In order to perform this service properly, the confidentiality service must work with the accountability service to properly identify individuals.. The confidentiality ser-vice must take
Trang 1CHAPTER 3
Information Security Services
27 Copyright 2001 The McGraw-Hill Companies, Inc Click Here for Terms of Use
Trang 2Information security services are the base-level services that are used to combat the
at-tacks defined in Chapter 2 Each of the four security services combats specific atat-tacks (see Table 3-1) The services defined here should not be confused with security mecha-nisms, which are the actual implementations of these services
The specifics of how information security services are used within an organization de-pend upon proper risk assessment and security planning (see Chapters 6 and 7) However,
to understand the basic requirements for security within an organization, it is important to understand how security services can be used to counter specific types of attacks
CONFIDENTIALITY
The confidentiality service provides for the secrecy of information When properly used, confidentiality only allows authorized users to have access to information In order to perform this service properly, the confidentiality service must work with the accountability service to properly identify individuals In performing this function, the confidentiality service protects against the access attack The confidentiality ser-vice must take into account the fact that information may reside in physical form in paper files, in electronic form in electronic files, and in transit
Confidentiality of Files
There are different ways to provide for the confidentiality of files depending upon the way in which the file exists For paper files, the physical paper file must be protected The physical file must exist at a particular location; therefore, access to this location must be controlled The confidentiality service for paper files relies on physical access controls This includes locks on file cabinets or desk drawers, restricted rooms within a site, or ac-cess restrictions on the site itself
If the files are electronic, they have different characteristics First, the files may exist in several locations at the same time (backup tapes, various computer systems, floppy disks or
Security Service Attack Confidentiality Integrity Availability Accountability
Denial of service X
Table 3-1. Information Security Services vs Attacks
Trang 3CDs, and so on) Second, physical access to the file’s physical location may not be necessary.
Handling the confidentiality of tapes and disks is similar to handling the physical security of
paper files Since an attacker must physically access the tape or disk, confidentiality requires
physical access controls Access to electronic files on computer systems relies on some type
of computer access control (this may include the encryption of files) Computer access
con-trol relies on proper identification and authentication (an accountability service) and proper
system configuration so that an unauthorized user cannot become an authorized user by
by-passing the identification and authentication function (such as via a system vulnerability)
Table 3-2 shows the mechanisms and requirements for the confidentiality of files
Confidentiality of Information in Transmission
Only protecting information stored in files is not sufficient to properly protect the
infor-mation Information can also be attacked while in transmission Therefore, protecting the
confidentiality of information in transmission may also be necessary (see Figure 3-1); this
is done through the use of encryption
Information can be protected on a per-message basis or by encrypting all traffic on a link
Encryption by itself can prevent eavesdropping but it cannot completely prevent
intercep-tion In order to protect information from being intercepted, proper identification and
au-thentication must be used to determine the identity of the remote end point (see Figure 3-2)
Traffic Flow Confidentiality
Unlike other confidentiality services, traffic flow confidentiality is not concerned with the
actual information being stored or transmitted Traffic flow confidentiality is concerned
with the fact that some form of traffic is occurring between two end points (see
Fig-ure 3-3) This type of information can be used (by a traffic analyst) to identify
organiza-tions that are communicating The amount of traffic flowing between the two end points
may also indicate some information For example, many news organizations watch
deliv-eries of pizza to the White House and the Pentagon The idea is that an increase in the
number of pizzas may indicate a crisis is occurring
Chapter 3: Information Security Services 29
Confidentiality mechanisms Physical security controls
Computer file access control Encryption of files
File confidentiality requirements Identification and authentication
Proper computer system configuration Proper key management if encryption is used
Table 3-2. File Confidentiality Mechanisms and Requirements
Trang 4Traffic flow confidentiality can be provided by obscuring information flows between two end points within a much larger flow of traffic In the military, two sites may set up communications and then send a constant flow of traffic regardless of the number of mes-sages that are actually sent (the remainder is filled up with garbage) In this way, the amount
of traffic remains constant and any changes to the message rate will not be detected
Attacks That Can Be Prevented
Confidentiality can prevent access attacks However, confidentiality by itself cannot completely solve the problem The confidentiality service must work with the account-ability service to establish the identity of the individual who is attempting to access infor-mation Combined, the confidentiality and accountability services can reduce the risk of unauthorized access
INTEGRITY
The integrity service provides for the correctness of information When properly used, in-tegrity allows users to have confidence that the information is correct and has not been modified by an unauthorized individual As with confidentiality, this service must work
30 Network Security: A Beginner’s Guide
Figure 3-1. Encryption can protect information in transmission
TE AM
FL Y
Team-Fly®
Trang 5with the accountability service to properly identify individuals The integrity service
pro-tects against modification attacks Information to be protected by the integrity service
may exist in physical paper form, in electronic form, or in transit
Integrity of Files
Information may exist in paper or electronic files Paper files are generally easier to
pro-tect for integrity than electronic files, and it is generally easier to identify when a paper
file was modified I say “generally” here as there is some amount of skill required to
mod-ify a paper file in such a way that it will pass inspection while an electronic file can be
modified by anyone with access to it
There are several ways to protect paper files from modification These include using
sig-nature pages, initialing every page, binding the information in a book, and distributing
mul-tiple copies of the file in question The integrity mechanisms are used to make it very
difficult for a modification to go unnoticed Certainly forgers can copy signatures but this is
a difficult skill Initialing every page makes a simple page replacement difficult Binding
documents into books makes the insertion or deletion of entries or pages difficult Making
multiple copies of the information and distributing the copies to interested parties makes it
difficult to successfully change all of the documents at the same time
Chapter 3: Information Security Services 31
Figure 3-2. Encryption coupled with identification and authentication can protect against
interception
Trang 6Of course, another way to prevent the modification of paper documents is to prevent unauthorized access completely This can be accomplished through the same mecha-nisms used for confidentiality (that is, physical security measures)
Electronic files are generally easier to modify In many cases, all it takes is to bring the file up in a word processor and insert or delete the appropriate information When the file
is saved, the new information takes the place of the old The primary method of protect-ing the integrity of electronic information files is the same as for protectprotect-ing the confidenti-ality of the information, computer file access control In this case, however, the access
Figure 3-3. Traffic flows can identify which organizations are working together
Trang 7control mechanism is not configured to completely deny access but instead is configured
to allow for the reading of the file but not for the writing of changes Also, as with
confi-dentiality, it is very important to correctly identify the individual seeking to make a
change This can only be performed through the use of identification and authentication
The use of computer file access controls works well if the files reside on a single
com-puter system or a network within the control of the organization What if the file is to be
copied to other parties or organizations? In this case, it is clear that the access controls on a
single computer system or network are insufficient to provide protection Therefore,
there must be a mechanism that can identify when an unauthorized change has been
made to the file That mechanism is a digital signature (see Chapter 12 for more detail on
digital signatures) A digital signature on a file can identify if the file has been modified
since the signature was created In order to be worthwhile, the digital signature must be
identified with a particular user; thus, the integrity service must work with the
identifica-tion and authenticaidentifica-tion funcidentifica-tion
Integrity of Information Transmission
Information can be modified during transmission However, it is extremely difficult to
modify traffic without performing an interception attack Encryption can prevent most
forms of modification attacks during transmission When coupled with a strong
identifi-cation and authentiidentifi-cation function, even interception attacks can be thwarted (look back
to Figure 3-2)
Attacks That Can Be Prevented
The integrity service can prevent successful modification and repudiation attacks While
any modification attack may change a file or information in transit, modification attacks
cannot be successful if the integrity service is functioning properly as the unauthorized
change will be detected When coupled with a good identification and authentication
ser-vice, even changes to files outside of the organization can be detected
Successful repudiation attacks cannot be prevented without both a good integrity
ser-vice and good identification and authentication In this case, the mechanism to detect the
attack is a digital signature
AVAILABILITY
The availability service provides for information to be useful Availability allows users to
access computer systems, the information on the systems, and the applications that
per-form operations on the inper-formation Availability also provides for the communications
systems to transmit information between locations or computer systems The
informa-tion and capabilities most often thought of when we speak of availability are all
elec-tronic However, the availability of paper information files can also be protected
Chapter 3: Information Security Services 33