Integrity by ewghwehws



(slides courtesy of Leticia Nisbet,
Lauren Walters, and Andrew Yao)

              Why Integrity?
• Integrity is equivalent to trust / reliability /
• Failure to protect integrity opens organization
  to largest classes of malware
• Integrity is often the first target of intruders

• Integrity requires that computer system assets
  and transmitted information be capable of
  modification only by authorized parties.
  – not modified by unauthorized persons
  – not created by unauthorized persons
• In telecommunication, the term data integrity
  has the following meanings:
  – The condition in which data are identically
    maintained during any operation, such as transfer,
    storage, and retrieval.
  – The preservation of data for their intended use.

            Integrity Compromise
• Integrity can be compromised in two main ways:
   – Malicious altering
      • Attacker alters account number in a bank transaction
      • Forging an identity document
   – Accidental altering
      • Transmission errors: “my name Leticia and u have a car”
      • Hard disk crash

            Network Integrity
• When considering what to protect within your
  network, you are concerned with maintaining
  the integrity of:
  – the physical network
  – your network software and resources
  – your reputation
• This Integrity involves
  – identity of computers and users
  – proper operation of the services
  – network performance

  Common Methods of Attack on Integrity

• The four methods of attack that are commonly
  used to compromise the integrity of a
  – Network packet sniffers
  – IP spoofing
  – Password attacks
  – Application layer attacks

            Network Packet Sniffers
• Network packet sniffers can yield critical system information, such as
  user account information and passwords.
   – When an attacker obtains the correct account information, he or she
     has the run of your network.
• Worst-case scenario
   – an attacker gains access to a system-level user account
   – creates a new account that can be used at any time as a back door
   – can modify system-critical files such as:
        • the password for the system administrator account
        • the list of services and permissions on file servers
        • the login details for other computers that contain confidential

          Network Packet Sniffers 2
• Packet sniffers provide information about the topology of your network
  that many attackers find useful. such as
   – what computers run which services
   – how many computers are on your network
   – which computers have access to others
• A network packet sniffer can be modified
   – to interject new information
   – change existing information in a packet.
• Attack can cause network connections to shut down prematurely, as
  well as change critical information within the packet.
   – Imagine modification to the accounting system

                       IP Spoofing
• IP spoofing can yield access to user accounts and
  passwords, and it can also be used in other ways.
   – Attacker emulates one of your internal users in ways that prove
     embarrassing for your organization
• Such attacks are easier when an attacker has a user
  account and password
• Are possible by combining simple spoofing attacks with
  knowledge of messaging protocols.
   – Telnetting directly to the SMTP port on a system allows the
     attacker to insert bogus sender information.

                 Password Attacks
• A brute-force password attack can provide access to
  accounts that can be used to modify critical network files
  and services.
• Can compromise network's integrity
   – Once an attacker gets the password and gains access to the
   – he can modify the routing tables for the network.
   – attacker ensures that all network packets are routed to him or
     her before they are transmitted to their final destination

         Application Layer Attacks
• Application Layer attacks can be implemented using
  several different methods.
   – A common method is exploiting well-known weaknesses in
     software commonly found on servers, such as sendmail,
     PostScript, and FTP.
   – By exploiting these weaknesses, attackers can gain access to a
     computer with the permissions of the account running the
   – usually a privileged system-level account

      Application Layer Attacks
Trojan horse attacks
– implemented using bogus programs that attacker substitutes for
   common programs.
– programs provide all functionality of a normal application or
– also include other features that are known to
   the attacker
– programs can capture sensitive information and distribute it
   back to the attacker

 Network considerations when defining security

• Three main types of networks must be
  considered when defining a security policy
  – Trusted
  – Un-trusted
  – Unknown.

                     Trusted Networks
• Networks inside your network security perimeter.
• Networks that you are trying to protect.
   – Someone in the organization administers the computers that comprise
      these networks (most times)
   – Organization controls their security measures.
   – Usually, trusted networks are within the security perimeter.
• To set up firewall server
   – explicitly identify the type of networks that are attached to the firewall
      server through network adapter cards
   – After the initial configuration, the trusted networks include the
      firewall server and all networks behind it.
One exception to this general rule is the inclusion of virtual private
  networks (VPNs)

                   Un-trusted Networks

• Networks known to be outside your security perimeter.
   – Un-trusted because they are outside your control
   – No control over the administration or security policies for these
   – Private, shared networks from which you are trying to protect
     your network
   – Still need and want to communicate with these networks
     although they are un-trusted.
• To set up the firewall server
   – explicitly identify the un-trusted networks from which that
     firewall can accept requests

                 Know Your Enemy

• Know attackers or intruders.
• Consider who might want to circumvent your security measures
• Identify their motivations.
• Determine what they might want to do and the damage that they
  could cause to your network.
• Security measures can never make it impossible for a user to perform
  unauthorized tasks with a computer system; they can only make it
• The goal is to make sure that the network security controls are beyond
  the attacker's ability or motivation.

                         Count the Cost

• Security measures usually reduce convenience, especially for
  sophisticated users.
• Security can delay work and can create expensive administrative and
  educational overhead.
• Security can use significant computing resources and require dedicated
• When you design your security measures, understand their costs and
  weigh those costs against the potential benefits.
• To do that, you must understand the costs of the measures themselves
  and the costs and likelihood of security breaches. If you incur security
  costs out of proportion to the actual dangers, you have done yourself a

      Identify Any Assumptions

• Every security system has underlying
  – For example, you might assume that your network
    is not tapped, that attackers know less than you
    do, that they are using standard software, or that
    a locked room is safe. Be sure to examine and
    justify your assumptions. Any hidden assumption
    is a potential security hole.

                     Control Your Secrets

• Most security is based on secrets.
   – Eg. Passwords and encryption keys
• Too often, the secrets are not all that secret. The most important part
  of keeping secrets is in knowing the areas that you need to protect.
• What knowledge would enable someone to circumvent your system?
• You should jealously guard that knowledge and assume that everything
  else is known to your adversaries.
• The more secrets you have, the harder it will be to keep them all.
  Security systems should be designed so that only a limited number of
  secrets need to be kept.

       Limit the Scope of Access

• You should create appropriate barriers in your
  system so that if intruders access one part of
  the system, they do not automatically have
  access to the rest of the system.
• The security of a system is only as good as the
  weakest security level of any single host in the

                Limit Your Trust

• You should know exactly which software you
  rely on, and your security system should not
  have to rely on the assumption that all
  software is bug-free.

• Integrity Management Software
• Anti-Virus Software

 Integrity Management Software
• Encryption is most commonly used for
  secrecy but it can also be used for integrity.
• Check for integrity by specifically utilizing…
  – Hash functions
  – Digital Signatures
  – File Size
• Example
  – Tripwire Enterprise

                   Hash Functions
• A public function that maps a plaintext message of any
  length to a fixed length hash value
• Are used as an authenticator
• Pros
   – Offers integrity
• Cons
   – No confidentiality
• Examples
   – CRC
   – MD5
   – SHA-1

                       Examples of
             Integrity Management Software
•   Advanced CheckSum Verifier (ACSV)          •   Radmind
•   Advanced Intrusion Detection Environment   •   Samhain
    (AIDE)                                     •   Secure Hash Signature Generator
•   Cambia CM                                  •   Sentinel
•   Crckit                                     •   Sha_verify
•   FileCheckMD5                               •   Spidernet
•   FTimes                                     •   SysCheck
•   Hashdig                                    •   Sysdiff
•   Integrit                                   •   Tripwire - Commercial
•   Intrusec CM                                •   Tripwire – OpenSource
•   Jacksum                                    •   Veracity System Integrity Assurance
•   LANGuard Security Integrity Monitor        •   ViperDB
•   MD5 Hashing Utilities                      •   Yafic
•   Md5deep                                    •   Winalysis
•   Nabou                                      •   WinInterrogate
•   NIST_Crc                                   •   Xintegrity

               Anti-virus Software
•       The techniques for detecting a virus include
    –     Checking unexpected increases in file size
    –     Noting changes in timestamps
    –     Sudden decreases in free space
    –     Calculating checksums
    –     Saving images on the internal control tables and
          noting unexplained changes


To top