Analyzing Computer Security

"In this book, the authors adopt a refreshingly new approach to explaining the intricacies of the security and privacy challenge that is particularly well suited to today's cybersecurity challenges. Their use of the threat-vulnerability-countermeasure paradigm combined with extensive real-world examples throughout results in a very effective learning methodology." -Charles C. Palmer, IBM Research The Modern Introduction to Computer Security: Understand Threats, Identify Their Causes, and Implement Effective Countermeasures Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today's key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer security-so you can prevent serious problems and mitigate the effects of those that still occur. In this new book, renowned security and software engineering experts Charles P. Pfleeger and Shari Lawrence Pfleeger-authors of the classic Security in Computing-teach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and choosing and applying the right protections. With this approach, not only will you study cases of attacks that have occurred, but you will also learn to apply this methodology to new situations. The book covers "hot button" issues, such as authentication failures, network interception, and denial of service. You also gain new insight into broader themes, including risk analysis, usability, trust, privacy, ethics, and forensics. One step at a time, the book systematically helps you develop the problem-solving skills needed to protect any information infrastructure. Coverage includes - Understanding threats, vulnerabilities, and countermeasures - Knowing when security is useful, and when it's useless "security theater" - Implementing effective identification and authentication systems - Using modern cryptography and overcoming weaknesses in cryptographic systems - Protecting against malicious code: viruses, Trojans, worms, rootkits, keyloggers, and more - Understanding, preventing, and mitigating DOS and DDOS attacks - Architecting more secure wired and wireless networks - Building more secure application software and operating systems through more solid designs and layered protection - Protecting identities and enforcing privacy - Addressing computer threats in critical areas such as cloud computing, e-voting, cyberwarfare, and social media

Dr. Charles P. Pfleeger, an independent computer and information security consultant, provides threat/vulnerability analysis, design review, training, expert testimony, and security advice to clients worldwide. He was master security architect at Cable and Wireless and Exodus Communications, and professor of computer science at the University of Tennessee. Dr. Pfleeger is coauthor of Security in Computing, Fourth Edition (Prentice Hall, 2007), today's leading college computer security textbook. Dr. Shari Lawrence Pfleeger is Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College, a consortium working to protect the U.S. cyber infrastructure. The Journal of Systems and Software has repeatedly named her one of the world's top software engineering researchers. Dr. Pfleeger is coauthor of Security in Computing, Fourth Edition (Prentice Hall, 2007), today's leading college computer security textbook.

Foreword xxiii Preface xxvii About the Authors xxxv Chapter 1: Security Blanket or Security Theater? 2 How Dependent Are We on Computers? 6 What Is Computer Security? 8 Threats 11 Harm 24 Vulnerabilities 30 Controls 30 Analyzing Security With Examples 33 Conclusion 34 Exercises 35 Chapter 2: Knock, Knock. Who's There? 38 Attack: Impersonation 39 Attack Details: Failed Authentication 40 Vulnerability: Faulty or Incomplete Authentication 41 Countermeasure: Strong Authentication 47 Conclusion 64 Recurring Thread: Privacy 67 Recurring Thread: Usability 69 Exercises 71 Chapter 3: 2 + 2 = 5 72 Attack: Program Flaw in Spacecraft Software 74 Threat: Program Flaw Leads to Security Failing 75 Vulnerability: Incomplete Mediation 77 Vulnerability: Race Condition 79 Vulnerability: Time-of-Check to Time-of-Use 82 Vulnerability: Undocumented Access Point 84 Ineffective Countermeasure: Penetrate-and-Patch 85 Countermeasure: Identifying and Classifying Faults 86 Countermeasure: Secure Software Design Elements 90 Countermeasure: Secure Software Development Process 97 Good Design 103 Countermeasure: Testing 114 Countermeasure: Defensive Programming 122 Conclusion 123 Recurring Thread: Legal-Redress for Software Failures 125 Exercises 128 Chapter 4: A Horse of a Different Color 130 Attack: Malicious Code 131 Threat: Malware-Virus, Trojan Horse, and Worm 132 Technical Details: Malicious Code 138 Vulnerability: Voluntary Introduction 155 Vulnerability: Unlimited Privilege 157 Vulnerability: Stealthy Behavior-Hard to Detect and Characterize 157 Countermeasure: Hygiene 158 Countermeasure: Detection Tools 159 Countermeasure: Error Detecting and Error Correcting Codes 166 Countermeasure: Memory Separation 170 Countermeasure: Basic Security Principles 171 Recurring Thread: Legal-Computer Crime 172 Conclusion 177 Exercises 178 Chapter 5: The Keys to the Kingdom 180 Attack: Keylogging 181 Threat: Illicit Data Access 182 Attack Details 182 Harm: Data and Reputation 186 Vulnerability: Physical Access 186 Vulnerability: Misplaced Trust 187 Vulnerability: Insiders 189 Vulnerability: System Subversion 191 Recurring Thread: Forensics-Tracing Data Flow 193 Vulnerability: Weak Authentication 194 Failed Countermeasure: Security through Obscurity 194 Countermeasure: Physical Access Control 196 Countermeasure: Strong Authentication 198 Countermeasure: Trust/Least Privilege 202 Conclusion 204 Recurring Thread: Forensics-Plug-and-Play Devices 205 Exercises 207 Interlude A: Cloud Computing 210 What Is Cloud Computing? 211 What Are the Risks in the Cloud? 213 Chapter 6: My Cup Runneth Over 216 Attack: What Did You Say That Number Was? 217 Harm: Destruction of Code and Data 218 Vulnerability: Off-by-One Error 230 Vulnerability: Integer Overflow 231 Vulnerability: Unterminated Null-Terminated String 232 Vulnerability: Parameter Length and Number 233 Vulnerability: Unsafe Utility Programs 234 Attack: Important Overflow Exploitation Examples 234 Countermeasure: Programmer Bounds Checking 244 Countermeasure: Programming Language Support 244 Countermeasure: Stack Protection/Tamper Detection 247 Countermeasure: Hardware Protection of Executable Space 249 Countermeasure: General Access Control 261 Conclusion 272 Exercises 274 Chapter 7: He Who Steals My Purse . . . 276 Attack: Veterans' Administration Laptop Stolen 277 Threat: Loss of Data 278 Extended Threat: Disaster 278 Vulnerability: Physical Access 279 Vulnerability: Unprotected Availability of Data 279 Vulnerability: Unprotected Confidentiality of Data 279 Countermeasure: Policy 280 Countermeasure: Physical Security 280 Countermeasure: Data Redundancy (Backup) 282 Countermeasure: Encryption 286 Countermeasure: Disk Encryption 325 Conclusion 326 Exercises 329 Chapter 8: The Root of All Evil 332 Background: Operating System Structure 333 Attack: Phone Rootkit 337 Attack Details: What Is a Rootkit? 338 Vulnerability: Software Complexity 347 Vulnerability: Difficulty of Detection and Eradication 347 Countermeasure: Simplicity of Design 348 Countermeasure: Trusted Systems 353 Conclusion 364 Exercises 365 Chapter 9: Scanning the Horizon 368 Attack: Investigation, Intrusion, and Compromise 369 Threat: Port Scan 370 Attack Details 371 Harm: Knowledge and Exposure 374 Recurring Thread: Legal-Are Port Scans Legal? 375 Vulnerability: Revealing Too Much 376 Vulnerability: Allowing Internal Access 376 Countermeasure: System Architecture 377 Countermeasure: Firewall 378 Countermeasure: Network Address Translation (NAT) 397 Countermeasure: Security Perimeter 399 Conclusion 400 Exercises 402 Chapter 10: Do You Hear What I Hear? 404 Attack: Wireless (WiFi) Network Access 405 Harm: Confidentiality-Integrity-Availability 412 Attack: Unauthorized Access 414 Vulnerability: Protocol Weaknesses 414 Failed Countermeasure: WEP 418 Stronger but Not Perfect Countermeasure: WPA and WPA2 422 Conclusion 426 Recurring Thread: Privacy-Privacy-Preserving Design 427 Exercises 429 Chapter 11: I Hear You Loud and Clear 432 Attack: Enemies Watch Predator Video 433 Attack Details 434 Threat: Interception 437 Vulnerability: Wiretapping 441 Countermeasure: Encryption 448 Countermeasure: Virtual Private Networks 452 Countermeasure: Cryptographic Key Management Regime 456 Countermeasure: Asymmetric Cryptography 459 Countermeasure: Kerberos 464 Conclusion 468 Recurring Thread: Ethics-Monitoring Users 471 Exercises 472 Interlude B: Electronic Voting 474 What Is Electronic Voting? 475 What Is a Fair Election? 477 What Are the Critical Issues? 477 Chapter 12: Disregard That Man Behind the Curtain 482 Attack: Radar Sees Only Blue Skies 483 Threat: Man in the Middle 484 Threat: "In-the-Middle" Activity 487 Vulnerability: Unwarranted Trust 498 Vulnerability: Failed Identification and Authentication 499 Vulnerability: Unauthorized Access 501 Vulnerability: Inadequate Attention to Program Details 501 Vulnerability: Protocol Weakness 502 Countermeasure: Trust 503 Countermeasure: Identification and Authentication 503 Countermeasure: Cryptography 506 Related Attack: Covert Channel 508 Related Attack: Steganography 517 Conclusion 519 Exercises 520 Chapter 13: Not All Is as It Seems 524 Attacks: Forgeries 525 Threat: Integrity Failure 530 Attack Details 530 Vulnerability: Protocol Weaknesses 542 Vulnerability: Code Flaws 543 Vulnerability: Humans 543 Countermeasure: Digital Signature 545 Countermeasure: Secure Protocols 566 Countermeasure: Access Control 566 Countermeasure: User Education 568 Possible Countermeasure: Analysis 569 Non-Countermeasure: Software Goodness Checker 571 Conclusion 572 Exercises 574 Chapter 14: Play It [Again] Sam, or, Let's Look at the Instant Replay 576 Attack: Cloned RFIDs 577 Threat: Replay Attacks 578 Vulnerability: Reuse of Session Data 580 Countermeasure: Unrepeatable Protocol 580 Countermeasure: Cryptography 583 Conclusion: Replay Attacks 584 Similar Attack: Session Hijack 584 Vulnerability: Electronic Impersonation 588 Vulnerability: Nonsecret Token 588 Countermeasure: Encryption 589 Countermeasure: IPsec 593 Countermeasure: Design 596 Conclusion 597 Exercises 598 Chapter 15: I Can't Get No Satisfaction 600 Attack: Massive Estonian Web Failure 601 Threat: Denial of Service 602 Threat: Flooding 602 Threat: Blocked Access 603 Threat: Access Failure 604 Case: Beth Israel Deaconess Hospital Systems Down 605 Vulnerability: Insufficient Resources 606 Vulnerability: Addressee Cannot Be Found 611 Vulnerability: Exploitation of Known Vulnerability 613 Vulnerability: Physical Disconnection 613 Countermeasure: Network Monitoring and Administration 614 Countermeasure: Intrusion Detection and Prevention Systems 618 Countermeasure: Management 630 Conclusion: Denial of Service 633 Extended Attack: E Pluribus Contra Unum 635 Technical Details 638 Recurring Thread: Legal-DDoS Crime Does Not Pay 643 Vulnerability: Previously Described Attacks 643 Countermeasures: Preventing Bot Conscription 645 Countermeasures: Handling an Attack Under Way 647 Conclusion: Distributed Denial of Service 648 Exercises 649 Interlude C: Cyber Warfare 652 What Is Cyber Warfare? 653 Examples of Cyber Warfare 654 Critical Issues 656 Chapter 16: 'Twas Brillig, and the Slithy Toves . . . 662 Attack: Grade Inflation 663 Threat: Data Corruption 664 Countermeasure: Codes 667 Countermeasure: Protocols 668 Countermeasure: Procedures 669 Countermeasure: Cryptography 670 Conclusion 673 Exercises 674 Chapter 17: Peering through the Window 676 Attack: Sharing Too Much 677 Attack Details: Characteristics of Peer-to-Peer Networks 677 Threat: Inappropriate Data Disclosure 680 Threat: Introduction of Malicious Software 681 Threat: Exposure to Unauthorized Access 682 Vulnerability: User Failure to Employ Access Controls 683 Vulnerability: Unsafe User Interface 683 Vulnerability: Malicious Downloaded Software 684 Countermeasure: User Education 685 Countermeasure: Secure-by-Default Software 685 Countermeasure: Legal Action 686 Countermeasure: Outbound Firewall or Guard 688 Conclusion 689 Recurring Thread: Legal-Protecting Computer Objects 691 Exercises 704 Chapter 18: My 100,000 Nearest and Dearest Friends 706 Attack: I See U 707 Threat: Loss of Confidentiality 708 Threat: Data Leakage 709 Threat: Introduction of Malicious Code 710 Attack Details: Unintended Disclosure 711 Vulnerability: Exploiting Trust Relationships 721 Vulnerability: Analysis on Data 722 Vulnerability: Hidden Data Attributes 722 Countermeasure: Data Suppression and Modification 724 Countermeasure: User Awareness and Education 729 Countermeasure: Policy 733 Conclusion 734 Exercises 736 Afterword 738 Challenges Facing Us 739 Critical Issues 741 Moving Forward: Suggested Next Steps for Improving Computer Security 742 And Now for Something a Little Different 746 Bibliography 749 Index 773