Information Security

confidentiality

preventing unauthorized viewing of data

intergrity

prevent unauthorized modification of data

Availability

timely, reliable access to data and information services for authorized users

information system 1

1 IT System

information system security 1

1 IT System Security

information system 2

2 other infrastructure

information system 3

3 orgaznizations

information system 4

4 person

information system security 2

2operational and accountability procedures,

information system security 3

3 management constraints,

information system security 4

4 physical structure and device security,

information system security 5

5 personnel and communication controls.

MAC

globally constrains the ability of a subjectto perform an operation on an object

DAC

restricts access to objects based on the identityof subjects or groups to which they belong

ABAC

access is granted based on attributes of the user

RBAC

Roles correspond to various organization functions

Security is inconvenient

the more robust security - the more inconvenient the processes become

IT is complex

Contrast between easy and friendly UIs and complexity of configuration (espiecially security configuration)

Users are unsophisticated

do not give awareness of security threats

IT createdwithout a thought to security

Effort on functionality (processingpower, storage) not on security

Trend is to share, not protect

Sharing for collaboration in enterprise applications

Data Accessible from Anywhere

Anywhere, anytime, any device

Security isn't about hardware and software

No product or a combination of products will create a secure organizations

The bad guys are sophistcated

not: lone individual teenagers

Management bias regarding security

The cost of creating a strong security posture - seen as a neccessary evil

Security proffessionals bias

Revenue generation and cost savings cannot be omitted by security proffessionals when implementing new security products

Evaluate the Risk and Threats

identify assets and allocate security resources based on the value of each assets

Beware of Common Misconceptions

"our goal is 100% security"

Provide Security Training for IT Staff

Provide Security Training for IT Staff - Now and forever

Think "Outside of the box"

Threat not always comes from "bad guys" outside

Train Employees

Develop a Culture of Security

Identify and Utilize Build-In Security

"we can't build a secure organization because we have limited resources"

Monitor Systems

Establish a process for linking all access to system components (also access done with admin privileges such as root) to each individual user

Hire Third-Party to Audit Security

Additional level of security

Use Defense in Depth Approach

Attacker usually does not breaks the protection mechanism, but bypasses it

Avoid Complexity

Complex systems are hard to manage

Wireless sniffers

usually target unsecure networks, such as free WiFi in public places

Packet sniffers

As data streams flow across the network, itcaptures each packet and decodes the raw data, showing the values of fields in the packet, and analyzes its content.

Port scanners

old, forgotten "back doors"ports accidentaly left unguarded after network modifications

Port knocking

o prevent an attacker from scanning a system for potentially exploitable services by doing a port scansecret "knock" allows to access the network quickly„security through obscurity

Keystroke logger

spyware utilities planted on vulnerable systems that record a user keystrokes

Remote administration tools

programs embedded on IT systems that allow the cracker to take control of that system

Network scanners

explore networks

Password crackers

wo phasessniff networks for data streams associated with passwordsthen employ a brute-force method of peeling away any encryption layers protecting passwords

Bots

malicious software that silently implants in large number of unprotected computers, hijacks them and makes them act according to cracker’s plan

Botnet

vast and usually untraceable network of bots (compromised computers). Instructions come from a central site and are rapidly shared among botted PCs in the network.

Virus

self-replicating code that attaches itself to another program

Worm

self-replicating code that propagates over a network, usually without human interaction

Backdoor

program that bypasses standard security controls to provide the control to the attacker

Trojan horse

a program that masquerades as a legitimate and is used to steal/modify data, monitor user action, spread botnet

User-level root-kit

trojan/backdoor code that modifies OS

Kernel-level root-kit

trojan/backdoor code that modifies the kernel of OS

Blended malware

combines functionalities mentioned above

Access control and encryption

already presented in the lecture 1

Firewalls

protect internal network from external threats

Proxy firewalls

recognize certain application in the network

Application firewalls

designed to limit or deny an application's level ofaccess to a OS

Intrusion Prevention System

can automatically drop suspisious packets while still allow legimitate ones to pass

Antivirus and Antispyware

detect the presence of malwareidentify its natureremove the malwareprotect the host from future infection