Network Security – FMIPA UGM

I do not believe in cryptography as the only solution to setting up a secure system.

Security is based on a tight interaction between

(1) cryptography : the art and science of encrypting and decrypting a data/information/message/packet

(2) protocol : the rules governing interaction/communication between two parties

(3) access control : who are allowed to do what

(4) software : cryptography, protocol, and access control are implemented in software. Therefore if there is a flaw in software then the best approach in cryptography, protocol, and access control fails.

The following picture depicts the relation between those concepts.

photo.JPG

Buffer overflow (until now still used to break in a system) originated in a software flaw (it is the flaw in the programming language C).

SQL injection is a software flaw.

Cross-site scripting is a software flaw.

There is also problem of firewall rules rewriting in which rules governing the firewall may overwrite other rules resulting in allowing forbidden traffic, or forbidding allowed traffic.

Security initiative should not be done exhaustively. Absolute security is not achievable.

Take as an example, an intrusion detection algorithm, or a porn-site blocking algorithm.  A detection algorithm can be based on

(1) a feature

(2) a knowledge

In both cases, false alarm might happen. A false alarm is a situation in which the alarm is set on a wrong situation:

(1) a false positive : the algorithm detects the presence of something which does not exist

(2) a false negative : the algorithm detects the absence of something which exists

The following figure illustrates transition between novice, script kiddy, systems programmer, cracker, dan hacker.

photo2.JPG

Leave a Reply