Security Fundamentals

Study Sheet

CIS341 – Spring 2004

 

Basic Terms

 

Identify these basic terms:

 

♦ a precise specification of what types of actions are and are not permitted within an information system.

security policy

 

♦ an information system that always obeys the existing security policy.

secure system

 

♦ a violation of the security policy.

security breach

 

♦ a rule limiting what actions can and cannot be taken within an information system.

restriction

 

♦ A means of disabling a system's security, by a mechanism intentionally hidden by the designers.

trap door

 

♦ The process of one entity offering proof of its identity to another.

Authentication

 

♦ The total hardware, software and personnel cost of the security aspects of an information system.

Security Cost

 

♦ The total cost of engineering and implementing a security breach.

Cost of Security Attack

 

♦ The cost to the owner of the information system of sustaining a security breach.

Cost of Security Breach

 

♦ The gain to the perpetrator of achieving a security breach.

Benefit of Security Breach

 

♦ The goal is to design a system that has no security breaches whatsoever.

Absolute Security

♦ The goal is to design a system in which the benefit to the perpetrator of achieving a security breach is clearly less than the cost to him or her.

Relative Security

 

Basic Principles

 

Identify these basic principles:

 

♦ The more restrictive the security policy, the less overall functionality the system will have, and vice versa.

Restrictiveness/Functionality Tradeoff

 

♦ The more restrictive the security policy, the more secure the system will be, but only if no security breaches occur; and vice versa.

Restrictiveness/Security Tradeoff

 

♦ The less restrictive the security policy, the fewer security breaches it will have, but at the cost of overall loss of security.

Restrictiveness/Incident Tradeoff

 

♦ A security policy should be as simple as possible, and no simpler.

Policy Simplicity Principle

♦ A system should include as much functionality as necessary, and no more.

System Functionality Principle

♦ Design the security system in such a way that the cost of achieving a security breach clearly exceeds its benefit; and the cost to the owner of the information system of sustaining a security breach is clearly less than the cost of thwarting that breach.

Cost/Benefit Principle of Security Design

 

Comments

 

Fill in the blanks:

 

♦ A system with absolutely no restrictions will have _____.

no security breaches

♦ But, it will also be effectively _____.

insecure

♦ An _____ system will also have no security breaches.

absolutely restricted

♦ But such a system will have _____.

no functionality

♦ The key to designing and implementing a security policy is to _____ between these two extremes.

strike a balance

♦ Security breaches caused by policy shortcomings are most often due to an _____ or _____ policy, a _____ of the policy’s requirements, or an error in its _____.

incomplete

inconsistent

misunderstanding

implementation

 

♦ The number of potential security problems associated with two interacting system components is the _____ of the problems associated with each component individually.

multiple

 

♦ Increasing the amount of time and skill required to breach a system’s defenses _____ who can successfully attack it.

decreases the pool of intruders

 

♦  Increasing the _____ of getting caught serves to dissuade many of those who possess the requisite time and skills from trying. 

odds and penalties

 

♦ If the _____exceeds the expected payoff for a successful attack, then most intruders will _____.

cost of attacking

seek out a more rewarding target

 

♦ The Debug option of the Unix sendmail program was a back door exploited by _____.

the Internet Worm of 1988

 

List the problems that can occur with the cost/benefit approach to security

♦ Underestimating . . .

Underestimating the cost of mounting a successful attack.

 

♦ Underestimating . . .

Underestimating the potential loss to the owner of the information system

 

♦ Underestimating . . .

Underestimating the benefit to the perpetrator of a security breach

 

♦ Underestimating . . .

Underestimating the determination of the attacker

 

♦ Underestimating . . .

Underestimating the potential loss to the owner of the information system

 

♦ Overestimating . . .

Overestimating the cost of security to the owner of the information system

 

List four classes of personnel which must be taken into account when assessing the effectiveness of  an information security system.

♦

information system designers

♦

administrators

♦

IT staff

♦

users

 

Fill in the details of this outline of administrative problems relative to information security:

1.       Poorly designed security policy.

   a.

Too lax

   b.

Unnecessarily strict (the Regal Eagle)

   c.

Unilaterally formulated

   d.

Failure to understand user community

 

2.       Poorly administered security policy.

   a.

Poorly trained staff

   b.

Inadequately informed users.

   c.

Disconnect between staff and users

 

List two shortcomings of IT workers which compromise the security of an information system.

♦        Ignorance of security policies.

♦        Failure to carry out security policies.

 

List three shortcomings of users which compromise the security of an information system.

♦        Failure to make reasonable effort to understand security policy.

♦        Disregard for security policy.

♦        Failure to understand consequences of actions