Computer Security:

Principles and
Practice
Fourth Edition, Global Edition

By: William Stallings and Lawrie Brown

Chapter 1
Overview
Report NISTIR 7298 (Glossary of
Key Information Security Terms ,
May 2013) defines the term
computer security as follows:

“ Measures and controls that ensure

confidentiality, integrity, and
availability of information
system
assets including hardware, software,
firmware, and information being
processed, stored, and
communicated.”
Key Security Concepts
Confidentiality Integrity Availability

• Preserving • Guarding • Ensuring timely

authorized against and reliable
restrictions on improper access to and
information information use of
access and modification or information
disclosure, destruction,
including including
means for ensuring
protecting information
personal nonrepudiation
privacy and and
proprietary authenticity
information
Levels of Impact
Low Moderate High
The loss could be
The loss could be The loss could be
expected to have a
expected to have a expected to have a
severe or
limited adverse serious adverse
catastrophic adverse
effect on effect on
effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
 Computer Security Challenges
1. Computer security is not as simple as it might first appear to the novice

2. In developing a particular security mechanism or algorithm, one must always consider potential attacks
on those security features

3. Procedures used to provide particular services are often counterintuitive

4. Physical and logical placement needs to be determined

5. Security mechanisms typically involve more than a particular algorithm or protocol and also require that
participants be in possession of some secret information which raises questions about the creation, distribution, and
protection of that secret information
6. Attackers only need to find a single weakness, while the designer must find and eliminate all weaknesses
to achieve perfect security

7. Security is still too often an afterthought to be incorporated into a system after the design is complete,
rather than being an integral part of the design process

8. Security requires regular and constant monitoring

9. There is a natural tendency on the part of users and system managers to perceive little benefit from
security investment until a security failure occurs

10. Many users and even security administrators view strong security as an impediment to efficient and
user-friendly operation of an information system or use of information
 Table 1.1
Computer Security Terminology, from RFC 2828, Internet Security Glossary, May 2000

Adversary (threat agent)

Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the
information itself.

Countermeasure
A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial
activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems.

Risk
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1)
the adverse impacts that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence.

Security Policy
A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in
order to maintain a condition of security for systems and data.

System Resource (Asset)

A major application, general support system, high impact program, physical plant, mission critical system, personnel,
equipment, or a logically related group of systems.

Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized
access, destruction, disclosure, modification of information, and/or denial of service.

Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited
or triggered by a threat source.

(Table can be found on page 8 in the textbook)

Assets of a Computer
System
Hardware

Software

Data

Communication facilities and

networks
 Vulnerabilities, Threats
and Attacks
• Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality)
• Unavailable or very slow (loss of availability)

• Threats
• Capable of exploiting vulnerabilities
• Represent potential security harm to an asset

• Attacks (threats carried out)

• Passive – attempt to learn or make use of information from the
system that does not affect system resources
• Active – attempt to alter system resources or affect their operation
• Insider – initiated by an entity inside the security parameter
• Outsider – initiated from outside the perimeter
Countermeasures
Means used
to deal with
security
attacks
• Prevent
• Detect
• Recover

Residual
vulnerabilitie
s may remain

May itself Goal is to

introduce minimize
new residual level
vulnerabilitie of risk to the
s assets
 Table 1.2

Threat
Consequences,
and the
Types of
Threat Actions
That Cause
Each
Consequence

Based on
RFC 4949

**Table is on page 10 in the textbook.

 Table 1.3
Computer and Network Assets, with Examples of
Threats
 Passive and Active
Attacks
Passive Attack Active Attack
• Attempts to alter system
• Attempts to learn or make use resources or affect their
of information from the system operation
but does not affect system • Involve some modification
resources of the data stream or the
creation of a false stream
• Eavesdropping on, or
• Four categories:
monitoring of, transmissions
o Replay
• Goal of attacker is to obtain o Masquerade
information that is being o Modification of messages
transmitted o Denial of service

• Two types:
o Release of message contents
o Traffic analysis
 Table 1.4

Security
Requirement
s

(FIPS 200)

(page 1 of 2)

(Table can be found on pages 16-17 in

the textbook.)
 Table 1.4

Security
Requirement
s

(FIPS 200)

(page 2 of 2)

(Table can be found on pages 16-17 in

the textbook.)
 Fundamental Security
Design Principles
Economy of Fail-safe Complete
Open design
mechanism defaults mediation

Separation of Least common Psychological

Least privilege
privilege mechanism acceptability

Isolation Encapsulation Modularity Layering

Least
astonishment
 Attack Surfaces
Consist of the reachable and exploitable vulnerabilities in a
system

Examples:

Code that processes

Open ports on incoming data, email, An employee with
outward facing Web XML, office access to sensitive
Services available on Interfaces, SQL, and
and other servers, documents, and information vulnerable
the inside of a firewall Web forms
and code listening on industry-specific to a social
those ports custom data engineering attack
exchange formats
 Attack Surface
Categories
Network Software
Human Attack
Attack Attack
Surface
Surface Surface
Vulnerabilities over an
Vulnerabilities in
enterprise network, wide-
application, utility, or
area network, or the
operating system code
Internet

Vulnerabilities created by
personnel or outsiders, such
as social engineering,
human error, and trusted
Included in this category insiders
are network protocol
vulnerabilities, such as
those used for a denial-of- Particular focus is Web
service attack, disruption of server software
communications links, and
various forms of intruder
attacks
Computer Security
Strategy
Security Policy Security
• Formal statement of Implementation
rules and practices that • Involves four
specify or regulate how a complementary courses
system or organization of action:
provides security • Prevention
services to protect
sensitive and critical • Detection
system resources • Response
• Recovery

Assurance Evaluation
• Encompassing both • Process of examining a
system design and computer product or
system implementation, system with respect to
assurance is an attribute certain criteria
of an information system • Involves testing and may
that provides grounds also involve formal
for having confidence analytic or mathematical
that the system operates techniques
such that the system’s
security policy is
enforced
 Standards
• Standards have been developed to cover
management practices and the overall architecture of
security mechanisms and services
• The most important of these organizations are:
o National Institute of Standards and Technology (NIST)
• NIST is a U.S. federal agency that deals with measurement
science, standards, and technology related to U.S. government
use and to the promotion of U.S. private sector innovation
o Internet Society (ISOC)
• ISOC is a professional membership society that provides
leadership in addressing issues that confront the future of the
Internet, and is the organization home for the groups
responsible for Internet infrastructure standards
o International Telecommunication Union (ITU-T)
• ITU is a United Nations agency in which governments and the
private sector coordinate global telecom networks and services
o International Organization for Standardization (ISO)
• ISO is a nongovernmental organization whose work results in
international agreements that are published as International
 Summary
• Computer security • Fundamental
concepts security design
o Definition principles
o Challenges
o Model • Attack surfaces
• Threats, attacks, and attack trees
o Attack surfaces
and assets o Attack trees
o Threats and attacks
o Threats and assets • Computer
• Security functional security strategy
o Security policy
requirements o Security
• Standards implementation
o Assurance and
evaluation