SystemsSec 2018W Lecture 3
Class 3, January 15
1st Era (Time Sharing Systems)
Computing originated from cracking codes during WWII and initial computer security came from physical security measures put in place to limit physical access to the machine.
- Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
- Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
- Programmers didn't actually interact with the computer, the code went through Operators.
- Switched to time sharing which allowed many users to access the same machine concurrently through multiple terminals.
Eventually people started wanting more time and resources with the computer and this caused the organization (HR) to start creating policy to manage the mainframe. Creating these policies lead to the computer getting the power to say 'No' to operations, which is the early creation of software based access control.
- Access control
- Users, Groups
- ACLs (Access control list)
However the number of people with knowledge about these systems was limited and all of them could easily circumvent the policy.
2nd Era (Personal Computers)
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...). This era of personal computers is all about copy protection and piracy as files could now be shared among peers and copied onto their own computer.
- Copy protection
- any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
- essentially telling a personal computer not to do what it was made to do.
- the unauthorized use or reproduction of another's work.
Mostly driven by people's desire to share games with their friends, the widespread sharing of software from unknown sources allowed for "malicious" programs to spread. When you introduce file-sharing between computers you get the invention of computer viruses (malicious software) and anti-virus software (added policy to protect resources).
3rd Era (Networking)
Once you start networking computers together, both the previous era problems are now combined and become much more important. As computers are now interconnected, attacks are possible through the internet. An example is the Morris Worm that was a combination of various software bugs used to circumvent access controls. Although it had no malicious intent behind the creation, a bug in the code made it continue to duplicate itself and crash the system.
It was determined that more complicated security measures were necessary.
- Attackers perspective
- find exploits
- infect systems
- Defenders perspective
- find exploits before they're used
- patch them
- or patch exploits after they're used.
- Unix Directory System
- Labels for processes, files, directories, read/write/execute permissions.
- Users: UID
- Groups: GID
- Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.
- The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.
You can understand any mechanism by looking at where it came from and what problem it was designed to solve.
"The internet today is a result of evolution."
9 Firewall 8 Windows Defender 5 Windows Firewall 5 https 5 Google Authenticator 4 SSL 4 Passwords 3 VPN 3 uBlock Origin 3 SSH 3 KeePass 3 firewall 3 Cryptography 3 Antivirus 3 2FA 2 Wireshark 2 vpn 2 Virtual Machines 2 Valve Anti Cheat 2 traceroute 2 password 2 OpenVPN 2 netstat 2 Netcat 2 md5sum 2 Malwarebytes Anti-Malware 2 Malwarebytes 2 HTTPS 2 Filevault 2 encryption 2 Anti-virus 2 antivirus 2 access control