1. Introduction

Topics to be discussed

• In order to hack or crack, you must be a genius or a UNIX guru (?)
  
  
• Security education will weaken network security, instead of strengthening it (?)
  
  
• Today we need security education more than ever (?)
  
  
• The more security is the better (?)

The two most common reasons for security breaches

• Misconfiguration of the victim host: most operating systems ship in an insecure state
  
  
  • Active state problems: in the active state of insecurity in shipped software, some utilities are enabled for convenience and this fact (and its implication to security) is unknown to the user. These utilities, while enabled, can foster security holes. The solution is to turn off or properly configure the offending utility or service. Typical examples of active state problems include:
    
    
    • Network printing utilities
    • File-sharing utilities
    • Default passwords
    • Sample networking programs
    
    
  • Passive state problems: the passive state involves operating systems with built-in security utilities that are disabled for efficiency. Examples include:
    
    
    • Logging utilities
    • Security programs that administer file-access privileges
  
  Both active and passive states of insecurity in software result from the consumer's lack of knowledge (not from any vendor's act or omission). This is an education issue.
  
  
  
• System flaws or deficiency of vendor response
  • System flaws: a system flaw is any element of a program that causes the program to
    
    
    • Work improperly (under either normal or extreme conditions)
    • Allow crackers to exploit that weakness (or improper operation) to damage or gain control of a system
    • Pure flaws: a security flaw nested within the security structure itself:
      • Netscape Secure Sockets Layer (SSL)

    • Secondary flaws: a secondary flaw is any flaw arising in a program that, while totally unrelated to security, opens a security hole elsewhere on the system:
      • flaws within programs that require special access privileges in order to complete its tasks.

    Whether pure or secondary, system flaws are especially dangerous to the Internet community because they often emerge in programs that are used on a daily basis, such as FTP or Telnet.

  • Vendor response: possible reasons for poor vendor response include:
    • When the affected application is comprehensively tied to the operating-system source

    • When the application is very widely in use or is a standard

    • When the application is third-party software and that third party has poor support, has gone out of business, or is otherwise unavailable

  In these instances, a patch (or other solution) can provide temporary relief. However, for this system to work effectively, all users must know that the patch is available. Notifying the public would seem to be the vendor's responsibility and, to be fair, vendors post such patches to security groups and mailing lists. However, vendors might not always take the extra step of informing the general public. In many cases, it just isn't cost effective.

  Users who have good knowledge of their network utilities, of holes, and of patches are well prepared. Users without such knowledge tend to be victims.

  
  

Why Education in Security Is Important

Who needs to be educated about Internet security? The answer is: all the network users.
• Commerce on the Net concerns
  • business people
  • consumers
  • software vendor who supplies the tools to facilitate that commerce

• Privacy for general public: an Orwellian society?

• Corporate Database

• Government Database on personal data

• Operating Systems
  • Open Systems: UNIX
  • Closed and Proprietary Systems: Macintosh

Hackers and Crackers

• A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data.

• A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.