
your computer – even after you plug the holes they used to get onto your computer in the first
place. These backdoors are usually cleverly disguised so that they blend in with the other
programs running on your computer.
The next section discusses concepts you need to know, especially trust. The main part of this
document explains the specific issues that need your attention. There are examples of how to
do some of these tasks to secure a Microsoft Windows 2000-based computer. We also provide
checklists you can use to record information about the steps you have taken to secure your
computer. Finally, a glossary defines many of the technical terms used in this document.
Unless otherwise stated in the glossary, the definitions come from the Whether your computer
runs Microsoft® Windows®, Apple’s Mac OS, LINUX, or something else, the issues are the
same and will remain so as new versions of your system are released. The key is to understand
the security-related problems that you need to think about and solve. Before diving into the
tasks you need to do to secure your home computer, let’s first think about the problem by
relating it to something you already know how to do. In this way, you can apply your
experience to this new area.
So, think of your computer as you would your house, your apartment, or your condo. What do
you know about how that living space works, what do you routinely do to keep it secure, and
what have you installed to improve its security? (We’ll use this “computer-is-like-a-house-andthe-
things-in-it” analogy throughout, departing only a few times to make a point.)
For example, you know that if you have a loud conversation, folks outside your space can
probably hear you. You also routinely lock the doors and close the windows when you leave,
and you don’t give the keys to just anyone. Some of you may install a security system to
complement your practices. All of these are part of living in your home. Let’s now apply
similar thinking to your home computer. Email, instant messaging, and most web traffic go
across the Internet in the clear; that is, anyone who can capture that information can read it.
These are things you ought to know. You should always select and use strong passwords and
exercise due care when reading you ought to do. Finally, you can add a firewall, an anti-virus program,
patches, and file encryption to improve the level of security on your home computer, and we’ll call these things
you ought to install. all email, especially the unsolicited variety.
7
CHAPTER2
2.0 THINGS YOU OUGHT TO KNOW
Trust
Human beings are trusting by nature. We trust much of what we hear on the radio, see on
television, and read in the newspaper. We trust the labels on packages. We trust the mail we
receive. We trust our parents, our partner or spouse, and our children. We trust our co-workers.
In fact, those who don’t trust much are thought to be cynical. Their opinions may be all too
quickly ignored or dismissed.
The Internet was built on trust.1 Back in the mid 1960s, computers were very expensive and
slow by today’s standards, but still quite useful. To share the expensive and scarce computers
installed around the country, the U.S. government funded a research project to connect these
computers together so that other researchers could use them remotely. This project was called
the ARPAnet, named after the government research agency – ARPA, the Advanced Research
Projects Agency – that funded and managed the project.
Key to the ARPAnet was the level of trust placed in its users; there was little thought given to
malicious activity. Computers communicated using a straightforward scheme that relied on
everybody playing by the rules. The idea was to make sharing ideas and resources easy and as
efficient as the technology of the day provided. This philosophy of trust colors many of the
practices, procedures, and technologies that are still in place today.
Only within the last few years, when Internet commerce (known as e-commerce) began to
spread, it has become inadequate to rely principally on trust. Since the days of the ARPAnet,
we’ve changed the way we use computer networks while others have changed the underlying
technologies, all in an attempt to improve the security of the Internet and the trust we place on
it.
Let’s dig deeper into two examples of what we trust in our daily lives. When you receive mail
through the post office, many envelopes and the letters in them contain the sender’s address.
8
Have you ever wondered if those addresses were valid; that is, do they match the address of
the person or persons who really sent them? While you could check to see that those addresses
are valid and refer to the person they name, it’s not an easy task.
How would you go about it? Would you call the phone number provided with the letter? That
number could also be invalid, and the person that answers the phone could be as misleading as
the original address. Perhaps you could call directory assistance or the police department that
has jurisdiction over the town where the letter was supposedly from. They might be helpful,
but that is likely to take lots of time. Most people wouldn’t bother.
And it’s not just return addresses either. How about advertisements, news stories, or the
information printed on groceries? Suppose you were on a low-fat diet. You’d want to buy
foods low in fat. To select the right foods, you’d read the product label at the grocery store.
How do you know that the label information is valid? What’s to say it’s not forged? And how
would you know?
The Internet has many of the same issues, and email is one of the best examples. In an email
message, an intruder can easily fabricate where the came from. But this information forging –
called spoofing by intruders and security professionals – is not limited to just email. In fact, the
basic unit of information transferred on the Internet – called a packet – can also be easily
forged or spoofed.
What does this mean and why should you care? It means that any information you receive
from some other computer on the Internet should not be trusted automatically and
unconditionally. When you trust an email message that turns out to have a harmful virus
attached to it, your computer can be infected, your files destroyed, and your work lost. And
that’s why you should care.
This is how the Internet works. It was built on trust. Over time, there have been technological
changes that are worthy of a higher level of our trust than before. Nonetheless, a true sense of
insecurity is better than a false sense of security. So, think about the information you trust. Be
critical and cautious.
9
2.1 INFORMATION IN THE CLEAR
When you have a conversation with someone in your living space, everybody within earshot
can hear the words and probably understand them. If your conversation is especially loud and
your windows open, even passersby can hear. If you want privacy, you and your conversation
partner need to go to another room and close the doors and windows.The Internet works much
the same way, except the room is much, much bigger. When you send email, browse a web
site, or chat online with someone, the conversation between you and that person does not go
directly from your computer to his or her computer. Instead, it goes from your computer to
another computer to still another computer and so on, eventually reaching his or her computer.
Think of all of these computers as an Internet “room.”
Anyone, or, more accurately, any program, in that Internet room that can hear that
conversation can also probably understand it. Why? Because just like the conversation at
home, most Internet conversations are in the clear, meaning that the information exchanged
between computers systems is not concealed or hidden in any way. Again, this is how the
Internet works. You need to know that the information sent across the Internet may be at risk
of others listening in, capturing what you send, and using it for their own benefit. Later, we’ll
talk about encryption as a way to address this problem. Encryption uses mathematics to
conceal information. There are many programs you can install to encrypt the information you
send across the Internet.
10
CHAPTER 3
3.0 PIR-CONTROLLED FLOODLIGHTS
· Illuminate only when the criminal has picked a house and crossed its boundaries. This is
too late and does not deter criminals when it matters most, namely when they are
selecting a house.
· Emit a harsh, intrusive and environmentally unfriendly light that is often a serious
nuisance to neighbors (The Chartered Institute of Environmental Health reports
increasing complaints of nuisance from this type of lighting). Lights where the PIR can
be overridden to be switched on permanently can also cause nuisance.
· Instantly switch on a powerful white light, resulting in a ‘flash factor’ that disturbs
rather than aids human vision. When located near roads, this can be positively
dangerous. Equally, badly adjusted and aimed lights can cause dark shadows due to
their high intensity light.
· Are extremely energy inefficient
· Require regular bulb replacements
· Are easily interfered with unless installed at the recommended height of more than 10'
· Can be so unreliable that they are quickly discredited by householders and neighbours -
common sense suggests that few people will check why a light has activated, assuming
they have seen it activate
· Can increase the fear of crime amongst the most vulnerable by regularly activating for
no apparent reason.
The alternative is to use high efficiency low energy lighting controlled by a photo-electric cell
(dusk to dawn switch). Such low wattage lighting, on permanently during the hours of
darkness, provides a more than adequate level of illumination, is not as harsh and is more
environmentally friendly than tungsten halogen floodlights. A low wattage unit placed out of
easy reach at a height of eight to ten feet could illuminate an average rear garden, helping to
11
create a reassuring environment and hopefully playing its part in deterring the burglar from
selecting that house in the first place. In cost terms, the low wattage ensures that even though
the light is on all night, the cost to run is minimal - no more than a few pound a year.
PIR switched tungsten halogen floodlights can cause problems, and due to some of the issues
highlighted above, may provide little in the way of extra security for a domestic dwelling.
They appear to be popular because many people think that PIR is the “right thing” in security
terms. However, low wattage lighting provides a more constant level of illumination with
fewer shadows. All of this assumes that the area being lit can be overlooked as there would be
little point in lighting an area which cannot be seen, except in practical terms for the
householder.
In conclusion, for security purposes, and from the Secured by Design perspective, the first
choice in security lighting is the low energy photo-electric cell controlled light. Whilst there is
a place for PIR controlled lighting, many domestic versions on sale do not operate well in the
hostile external environment and therefore may not function as well as expected.
3.1 ENERGY CONSERVATION
Energy supply companies have an obligation to contribute energy savings to national targets
over the 3 years to 2005. This may include free or discounted high efficiency low energy light
bulbs and it is therefore worth investigating with supply companies whether or not this is
available in your area. Neighborhoods Watch schemes could be involved to facilitate local
distribution of low energy lights for both internal and external use.
3.2 HOW TO USE PIRS PROPERLY
The Institute of Lighting Engineers have produced an easy-to-understand guide to security
lighting, balancing the pros and cons of both PIR halogen lighting and dusk-to-dawn low
wattage lighting. They also outline how to fit a PIR light to avoid or mitigate some of the
negative factors outlines above.
Protecting you, your loved ones and your home Often we see and hear incidents of burglary
and house fires but dismiss it and assume it won’t happen to us. Unfortunately the harsh reality
12
is that it can happen and we should take preventative actions to minimize the risks.
We understand this and that's why we are the UK's leading home security company, helping to
protect over 250,000 UK family homes (and 160,000 businesses)
across the country.
Whatever size or shape of your home, we offer a range of home
security systems which can be supplied as a set package or tailored
to meet your specific needs; constantly protecting you, your loved
ones and your home from burglary, personal attack, fire, flood and
carbon monoxide poisoning.
Peace of Mind - 24/7 365 days a year. How many times have you ignored a neighbors’ ringing
alarm bell? Unlike conventional alarms, our home security alarms will not be ignored. We
monitor your home 365 days a year, 24 hours a day to act if your alarm is triggered. We even
monitor fire and carbon monoxide detectors and personal alarms; giving you complete peace
of mind. For more details on our monitoring and service levels click here. All our alarms are
installed to the NACOSS gold standards and are monitored via our own security vetted,
professional, UK based alarm receiving centers; giving you full peace of mind.
WHAT IS A MONITORED ALARM?
A monitored alarm is connected via telephone line to an alarm receiving centre (ARC) which
is manned 24 hours a day, 365 days a year. If a monitored alarm is triggered it will alert the
ARC who in turn will contact the emergency services and/or a nominated keyholder.
For a monitored alarm to include emergency services response, it must meet a number of set
industry standards including the NSI NACOSS Gold Scheme.
13
3.3 CUSTOMISED SECURITY SOLUTIONS
Our customized security systems are suitable where there is a need for;
· guidance from a security professional
· larger properties
· pet friendly systems for large pets
· a conservatory needs to be protected
· CCTV and door entry systems
Our customized security solution are designed together with the homeowner following an
security survey and risk assessment of the home to be protected by one of our consultant
3.4 Task 3 - Use Care When Reading Email with Attachments
We’ve all heard stories about people receiving an item in the mail that in some way caused
them harm. We’ve heard of letter bombs and exploding packages, and in 2001, we learned
about Anthrax-laden letters. Although their frequency is low, they do make news.
These unsolicited items are sent to unsuspecting recipients. They may contain a return address,
a provocative envelope, or something else that encourages its receiver to open it. This
technique is called social engineering. Because we are trusting and curious, social engineering
is often effective.
In the case of the Anthrax letters addressed to United States senators, the envelopes contained
a school’s return address as an inducement to open them. What government official wouldn’t
14
want to serve their constituency by reading and responding to a letter supposedly sent by a
class at a school, especially an elementary school? By opening the letter and subsequently
spreading its lethal contents, the recipient complied with the wishes of the sender, a key
foundation of social engineering. In the pre-Anthrax letter days, a mail handler might have
given little thought to the contents of the letter or the validity of the return address. Those days
are behind us. You probably receive lots of mail each day, much of it unsolicited and
containing unfamiliar but plausible return addresses. Some of this mail uses social engineering
to tell you of a contest that you may have won or the details of a product that you might like.
The sender is trying to encourage you to open the letter, read its contents, and interact with
them in some way that is financially beneficial – to them. Even today, many of us open letters
to learn what we’ve won or what fantastic deal awaits us. Since there are few consequences,
there’s no harm in opening them.
Email-borne viruses and worms operate much the same way, except there are consequences,
sometimes significant ones. Malicious email often contains a return address of someone we
know and often has a provocative Subject line. This is social engineering at its finest –
something we want to read from someone we know.
Email viruses and worms are fairly common. If you’ve not received one, chances are you will.
Here are steps you can use to help you decide what to do with every email message with an
attachment that you receive. You should only read a message that passes all of these tests.
1. The Know test: Is the email from someone that you know?
2. The Received test: Have you received email from this sender before?
3. The Expect test: Were you expecting email with an attachment from this sender?
4. The Sense test: Does email from the sender with the contents as described in the
Subject line and the name of the attachment(s) make sense? For example, would
you expect the sender – let’s say your Mother – to send you an email message
with the Subject line “Here you have, ;o)” that contains a message with
attachment – let’s say AnnaKournikova.jpg.vbs? A message like that probably
doesn’t make sense. In fact, it happens to be an instance of the Anna Kournikova
worm, and reading it can damage your system.
15
5. The Virus test: Does this email contain a virus? To determine this, you need to
install and use an anti-virus program. That task is described in Task 1 - Install
and Use Anti-Virus Programs.
You should apply these five tests – KRESV – to every piece of email with an attachment that
you receive. If any test fails, toss that email. If they all pass, then you still need to exercise care
and watch for unexpected results as you read it.
Now, given the KRESV tests, imagine that you want to send email with an attachment to
someone with whom you’ve never corresponded – what should you do? Here’s a set of steps to
follow to begin an email dialogue with someone.
1. Since the recipient doesn’t already Know you, you need to send them an
introductory email. It must not contain an attachment. Basically, you’re
introducing yourself and asking their permission to send email with an
attachment that they may otherwise be suspicious of. Tell them who you are,
what you’d like to do, and ask for permission to continue.
2. This introductory email qualifies as the mail Received from you.
3. Hopefully, they’ll respond; and if they do, honor their wishes. If they choose not
to receive email with an attachment from you, don’t send one. If you never hear
from them, try your introductory email one more time.
4. If they accept your offer to receive email with an attachment, send it off. They
will Know you and will have Received email from you before. They will also
Expect this email with an attachment, so you’ve satisfied the first three
requirements of the KRESV tests.
5. Whatever you send should make Sense to them. Don’t use a provocative Subject
line or any other social engineering practice to encourage them to read your
email.
6. Check the attachments for Viruses. This is again based on having virus-checking
programs, and we’ll discuss that later.
The KRESV tests help you focus on the most important issues when sending and receiving
email with attachments. Use it every time you send email, but be aware that there is no
16
foolproof scheme for working with email, or security in general. You still need to exercise
care. While an anti-virus program alerts you to many viruses that may find their way to your
home computer, there will always be a lag between when a virus is discovered and when antivirus
program vendors provide the new virus signature. This means that you shouldn’t rely
entirely on your anti-virus programs. You must continue to exercise care when reading email.
Let’s return to your living space and our original analogy. Think about your checkbook, your
insurance policies, perhaps your birth certificate or passport, and other important documents
you have at home. Where are they? They’re probably stored in a filing cabinet or a safe, either
of which that can be or is routinely locked. Why do you store these important items in a locked
container?
Without realizing it, you are satisfying one of the three components of information security –
confidentiality. Confidentiality means keeping secrets secret. Only those who are supposed to
see that information should have access to it. You are keeping information sensitive to you and
others away from those who should not be able to get to it, for example a family member or an
intruder. By the way, the other two components of information security are integrity (Has my
information changed?) and availability (Can I get to my information whenever I need it?).
You further protect information confidentiality when you enforce it by using an access control
device, namely the lock on your filing cabinet or safe. This device stands between the
information and those seeking access, and it grants access to all who have the combination, the
key, or whatever tool unlocks the container. When several layers of access control devices are
used (called “defense in depth”) – you might also find that these containers are themselves in
locked rooms. Would-be intruders must pass through several levels of protection before finally
gaining access to the information they seek.
Now, think back to your home computer. The problem is to control access to files and folders.
The access control device here is the access control list or ACL. ACLs define who can perform
actions on a file or folder: reading and writing, for example. ACLs are equivalent to a locked
filing cabinet for paper documents.
Different computer systems provide different types of ACLs. Some have fine-grained controls
while others have virtually none. The key is to use all the controls that are available on your
17
computer.
Frequently, vendors define ACLs that are overly permissive. This satisfies their need to ensure
that access limitations don’t get in the way of using their systems. Your challenge is to tighten
those ACLs so that they properly restrict access to only those who need access. This means
that you need to modify the ACLs from the settings set by the vendor. We’ll talk more about
how to do this shortly.
Returning to the home environment, do you remember a time when adults in your house
wanted to say something to one another in front of their children but in such a way that the
children couldn’t understand what was being said? Perhaps they spelled their message or used
Pig Latin (ig-pay Atin-lay) to conceal the meaning. This worked for a while, until the children
learned to spell or could otherwise understand what was being said. What’s really happening
here?
Very simply, the adults could not control who could hear their conversation. It was
inconvenient or perhaps impossible for them to go to another room where they couldn’t be
heard. They had to talk in a way that only those who knew the concealing scheme could
understand what was being said.
On a computer, when access to information can’t be limited, such for an e-commerce
transaction over the Internet, that information is concealed through a mathematical process
called encryption. Encryption transforms information from one form (readable text) to another
(encrypted text). Its intent is to hide information from those who have neither the
transformation method nor the particulars (the decryption keys) to transform the encrypted text
into readable text. The encrypted text appears to be gibberish and remains so for people who
don’t have the scheme and the keys.
Back on the home front, the children eventually learned how to spell and perhaps also learned
the trick to using Pig Latin. They can now understand the conversations the adults are having.
While they could also understand the conversations held weeks, months, or even years before,
the information in those conversations is no longer important. The encryption scheme –
spelling or Pig Latin – is strong enough to guard the information during its useful lifetime.
18
Computer-based encryption schemes must also withstand the test of time. For example, if a
credit card encryption scheme needs six months of computer time to break, the resulting clear
text credit card number is probably still valid and, therefore, useful to an intruder. In this case,
the encryption scheme isn’t strong enough to guard the information for its entire useful
lifetime. So, to guard paper or computer files, you need to limit who has access to them by
using the access control devices, whether filing cabinets and safes for paper or access control
lists for information on a computer system. For assets whose access cannot be sufficiently
limited, you need to encrypt them strongly enough so that the time it takes to decrypt them is
longer than their useful life.
3.5 NOW, WHAT CAN YOU DO?
First, if more than one person uses your computer, you can adjust the ACLs that control access
to sensitive files and folders. Your goal is to allow the correct type of access to the files and
folders that each user needs, and nothing more. The steps below help you to decide how to
adjust the ACLs for files and folders:
1. The Who test: Who – which users – need access to files besides you?
2. The Access test: What type of access do they need? Read? Write?
3. The Files/Folders test: Which files and folders need special access? Just like
your firewall rules, your general policy should be to limit access to only you
first, and then grant access beyond that where needed.
By applying the WAF tests, you can limit access to sensitive files on your computer to only
those who need it. Setting proper ACLs is not a trivial task. Be prepared to repeat it a few
times until you get it right for the way your computer is used. It’s worth the time spent, but
knows that it may take longer than you expect. For very sensitive files and for files that are on
a laptop, don’t rely solely on file and folder ACLs. You need to go further and use encryption.
Some vendors provide encryption with their systems right from the start. This means that all
you have to do is follow the vendor’s instructions on how to use those features, but be certain
to use them. On systems where encryption is not included, you need to install additional
encryption programs. For encryption programs that you download from the Internet, be sure to
follow the instructions in Task 7 - Use Care When Downloading and Installing Programs.
19
Also follow the instructions in Task 6 - Use Strong Passwords for additional guidance on
passwords required by encryption programs. There are free and commercial encryption
programs, and in most cases, the free versions suffice. However, commercial programs may
provide more features and may keep up better with newer and, therefore, stronger encryption
methods. If you rely on a laptop computer, you should consider purchasing a commercial file
encryption programs.
Whether paper files around your living space or files and folders on your computer, limit
access where you can. On your computer, use encryption programs either when you can’t
restrict access to the extent that you’d like or when you want even more security protecting
your computer files and folders.
20
CHAPTER 4
4.0 IMPORTANCE OF COMPUTER IN OUR HOME
"Everyone uses a computer, but the average user doesn't think of the security involved in
keeping our information safe that's on our network," said Tech. Sgt. Ryan Kohler, 100th
Communications Squadron/100th Air Refueling Wing Information Assurance office
noncommissioned officer in charge. "The (Department of Defense) network is so integrated;
we're very dependent on it and we're constantly trying to keep it secure from malicious viruses
coming onto our network via outside sources, or even the users from inside.
"People bring in thumb drives from their homes that have been plugged into their computer,
which might be infected. They then bring it to their work computer, plugging it in to copy files
over, and end up introducing an infection to the government network," he said.
The current ban on any form of flash media - thumb drives, flash drives or card readers - is
permanent as of now, according to Sergeant Kohler. External portable hard drives are allowed,
but they must be virus-checked before each use.
"If you get a virus or a malicious logic on your thumb drive, you don't know it's even there; if
it gets plugged into a home computer, then straight into the computer at work, it can
automatically install without you doing anything to it.
"It can result in a 'key logger', which starts logging every single keystroke you do - for
example, when you start typing in a Web address, or your user name and password - key
loggers are very dangerous and can send the personal information off to whatever Web site is
requesting it," said the NCOIC.
This is one reason the wing IA office ensures all government computers are up-to-date with
patches, to fix vulnerabilities in software, to check for malicious software, such as the Trojan
Horse or Worm virus.
"Some of the things we also want to highlight are phishing scams, where everyone gets sent emails
telling them to click on a link, or send personal information. This can then be used to
break into your bank account, hotmail or find out whatever personal information you might
have," Sergeant Kohler said.
21
"What we're really concerned about is spear phishing - when an e-mail is targeted more
towards a certain individual, such as fake bank e-mails getting sent out to military members,
telling them there's a problem with their government travel card. In all reality, if and when you
click on a link it takes you to some foreign Web site that might be set up to look like the Air
Force Portal or another government site, encouraging members to enter their information."
Sergeant Kohler stressed that people should be wary, and if anyone receives a hyperlink or
attachment in their government e-mail, it shouldn't be opened unless the e-mail is digitally
signed.
Digital signatures must be used whenever necessary, to confirm the sender's identity to the
recipient. They should be used on all official e-mail, and any e-mail containing a hyperlink,
whether official or not.
"We're asking users to start treating the network in the same way they treat force protection - if
you see someone scaling the fence or asking you to get somebody else on the base, you'd
report it to security forces," Sergeant Kohler said. "We want people to be cautious about
security; virus-check anything that you plug into the computer, such as portable hard drives, or
files that you might get through e-mail. Get to know signs that your computer might be
infected, such as programs running very slowly or information starts being deleted from your
computer, and report it to your unit IA officer."
Hardware mechanisms that protect computers and data
Hardware based or assisted computer security offers an alternative to software-only computer
security. Devices such as dongles may be considered more secure due to the physical access
required in order to be compromised.
While many software based security solutions encrypt the data to prevent data from being
stolen, a malicious program may corrupt the data in order to make it unrecoverable or
unusable. Hardware-based security solutions can prevent read and write access to data and
hence offers very strong protection against tampering
4.1 SECURE OPERATING SYSTEMS
One use of the term computer security refers to technology to implement a secure operating
22
system. Much of this technology is based on science developed in the 1980s and used to
produce what may be some of the most impenetrable operating systems ever. Though still
valid, the technology is in limited use today, primarily because it imposes some changes to
system management and also because it is not widely understood. Such ultra-strong secure
operating systems are based on operating system kernel technology that can guarantee that
certain security policies are absolutely enforced in an operating environment. An example of
such a Computer security policy is the Bell-La Padula model. The strategy is based on a
coupling of special microprocessor hardware features, often involving the memory
management unit, to a special correctly implemented operating system kernel. This forms the
foundation for a secure operating system which, if certain critical parts are designed and
implemented correctly, can ensure the absolute impossibility of penetration by hostile
elements. This capability is enabled because the configuration not only imposes a security
policy, but in theory completely protects itself from corruption. Ordinary operating systems, on
the other hand, lack the features that assure this maximal level of security. The design
methodology to produce such secure systems is precise, deterministic and logical.
Systems designed with such methodology represent the state of the art[clarification needed] of
computer security although products using such security are not widely known. In sharp
contrast to most kinds of software, they meet specifications with verifiable certainty
comparable to specifications for size, weight and power. Secure operating systems designed
this way are used primarily to protect national security information, military secrets, and the
data of international financial institutions. These are very powerful security tools and very few
secure operating systems have been certified at the highest level (Orange Book A-1) to operate
over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF
SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only
on the soundness of the design strategy, but also on the assurance of correctness of the
implementation, and therefore there are degrees of security strength defined for COMPUSEC.
The Common Criteria quantifies security strength of products in terms of two components,
security functionality and assurance level (such as EAL levels), and these are specified in a
Protection Profile for requirements and a Security Target for product descriptions. None of this
ultra-high assurance secures general purpose operating systems have been produced for
decades or certified under the Common Criteria.
23
In USA parlance, the term High Assurance usually suggests the system has the right security
functions that are implemented robustly enough to protect DoD and DoE classified
information. Medium assurance suggests it can protect less valuable information, such as
income tax information. Secure operating systems designed to meet medium robustness levels
of security functionality and assurance have seen wider use within both government and
commercial markets. Medium robust systems may provide the same security functions as high
assurance secure operating systems but do so at a lower assurance level (such as Common
Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security
functions are implemented flawlessly, and therefore less dependable. These systems are found
in use on web servers, guards, database servers, and management hosts and are used not only
to protect the data stored on these systems but also to provide a high level of protection for
network connections and routing services.
4.2 SECURITY ARCHITECTURE
Security Architecture can be defined as the design artifacts that describe how the security
controls (security countermeasures) are positioned, and how they relate to the overall
information technology architecture. These controls serve the purpose to maintain the system's
quality attributes, among them confidentiality, integrity, availability, accountability and
assurance."[1]. In simpler words, security architecture is the plan that shows where security
measures need to be placed. If the plan describes a specific solution then, prior to building
such a plan, one would make a risk analysis. If the plan describes a generic high level design
(reference architecture) then the plan should be based on a threat analysis.
24
CHAPTER 5
5.1 SECURITY BY DESIGN
The technologies of computer security are based on logic. There is no universal standard
notion of what secure behavior is. "Security" is a concept that is unique to each situation.
Security is extraneous to the function of a computer application, rather than ancillary to it, thus
security necessarily imposes restrictions on the application's behavior.
There are several approaches to security in computing, sometimes a combination of
approaches is valid:
1. Trust all the software to abide by a security policy but the software is not trustworthy
(this is computer insecurity).
2. Trust all the software to abide by a security policy and the software is validated as
trustworthy (by tedious branch and path analysis for example).
3. Trust no software but enforce a security policy with mechanisms that are not
trustworthy (again this is computer insecurity).
4. Trust no software but enforce a security policy with trustworthy mechanisms.
Many systems have unintentionally resulted in the first possibility. Since approach two is
expensive and non-deterministic, its use is very limited. Approaches one and three lead to
failure. Because approach number four is often based on hardware mechanisms and avoids
abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of
approaches two and four are often used in a layered architecture with thin layers of two and
thick layers of four.
There are myriad strategies and techniques used to design security systems. There are few, if
any, effective strategies to enhance security after design.
One technique enforces the principle of least privilege to great extent, where an entity has only
the privileges that are needed for its function. That way even if an attacker gains access to one
25
part of the system, fine-grained security ensures that it is just as difficult for them to access the
rest.
Furthermore, by breaking the system up into smaller components, the complexity of individual
components is reduced, opening up the possibility of using techniques such as automated
theorem proving to prove the correctness of crucial software subsystems. This enables a closed
form solution to security that works well when only a single well-characterized property can
be isolated as critical, and that property is also assessable to math. Not surprisingly, it is
impractical for generalized correctness, which probably cannot even be defined, much less
proven. Where formal correctness proofs are not possible, rigorous use of code review and unit
testing represent a best-effort approach to make modules secure.
The design should use "defense in depth", where more than one subsystem needs to be violated
to compromise the integrity of the system and the information it holds. Defense in depth works
when the breaching of one security measure does not provide a platform to facilitate
subverting another. Also, the cascading principle acknowledges that several low hurdles do not
make a high hurdle. So cascading several weak mechanisms does not provide the safety of a
single stronger mechanism.
Subsystems should default to secure settings, and wherever possible should be designed to
"fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering).
Ideally, a secure system should require a deliberate, conscious, knowledgeable and free
decision on the part of legitimate authorities in order to make it insecure.
In addition, security should not be an all or nothing issue. The designers and operators of
systems should assume that security breaches are inevitable. Full audit trails should be kept of
system activity, so that when a security breach occurs, the mechanism and extent of the breach
can be determined. Storing audit trails remotely, where they can only be appended to, can keep
intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are
found the "window of vulnerability" is kept as short as possible
5.1 EARLY HISTORY OF SECURITY BY DESIGN
26
The early Multics operating system was notable for its early emphasis on computer security by
design, and Multics was possibly the very first operating system to be designed as a secure
system from the ground up. In spite of this, Multics' security was broken, not once, but
repeatedly. The strategy was known as 'penetrate and test' and has become widely known as a
non-terminating process that fails to produce computer security. This led to further work on
computer security that prefigured modern security engineering techniques producing closed
form processes that terminate.
5.2 SECURE CODING
If the operating environment is not based on a secure operating system capable of maintaining
a domain for its own execution, and capable of protecting application code from malicious
subversion, and capable of protecting the system from subverted code, then high degrees of
security are understandably not possible. While such secure operating systems are possible and
have been implemented, most commercial systems fall in a 'low security' category because
they rely on features not supported by secure operating systems (like portability, et al.). In low
security operating environments, applications must be relied on to participate in their own
protection. There are 'best effort' secure coding practices that can be followed to make an
application more resistant to malicious subversion.
In commercial environments, the majority of software subversion vulnerabilities result from a
few known kinds of coding defects. Common software defects include buffer overflows,
format string vulnerabilities, integer overflow, and code/command injection.
Some common languages such as C and C++ are vulnerable to all of these defects (see
Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to
some of these defects, but are still prone to code/command injection and other software defects
which facilitate subversion.
Recently another bad coding practice has come under scrutiny; dangling pointers. The first
known exploit for this particular problem was presented in July 2007. Before this publication
the problem was known If one of your appliances broke, you’d probably try to have it repaired.
You’d call a repairperson that you hope could do the job. You’d get an estimate and then
27
you’d either get it fixed or replace it. Your goal is to somehow restore the functions that the
appliance provides.
What do you do when a software “appliance” – a program – or the operating system itself
breaks? How do you restore the functions that they provide? Do you know whom to call or
even where to look to determine what to do next?
Most vendors provide patches that are supposed to fix bugs in their products. Frequently these
patches do what they’re supposed to do. However, sometimes a patch fixes one problem but
causes another. For example, did you ever have a repairperson fix an appliance but in the
process, they scratched the floor or damaged a countertop during their visit? For a computer,
the repair cycle might have to be repeated until a patch completely fixes a problem.
Vendors often provide free patches on their web sites. When you purchase programs, it’s a
good idea to see if and how the vendor supplies patches, and if and how they provide a way to
ask questions about their products. Just as appliance vendors often sell extended warranties for
their products, some software vendors may also sell support for theirs.
Have you ever received a recall notice for your car or another product you’ve purchased?
Vendors send these notices to product owners when a safety-related problem has been
discovered. Registering your purchase through the warranty card gives the vendor the
information they need to contact you if there is a recall.
Program vendors also provide a recall-like service. You can receive patch notices through
email by subscribing to mailing lists operated by the programs’ vendors. Through this type of
service, you can learn about problems with your computer even before you discover them and,
hopefully, before intruders have the chance to exploit them. Consult the vendor’s web site to
see how to get email notices about patches as soon as they’re available.
Some vendors have gone beyond mailing lists. They provide programs bundled with their
systems that automatically contact their web sites looking for patches specifically for your
home computer. These automatic updates tell you when patches are available, download them,
and even install them. You can tailor the update features to do only want you want, such as just
28
telling you something new is waiting but doing nothing more.
While the patching process is getting easier, even to the point where it can be completely
automated, it is not yet foolproof. In some cases, installing a patch can cause another
seemingly unrelated program to break. The challenge is to do as much homework as you can to
learn what a patch is supposed to do and what problems it might cause once you’ve installed it.
This is a hard job. Often, the vendors don’t tell you about problems their patches can cause.
Why? Because it is simply impossible to test all possible programs with all possible patches to
discover unexpected side effects. Imagine doing that job and then continuing to do that for
each new program and patch that comes along. Vendors rely on their customers to tell them
when something unexpected happens once a patch is installed. So, if this happens to you, let
them know.
Imagine then that you’ve either found a patch on the vendor’s site or you’ve received notice
that a patch is available. What do you do next? Follow the steps below to evaluate a patch
before you install it:
1. The Affected test: Does this patch affect one of the programs on your computer?
If it doesn’t affect your computer, you’re done. Whew!
2. The Break test: Can you tell from the vendor’s web site or the patch’s
description if installing it breaks something else that you care about? If
installation does break something, then you have to decide how to proceed. Try
notifying the vendor of the program that might break to learn what their strategy
is for addressing this problem. Also, use your web browser to learn if anyone
else has experienced this problem and what he or she did about it.
3. The Undo test: Can you undo the patch? That is, can you restore your computer
to the way it was before you installed the patch? Currently, vendors are building
most patches with an uninstall feature that enables you to remove a patch that
has unwanted consequences. In addition, some computers also come with
features that help you restore them to a previously known and working state
should there be a problem. You need to know what your computer provides so
that you can undo a patch if necessary.
29
Recall from the Introduction that intruders exploit vulnerabilities to gain access to home
computers. How do intruders find out about these vulnerabilities? In many cases, they read the
same vendor mailing lists and use the same automatic notification schemes that you use. This
means that you need to evaluate and install patches on your home computer as soon as they’re
available. The longer vulnerability is known, the greater the chances are that an intruder will
find it on your home computer and exploit it. With the ABU tests, you can quickly evaluate
and install patches to keep intruders off your home computer.
One last thing: patches are usually distributed as programs. This means that you need to use
the DCAL steps described in Task 7 - Use Care When Downloading and Installing Programs
before loading and installing a patch. Intruders often take advantage of vulnerabilities
wherever they may be. In many cases, the vulnerabilities they exploit may have patches, but
those patches were not installed. For your home computer, make time to keep your programs
patched wherever possible. If you can’t patch a program, shop around for an equivalent
program and use it until the original program is fixed or you’ve abandoned it in favor of
something more reliable.
You can spend money on maintenance where you get patches for programs, but that’s usually
not necessary. Since most vendors provide free patches, mailing lists, and automatic updates,
keeping your computer patched usually only costs you time.
30
CONCLUSION
Growing up, you learn many of the things you need to know about how to operate and care for
a car by sitting in the back seat while adults drive and care for their vehicles. Similarly, you
learn many of the things you need to know about how to care for and maintain a home by
watching what is done to the one where you live. It is a slow, gradual process, so slow in fact
you are probably unaware that you are learning the skills you need to do these same jobs
yourself. You don’t have that same luxury of time to learn how to care for and operate your
home computer. When you attach it to the Internet for the first time, it instantly becomes a
target for intruders. You need to be ready right from the start. As you grow up, you also learn
that you need to spend time and money to repair and replace those things around your living
space and your car that need your attention. You learn that you have to spend more time and
more money to tailor them to meet your needs and to keep you and others safe during their use.
You accept these responsibilities and their costs as part of the total cost of ownership of that
car and living space.
Your home computer is much the same. There is the initial money that you pay to purchase
that system. Then there are additional costs to tailor it and to keep you and the others who use
your system safe. These additional costs are also your responsibility, and they are part of the
total cost of ownership of your home computer. This document helps you think about the
problems you face when you have a home computer and gives you advice on how to address
these problems. By taking the time to read this document, you know more about securing your
home computer and the extra costs required to do this job. Do the tasks described here and
share this document with your friends. We all benefit from a more secure Internet.
31