Reducing the risk of a computer system attack can be achieved by making the system secure. But what is a secure computer system? Computer security is about lowering the risk of the system and ensuring that something can not happen rather than it can i.e. certain users can not access the word document. Security is also about control and creating layers of defence to reduce the risk of a malicious attack. A secure computer system is a system which achieves the three goals of computer security: confidentiality, integrity and availability.

The chances of a confidentiality breach in a system increases when access to the system is not monitored (through logs) or restricted (through ID and password or a biometric method) this leaves several vulnerabilities in the system ie if there is a breach not only is it easy to get into with no login there is no way of telling who attempted or when. Therefore by creating a barrier and restricting access the likelihood of someone entering the system will be reduced. Another example is patients’ records in a hospital, where security is imperative. Security would need to ensure that only authorised persons can access the protected data.

Integrity of the system is essential in relation to risk. Much like confidentiality, integrity of data is best kept by controlling who or what can access the data and in what ways. It involves keeping the data “original” and modified in acceptable ways by the correct people and processes. The example of a hospital environment can be used again since it is important that patient records are kept accurate when making medical decisions. The risk of an intruder entering the system and committing computer fraud, ie: altering patient details, is high unless protective barriers are created.

Availability is the final layer of security: the system must be in working order and usable. Availability focuses on the readiness of the system to perform and its capacity (items such as memory and connection speeds). If there is unavailability in the system or if some or all users are unable to access the system and perform required tasks efficiently and effectively (even authorised users) then the system is still at risk.

Having said this it is impossible to achieve one hundred percent security in today’s complex computer environments. Instead most security systems, specifically malware detection or ‘virus’ software such as Norton Anti-Virus focus on the idea of cutting the risk of being attacked. By building up protective layers to deter the attacker the security works on a “rob the next door” theory. This means that if the system has a lot of protection layers then the attacker will find it too difficult to compromise the system and instead will try another computer or ‘next door’.

Security plays an important role in our every day life and therefore failures of a security system have damaging effects. An example of this is Microsoft’s operating system called Microsoft XP which was released in 2001. The new operating system was a good target for attackers and Microsoft had been scrutinised for its lack of security in the system. The system had poor security this meant there were a lot of vulnerabilities or holes in the system and the risk of an attack compromising the systems data increased. In 2004 an update was released called Service Pack Two.  Microsoft spent nearly US1 billion dollars creating this service pack proving the importance of security in computers. (Linn, 2004)

The definition of risk includes the impact of the attack. The impact of an attack has a range of consequences from endangering people’s lives and the environment such as a nuclear control stations to economic and monetary effects such as bank systems and home computers. This makes security a very important matter.

Security is important because it keeps a computer functioning. We (as computer users) need to ensure that a regular virus scans are performed and importantly regularly download the virus definition updates. In doing this any known vulnerabilites existing in the computer are minimised and therefore decreases the risk of a malicious attack. From this we can see that security is a way of reducing the probability of a threat.

Security is focused on creating layers. An obstacle course for attackers which means they have to hop and climb over and hopefully will give up and attack another computer, making it another person’s problem. Minimising risk is an important goal in achieving a secure system. It is important that whilst creating a secure system the system is not put into a lock down state. This creates a system with no functionality or usability and by definition not a secure system. It is important that users of computer systems stay informed and are aware of how to protect there systems. Microsoft’s new operating system Vista has promised new and exciting features, hopefully it will not be a repeat of Windows XP and its security problems and we can work with secure, functional and easy to use systems.

Microsoft informed a company that based on its calculations, it estimates the company should have more software licenses than Microsoft’s customer record shows.

The proposed situation shows an ongoing problem, the copying and sharing of software and music over the internet is a problem which software vendors and the music industry have been dealing with for over 10 years.

The lack of software licenses that Microsoft does not have relates to the copying and sharing of software. An approach to reduce copying of software would be to enforce the update that Microsoft released in its ‘automatic’ updates. The Windows Genuine Advantage (WGA) is a program that rewards legal use of Windows XP free content and punishing resellers and users of illegal copies of XP by limiting their access to security fixes, downloads and other updates.

To calculate risk exposure the risk impact is multiplied by the risk probability.

A journal article on Proquest states that the estimated annual loss on counterfeit copies of Microsoft products is 30 billion dollars. The risk of someone downloading a copy of Microsoft software is hard to calculate but assume there is a 50% chance (which in reality is much greater) this calculates to a risk exposure of 15 billion dollars. This essentially means that any money spent bellow 15 billion dollars is a worthwhile investment in reducing the risk of the public obtaining Microsoft’s software. This means Microsoft has 15 billion dollars to avoid the risk such as changing requirements for obtaining a software license, transfer the risk by allocating the risk to other people or systems. Finally Microsoft could assume the risk by accepting the loss.

An approach to reduce copying would be to reduce the availability of downloading copied software. This is a very difficult as just as a p2p software company get sued and shutdown. New reincarnations of the old software appear which gains popularity examples include Napster, KaZaa, Morpheus and Grokster. By reducing the variety of methods available for downloading illegal software Microsoft would reduce the risk of new users joining the many people downloading illegal software.

Email is a cost effective form of communication both for business and for individual users.  Spam is a term used to refer to unsolicited email, sent by spammers. Spam is a major problem this is evident in the large amounts of spam email that is sent everyday. For example a large ESP (email service provider) such as hotmail can receive up to one billion spam email messages a day. The threat spam email creates can be placed into four main categories: loss in productivity, increased potential to virus attack, reduced bandwidth issues and potential legal exposure. This report will discuss how spam email can be controlled from both an individual and a business perspective. Spam email makes up approximately 80% of email messages received creating a large burden on ESPs and end users worldwide. (Messaging Anti-Abuse Working Group, 2006)

The main method of controlling spam email for both individual users and organisations is through machine learning systems, which can be seen in figure 1.1. Controlling spam is not a static issue spam protection methods must be constantly updated and changed. Most forms of spam protection begin with a filter which separates incoming mail into two folders. The filter operates from learnt memory or a blacklist, the filter puts the mail into the quarantine box if on the blacklist or into the inbox if considered genuine email. If spam mail is placed into the inbox, users have the ability to place the mail onto the blacklist adding to the accuracy of what is regarded as spam. If spam mail does get into the inbox recipients of spam or suspected spam it is important that end users don not open the email and do not click any links. Even if a html link refers to opting out or unsubscribing as this only confirms the email address is ‘alive’ and the spammer will send more nuisance email.

Memory has to constantly keep learning what is ‘good’ and ‘bad’ email. Spammers are not idle whilst machines are learning new ways of fighting against spam must be created. For example more sophisticated learning algorithms which give a weighting for each word in an email message. This allows a new filter to be learnt from scratch in about an hour even when training on more than a million messages. Spammers got around new filters changing the common words such as ‘sex’ and ‘free’ which are regarded as having a heavy weighting and encoding them as HTML ACSII characters ie (fr&#101xe) this allows the user to still see the words but computers can not detect the words and the email is incorrectly classified and placed into the inbox.

Most organisations have internally managed spam filters but spending extra money on spam control by outsourcing email security has many benefits. Spam messages do not simply stop because the 9 till 5 IT staff have gone home. If a new spam threat is identified at night the damage can be done long before IT staff arrive. If organisations join together support can be provided in a much more cost effective manner. Organizations such as the Messaging Anti-Abuse Working Group (MAAWG) have been created to fight against spam focusing on a collaborative effort. MAAWG incorporates major Internet Service Providers (ISP) and network operators worldwide with other associated industry vendors such as google and yahoo. Fighting against spam together allows black lists to monitored, upgraded and maintained just as quickly if not quicker than spammers can create new attacks.

Securing computers with virus and spyware software is a way which spam can be reduced. This minimises the amount of spam email sent using the common technique of creating zombie machine or botnets. Computers which are owned by end-users are infected with viruses or Trojans that give spammers full control of the machine, which are then used to send spam. The spammer’s methods used to send the email is very sophisticated and results in email, even with blocked port 25 (outgoing email port), to be sent out.

Another way spam email can be reduced is disguising email addresses on forums or bulletin boards. This makes it more expensive for a spammer to send emails. As more money is needed to gather valid email addresses. This will help in achieving the goal of making the cost of sending spam email below break even point ie the money gained from sending spam is less than the cost of sending it.

In addition to having spam filtering on a high level end users can create there own personal levels of filtering. The majority of email clients not only have junk mail folders but folder rules can be created which allow email to be sorted into folders specifying words, senders or subject line. This can help keep spam out of sight and become less of a nuisance.

Technology is just about everywhere and as time progresses the advancement of technology is creating new problems making it harder to create a true secure environment. Computers are devices used to solve practical problems which makes them part of technology. Changes in technology create risks that are almost impossible to predict and are not understood. With almost all pieces of technology a new security issue or vulnerability is created. With that change an attacker will think of a way to act upon the vulnerability and compromise the system.

Data security has always been an issue and in the earlier days of computers with diskettes the focus was on confidentiality, integrity and availability and has never changed. The recent thumb drive boom is an example of a hardware technology affecting the methods of securing a system. Thumb drives give thieves or attackers the ability to move a large chunk of data virtually undetected and enables them to install malicious software. To combat this problem organisations have banned their use or disabled their mounting by ordinary users, others have disconnected physically the USB ports inside the computers and even filling the USB sockets with epoxy glue these new methods of solving a data security issue have adapted as demand grew for thumb drives and security problems became evident.

As technology alters (for hopefully the better) attacker do as well. With each new release of technology vulnerabilities on a system are created and this creates targets for attackers. This is most likely due to the fact that no amount of prototyping can compare with having the new technology functioning in the real world. This is evident in 2001 when Microsoft released its new operating system XP. For a number of years Microsoft was criticised for lack of security features (such as poor firewall and spyware protection) it took almost three years for an update to be released. In the three years that security was not available; vulnerabilities were discovered and acted upon which made ActiveX, which is an update which allows Microsoft to communicate with other networks, to spread viruses, trojan horses and other malware

It is important to not that not all changes in technology affect security or the methods of security. In a recent press release by Intel a new processor family called Mobile Penryn was released. These processors have quad cores (four) are twenty five per cent smaller and achieve faster speeds (have large cache) on less power staggering achievements on all accounts. This advancement in technology is probably not going to create hugely noticeable security issues since it is fundamentally just increasing the speed of the processor.

What does this mean for us? Maybe new names for new breeds of security systems and malware, the line between the different types of malware have become quite thin. What we do know though is the principles applied to making a system safe, confidentiality, integrity and availability have not been affected by technology. Instead the methods of achieving a secure system have been shaped by the constantly altering computer environment we live in.

Vulnerabilities in a system create risks; risk management is about avoiding, transferring or assuming these risks. Risk management must also take the context of where the system is being used for example a one hundred thousand dollar security system is useless in a home network since a home network would not cost anywhere near that figure. If too little control is implemented to reduce risk then the system will become insecure and have a high risk of being attacked. If too much security is implemented then system functionality and usability will reduce. Risk management becomes a three way see-saw balance, if just one security element is focused on then the system will lack in one or both of the other elements but if a balance of all three elements are used then the system can become a secure, functional and easy to use. To reduce potential threats security software is installed on machines. Since all computer systems setups are different the defaults that virus and firewall programs have are simply not enough for effective security. Users must protect themselves, a virus and firewall program my have all the needed functionalities of setting up a secure computer. A recent survey but the American Online and National Cyber Security Alliance found that out of 329 homes 67% either had no anti-virus software on their system at all or had not updated it within the previous week. These statistics show that knowledge of how to protect your computer from malware is poor. Consequently if user can find, understand and use the security features imbedded in the software by having good usability the user will utilize the full functionality of the software and create a secure system.

Focusing heavily on a secure system reduces the functionality and usability of the system. For example having a complete firewall block of incoming and outgoing data makes the system very secure since no harmful data can get in. The firewall cuts of any internet of network connections that the computer might have had. The functionality of the network and internet connection still exists but because of the firewall block the usability of the network is non existent. Therefore if there is a heavy focus on the security of a system poor usability is created and through poor usability the functionality of the computer is drastically reduced as the user can only perform offline tasks this can be seen on the graph below.

Level of Security versus Usability or functionality

Figure 1 illustrates the negative correlation between: Usability and Security or Functionality and Security. Either the system has high functionality or usability but runs a risk of being attacked. The figure illustrates the trade off between the two sets of variables a high level of security will create a lower level of usability or functionality.

Focusing heavily on a functional and usable system can lead to a decrease in the security of the system. It could be argued that a functional and usable system would be a system which has no virus software or firewall at all and ignore the risk of an attack. Initially this could be a valid argument but after virus’ and other malware have made there way on to the system usability and the functionality of the system would slowly disintegrate. An intermediate spot needs to be found were the user is happy with the functionality and usability of the system but is not compromising on security.

Honey pots are used as additional levels of security, decoys which simulate networked computer systems designed to attract a hacker’s attention so they perform a malicious attack, honeypots can be either virtual or physical machines. Forensic information which is gathered from the compromised machine/s is often required to aid in the prosecution of intruders. It also gains an insight into the mind of an intruder, logs and other records on the machine which explain how the intruders probes and, if they were successful in entering the system, how they gained access. This information is very valuable and can be used as a learning tool for network administrators when designing creating or updating the computer system as are able to better protect the real neighbouring network systems because they are aware of exactly how common attacks occur. This report will discuss how honeypots are used and the types of malicious attacks that they can prevent. Honeypots place virtual machines at the unallocated addresses of a network from a single machine. The unallocated addresses appear as machines which have been placed on internet protocol (IP) addresses. Honeypots have the ability to place any operating system an IP address. Honeypots simulate the network stack behaviour (how the packets are encapsulated) of a given operating system, through the personality engine. Changes in the protocol headers of every outgoing packet match the characteristics of the operating system. This makes the machines appear genuine and is therefore desirable to attackers. because the network appears genuine the network could potentially confuse and be deterred by the virtual honeypots, as it could appear to large and to complex, furthermore any traffic on a honeypot machine gives early warning of attacks on other physical machines.

Honeypots also have the ability to redirect traffic or connections. This gives powerful control over the network and also makes the virtual network appear genuine. Redirection allows a request for a service on a virtual honeypot to be forwarded onto a service running on a real server. For example connections can be reflected back, this gives the potentially means a hacker could attack there own machine.

Honeypots are excellent tools when attempting to intercept traffic from computer users that randomly scan the network. Because of this honeypots are excellent at detecting malicious internet worms that use random scanning for new targets examples of these include Blaster, Code Red and Slammer. Once a worm has been found counter measures can be carried out against infected machines. Once the honeypot recognises a worm, virtual gateways block the worm from entering any further into the network.

Through the use of honeypots spam sending methods can be learnt and therefore spam can be reduced. Spammers use open mail relay and proxy servers to send spam to disguise the sender of the spam message. Honeypots can be used to understand how spammers operate and to automate the identification of incoming spam which can then be submitted to shared spam filters.

Honeypots are decoy servers that can be setup inside or outside of the demilitarised zone (DMZ) of a network firewall. If the honeypot computer is infected with a virus or Trojan, damaged can be created on other machines in the network and the virus could spread onto the ‘real’ system. As discussed, honeypots can help analyse current spamming methods. Honeypots also have the potential to add to the amount of spam email sent. Machines could become zombie machines or botnets which send out spam email automatically without user’s knowledge. Due to these issues it is important that honeypots are setup inside of the firewall for control purposes or are closely monitored. Otherwise the negatives may outweigh the positives.

Honeypots can be used as a tool when creating new methods of securing systems from malicious attacks. For example the program called BackTracker enables system administrators to analysis intrusions on their system. Honeypots were used to test how effective BackTracker was at analysis. The aid of effective and accurate testing is essential in creating any new system. Through the use of honeypots, programs such as BackTracker can be tested in a simulated scenario and then improved to ensure the system can efficiently and effectively work in the appropriate manner.

Watson, D. (2007, Jan) Honeynets: a tool for counterintelligence in online security

Network Security. Kidlington: (2007)1; 4

Nikolaidis, Ioanis (2003, June). Honeypots, Tracking Hackers. IEEE network (0890-8044), 17 (4); 5

King (2005). Backtracking intrusions. ACM transactions on computer systems (0734-2071), 23 (1); 51.

This reports explores the ways an intruder could enter a computer system and violate the confidentiality of files. We know that Alice is using an encryption tool called Truecrypt and Charlie has to find a way of accessing the commercially sensitive files on her hard drive. To do this Charlie needs to learn a number of things firstly how she is encrypting the software, although we know Charlie does not.  Secondly he needs to find a number of passwords to access the encrypted files. The first password is to dismount the virtual drive that the Truecyrpt program has created and maybe a second to access the hidden volume. This is because no one is sure if she has used the second hidden volume feature.Charlie has many viable options available and his best mode of attack would be to use a combination of keyloggers hardware and software, cameras, and password recovery software.

Many people take the computer power for granted and start questioning a computer only when it fails or when there is a security breach. The reality is that violating the confidentiality, integrity or availability of a computer system, ethical or legal obstacles aside, is relatively easy. This report attempts to address the question: Given a particular scenario what are the ways of entering into a computer and retrieving encrypted data. The report explains the different methods of attack that could be used, to increase Charlie’s chances of accessing the files he should use a combination of all these attacks to get through the different security barriers in place. Charlie should also be ready to use all of the attacks encase one of the methods fails.

Assumptions:

• Alice is very careful with the password that she uses for the Truecrypt program.
• Charlie can find details of the Truecrypt program on the WWW.
• Charlie will not be constrained by the legal or ethical implications of his actions.
• Charlie has a high degree of technical literacy and is comfortable with many aspects of computing, including programming.
• Charlie is acting as an individual and has a finite budget.
• The secret communications are time sensitive and therefore Charlie will need to choose an avenue of attack that will work in a reasonable amount of time.
• The Data is time sensitive, we can therefore assume that it is going to be accessed regularly. This brings it forward in the list of last file accessed search.
• Alice has gone to the trouble of securing her file with encryption it is assumed she is going to have a windows logon password.
• Due to the Firewall Spyware and Adware programs Charlie can’t send Alice a virus or malware to violate the system and access to the data.
• Since Alice is using Open Source software it is assumed that she doesn’t have a lot of finances to fund an administrator and have her own system support/help desk.
• Alice’s operating system is Windows XP and is connected to a networked computer with always on internet (broadband)

Obtaining passwords

The following methods can be used as a-go-around for the many barriers that Charlie faces. For example obtain the windows logon password, discover one or two encryption passwords and to see simply see what encryption tool is being used (Truecrypt).

Software key logger

Charlie has 30-minute intervals in which he can access the computer. In this time he would be able to install one of the many different types of software key loggers available.

A software key logger is a program which records all the key strokes of a computer, after installing such a program Charlie would be able to record and retrieve any passwords and the method of accessing the data. Which would explain to Charlie how thesensitive file is encrypted, and where the data is kept ready for him to retrieve.

(Quick_Logs, 2006)

The above picture is and example of a software keylogger called Quick-Keylogger 2.1.

Physical/Hardware key logger

Another variation of the software is a hardware or physical key logger. The hardware key loggers work in a similar way as the software loggers and would be installed in the 30 minute time frame would also retrieve the keystrokes of passwords and method of encryption. The hardware logger has the advantage of not slowing the system down and is less likely to be detected, as there is no software running on the computer that could be stumbled upon. The physical logger has its own separate microchip, which captures the keystrokes and a separate flash memory, which stores them. This sort of attack would obviously only work if Alice’s computer monitor is hidden away for example inside a cabinet as most computer users would notice the new extension of the cord.

The physical key logger looks similar to an extension cable and is placed in-between the keyboard and the monitor obviously it wouldn’t be a viable option if Alice had a laptop or if her keyboard used a connection other than USB or PS/2. (Keyghost, 2006)

Windows XP Administration account

Many people have logon passwords for the Windows XP accounts. What a lot of people do not know is how easy it is to reset the password, change the password or view the files from an administration or guest account. This can be done as follows:

Whilst the computer is loading on windows start up press F8 and force the computer into Safe Mode.

Logon into the Administrator account the default password is blank. Since many people are not even aware of the account the odds are that the password has not been changed.

Through this we can then access all the documents in the Luke account as you can see in the picture above we are logged into the Administrator account and it allows viewing of the other accounts files.

This would provide to Charlie a go around method for the windows login password. Charlie could do a number of things; firstly this would enable him to install a software key logger and secondly it would give him access to the normally restricted access other windows login accounts.

Windows password recovery software or retrieval software

Another method would be to use one of the programs that are available to recover lost or forgotten passwords. Advanced Windows XP Password recovery or AWPR is one of the many programs available on the internet. These programs recover the passwords of forgetful user but could prove useful to Charlie if Alice went on her coffee break/ lunch he could recover the logon password and come back at a later date, although it would be in Charlie’s best interests to try the methods mentioned above first. As Charlie needs to make his visits to Alice’s computer as least frequent as possible.

Active Password Changer V3.0 is a program, which does not need to be logged on to recover the password; the user creates a bootable disk from the programs installation package. This program however only allows you to reset the password and not recover it. Charlie would then be leaving too many tracks. This could make it difficult hiding the fact that he has entered here system

Observing using surveillance

Another way to obtain the passwords as well as the method of encryption is visual surveillance there are many wireless cameras available that could record on screen information and keyboard keys. A simple search in e-bay and many different surveillance options become available

New Awesome SupaTiny Wireless Spy Camera, (2006)

Other options include hidden cameras in smoke detectors and other office friendly devices. To use these options Charlie would have to thoroughly assess the situation. As leaving a physical device makes it obvious and leaves damaging evidence.

Social Engineering

Dating Alice

Given the correct circumstances Charlie could try and date Alice. It is well known that individuals who work for the company do the majority of computer fraud. As it means they are already inside the computer network and know the in’s and outs of the system. We could now make a further assumption that Charlie and Alice are work associates. This would make it much easier for Charlie to “seduce” Alice. Of course the correct circumstances would come about but this option is viable.

Security Officer or other important personnel

Charlie could impersonate an IT officer fixing the computer and doing “routine checkups” and ask Alice for her passwords and her methods of hiding files to retrieve the files.

Hoax email

Although there are many warning about hoax emails asking for passwords (especially banks) this option is also viable. Sending out an email asking a user to logon and check or validate their passwords giving access to the information.

Back Orifice/ Subseven

These programs create a back door entry into a computer allowing the attack to control the computer remotely, browse files on the system, take screen shots, open and close programs, remotely restart a computer and edit registry information. To do this though Charlie would have to install a small executable file on to Alice’s computer he could do this in a number of ways physically installing it himself in the 30 minute interval in this time he would also have to open up the ports of the computer through the virus software. Or through social engineering such as impersonating an IT security officer or computer advisor or sending out a hoax email that tricks the user into installing the package. Once the program has been installed Charlie would be able to access the files (assuming he already has the passwords) and breach the confidentiality of the files. (Backdoor.Subseven, 2006)

Physical written down password

This is probably the simplest and least plausible of all the methods but is viable. It is important for users to create complicated passwords but this leads users too needing to write down there password as a way of remembering it. Charlie could search the surrounding areas before attempting any other methods as a way of gaining access to the system and files.

Searching and obtaining files

Another method of obtaining the files is using the windows last file accessed search. Since the data is time sensitive, Alice is going to access the file to update it. Charlie could do a file search and see the last files accessed. And then use the passwords obtained through other methods to breach the confidentiality of the file.

This report contains the most viable ways that Charlie could breach the confidentiality of Alice’s files. With both hardware, such as physical keyloggers, mini video cameras and software, password recovery applications and back entry programs as an aid. Charlie could assess the situation and have multiple backup plans if the original plan fails.

References

Keyghost, (2006), Keyghost, Retrieved August 27, 2006, from http://www.keyghost.com/hardware-keylogger.htm

Koris, G. (2004), Backdoor.SubSeven Summary, Retrieved September 5, 2006 from http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99&tabid=2

Koris, G. (2004), Backdoor.SubSeven Technical details Retrieved September 5, 2006, from http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99&tabid=3

Lost Password Recovery for Windows XP 2003 2000 NT, (2006) Retrieved, September 5, 2006, from http://www.password-changer.com/

New Awesome SupaTiny Wireless Spy Camera, (2006), Retrieved, September 5, 2006 from http://cgi.ebay.com.au/New-Awesome-SupaTiny-Wireless-Spy-Camera-Top-Quality_W0QQitemZ150029230414QQihZ005QQcategoryZ14957QQrdZ1QQcmdZViewItem

Pfleeger. C. P & Pfleeger, S.L. (2003) Security in Computing 3^rd Ed, Upper Saddle River, New Jersey, Prentice Hall Professional Technical

Quick_Logs, (2006) Retrieved, August 27, 2006, from http://www.quick-keylogger.com/images/screens/quick_logs.jpg

WideStep, (2006), Retrieved September 5^th, 2006 from http://www.quick-keylogger.com/

Wikipedia (2006), Back Orifice 2000, Retrieved September 5, 2006, from http://en.wikipedia.org/wiki/Back_Orifice_2000

Operating Systems must be guarded from unintentional and malicious use of computer resources. Security measures must be created to protect these unwanted actions of operating systems.

Access Rights and control mechanisms

One of the most important defences in operating system security is to control access to internal data and resources. Access rights define how various users, software or hardware can access various objects. The different types f access rights are reading, writing and printing these are called different privileges.

A collection of access rights is called a protection domain. No one processes or objects on the computer should be aloud to access every resource on a system as this could compromise security. In the majority of computing systems the administrator possesses all access rights and is responsible for managing other user’s rights. (Deitel, 2004)

Authorisation

Access control must not be confused with authorisation, assuming a user has properly authorised him/herself with passwords etc. Authorisation is the act of checking to see if a user has the proper permission to access a file or perform an action. Authorisation checks typically mean querying the access control list

Access control mechanisms

There are a wide variety of access control mechanisms and usually the best is a combination of them all. They should control restrictions on what users can do, which resources they have access to, and what functions they are allowed to perform on one another ie data. Access control mechanism assign security labels in different ways and the mechanism should cover the protection of data as a whole that is unauthorised viewing, modification, or copying of data. Furthermore a good access control mechanism will help limit malicious code execution or unauthorised actions.

Mandatory Access Controls (MAC)

Mandatory Access Control ensures the enforcement of a security policy predefined by which all subjects and objects are controlled. MAC focuses on giving rights to administrators. MAC secures information by assigning sensitivity labels on information and comparing this to the level of sensitivity a user is operating at. Generally MAC access control mechanisms are more secure than DAC, although at times MAC can be too restrictive for some circumstances. MAC mechanisms assign a security level to all information, a security clearance to each user, and ensure that all users only have access to that data for which they have clearance. MAC is usually appropriate for extremely secure systems such as multilevel secure military application.  MAC access control usually has the following attributes:

Administrators, not data owners make changes to a resource’s security label

A security label on the data is on a level which reflects its sensitivity, confidentiality and protection value. ie no use assigning high security to a program such as Microsoft Word which everyone has access to.

There is a hierarchy in the classification of protection level, a high level classification can read lower level secured data.

All users can write to a higher classification but users can only have read/write access to objects of the same classification.

A schedule or time of day restriction can be placed upon objects. (Chapter 8.  Access Control and Authorization, 2006)

Discretionary Access Controls (DAC)

Discretionary Access Control is a way of restricting access to information depending on the identity of users and/or membership in certain groups. Access is granted upon the credentials he/she presents at the time of authentication, such as usernames passwords. In the majority of DAC models the owner of the information or data is able to change its permissions at his/her own judgment. DAC has the disadvantage of not be able to centrally manage a system. A DAC system usually has the following attributes

Data Owners can transfer ownership of information to other users.

Data Owners can determine the type of access given to other users (read, write, copy, etc.) such as in a home network.

Repetitive authorization failures to access the same resource or object generates an alarm and/or restricts the user's access

Users who do not have access to information should not be able to determine its characteristics (file size, file name, directory path, etc.)

Access to information is determined based on authorizations to access control lists based on user identifier and group membership.

References

Deitel, H.M., Deitel, P.J., & Choffnes, D.R. (2004). Operating systems. (3th ed.). Englewood Cliffs, New Jersey: Prentice-Hall.

No author( 2006) Chapter 8.  Access Control and Authorization retrieved Sepember 29, 2006 from http://www.cgisecurity.com/owasp/html/ch08.html