Table of Contents
Foreword xxiii
Preface xxvii
About the Authors xxxv
Chapter 1: Security Blanket or Security Theater? 2
How Dependent Are We on Computers? 6
What Is Computer Security? 8
Threats 11
Harm 24
Vulnerabilities 30
Controls 30
Analyzing Security With Examples 33
Conclusion 34
Exercises 35
Chapter 2: Knock, Knock. Who’s There? 38
Attack: Impersonation 39
Attack Details: Failed Authentication 40
Vulnerability: Faulty or Incomplete Authentication 41
Countermeasure: Strong Authentication 47
Conclusion 64
Recurring Thread: Privacy 67
Recurring Thread: Usability 69
Exercises 71
Chapter 3: 2 + 2 = 5 72
Attack: Program Flaw in Spacecraft Software 74
Threat: Program Flaw Leads to Security Failing 75
Vulnerability: Incomplete Mediation 77
Vulnerability: Race Condition 79
Vulnerability: Time-of-Check to Time-of-Use 82
Vulnerability: Undocumented Access Point 84
Ineffective Countermeasure: Penetrate-and-Patch 85
Countermeasure: Identifying and Classifying Faults 86
Countermeasure: Secure Software Design Elements 90
Countermeasure: Secure Software Development Process 97
Good Design 103
Countermeasure: Testing 114
Countermeasure: Defensive Programming 122
Conclusion 123
Recurring Thread: Legal—Redress for Software Failures 125
Exercises 128
Chapter 4: A Horse of a Different Color 130
Attack: Malicious Code 131
Threat: Malware—Virus, Trojan Horse, and Worm 132
Technical Details: Malicious Code 138
Vulnerability: Voluntary Introduction 155
Vulnerability: Unlimited Privilege 157
Vulnerability: Stealthy Behavior—Hard to Detect and Characterize 157
Countermeasure: Hygiene 158
Countermeasure: Detection Tools 159
Countermeasure: Error Detecting and Error Correcting Codes 166
Countermeasure: Memory Separation 170
Countermeasure: Basic Security Principles 171
Recurring Thread: Legal—Computer Crime 172
Conclusion 177
Exercises 178
Chapter 5: The Keys to the Kingdom 180
Attack: Keylogging 181
Threat: Illicit Data Access 182
Attack Details 182
Harm: Data and Reputation 186
Vulnerability: Physical Access 186
Vulnerability: Misplaced Trust 187
Vulnerability: Insiders 189
Vulnerability: System Subversion 191
Recurring Thread: Forensics—Tracing Data Flow 193
Vulnerability: Weak Authentication 194
Failed Countermeasure: Security through Obscurity 194
Countermeasure: Physical Access Control 196
Countermeasure: Strong Authentication 198
Countermeasure: Trust/Least Privilege 202
Conclusion 204
Recurring Thread: Forensics—Plug-and-Play Devices 205
Exercises 207
Interlude A: Cloud Computing 210
What Is Cloud Computing? 211
What Are the Risks in the Cloud? 213
Chapter 6: My Cup Runneth Over 216
Attack: What Did You Say That Number Was? 217
Harm: Destruction of Code and Data 218
Vulnerability: Off-by-One Error 230
Vulnerability: Integer Overflow 231
Vulnerability: Unterminated Null-Terminated String 232
Vulnerability: Parameter Length and Number 233
Vulnerability: Unsafe Utility Programs 234
Attack: Important Overflow Exploitation Examples 234
Countermeasure: Programmer Bounds Checking 244
Countermeasure: Programming Language Support 244
Countermeasure: Stack Protection/Tamper Detection 247
Countermeasure: Hardware Protection of Executable Space 249
Countermeasure: General Access Control 261
Conclusion 272
Exercises 274
Chapter 7: He Who Steals My Purse . . . 276
Attack: Veterans’ Administration Laptop Stolen 277
Threat: Loss of Data 278
Extended Threat: Disaster 278
Vulnerability: Physical Access 279
Vulnerability: Unprotected Availability of Data 279
Vulnerability: Unprotected Confidentiality of Data 279
Countermeasure: Policy 280
Countermeasure: Physical Security 280
Countermeasure: Data Redundancy (Backup) 282
Countermeasure: Encryption 286
Countermeasure: Disk Encryption 325
Conclusion 326
Exercises 329
Chapter 8: The Root of All Evil 332
Background: Operating System Structure 333
Attack: Phone Rootkit 337
Attack Details: What Is a Rootkit? 338
Vulnerability: Software Complexity 347
Vulnerability: Difficulty of Detection and Eradication 347
Countermeasure: Simplicity of Design 348
Countermeasure: Trusted Systems 353
Conclusion 364
Exercises 365
Chapter 9: Scanning the Horizon 368
Attack: Investigation, Intrusion, and Compromise 369
Threat: Port Scan 370
Attack Details 371
Harm: Knowledge and Exposure 374
Recurring Thread: Legal—Are Port Scans Legal? 375
Vulnerability: Revealing Too Much 376
Vulnerability: Allowing Internal Access 376
Countermeasure: System Architecture 377
Countermeasure: Firewall 378
Countermeasure: Network Address Translation (NAT) 397
Countermeasure: Security Perimeter 399
Conclusion 400
Exercises 402
Chapter 10: Do You Hear What I Hear? 404
Attack: Wireless (WiFi) Network Access 405
Harm: Confidentiality–Integrity–Availability 412
Attack: Unauthorized Access 414
Vulnerability: Protocol Weaknesses 414
Failed Countermeasure: WEP 418
Stronger but Not Perfect Countermeasure: WPA and WPA2 422
Conclusion 426
Recurring Thread: Privacy—Privacy-Preserving Design 427
Exercises 429
Chapter 11: I Hear You Loud and Clear 432
Attack: Enemies Watch Predator Video 433
Attack Details 434
Threat: Interception 437
Vulnerability: Wiretapping 441
Countermeasure: Encryption 448
Countermeasure: Virtual Private Networks 452
Countermeasure: Cryptographic Key Management Regime 456
Countermeasure: Asymmetric Cryptography 459
Countermeasure: Kerberos 464
Conclusion 468
Recurring Thread: Ethics—Monitoring Users 471
Exercises 472
Interlude B: Electronic Voting 474
What Is Electronic Voting? 475
What Is a Fair Election? 477
What Are the Critical Issues? 477
Chapter 12: Disregard That Man Behind the Curtain 482
Attack: Radar Sees Only Blue Skies 483
Threat: Man in the Middle 484
Threat: “In-the-Middle” Activity 487
Vulnerability: Unwarranted Trust 498
Vulnerability: Failed Identification and Authentication 499
Vulnerability: Unauthorized Access 501
Vulnerability: Inadequate Attention to Program Details 501
Vulnerability: Protocol Weakness 502
Countermeasure: Trust 503
Countermeasure: Identification and Authentication 503
Countermeasure: Cryptography 506
Related Attack: Covert Channel 508
Related Attack: Steganography 517
Conclusion 519
Exercises 520
Chapter 13: Not All Is as It Seems 524
Attacks: Forgeries 525
Threat: Integrity Failure 530
Attack Details 530
Vulnerability: Protocol Weaknesses 542
Vulnerability: Code Flaws 543
Vulnerability: Humans 543
Countermeasure: Digital Signature 545
Countermeasure: Secure Protocols 566
Countermeasure: Access Control 566
Countermeasure: User Education 568
Possible Countermeasure: Analysis 569
Non-Countermeasure: Software Goodness Checker 571
Conclusion 572
Exercises 574
Chapter 14: Play It [Again] Sam, or, Let’s Look at the Instant Replay 576
Attack: Cloned RFIDs 577
Threat: Replay Attacks 578
Vulnerability: Reuse of Session Data 580
Countermeasure: Unrepeatable Protocol 580
Countermeasure: Cryptography 583
Conclusion: Replay Attacks 584
Similar Attack: Session Hijack 584
Vulnerability: Electronic Impersonation 588
Vulnerability: Nonsecret Token 588
Countermeasure: Encryption 589
Countermeasure: IPsec 593
Countermeasure: Design 596
Conclusion 597
Exercises 598
Chapter 15: I Can’t Get No Satisfaction 600
Attack: Massive Estonian Web Failure 601
Threat: Denial of Service 602
Threat: Flooding 602
Threat: Blocked Access 603
Threat: Access Failure 604
Case: Beth Israel Deaconess Hospital Systems Down 605
Vulnerability: Insufficient Resources 606
Vulnerability: Addressee Cannot Be Found 611
Vulnerability: Exploitation of Known Vulnerability 613
Vulnerability: Physical Disconnection 613
Countermeasure: Network Monitoring and Administration 614
Countermeasure: Intrusion Detection and Prevention Systems 618
Countermeasure: Management 630
Conclusion: Denial of Service 633
Extended Attack: E Pluribus Contra Unum 635
Technical Details 638
Recurring Thread: Legal—DDoS Crime Does Not Pay 643
Vulnerability: Previously Described Attacks 643
Countermeasures: Preventing Bot Conscription 645
Countermeasures: Handling an Attack Under Way 647
Conclusion: Distributed Denial of Service 648
Exercises 649
Interlude C: Cyber Warfare 652
What Is Cyber Warfare? 653
Examples of Cyber Warfare 654
Critical Issues 656
Chapter 16: ’Twas Brillig, and the Slithy Toves . . . 662
Attack: Grade Inflation 663
Threat: Data Corruption 664
Countermeasure: Codes 667
Countermeasure: Protocols 668
Countermeasure: Procedures 669
Countermeasure: Cryptography 670
Conclusion 673
Exercises 674
Chapter 17: Peering through the Window 676
Attack: Sharing Too Much 677
Attack Details: Characteristics of Peer-to-Peer Networks 677
Threat: Inappropriate Data Disclosure 680
Threat: Introduction of Malicious Software 681
Threat: Exposure to Unauthorized Access 682
Vulnerability: User Failure to Employ Access Controls 683
Vulnerability: Unsafe User Interface 683
Vulnerability: Malicious Downloaded Software 684
Countermeasure: User Education 685
Countermeasure: Secure-by-Default Software 685
Countermeasure: Legal Action 686
Countermeasure: Outbound Firewall or Guard 688
Conclusion 689
Recurring Thread: Legal—Protecting Computer Objects 691
Exercises 704
Chapter 18: My 100,000 Nearest and Dearest Friends 706
Attack: I See U 707
Threat: Loss of Confidentiality 708
Threat: Data Leakage 709
Threat: Introduction of Malicious Code 710
Attack Details: Unintended Disclosure 711
Vulnerability: Exploiting Trust Relationships 721
Vulnerability: Analysis on Data 722
Vulnerability: Hidden Data Attributes 722
Countermeasure: Data Suppression and Modification 724
Countermeasure: User Awareness and Education 729
Countermeasure: Policy 733
Conclusion 734
Exercises 736
Afterword 738
Challenges Facing Us 739
Critical Issues 741
Moving Forward: Suggested Next Steps for Improving Computer Security 742
And Now for Something a Little Different 746
Bibliography 749
Index 773