Building a Secure Computing System - Assignment Example

Running Head: Security Assessment Security Assessment Name Institution Security Assessment Question 1: Significance of the key characteristics of information, namely the CIA, to information security. Information security is inclusive of data security, information security management, network security and data security. Policy is the major part of all information security efforts. The CIA triangle is comprised of the following parts; Confidentiality, Integrity and Availability. The confidentiality of information makes certain that the access of certain information is only available to those who have sufficient privileges. The protection of confidentiality is facilitated by the execution of the following measures; secure document storage, end users education, the classification of information and the use of general security policies. Integrity is defined as the state or quality of being intact and uncorrupted. Information integrity is shaken in the event of its exposure to damage, destruction, corruption or any other kind of disruption. It is noted that corruption may occur during its compilation, transmission and storage. Availability refers to the art of ensuring that information is readily accessible to the user without any form of obstruction or interference and thus is in the format in which it is required. In the aforementioned definition; a user refers to a computer or to another person (Granneman, 2005). Below is a diagrammatic representation of CIA. The relationship between availability, integrity, data confidentiality and concerns that pertain to fabrication, modification, interruption and interception. The last components are a threat to data security whereas the first three serve to augment data security. Security in terms of information technology refers to the state or quality of data being secure. Security is secured through a number of strategies that are undertaken at once or in combination of each other. Confidentiality, Integrity and availability are Information security’s vital concepts. On the other hand fabrication, interruption, modification and interception are threats to data and therefore comprise confidentiality, availability and integrity. Threats can be defined as an abuse of information systems which are computer based. The occurrence of threats could imply a loss of security. An interruption is defined as an attack in which an asset is not availed or is destroyed and therefore cannot be utilized. This category of threat is inclusive of a number of different network attacks such as physical attacks (Floyd, 2006). An example of a physical attack is a circumstance in which a person may disable a router, remove it or even turn it off. Another form of interruption would be manifested when an intruder obtains unrestricted access through the use of telnet or some form of an out of band commanding and management router interfaces to disable the network hence shut down and interrupt traffic. An example of interruption is Denial of Service threat. Interception is a prevalent form of attack in which snooping on network traffic is conducted so as to get data like credit card numbers, passwords or other sensitive forms of information that may be transferred in clear text. This form of attack may be blocked by the use of encryption techniques such as VPN, BPI+, SSL and 3DES. Modification is a type of attack that entails the falsification of data by a third party before the sent information gets to its destination (Gasser, 1988). An example of a modification method is Port Redirection. It can be stopped by the use of intrusion detection devices such as IDS, Intrusion Detection Systems. Fabrication is similar to modification but the only difference is that the third party sends information to the destination while feigning to be the original source (Floyd, 2006). Question 2: How do the NIST criteria for selection of DES and AES relate to Shannon’s original standards of a good cryptographic system? What are the significant differences? How do these standards reflect a changed environment many years after Shannon wrote his standards? According to Shannon, a good cipher is characterized by; 1. The extent of secrecy required to determine the quantity of labor that is appropriate for decryption and encryption (Gasser, 1988). 2. The enciphering algorithm and set of keys should not be complex. 3. Process implementation should be very simple. 4. Ciphering errors should not propagate and result in corruption of information in messages. 5. Enciphered text should not be as large as the original message (Summer, 1997). The selection of a good cryptographic system by the use of NIST satisfies the following points on Shannon’s criteria; 1, 2, 3, and 5. Since DES and AES have sound mathematically encryption in conjunction with the keys which are not complex (though there are instances in which there are simple bad passwords). The process implementation is comparatively simple since it easily can be programmed into hardware and thus facilitates the automatic encoding process (Pfleeger, 2006). However there is a significant difference between Shannon’s proposal and NIST’s choice in that the DES and AES encryption is that if there is a cipher error then the whole cipher falls since the entire data would ultimately become unreadable. After Shannon’s stipulation of his standards and with technology advancement, most mathematical encryptions could ultimately be automatically processed by the use of machines and computers with a zero error. Therefore it is not advisable to tolerate errors in cipher texts. Question 3: Security decision making should be based on rational thinking and sound judgement. In this context critique five security design principles. 1.) The secure default’s principle applies to the first system configuration in conjunction with the negative nature of security functions and access control. The “as shipped” system configuration or component is not permitted to assist in security policy violation. There are numerous examples in recent commercial systems’ years that have been developed in a configuration which is not adequately self-protective resulting into security breaches that may occur before the appropriate establishment of the configuration (Schroeder et al, 1977). The following are examples of secure mechanisms that secure the initial configuration that may be applied to passwords, audit and firewalls. The second part of the principle states that security mechanisms are not permitted to allow requests (for example to gain access to a particular file). This holds unless the request is consistent and well formed with security policies. The alternative is to permit a request which is opposite of its inconsistent policies. It is stated that in a huge system, conditions are required to be satisfied so as to facilitate a request that is rejected by default. The conditions must be permitted so as to grant a request which is denied by default and are far more complete and compact as compared to those that would warrant being processed so as to deny requests which are granted by default (for instance the firewall filtering rules). 2.) The accountability and traceability principle relays that actions which are security relevant and are traceable to entities whose actions are taken on their behalf. The principle stipulates that the designer is required to erect an infrastructure which is trustworthy and which is able to record details pertaining to actions which affect the security system (for instance an audit system). So as to accomplish the aforementioned, the system is required to exclusively identify the entity whose behalf an action is being carried out and also record all the relevant sequences and actions which are propagated(Floyd, 2006). In addition, accountability policies are required to be audit trailed and also protected from access which is not authorized. Also, their modifications provide repudiation and their action is recorded and is further not possible in the audit trail change. 3.) The principle of continuous protection states that the information protection that is required by security policy (for example user domain’s access control) or for the system’s self protection (for example the maintenance of the kernel code’s integrity and data) must be shielded to a continuity level which is consistent with security architecture and security policy assumptions. There are no guarantees that pertain to privacy, confidentiality and integrity that can be put if the system is left unprotected while under the management of the system (for instance storage, creation, processing, storage and the communication of data during system interruption, shutdown, initialization, failure and execution. As a result of system monitoring the enforcement of continuous security policy and the validation of requests, there is need to make invalid requests. 4.) The economic security principle stipulates that the security mechanisms that have strength is equal to the trustworthiness levels and as such are used as components which enforce security policies. The mechanisms that take place in security enforcement policies incur resource and computation overhead. The mechanism’s strength must be adequate in the satisfaction of system requirements. The utilization of security mechanisms that have great strength may get extra overheads. 5.) The self analysis principle stipulates that the component has to be able to review its internal functionality to a very limited level (this comes into play within “incompleteness theorem”) which is at various execution stages and also that of the capability of self analysis and must also be commensurate to the extent of trustworthiness that is put into a system. Question 4; Suggestion of the means which receivers are able to compensate and detect for clock drift as portions of the token. A server’s and token’s clock can be out of sync with each other. In which case the server would be able to detect and automatically correct that very minimal amount of drift (Summers, 1997). There are cases in which tokens may remain unused for long periods of time (weeks to months). The long periods could make the token drift very far and thus not allow for automatic compensation. It may be possible for the late entering of token code. In the case in which the token code is valid then the server may presume that the token’s clock may have drifted and therefore apply a compensation mechanism that may be erroneous and hence affect the token’s next authentication (Pfleeger, 2006). There are methods that may be utilized for the compensation of clock drift. Among these methods are the use of a conservative PI controller since a special case of compensation delay of controllers and frequent industrial use; the prognostic PI (PPI) controller. PI controller; the uninterrupted time parameterization of PI controller is C(s)= Kc (1+1/TIs (2) In which case TI and Kc are the controller integral time and gain respectively. A digital implementation may be utilized where control signal is calculated with respect to: uk = uk-1 + Kc ((1+ Ts/TI)(rk-yk)-(rk-1-yk-1)) (3) We will presume that the controller directives in light with the lambda tuning mechanism (6), which presume the process is assessed by the use of first order system with a given time delay G(s) = K/Ts + 1 e-Dsys (4) By the use of cancellation and approximation of dead time of open-loop denominator tuning results into; TI = T Kc = T/K(λ + Dsys) (5) Where λ is the preferred time constant present in the closed loop system. The PPI controller The PI controller (PPI) which predicts a certain Smith predictor (6) consider; G (s)= K/Ts + 1e-Ds (6) As seen in lambda tuning, the method of design is to choose a particular controller that eliminates the process pole which in turn makes a closed-loop pole which is equal to s = -1 λ, where λ refers to the desired reaction time of a given closed loop system. The controller parameters which are obtained are as below; Kc = T/ λK, TI = T (7) The controller which is as seen below; C(s) = 1 + sT/Ks λ 1/1 + 1/s λ(1-e-DsU) (9) Defining: Z (s) = 1/1+TIS U (s) (10) the equation 9 gets to; U (s)= Kc E (S) + Z (s) e –sD (11) The implementation of a digital PPI, leads to the conversion of a discrete domain: Zk = (1-a)q-1/1-aq-1uk (12) Where a = e –TS/TI. The equation to update zk is: Z k = aZk -1 + (1 -a)uk – 1 (13) Considering 11 and 13 it is possible to obtain the digital control command: uk = Kcek + Z k-1 (14) Question 5; End-to-end and link encryption being made use of in the same communication system. Yes. Advantages of dual use of the system and the situation of utilization. Link encryption is an encryption technique that facilitates the installation of encryption devices on both ends of the communicating devices (Anderson, 2000). This facilitates the safety of traffic over communication links. On the other hand, during end to end encryption data is only encrypted either at the source or terminal of the data. The data traffic in end to end encryption is transmitted in altered form on the network so as to reach the terminals or host (Floyd, 2006). To obtain greater security, there is need to make use of both end to end and link encryption. In the event of the utilization of both types of encryption forms, the host encrypts user data part of the packet by the utilization of a type of end to end encryption key. The whole packet is subsequently encrypted by the use of link encryption key. As the packet moves through the network, each and every switch decrypts the subsequent packet and utilizes the given link encryption key which then reads the header and encrypts the whole packet repeatedly before sending the packet out to the very next link. At that moment, the whole packet is secure with the exception of the time in which the packet moves away from a given packet switch and at that very particular time the clearance of the header is facilitated. References Floyd, B (2006).The Changing Face of Network Security Threats. Retrieved March 24, 2011 from http://www.infosecwriters.com/text_resources/pdf/Network_Security_Threats_BFloyd.pdf Pfleeger, C (2006). Security in Computing. Prentice Hall Summers, R (1997). Secure Computing. McGraw Hill, New York. Michael D. Schroeder, D, Clark, D & Saltzer, J (1977). The Multics Kernel Design Project. Proceedings of Sixth A.C.M Symposium of Operating System Principles pages 43-56. Gasser, M (1988). Building a Secure Computing System. Van Nostrand Reinhold. New York. Anderson, R (2000). Security Engineering. Wiley & Sons Inc. Read More