Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Module (4 1,2) 2015 2016

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 29

Introduction

• Two fundamental concepts in computer and information security are the


security model, which outlines how security is to be implemented—in other
words, providing a “blueprint”—and the architecture of a computer system,
which fulfills this blueprint.
• A security policy outlines how data is accessed, what level of security is
required, and what actions should be taken when these requirements are not
met.
• A security model is a statement that outlines the requirements necessary to
properly support and implement a certain security Policy. A security model
provides a deeper explanation of how a computer operating system should
be developed to properly support a specific security policy.

• There are many aspects of a system that can be secured, and security can
happen at various levels and to varying degrees.
• We have stated in previous chapters that information security is made up of
the following main attributes:

 Availability Prevention of loss of access to resources and data


 Integrity Prevention of unauthorized modification of data
 Confidentiality Prevention of unauthorized disclosure of data

• Security is best if it is designed and built into the foundation of operating


systems and applications and not added on as an afterthought.

System Architecture

• Designing a system from the ground up is a complicated task and has many
intricate and abstract goals that have to be achieved through mathematics,
logic, design, programming code, and implementation.
• There are fundamental design decisions that need to be made when
constructing a system.
• Availability, integrity, and confidentiality can be enforced at different places
within an enterprise.

For example, a company may store customer credit card information in a database
that many users can access. This information, obviously, requires protection to
ensure that it is not accessed or modified in an unauthorized manner. We start with
general questions and gradually drill down into the details.
The first and most general question is “Where should the protection take place: at
the user’s end, where the data is stored, or by restricting user activities within the
environment?”

• Once these general questions have been answered, the placement of the
mechanisms needs to be addressed.
• Security mechanisms can be placed at the hardware, kernel, operating
system, services, or program layers. At which layer(s) should security
mechanisms be implemented? If protection is implemented at the hardware
layer, the protection mechanisms will be more simplistic and provide broad
and general protection. As we ascend up the layers, more complexity is
added, and functionality becomes more specific and granular.

• The top layer holds the most complexity because it is directed toward
providing the user with a vast amount of functionality and options.
• Functionality and complexity of security increases as it approaches the
layers that are closer to the user. The increased complexity lowers the
assurance levels of the security mechanisms.
• The more complex a security mechanism becomes, the less assurance it
provides. This is because the complexity of the mechanism demands more
technical understanding from the individuals who install, test, maintain, and
use it. The more complex the tools, the more chances there are for errors,
and therefore increased chances for security compromises.
• The more complex the security mechanism, the harder it is to fully test it
under all possible conditions.
• On the other hand, simplistic mechanisms cannot provide the desired
richness of functionality and options, although they are easier to install,
maintain, use, and test. So the tradeoffs between functionality and assurance
need to be fully understood.
• Once the designers have an idea of what the security mechanisms should
focus on (users, operations, or data), what layer(s) the mechanisms should be
placed at (hardware, kernel, operating system, services, or program), and the
complexity of each mechanism, the mechanisms need to be built and
integrated in a way to have a proper relationship with other parts of the
system.
• The first step is to decide what system mechanisms need to be trusted and
specify how these entities can interact in a secure manner. Although it might
seem that you would want to trust all the components within the system, this
would cause too much overhead, complexity, and performance bottlenecks.
• For a mechanism to be trusted, it means that it protects itself and the data it
is processing, it performs in predictable and secure manners, and it does not
adversely affect other trusted or untrusted mechanisms. In return, these
trusted components have access to more privileged services, have direct
access to memory,usually have higher priority when requesting CPU
processing time, and have more control over system resources.

• So the trusted subjects and objects need to be identified and distinguished


from the untrusted ones and placed into defined subsets

Defined Subset of Subjects and Objects

Subjects are active (e.g., users / programs)

Objects are passive (e.g., files)

• As stated previously, not all components need to be trusted and therefore do


not fall within the trusted computing base (TCB).
• The TCB is defined as the total combination of protection mechanisms
within a computer system.
• The TCB includes hardware, software, and firmware. These are part of the
TCB because the system is sure that these components will enforce the
security policy and not violate it.

• The components that do fall under the TCB need to be identified and their
accepted capabilities defined.
• For example, a system that has a lower trust level rating may permit all
authenticated users to access and modify all files on the computer. This
subset of subjects and objects is large and the relationship between them is
loose and relaxed. A system with a much higher trust level rating may permit
only two subjects to access all files on a computer system, and only one of
those subjects can actually modify all the files. This subset is much smaller
and the rules being enforced are more stringent and detailed.
• Again, it depends upon what type of system the developers are aiming at
building.

Security Perimeter As stated previously, not every component and resource falls
within the TCB, so some resources fall outside of this imaginary boundary referred
to as the security perimeter.
• A perimeter is a boundary that divides the trusted from the untrusted.
• For the system to stay in a secure and trusted state when a component
within the TCB needs to communicate with a component outside of the
TCB, precise communication standards must be developed to ensure that
this type of communication cannot bring on unexpected security
compromises. This type of communication is handled and controlled through
interfaces.

Reference Monitor and Security Kernel

• The reference monitor is an abstract machine, which mediates all access


subjects have to objects to ensure that the subjects have the necessary access
rights and to protect the objects from unauthorized access and destructive
modification.
• The security kernel is made up of mechanisms that fall within the TCB and
implements and enforces the reference monitor concept. The security kernel
is made up of hardware, firmware, and software components that mediate all
access and functions between subjects and objects. The security kernel is the
core of the TCB and is the most commonly used approach to building trusted
computing Systems.

Domains

• A domain is defined as a set of objects that a subject is able to access. This


domain can be all the resources a user can access, all the files available to a
program, the memory segments available to a process, or the services and
processes available to an application.

A subject needs to be able to access and use objects (resources) to perform tasks,
and the domain defines which objects are available to the subject and which
objects are untouchable and therefore unusable by the subject.

• These domains have to be identified, separated, and strictly enforced. An OS


may work in a privileged mode and a user mode. The reason to even use
these two different modes is to define two different domains. The privileged
mode has a much larger domain to work with (or more resources to access);
thus, it can provide much more functionality. When an operating system
works in privileged mode, it can physically access memory modules,
transfer data from an unprotected domain to a protected domain, and directly
access and communicate with hardware devices.
Resource Isolation

• To properly enforce access control, auditing, and determining what subjects


and objects reside in specific domains, each resource has to be clearly
separated from one another.
• This modularity requirement enables each subject and object to be identified
uniquely, permissions and rights to be assigned independently,
accountability to be enforceable, and intricate activities to be tracked
precisely.
• The subjects, objects, and protection controls need to be clearly isolated
from each other, and the isolation methods and enforcement are a
requirement of the architecture of a system and its security model.

Security Policy

• A security policy is a document that expresses clearly and concisely what the
protection mechanisms are to achieve. Its a statement of the security we
expect the system to enforce.
• A security model is a specification of a security policy:

it describes the entities governed by the policy,

it states the rules that constitute the policy.

• There are various types of security models:


I. Models can capture policies for confidentiality (Bell-LaPadula) or for
integrity (Biba, Clark-Wilson).
II. Some models apply to environments with static policies (Bell-
LaPadula), others consider dynamic changes of access rights (Chinese
Wall).
III. Security models can be informal (Clark-Wilson), semi-formal, or
formal (Bell-LaPadula, Harrison-Ruzzo-Ullman).
Information Security Models

Background

• Many sensitive tasks are done through web


– Online banking, online shopping
– Database access
– System administration
– Web applications and web users are targets of many attacks
– Cross site scripting
– SQL injection
– Cross site request forgery
– Information leakage
– Session hijacking

Web Browser and Network


request
Browser We
reply b
OS site
Hardware Network

Browser sends requests


Web site sends response pages, which may include code
Interaction susceptible to network attacks
CS526 Fall 2011/Topic 8
Web Security Issues

• Secure communications between client & server


– HTTPS (HTTP over SSL)
• User authentication & session management
– Cookies & other methods
• Active contents from different websites
– Protecting resources maintained by browsers
• Web application security
• Web site authentication (e.g., anti-phishing)
• Privacy concerns

HTTP: HyperText Transfer Protocol

• Browser sends HTTP requests to the server


– Methods: GET, POST, HEAD, …
– GET: to retrieve a resource (html, image, script, css,…)
– POST: to submit a form (login, register, …)
– HEAD
• Server replies with a HTTP response
• Stateless request/response protocol
– Each request is independent of previous requests
– Statelessness has a significant impact on design and
implementation of applications
Use Cookies to Store State Info

Cookies
ABrowser
cookie is aform
Enters name/value
data pair
Server
created by a website
Response + cookies to store
information
Requeston
Browser + your computer
cookies Server
Returns data
Http
CS526is stateless protocol;
Fall 2011/Topic 8 cookies add state
Cookies Fields

• An example cookie
– Name session-token
– Content "s7yZiOvFm4YymG….”
– Domain .amazon.com
– Path /
– Send For Any type of connection
– Expires Monday, September 08, 2031 7:19:41 PM
• Stored by the browser
• Used by the web applications
– used for authenticating, tracking, and maintaining specific
information about users
• e.g., site preferences, contents of shopping carts
– data may be sensitive
– may be used to gather information about specific users
– Cookie ownership
– Once a cookie is saved on your computer, only the website
that created the cookie can read it

Web Authentication via Cookies

• HTTP is stateless
– How does the server recognize a user who has signed in?
– Servers can use cookies to store state on client
– After client successfully authenticates, server computes an
authenticator and gives it to browser in a cookie
• Client cannot forge authenticator on his own (session
id)
– With each request, browser presents the cookie
– Server verifies the authenticator

Components of an Information System

• Information System (IS) is entire set of software, hardware, data,


people, procedures, and networks necessary to use information as a
resource in the organization

Securing Components

• Computer can be subject of an attack and/or the object of an attack


– When the subject of an attack, computer is used as an active
Figure 1-5 –
tool to conduct attack
– When the object of an attack, computer is the entity being

Subject and
attacked

Object of
Attack
The Systems Development Life Cycle

• Systems development life cycle (SDLC) is methodology and


design for implementation of information security within an
organization
• Methodology is formal approach to problem-solving based on
structured sequence of procedures
• Using a methodology
– ensures a rigorous process
– avoids missing steps
• Goal is creating a comprehensive security posture/program
• Traditional SDLC consists of six general phases

Investigation

• What problem is the system being developed to solve?


• Objectives, constraints and scope of project are specified
• Preliminary cost-benefit analysis is developed
• At the end, feasibility analysis is performed to assesses economic,
technical, and behavioral feasibilities of the process
Analysis

• Consists of assessments of the organization, status of current


systems, and capability to support proposed systems
• Analysts determine what new system is expected to do and how it
will interact with existing systems
• Ends with documentation of findings and update of feasibility
analysis

Logical Design

• Main factor is business need; applications capable of providing


needed services are selected
• Data support and structures capable of providing the needed inputs
are identified
• Technologies to implement physical solution are determined
• Feasibility analysis performed at the end

Physical Design

• Technologies to support the alternatives identified and evaluated in


the logical design are selected
• Components evaluated on make-or-buy decision
• Feasibility analysis performed; entire solution presented to end-
user representatives for approval

Implementation

• Needed software created; components ordered, received,


assembled, and tested
• Users trained and documentation created
• Feasibility analysis prepared; users presented with system for
performance review and acceptance test

Maintenance and Change


• Consists of tasks necessary to support and modify system for
remainder of its useful life
• Life cycle continues until the process begins again from the
investigation phase
• When current system can no longer support the organization’s
mission, a new project is implemented

Desktop Security

A personal computer is anything but personal.

Your network and Internet connections link your computer to the outside
world and the outside world back to your computer. With the
proliferation of viruses, worms, Trojans, and identity theft, it's possible
that someone besides you is looking at your data. In this environment,
it's necessary for all members of the University community to be
proactive in protecting the data and personal information stored on
computers on the University network. The links below describe desktop
security measures designed to thwart Internet predators.

• Practice good physical security.


• Use update-to-date antivirus software.
• Use a locked screensaver.
• Use a firewall and follow the Firewall Guidelines.
• Set up separate user accounts for desktop sharing.
• Disable filesharing.
• Remove all spyware from your machine.

E-mail Security
• E-mail is one of the most widely used network services
– killer application of the Internet
• Normally message contents not secured
– Can be read/modified either in transit or at destination by the
attacker
• E-mail service is like postcard service
– just pick it and read it

Email Security Enhancements

– confidentiality protection from disclosure


– authentication of sender of message
– message integrity protection from modification
– non-repudiation of origin protection from denial by sender

How does Secure Email work?

• Long answer
That’s another talk entirely.
• Short answer
Secure email uses a set cryptographic tools to encapsulate a
message into a specially
formatted envelope.

Encryption

• Think CryptoQuip
• Means of hiding a message through
substitution or rearranging letters
• Requires a “key” to unlock the original
message

Digital Signatures
• A string of characters that uniquely identifies
• the signer of an electronic message.
Recipients are able to
• Verify message was from purported sender
• Verify message was not modified in transit
• Sender cannot deny being originator of message
Most popular secure email standards
• S/MIME
• OpenPGP
How are these different?
• Similar services
• Different trust models

S/MIME(secure/multipurpose internet mail extension)

There are two ways to encrypt or sign messages. The first one is
using S/MIME, a very similar method to SSL connections. The way
this works is with a digital certificate that is issued to you by a
trusted authority. The actual protocol is derived from the PKCS #7
data format, and most email clients support S/MIME. Once you get
a certificate, many of which are free from firms like Comodo or
InstantSSL, you download a file ending with a .p7s extension and
you add it to your e-mail application. Then, you gain the ability to
sign messages to prove that they come from you, at which point the
recipient will receive a message with an attachment. This
attachment is your signature and can be read by any email reader
which supports S/MIME.

This whole process is typically fairly straight forward and makes


S/MIME the most transparent way to get started with email
encryption. When you go to one of the Certificate Authorities (CA)
you can download the certificate directly from the site, add it to your
email software, and start using it right away.
PGP(pretty good privacy)

It is a data encryption and decryption computer program that


provide cryptographic privacy and authentication for data
communication .PGP is often used for signing, encrypting and
decrypting texts, e-mails, files, directories, and whole disk partitions
and to increase the security of e-mails communication.

Confidentiality

PGP can be used to send messages confidentially. For this, PGP


combines symmetric-key encryption and public –key encryption .
The message is encrypted using symmetric encryption
algorithm ,which requires a symmetric key. each symmetric key is
used only once and is also called a session key. The message and its
session key are sent to the receiver. the session key must be sent to
the receiver so they know how to decrypt the message, but to protect
it during transmission, It is encrypted with the receiver’s public key.
only the private key belonging to the receiver can decrypt the
session key.

Digital Signature
PGP supports message authentication and integrity checking.the
latter is used to detect whether a message has been altered since it
was completed and former to determine whether it was actually sent
by the person .Because the content is encrypted ,any change in the
message will result in failure of the decryption with the appropriate
key. The sender uses PGP to create a digital signature for the
message with either the RSA or DSA algorithms.

What Is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an


encrypted link between a server and a client—typically a web server (website) and
a browser; or a mail server and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security
numbers, and login credentials to be transmitted securely. Normally, data sent
between browsers and web servers is sent in plain text—leaving you vulnerable to
eavesdropping. If an attacker is able to intercept all data being sent between a
browser and a web server they can see and use that information.
What is an SSL Certificate and How Does it Work?

SSL Certificates have a key pair: a public and a private key. These keys work
together to establish an encrypted connection. The certificate also contains what is
called the “subject,” which is the identity of the certificate/website owner. To get a
certificate, you must create a Certificate Signing Request (CSR) on your server.
This process creates a private key and public key on your server. The CSR data file
that you send to the SSL Certificate issuer (called a Certificate Authority or CA)
contains the public key. The CA uses the CSR data file to create a data structure to
match your private key without compromising the key itself. The CA never sees
the private key. Once you receive the SSL Certificate, you install it on your server.
You also install an intermediate certificate that establishes the credibility of your
SSL Certificate by tying it to your CA’s root certificate. The instructions for
installing and testing your certificate will be different depending on your server.

How Does the SSL Certificate Create a Secure Connection?

When a browser attempts to access a website that is secured by SSL, the browser
and the web server establish an SSL connection using a process called an “SSL
Handshake” (see diagram below). Note that the SSL Handshake is invisible to the
user and happens instantaneously.

Essentially, three keys are used to set up the SSL connection: the public, private,
and session keys. Anything encrypted with the public key can only be decrypted
with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of
processing power, they are only used during the SSL Handshake to create a
symmetric session key. After the secure connection is made, the session key is
used to encrypt all transmitted data.

1. Browser connects to a web server (website) secured with SSL (https).


Browser requests that the server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs and that the
certificate is unexpired, unrevoked, and that its common name is valid for
the website that it is connecting to. If the browser trusts the certificate, it
creates, encrypts, and sends back a symmetric session key using the server’s
public key.
4. Server decrypts the symmetric session key using its private key and sends
back an acknowledgement encrypted with the session key to start the
encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.

Secure Electronic Transaction (SET)

• Developed by Visa and MasterCard


• Designed to protect credit card transactions
• Confidentiality: all messages encrypted
• Trust: all parties must have digital certificates
• Privacy: information made available only when and where
necessary
SET Transactions

Here's how SET works:

Assume that a customer has a SET-enabled browser such as Netscape or


Microsoft's Internet Explorer and that the transaction provider (bank,
store, etc.) has a SET-enabled server.

1. The customer opens a Mastercard or Visa bank account. Any


issuer of a credit card is some kind of bank.
2. The customer receives a digital certificate. This electronic file
functions as a credit card for online purchases or other
transactions. It includes a public key with an expiration date. It has
been through a digital switch to the bank to ensure its validity.
3. Third-party merchants also receive certificates from the bank.
These certificates include the merchant's public key and the bank's
public key.
4. The customer places an order over a Web page, by phone, or some
other means.
5. The customer's browser receives and confirms from the merchant's
certificate that the merchant is valid.
6. The browser sends the order information. This message is
encrypted with the merchant's public key, the payment
information, which is encrypted with the bank's public key (which
can't be read by the merchant), and information that ensures the
payment can only be used with this particular order.
7. The merchant verifies the customer by checking the digital
signature on the customer's certificate. This may be done by
referring the certificate to the bank or to a third-party verifier.
8. The merchant sends the order message along to the bank. This
includes the bank's public key, the customer's payment information
(which the merchant can't decode), and the merchant's certificate.
9. The bank verifies the merchant and the message. The bank uses the
digital signature on the certificate with the message and verifies the
payment part of the message.
10. The bank digitally signs and sends authorization to the
merchant, who can then fill the order

Web Authentication

Web authentication enables data security, identity theft protection and a


secure user experience. The strength of an organization’s Web
authentication method should match the value of the information and
resources opened for access.
Entrust delivers a variety of Web authentication methods for varying
security and user requirements:

 Strong Authentication: Entrust IdentityGuard


 Single Sign On (SSO): Entrust GetAccess
 Encryption & Authentication for Internet Applications: Entrust
TruePass
 Web Site Authentication: Entrust Advantage SSL Certificates
and Entrust Extended Validation SSL Certificates

Strong Authentication Platform

Entrust IdentityGuard enables organizations to layer security —


according to access requirements or the risk of a given transaction —
across diverse users and applications. The solution provides broad
support for a variety of authentication levels and methods, giving an
organization the flexibility to choose the combination that provides the
right level of security while taking into consideration the cost and impact
on the user experience. Entrust IdentityGuard is an excellent choice for
either enterprise authentication or organizations looking for a cost-
effective method to authenticate a consumer audience.

PKI (public key infrastructure) for Strong Web Authentication

The Entrust TruePass solution makes it possible to check the identity of


individuals that are visiting and using a Web portal using a digital
certificate. Supporting a broad range of authentication methods,
including tokens and smart cards, the Entrust TruePass solution makes it
possible to achieve a positive identification of users connecting to an
organization’s Web portal.

Managing Access with Web Authentication


The Entrust GetAccess server centrally manages access to multiple
applications through a single Internet portal, providing users with single
sign-on web authentication to applications and content they are
authorized to see.

SSL (secure socket layer)Certificates for Web Authentication

Entrust Advantage and Extended Validation SSL certificates establish


trusted, secure connections between an organization’s Web site and its
visitor. Affordable and easy to manage, Entrust SSL digital certificates
are a necessary tool to help protect your customers from online fraud,
phishing or man-in-the-middle (MITM) attacks. Entrust SSL digital
certificates help you increase confidence in your Web site. Our SSL
certificates offer up to 256-bit encryption and our officially recognized
by more than 99.6 percent of all browsers in use today.

Problem:
1) Phishing: In this problem ,attackers set up the fake website,which
look like real websites.It is quite simple to do so,since creating
web pages involves relatively simple technologies such as
HTML,javascript ,CSS(cascading style sheets),etc.

HTTP Authentication
• Protect web content from those who don’t have a “need to know”
• Require users to authenticate using a userid/password before they
are allowed access to certain URLs
• HTTP/1.1 requires that when a user makes a request for a protected
resource the server responds with a authentication request header
– WWW-Authenticate
• contains enough pertinent information to carry out a
“challenge-response” session between the user and the
server

Client requests a protected


resource

Client
Web
Server responds with a 401 (not Server
authorized and a challenge request
for the client to authenticate

Client Response
– Well established clients like Firefox, Internet Explorer ….
will respond to the challenge request (WWW-Authenticate)
by presenting the user with a small pop-up window with data
entry fields for
– userid ,password ,a Submit button and a Cancel button
• entering a valid userid and password will post the data to the
server, the server will attempt authentication and if authenticated
will serve the originally requested resource.
Database Security and Privacy
Databases
• Collection of
– interrelated data and
– set of programs to access the data
• Convenient and efficient processing of data
• Database Application Software

Database Security
• Protect Sensitive Data from
– Unauthorized disclosure
– Unauthorized modification
– Denial of service attacks
• Security Controls
– Security Policy
– Access control models
– Integrity protection
– Privacy problems
– Fault tolerance and recovery
– Auditing and intrusion detection
Protection of Data Confidentiality
• Access control – which data users can access
• Information flow control – what users can do with the accessed
data
• Data Mining

The two main issues with database privacy are the actual security of the database
itself and the legal and ethical implications of what can/should be stored on the
databases in the first place. Also there should be a consideration of the intrinsic
ethical duty placed on database security professionals to secure a database system.

How Database Information is Leaked

 SQL Injection - One of the best known database exploits around, SQL
injection involves sending unexpected data to a webserver which interacts
with a database. The data may be sent through a few methods, but is always
specially formed, containing SQL statements which can compromise any
unprotected data source. Data is generally passed through either the address
or through form variables.
o Browser Method: When data is passed through the address to a page
which interacts with a database, the data is passed in the form of
variables appended to the end of the address. For example
"www.cnn.com?id=1234" would pass 1234 as data to cnn.com If this
data is directly used in a database command, one could alter 1234 in a
specific way as to introduce a SQL command to be executed by the
database. This ability could give the attacker a powerful tool to
compromise data and accounts of an unprotected database. The users
ability to change the address variables at will makes this an extremely
easy database leak anyone can exploit
o Form Method: Forms take data on one page and pass that data directly
to another page for processing, usually with a backend database
involved. The ease of the user’s ability to modify address variables is
prevented since the form data, if passed properly, is hidden from the
user. Since the transfer is hidden, sites will believe they have
satisfactorily sanitized user input by enforcing rules (digits only for
certain fields, length limits) with client side JavaScript. This is
supposed to prevent users from entering SQL statements disguised as
bad input, but a savvy user could download the source of the file and
modify the data subverting any JavaScript. Entering erroneous SQL
statements such as '; drop table users --could compromise an entire
database and its users.
 Preventing SQL Injection
o Syntax Checking: The trick of any SQL injection attack is the user’s
ability to insert malicious statements into invalidated user input. To
protect against this problem users must sanitize input collected from
the user on the server side. The types of sanitation that must be
performed is the removal of any semicolons or back tick marks since
these are the stronghold of the syntax required for a proper SQL
injection.
o While checking syntax is good, the best prevention of SQL injection
is the use of something called a prepared statement. When using
prepared statements, also known as stored procedures, every
interaction with a database is prewritten allowing only enough rights
as are required for any given command. Thus when an unexpected,
powerful command is run there are not enough rights allocated for the
malicious command under the ruse of a stored procedure to be
properly executed even if it is properly inserted.

Database Security

When a carder by the handle "Maxus" broke into CD Universe's database


records and gained access to over 250,000 credit card numbers from
customers (link), the first thing everyone wanted to know was HOW. A
single lapse in database security can doom an e-company to almost
immediate failure and yet it seems we hear about events such as this
happening all the time.

Database Security is integral in keeping our information private, regardless


of who is maintaining the database itself. By far the most common break in
security is the presence of plain-text log and/or data files on public web
servers. The solution to this problem is relatively simple, either don't keep
logs or use encryption. While encryption is beyond the scope of this topic, it
can be used to effectively hinder the efforts of wouldbe cyber criminals.
Another critical area that must be monitored are the administrators and users
of the database. As in this case where a DEA Agent was found to have been
selling information to various parties, all the encryption and frontend
security means nothing if any user can have unchecked access to sensitive
information. Keeping a checks and balances system on the users and
administrators much the way a bank keeps tabs on its tellers is a necessary
and effective means to keeping information safe and private.

Identity Privacy

The other and much more publicized area of database privacy is in the content that
is availible for public use. This is divided up into two areas, data driven for
marketing, and data driven for public records.

 Targeted Marketing

The first people to take unfair advantage of technology in business are


arguably the marketing departments. Through the use of cookies, a company
can find and archive to their databases loads of personal information about
the visitors to their companies and or client's websites. This is where the
waters get muddy, because often the users have no idea that their identities,
habits and buying records are being recorded and stored. The real problems
with this come when these companies, in an attempt to add extra sources of
revenue, start to sell this information to other companies. This is what
happened in the cases of Verisign (formerly Network Solutions) and even
moreso with the DoubleClick corporation. The nail in the coffin that makes
this entire practice so upsetting and angering to the average Joe, is the
extreme difficulty in being "opted out" of inclusion into these databases.
Also getting removed from any lists a user has been added to can be a wild
goose chase of neverending unsubscribe emails.

Identity Theft

Just by spending a few minutes and possibly a few dollars on sites like
peoplefind one can get to nearly anyone in the US and abroad. The ease with
which a malicious person can assume someone's identity both online and in
real life can be startling. Most people don't even realize that their names,
home telephone numbers and home addresses are already probably
populated on several public records search databases across the web. Often
times the reason it is so easy to find information is not the fault of the
subject of the search. Companies often use very powerful information as the
key to customer records, such as a person's social security number or the use
of a drivers license number. All of this information once obtained can be
used quickly and often unchecked to assume the identity of a person. A
hacker by the name Kevin Mitnick has written several articles on the ease
with which one can obtain all the details of a person's life from public online
databases (one, two).

Ethical Implications of Database Privacy Compromise

 Who is to blame? Consider a situation where a database protected private


data, but there was no attempt to ensure its security except the statement that
no one is to misuse it. A person who compromises the database in a misuse
fashion has committed an ethical infraction (we are ignoring his/her
motives), but isn't the developer who required security but doesn't secure
also culpable? What if the developer implemented security, but did it in such
a poor fashion that no security was added; is he still culpable?

 Deontologists and Utilitarians would both agree that the developer is wrong
for not completely securing a private database when the techniques used to
compromise it are well-known. Utilitarians would argue that since databases
must be secured to prevent someone from compromising it and thus
committing an ethical wrong, developers have an ethical responsibility to
ensure the security of systems they develop where security is a requirement.

Define
• 1)Security Model
• 2)Security policy
• 3)Security Perimeter
• 4) Trusted computing base (TCB)
• 5) Reference Monitor
• 6)Security Kernel
• 7) Resource Isolation
• 8)Domain
• Answer in short
• 1)Short note on SSL
• 2)Short note on SET
• 3)Explain PGP and SMIME
• 4)How desktop security is maintain?

You might also like