Security Basics

​Confidentiality, Integrity and Availability (CIA)

Secure information has three properties, often referred to by the "CIA Triad."

• Confidentiality—this means that the information should only be known to authorized users.

• Integrity—this means that the information is stored and transferred as intended and that any modification is authorized.

• Availability—this means that the information is accessible to those authorized to view or modify it.

Security Threats

Most organizations would like to think their networks were secure. They have set up user accounts, they have a stringent accounts policy, and they even audit security related events. But is that all there is to it? To understand security, you must understand the types of threats that your network faces.

Security Threats

There can be attempts to circumvent your security that come from within and without your network. These attacks could be malicious or simply implemented by the curious. They could be very technically sophisticated, or laughably simple, exploiting an oversight on your part for instance.

Security Threats

Let's look at some of the more common forms of attack, and examples of such attacks.

Confidentiality Concerns

Confidentiality means that information is only revealed to authorized people. This can be compromised in a number of ways:
Snooping—this is any attempt to get access to information on a host or storage device (data at rest) that you are not authorized to view. An attacker might steal a password or find an unlocked workstation with a logged-on user account, or they might install some sort of spyware on the host

Confidentiality Concerns

• Eavesdropping/wiretapping—this is snooping on data or telephone conversations as they pass over the network. Snooping on traffic passing over a network is also often called sniffing. It can be relatively easy for an attacker to "tap" a wired network or intercept unencrypted wireless transmissions. Networks can use segmentation and encryption to protect data in-transit.

Confidentiality Concerns

• Social engineering/dumpster diving—this means getting users to reveal information or finding printed information. We'll discuss this topic in more detail later in this unit.

Integrity Concerns

• Integrity means that the data being stored and transferred has not been altered without authorization. Some threats to integrity include the following attacks:

Integrity Concerns

• On-path attack—where a host sits between two communicating nodes, and transparently monitors, captures, and relays all communications between them. An on-path attack may be able to change the messages exchanged between a sender and receiver without them realizing. To protect against this, senders and receivers must authenticate themselves and use encryption to validate messages.

Integrity Concerns

• Replay—where a host captures another host's response to some server and replays that response in an effort to gain unauthorized access. Replay attacks often involve exploiting an access token generated by an application. The application needs to use encryption and time-stamping to ensure that the tokens cannot be misused

Integrity Concerns

• Impersonation—a common attack is where a person will attempt to figure out a password or other credentials to gain access to a host. The attacker can then hijack the authorizations allocated to the account and generally masquerade as that user. There are numerous ways to perform impersonation attacks, but an obvious one is to capture password packets in transit and work out which bit the password is.

Availability Concerns

• Availability means keeping a service running so that authorized users can access and process data whenever necessary. Availability is often threatened by accidents and oversights as well as active attacks..

Availability Concerns

• Denial of Service (DoS)—this is any situation where an attacker targets the availability of a service. A DoS attack might tamper with a system or try to overload it in some way. On the web, a Distributed Denial of Service (DDoS) uses hosts compromised with bot malware to launch a coordinated attack against a web service. The size of the botnet determines how easily the attacker can overwhelm the service

Availability Concerns

• Power outage—if you lose power, then clearly your computers cannot run. Using standby power can help mitigate this issue. It's also common for data corruption to occur when a computer is turned off rather than being shut down. Using an Uninterruptible Power Supply (UPS) can provide a means to safely close down a server if building power is interrupted

Availability Concerns

• Hardware failure—if a component in a server fails, then the server often fails. A hard disk contains moving parts and will eventually fail. If a disk fails, you will likely lose access to the data on the failed disk and quite possibly lose the data. You can compensate against hardware failure by provisioning redundant components and servers. The service is then configured to failover to a working component or server without interruption

Availability Concerns

• Destruction—the loss of a service or data through destruction can occur for a number of reasons. At one extreme, you might lose a data center through a fire or even an act of terrorism. At the other end of the spectrum, you might lose access to a server when a person accidentally spills coffee on a server or a malicious person deliberately smashes a computer. Either way, putting your servers in a physically secure room and controlling access to that room can help protect against these issues

Availability Concerns

• Service outage—any of the situations above can lead to service unavailability. Many organizations use online, cloud-based apps and services these days. You need to consider how third-party service failures may affect your data processing systems. When you decide which cloud provider to use, consider the options they provide for service availability and fault tolerance

Authentication, Authorization, and Accounting

• To guard against these threats to confidentiality and integrity, data and data processing systems are protected by access controls. An access control system normally consists of one or more of the following types of controls

Authentication, Authorization, and Accounting

• Authentication means one or more methods of proving that a user is who they say they are and associates that person with a unique computer or network user account

Authentication, Authorization, and Accounting

• Authorization means creating one or more barriers around the resource such that only authenticated users can gain access. Each resource has a permissions list specifying what users can do. Resources often have different access levels, for example, being able to read a file or being able to read and edit it

Authentication, Authorization, and Accounting

• Accounting means recording when and by whom a resource was accessed

Authentication, Authorization, and Accounting

• One of the key points to note from the above is "one or more." A security system that depends on one mechanism only is often not very effective. Providing multiple controls of different types offers much better security.

Social Engineering

• Attackers can use a diverse range of techniques to compromise a security system. A pre-requisite of many types of attack is to obtain information about the security system. Social engineering refers to means of getting users to reveal confidential information or obtaining unauthorized physical access to a resource

Social Engineering

• Often, malicious people can start to gain access to your network resources through the use of seemingly innocuous data. For example, accessing an address list, or contact directory can provide a starting point for attempting to sign in to your network

Social Engineering

• It is also important to note that gaining access to a network is often based on a series of small steps rather than a single large step. That is, knowing the SSID of a wireless access point enables a person to attempt to connect to a network. If the connection is ultimately successful, accessing a discarded email message might help a malicious person to determine the user ID of a standard user. At this stage, the malicious person is well on their way to gaining access to your network

Impersonation

• Impersonation (pretending to be someone else) is one of the basic social engineering techniques. The classic impersonation attack is for an attacker to phone into a department, claim they have to adjust something on the user's system remotely, and get the user to reveal their password

Impersonation

• Attackers will generally try one of the following methods:

  • Intimidate the target by pretending to be someone senior in rank.

  • Intimidate the target by using spurious technical arguments and jargon.

  • Coax the target by engaging them in friendly conversation.

Trust and Dumpster Diving

• Being convincing, or establishing trust, usually depends on the attacker obtaining privileged information about the organization. For example, an impersonation attack is much more effective if the attacker knows the user's name. As most companies are set up toward customer service rather than security, this information is typically easy to come by.

Trust and Dumpster Diving

• Information that might seem innocuous, such as department employee lists, job titles, phone numbers, diary, invoices, or purchase orders, can help an attacker penetrate an organization through impersonation..

Trust and Dumpster Diving

• Another way to obtain information that will help to make a social engineering attack credible is by obtaining documents that the company has thrown away. Dumpster diving refers to combing through an organization's (or individual's) refuse to try to find useful documents (or even files stored on discarded removable media)

Identity Fraud

• Identity fraud can either mean compromising someone's computer account or masquerading as that person. To perform the first type of attack, the attacker must discover and subvert the person's authentication credentials. Strong authentication makes this type of attack much more difficult to perform.

Identity Fraud

• Most specific identity frauds are aimed at getting someone to reveal their logon, or other secure information, through a phishing or other social engineering attack. Masquerading effectively means subverting the account creation process. It can be mitigated by performing rigorous identity checks when setting up a new account

Identity Fraud

• Identity theft is also facilitated by the careless transmission, storage, and disposal of Personally Identifiable Information (PII). PII includes things such as full name, birth date, address, Social Security number, and so on. PII may also be defined as responses to challenge questions, such as "What is your favorite color/pet/movie?" Some bits of information, such as a Social Security number, are unique to an individual and once lost cannot easily be changed. Others uniquely identify an individual in combination, such as full name with birth date and street address.

Shoulder Surfing

• Shoulder surfing refers to stealing a password or PIN, or other secure information, by watching the user type it. Despite the name, the attacker may not have to be in close proximity to the target. They could use high-power binoculars or CCTV to directly observe the target remotely.

Defeating Social Engineering Attacks

• Social engineering is best defeated by training users to recognize and respond to these kinds of situations. Users should understand what constitutes secure information and know in what circumstances, if any, it should be revealed to other people. Users should also have a good understanding of the technical support process, so that it cannot be compromised

Defeating Social Engineering Attacks

• Users should learn always to lock their workstations and mobile devices when leaving them unattended. This helps prevent so-called "lunchtime attacks," where an attacker gets access to an account via an open desktop. This could allow someone to masquerade as the user—sending email or starting IM conversations under their user name.

Defeating Social Engineering Attacks

• Windows can be locked by pressing WINDOWS+L or by selecting the option from Start. You can also set the display properties to use a password-protected screen saver to time out the desktop after so many minutes of inactivity. Users should also take care when entering a password or PIN in the presence of others.

Defeating Social Engineering Attacks

• In terms of physical security, employees need to be trained to be confident enough to challenge unrecognized people or those without an appropriate security badge. Care should be taken when moving between areas not to leave security doors open or unlocked.

Business Continuity

• Most organizations are reliant to a greater or lesser extent on the availability of their apps and data to continue trading. Many are also reliant on the continued availability of services, such as cloud storage or apps, that are used within their organization.

Business Continuity

• Without continuous access to these data and apps, whether held on-premises or in the cloud, organizations cannot function properly. There can be a significant cost implication for an organization during an outage. Consequently, it is important that you understand possible risks and common mitigations.

Fault tolerance and Contingency Planning

• To help protect against losing access to a computer system when a component fails, you must implement fault tolerance. Fault tolerant systems are those that contain additional components to help avoid single points of failure. Business continuity plans will start with analysis of business processes and assets to identify critical workflows and resources plus vulnerabilities in those systems..

Fault tolerance and Contingency Planning

• These vulnerabilities can be mitigated by creating contingency plans and resources that allow the system to be resilient to failures and unexpected outages. Most contingency plans depend on providing redundancy at both the component and system level. If a component or system is not available, redundancy means that the service can failover to the backup either seamlessly or with minimum interruption.

Data Redundancy

• Combining hard disks into an array of disks can help to avoid service unavailability due to one or more disks failing. The Redundant Array of Independent Disks (RAID) standard has evolved to offer a variety of fault tolerant solutions. Different RAID solutions are defined in numbered levels. Two of the most common levels use redundancy solutions called mirroring and striping

Data Redundancy

• RAID 1—known also as disk mirroring. RAID 1 uses two disks. Each write operation is performed on both disks so that one is a mirror of the other. Read operations can use either disk. If one of the disks fails, the array will continue to work

Data Redundancy

• RAID 5—known as striping with parity. At least three disks are combined into a single logical drive. Data is written in stripes across all disks in the set. A calculation is performed to determine what is known as parity information. The parity data is written to a different disk with each write operation. In the event of a single disk failure, the parity information in each stripe of data is used to determine the missing data. If a second disk fails however, then the whole array will fail.

Network Redundancy

• Without a network connection, a server is not of much use. As network cards are cheap, it is commonplace for a server to have multiple cards (adapter fault tolerance). Multiple adapters can be configured to work together (adapter teaming). This provides fault tolerance—if one adapter fails, the network connection will not be lost—and can also provide load balancing (connections can be spread between the cards)

Network Redundancy

• Network cabling should be designed to allow for multiple paths between the various servers, so that during a failure of one part of the network, the rest remains operational (redundant connections). Routers are great fault tolerant devices, because they can communicate system failures and IP packets can be routed via an alternate device

Power Redundancy

• Network appliances and servers require a stable power supply to operate. Electrical events such as voltage spikes or surges can crash computers and network appliances, while loss of power from brownouts or blackouts will cause equipment to fail. Power redundancy means deploying systems to ensure that equipment is protected against these events and that network operations can either continue uninterrupted or be recovered quickly.

Power Redundancy

• Dual power supplies—enterprise servers and networking equipment are often provisioned with two power supply units so that if one fails, it does not cause power loss.

• Redundant circuits—critical infrastructure might provision multiple power circuits so that if one fails, there will not be total power loss across all systems

Power Redundancy

• Uninterruptible Power Supply (UPS)—a UPS is a large battery that can continue to provide power to connected devices for a few or possibly tens of minutes in the event of building power loss

• Backup power generator—as UPS batteries cannot provide power indefinitely, they will not be able to maintain service during an extended period of building power loss. A local power generator provides redundancy for this sort of eventuality

Site Redundancy & Replication

• To guard against these risks, you must consider implementing service and data replication between multiple data centers. Replication is the process of synchronizing data between servers and potentially between sites. This replication might be real-time or bundled into batches for periodic synchronization.

Disaster Recovery

• Business continuity and contingency plans put systems and working methods in place to be resilient to failure. Disaster recovery has a different emphasis; it creates workflows and resources to use when a specific disaster scenario affects the organization. A disaster could be anything from a loss of power or failure of a minor component to man-made or natural disasters, such as fires, earthquakes, or acts of terrorism. For each high-risk scenario, the organization should develop a plan identifying tasks, resources, and responsibilities for responding to the disaster.

Prioritization

• In a large-scale disaster, numerous systems that the company depends upon could fail. After a disaster, resources are likely to be scarce and time pressures severe. Consequently, disaster recovery plans should identify priorities for restoring particular systems first. This process has to be conditioned by dependencies between different systems. The servers running the website front-end might not be able to operate effectively if the servers running the database are not available.

Restoring Access

• Once the integrity of the failover or restored system has been verified, you can re-enable user access and start processing transactions again. You might try to restrict user numbers initially, so that the system can be monitored and verified as working normally