Information security technology Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi Content 1. Information security technology in general What, why, content 2. Preventive systems Cryptography, Firewall, VPN, Access control access control, authentication, authorization, key management, PKI 3. Detection Systems IDS 4. Malicious content prevention Virus protection content filtering Corporate Security Physical Security Security domains Prevent outsiders from intruding Fences, walls Authenticate the insiders Keys, access control Alarms Intrusion detection Prevent intrusion Guards Traditional security domain Tamper resistant devices Tamper resistant devices combined physical security with information related services. E.g. smartcards are desiged to store secret information which never come out The device authenticate user itself and can make some operation on behalf of authorized user Good: excellent storage for secret keys and other information Bad: device may be broken or lost
Cryptography Digital security domain Passive methods to prevent unauthorized access to the content Can also prevent unathorized modification of the content Non-repudiation Tenttikysymykset 1. Määrittele 2. Kuinka 3. Salaujärjestelmä 4. Toimii weyoiuh 7qyequ yeqwyediqwh dwqu uy uy iuwdyoiowiuey oiuey oiuey oiuyeoi yeiuqey oi q Tenttikysymykset 1. Määrittele 2. Kuinka 3. Salaujärjestelmä 4. Toimii Digital signature In asymetric cryptography there are always two different keys binded together so that text encrypted with one key can be decrypted with other key and only with that one can t find out what is the other key If a text can be decrypted with a key we know that the text is encrypted with another key of the pair If we know that another key is owned by a certain person we know that only him has been able to encrypt the message Problems in digital signatures Signature is something that connects a person to a document and states that the person accepts the document If one put the name on the paper to show that he has seen a document it is not a signature In electronic environment a user have no control what happens It can t be a signature Firewall There are several possible definitions. My definition is: A policy how information is allowed to flow between two domains and device(s) which are required to put that policy into use The first and often the only defence line against an intruder Often dedicated devices which have special features to define policies and rise security level Requires constant administration and monitoring Not a buy and forget box An open network
A protected network VPN A trusted connection between secure areas A cryptographically protected channel Good: one solution for all the applications Bad: is the other site really secure enough A channel between protected networks Several protection layers Access control Traditionally a method to decide if somebody has a permission to enter restricted zone Consists several areas Identification - who is who Authentication who is going to enter Authorization does one have permission to enter this area Auditing collect information who has entered a certain zone Authentication Connects identity to a subject Can based on Something one has: the one time pad, the key, the device,... Something one knows: the password, the answer, the protocol Something one is: the fingerprint, the voice, the eye, the signature, the face Several methods can be combined: A device which requires a password an id-card with correct face
Authorization Decides if the subject has permission to certain object Access control based (ACL): -rw-r---- tpv users file.txt Capabilities based: tpv: file.txt(rw) In multilevel systems there are more information in security labels Key management Probably the weakest point of cryptography In symmetric methods the same key has to be distributed to all authorized persons and nobody else In asymmetric methods everyone needs only one pair of keys and the key management is easier secure creation of keys, initial distribution, secure strore of secret keys, secure publishing of public keys PKI Public key infrastucture Method for digital signature Method to negotiate symmetric key for encryption Certificates to create trust Method to revokate a certificate Residual information A computer is used normally three years and during that time there have been several confidental files How to remove these files permanently when discarding a computer? There are also communicators and handheld computers which are gate to systems and strorages of information Intrusion detection systems Systems which detect attempts to intrude Server based IDS systems monitor one server Network based systems monitor traffic in the network Try to find out known attacks The database must be updated There must be some active response for alarms Virus protection methods Traditional scanner Scans files and tried to find fingerprints Databases mus be updated regularly Heuristic scanner Tries to find typical elements of virus Firewall type virus protection Removes all executables and Office-macros Activity analyzer Notices if there are too many same attachments and puts them in hold
Virus protection In firewall Scans all the attachments, www-pages and FTPtransfers Good in prevention and in maintainability Slow if there is lot of trafic In mail-server Scans all the attachments Almost all the viruses spread with mail Efficient In file server Scans all the files In workstations Scans all the files Content filtering Information firewall which includes a policy and methods to put the policy in use May block certain adresses: www.playboy.com, www.enemy.com certain filetypes *.mp3 documents with certain strings: Secret, project-x Several protocols: HTTP, FTP, SMTP,... Can open documents, zip-files,... Example of content filtering music.mp3 Firewall Firewall ht tp: Content filtering proxy //www.iltalehti.fi //anon.free.anonymizer.com///www.iltalehti.fi Content filtering proxy Problems with content filtering Practical Requires plenty of maintenance and updates Prevents often authorized work Ethical Who is allowed to decide acceptable content For what reason Theoretical Is content filtering a method to decide what is acceptable: everything which is possible is also allowed Centralized management Personal computer is not personal any more Centralized user administration Centralized software distribution Software inventory Spying users? Good: easier administration, support and asset management Bad: single point of failure, loss of confidence Availability Availability is often more crucial property than confidentiality Confidentiality and availability are almost always conflicting properties Availability prevents loss of information and delays in services
Backup systems Backup is the basic protection method against losing information It can be done by every user with servers, floppy disks, CD-Rs,... In the bigger systems the increased capacity is a problem There might be tens of tapes in a carousel There are not hours enough in a day to transfer all the information to the tapes It is difficult to store only changed information in a database system where everything is just a big file RAID Several hard disks in one system looking as an one hard disk RAID-1 several hard disks with the same data RAID-2-5 several hard disks, data is distributed to several disks and equipped with checksums HA-systems HA-system structure High availability systems are systems which have duplicated components HA systems use standard components and are therefore much cheaper than real fault tolerant systems In some case it is also possible to balance load between components Server A RAID storage system Synchronization network Server B Network Conclusion There are several technical methods to provide security Every improvements one can buy are very cheap. If security could be improved by just bying a box everything would be in excellent condition All the methods have side effects Improving confidentiality decreases availability