INFORMATION INFRASTRUCTURE: NEXT TERROR TARGET?By Manuel Cereijo As the war on terrorism continues, security experts fear that the next battleground could be on the information infrastructure front. Such attacks could disrupt power systems, penetrate financial institutions and disable voice communications systems. The United States is not producing the talent or investment needed to confront the threat. A shortage of trained information security specialists, poorly designed and tested software, and a lack of funding for security education and research poses serious risks to the country's infrastructure. We have too few trained individuals who really understands the principles of security and there is almost no national investment in producing more. The incredible growth of our society's deployment of computing has too often been conducted with concerns for issues of safety, security and reliability. The scope of infrastructure protection is larger than just computer security, and we should be concern with a broader scope, that could be called information assurance. Information assurance also involves issues of physical security, malicious software, privacy, software engineering, database security, network security, computer forensics, intrusion detection, and several other fields. Anyone who produces computer code or build systems should be aware that some practices are more dangerous than others, could cause harm to the public and infringe on privacy. Engineers in particular should have an awareness that there are areas where their expertise does not reach and they need to call in specialists. Information security specialists are a scarce commodity. Of the 23 leading U.S. universities involved in computer security research, only 20 Ph.Ds were granted in the last three years. There are probably fewer than 100 faculty in the United States who really have some experience on this field. There are very few who have a broad view and actually can address the whole area. Instead of finding ways to design new systems resistant to attack, must of the effort is directed at how to apply new patches to the same old, buggy code. This does not serve to fix the long-term problems. The immediate problems of cyber systems can be patched by implementing best practices, but these will not address the fundamental problems of cyberterrorism. From the Bejucal base in Cuba, besides the listening to telecommunication channels in the United States, they can also produce attacks on the security of the United States' computer systems or networks. The general categories of attack are:
CATEGORIES OF ATTACKSA useful categorization of these attacks is in terms of passive attacks and active attacks. Passive attacks are in the nature of monitoring of transmissions. The goal of the attacker is to obtain information that is being transmitted. Two types of passive attacks are(1) release of message content;(2) traffic analysis. A release of message content is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. The second passive attack, traffic analysis, is more subtle. Suppose that we had a way of masking the contents of a message or other information traffic so that Cuba, even if they capture the information, could not extract the real information because of the use of encryption. The attacker could after a period of time extract the information and messages, defeating the encryption process. The second major category of attack is active attacks. These attacks involve some modification of the data stream or the creation of a false stream. It can be subdivided into four categories: masquerade, replay, modification of message, denial of service. A masquerade takes place when the attacker, under certain entity, pretends to be a different entity, and therefore enabling an authorized entity to obtain extra privileges. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. Modification of service simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. The denial of service prevents or inhibits the normal use or management of communications facilities. This is a very important and serious possible attack. It could disrupt an entire network, either by disabling the network or by overloading it with messages so as to degrade performance. The attacker could target airports, financial centers, power companies, dams control centers, etc. It is quite difficult to prevent active attacks. The goal is to detect them and to recover from any disruption or delays caused by them. INTRUDERSThere are three classes of intruders:
The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system. The intruder must acquired information that should have been protected. In most cases, this information is in the form of a password. The password file can be protected by one way encryption or by limiting the access control to the file. What are the most common techniques used so far to try to break into a system?
SUMMARYNetwork security has assumed increasing importance. Individuals, corporations, government agencies, must heighten their awareness to protect data and messages, and to protect systems from network-based attacks. The disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security. END Manuel Cereijo INGMCA@aol.com
|