Tải bản đầy đủ (.pdf) (7 trang)

Bảo mật hệ thống mạng part 5 ppsx

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (418.08 KB, 7 trang )

CHAPTER
3
Information
Security Services
27
Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
I
nformation security services are the base-level services that are used to combat the at
-
tacks defined in Chapter 2. Each of the four security services combats specific attacks
(see Table 3-1). The services defined here should not be confused with security mecha
-
nisms, which are the actual implementations of these services.
The specifics of how information security services are used within an organization de
-
pend upon proper risk assessment and security planning (see Chapters 6 and 7). However,
to understand the basic requirements for security within an organization, it is important to
understand how security services can be used to counter specific types of attacks.
CONFIDENTIALITY
The confidentiality service provides for the secrecy of information. When properly
used, confidentiality only allows authorized users to have access to information. In
order to perform this service properly, the confidentiality service must work with the
accountability service to properly identify individuals. In performing this function,
the confidentiality service protects against the access attack. The confidentiality ser-
vice must take into account the fact that information may reside in physical form in
paper files, in electronic form in electronic files, and in transit.
Confidentiality of Files
There are different ways to provide for the confidentiality of files depending upon the
way in which the file exists. For paper files, the physical paper file must be protected. The
physical file must exist at a particular location; therefore, access to this location must be
controlled. The confidentiality service for paper files relies on physical access controls.


This includes locks on file cabinets or desk drawers, restricted rooms within a site, or ac-
cess restrictions on the site itself.
If the files are electronic, they have different characteristics. First, the files may exist in
several locations at the same time (backup tapes, various computer systems, floppy disks or
28
Network Security: A Beginner’s Guide
Security Service
Attack Confidentiality Integrity Availability Accountability
Access X X
Modification X X
Denial of service X
Repudiation X X
Table 3-1.
Information Security Services vs. Attacks
CDs, and so on). Second, physical access to the file’s physical location may not be necessary.
Handling the confidentiality of tapes and disks is similar to handling the physical security of
paper files. Since an attacker must physically access the tape or disk, confidentiality requires
physical access controls. Access to electronic files on computer systems relies on some type
of computer access control (this may include the encryption of files). Computer access con
-
trol relies on proper identification and authentication (an accountability service) and proper
system configuration so that an unauthorized user cannot become an authorized user by by
-
passing the identification and authentication function (such as via a system vulnerability).
Table 3-2 shows the mechanisms and requirements for the confidentiality of files.
Confidentiality of Information in Transmission
Only protecting information stored in files is not sufficient to properly protect the infor
-
mation. Information can also be attacked while in transmission. Therefore, protecting the
confidentiality of information in transmission may also be necessary (see Figure 3-1); this

is done through the use of encryption.
Information can be protected on a per-message basis or by encrypting all traffic on a link.
Encryption by itself can prevent eavesdropping but it cannot completely prevent intercep-
tion. In order to protect information from being intercepted, proper identification and au-
thentication must be used to determine the identity of the remote end point (see Figure 3-2).
Traffic Flow Confidentiality
Unlike other confidentiality services, traffic flow confidentiality is not concerned with the
actual information being stored or transmitted. Traffic flow confidentiality is concerned
with the fact that some form of traffic is occurring between two end points (see Fig-
ure 3-3). This type of information can be used (by a traffic analyst) to identify organiza-
tions that are communicating. The amount of traffic flowing between the two end points
may also indicate some information. For example, many news organizations watch deliv
-
eries of pizza to the White House and the Pentagon. The idea is that an increase in the
number of pizzas may indicate a crisis is occurring.
Chapter 3: Information Security Services
29
Confidentiality mechanisms Physical security controls
Computer file access control
Encryption of files
File confidentiality requirements Identification and authentication
Proper computer system configuration
Proper key management if encryption is used
Table 3-2.
File Confidentiality Mechanisms and Requirements
Traffic flow confidentiality can be provided by obscuring information flows between
two end points within a much larger flow of traffic. In the military, two sites may set up
communications and then send a constant flow of traffic regardless of the number of mes
-
sages that are actually sent (the remainder is filled up with garbage). In this way, the amount

of traffic remains constant and any changes to the message rate will not be detected.
Attacks That Can Be Prevented
Confidentiality can prevent access attacks. However, confidentiality by itself cannot
completely solve the problem. The confidentiality service must work with the account
-
ability service to establish the identity of the individual who is attempting to access infor
-
mation. Combined, the confidentiality and accountability services can reduce the risk of
unauthorized access.
INTEGRITY
The integrity service provides for the correctness of information. When properly used, in
-
tegrity allows users to have confidence that the information is correct and has not been
modified by an unauthorized individual. As with confidentiality, this service must work
30
Network Security: A Beginner’s Guide
Figure 3-1.
Encryption can protect information in transmission.
TEAMFLY























































Team-Fly
®

with the accountability service to properly identify individuals. The integrity service pro-
tects against modification attacks. Information to be protected by the integrity service
may exist in physical paper form, in electronic form, or in transit.
Integrity of Files
Information may exist in paper or electronic files. Paper files are generally easier to pro
-
tect for integrity than electronic files, and it is generally easier to identify when a paper
file was modified. I say “generally” here as there is some amount of skill required to mod
-
ify a paper file in such a way that it will pass inspection while an electronic file can be
modified by anyone with access to it.
There are several ways to protect paper files from modification. These include using sig
-
nature pages, initialing every page, binding the information in a book, and distributing mul
-

tiple copies of the file in question. The integrity mechanisms are used to make it very
difficult for a modification to go unnoticed. Certainly forgers can copy signatures but this is
a difficult skill. Initialing every page makes a simple page replacement difficult. Binding
documents into books makes the insertion or deletion of entries or pages difficult. Making
multiple copies of the information and distributing the copies to interested parties makes it
difficult to successfully change all of the documents at the same time.
Chapter 3: Information Security Services
31
Figure 3-2.
Encryption coupled with identification and authentication can protect against
interception
Of course, another way to prevent the modification of paper documents is to prevent
unauthorized access completely. This can be accomplished through the same mecha
-
nisms used for confidentiality (that is, physical security measures).
Electronic files are generally easier to modify. In many cases, all it takes is to bring the
file up in a word processor and insert or delete the appropriate information. When the file
is saved, the new information takes the place of the old. The primary method of protect
-
ing the integrity of electronic information files is the same as for protecting the confidenti
-
ality of the information, computer file access control. In this case, however, the access
32
Network Security: A Beginner’s Guide
Figure 3-3.
Traffic flows can identify which organizations are working together
control mechanism is not configured to completely deny access but instead is configured
to allow for the reading of the file but not for the writing of changes. Also, as with confi
-
dentiality, it is very important to correctly identify the individual seeking to make a

change. This can only be performed through the use of identification and authentication.
The use of computer file access controls works well if the files reside on a single com
-
puter system or a network within the control of the organization. What if the file is to be
copied to other parties or organizations? In this case, it is clear that the access controls on a
single computer system or network are insufficient to provide protection. Therefore,
there must be a mechanism that can identify when an unauthorized change has been
made to the file. That mechanism is a digital signature (see Chapter 12 for more detail on
digital signatures). A digital signature on a file can identify if the file has been modified
since the signature was created. In order to be worthwhile, the digital signature must be
identified with a particular user; thus, the integrity service must work with the identifica
-
tion and authentication function.
Integrity of Information Transmission
Information can be modified during transmission. However, it is extremely difficult to
modify traffic without performing an interception attack. Encryption can prevent most
forms of modification attacks during transmission. When coupled with a strong identifi-
cation and authentication function, even interception attacks can be thwarted (look back
to Figure 3-2).
Attacks That Can Be Prevented
The integrity service can prevent successful modification and repudiation attacks. While
any modification attack may change a file or information in transit, modification attacks
cannot be successful if the integrity service is functioning properly as the unauthorized
change will be detected. When coupled with a good identification and authentication ser
-
vice, even changes to files outside of the organization can be detected.
Successful repudiation attacks cannot be prevented without both a good integrity ser
-
vice and good identification and authentication. In this case, the mechanism to detect the
attack is a digital signature.

AVAILABILITY
The availability service provides for information to be useful. Availability allows users to
access computer systems, the information on the systems, and the applications that per
-
form operations on the information. Availability also provides for the communications
systems to transmit information between locations or computer systems. The informa
-
tion and capabilities most often thought of when we speak of availability are all elec
-
tronic. However, the availability of paper information files can also be protected.
Chapter 3: Information Security Services
33

×