15. 15
Information risks
Unauthorized access & disclosure of confidential information
Unauthorized addition, deletion, or modification of information
Operational risks
System not functional (Denial of Service - DoS)
System wrongly operated
Personal risks
Identity thefts
Financial losses
Disclosure of information that may affect employment or other personal
aspects (e.g. health information)
Physical/psychological harms
Organizational risks
Financial losses
Damage to reputation & trust
ผลกระทบ/ควำมเสียหำย
21. 21
Privacy: “The ability of an individual or group to seclude
themselves or information about themselves and thereby
reveal themselves selectively.” (Wikipedia)
Security: “The degree of protection to safeguard ... person
against danger, damage, loss, and crime.” (Wikipedia)
Information Security: “Protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction” (Wikipedia)
Security & Privacy
25. 25
หลักจริยธรรมที่เกี่ยวกับ Privacy
• Autonomy (หลักเอกสิทธิ์/ควำมเป็นอิสระของผู้ป่วย)
• Beneficence (หลักกำรรักษำประโยชน์สูงสุดของผู้ป่วย)
• Non-maleficence (หลักกำรไม่ทำอันตรำยต่อผู้ป่วย)
“First, Do No Harm.”
26. 26
Hippocratic Oath
...
What I may see or hear in the course of
treatment or even outside of the treatment
in regard to the life of men, which on no
account one must spread abroad, I will keep
myself holding such things shameful to be
spoken about.
...
http://en.wikipedia.org/wiki/Hippocratic_Oath
38. 38
Attack
An attempt to breach system security
Threat
A scenario that can harm a system
Vulnerability
The “hole” that is used in the attack
Common Security Terms
39. 39
Identify some possible means an attacker could
use to conduct a security attack
Class Exercise
41. 41
Alice
Simplified Attack Scenarios
Server Bob
- Physical access to client computer
- Electronic access (password)
- Tricking user into doing something
(malware, phishing & social
engineering)
Eve/Mallory
42. 42
Alice
Simplified Attack Scenarios
Server Bob
- Intercepting (eavesdropping or
“sniffing”) data in transit
- Modifying data (“Man-in-the-middle”
attacks)
- “Replay” attacks
Eve/Mallory
43. 43
Alice
Simplified Attack Scenarios
Server Bob
- Unauthorized access to servers through
- Physical means
- User accounts & privileges
- Attacks through software vulnerabilities
- Attacks using protocol weaknesses
- DoS / DDoS attacks Eve/Mallory
45. 45
Alice
Safeguarding Against Attacks
Server Bob
Administrative Security
- Security & privacy policy
- Governance of security risk management & response
- Uniform enforcement of policy & monitoring
- Disaster recovery planning (DRP) & Business continuity
planning/management (BCP/BCM)
- Legal obligations, requirements & disclaimers
46. 46
Alice
Safeguarding Against Attacks
Server Bob
Physical Security
- Protecting physical access of clients & servers
- Locks & chains, locked rooms, security cameras
- Mobile device security
- Secure storage & secure disposition of storage devices
47. 47
Alice
Safeguarding Against Attacks
Server Bob
User Security
- User account management
- Strong p/w policy (length, complexity, expiry, no meaning)
- Principle of Least Privilege
- “Clear desk, clear screen policy”
- Audit trails
- Education, awareness building & policy enforcement
- Alerts & education about phishing & social engineering
48. 48
Alice
Safeguarding Against Attacks
Server Bob
System Security
- Antivirus, antispyware, personal firewall, intrusion
detection/prevention system (IDS/IPS), log files, monitoring
- Updates, patches, fixes of operating system vulnerabilities &
application vulnerabilities
- Redundancy (avoid “Single Point of Failure”)
- Honeypots
49. 49
Alice
Safeguarding Against Attacks
Server Bob
Software Security
- Software (clients & servers) that is secure by design
- Software testing against failures, bugs, invalid inputs,
performance issues & attacks
- Updates to patch vulnerabilities
50. 50
Alice
Safeguarding Against Attacks
Server Bob
Network Security
- Access control (physical & electronic) to network devices
- Use of secure network protocols if possible
- Data encryption during transit if possible
- Bandwidth monitoring & control
51. 51
Alice
Safeguarding Against Attacks
Server Bob
Database Security
- Access control to databases & storage devices
- Encryption of data stored in databases if necessary
- Secure destruction of data after use
- Access control to queries/reports
- Security features of database management systems (DBMS)
52. 52
Line เสี่ยงต่อกำรละเมิด Privacy ผู้ป่วยได้อย่ำงไร?
• ข้อมูลใน Line group มีคนเห็นหลายคน
• ข้อมูลถูก capture หรือ forward ไป share ต่อได้
• ข้อมูล cache ที่เก็บใน mobile device อาจถูกอ่านได้
(เช่น ทาอุปกรณ์หาย หรือเผลอวางเอาไว้)
• ข้อมูลที่ส่งผ่าน network ไม่ได้เข้ารหัส
• ข้อมูลที่เก็บใน server ของ Line ทางบริษัทเข้าถึงได้ และ
อาจถูก hack ได้
• มีคนเดา Password ได้
53. 53
ทำงออกสำหรับกำร Consult Case ผู้ป่วย
• ใช้ช่องทางอื่นที่ไม่มีการเก็บ record ข้อมูล ถ้าเหมาะสม
• หลีกเลี่ยงการระบุหรือ include ชื่อ, HN, เลขที่เตียง หรือ
ข้อมูลที่ระบุตัวตนผู้ป่วยได้ (รวมทั้งในภาพ image)
• ใช้ app ที่ปลอดภัยกว่า
• Limit คนที่เข้าถึง
(เช่น ไม่คุยผ่าน Line group)
• ใช้อย่างปลอดภัย (Password, ดูแลอุปกรณ์ไว้กับตัว,
เช็ค malware ฯลฯ)
55. 55
User Account Security
So, two informaticians
walk into a bar...
The bouncer says,
"What's the password."
One says, "Password?"
The bouncer lets them
in.
Credits: @RossMartin & AMIA (2012)
56. 56
What’s the Password?
Unknown Internet sources, via
http://pikabu.ru/story/interesno_kakoy_zhe_u_nikh_parol_4274737,
via Facebook page “สอนแฮกเว็บแบบแมวๆ”
57. 57
Access control
Selective restriction of access to the system
Role-based access control
Access control based on the person’s role (rather than
identity)
Audit trails
Logs/records that provide evidence of sequence of
activities
User Security
58. 58
Identification
Identifying who you are
Usually done by user IDs or some other unique codes
Authentication
Confirming that you truly are who you identify
Usually done by keys, PIN, passwords or biometrics
Authorization
Specifying/verifying how much you have access
Determined based on system owner’s policy & system
configurations
“Principle of Least Privilege”
User Security
59. 59
Nonrepudiation
Proving integrity, origin, & performer of an activity without
the person’s ability to refute his actions
Most common form: signatures
Electronic signatures offer varying degrees of
nonrepudiation
PIN/password vs. biometrics
Digital certificates (in public key infrastructure - PKI) often
used to ascertain nonrepudiation
User Security
87. 87
Don’t be too trusting of people
Always be suspicious & alert
An e-mail with your friend’s name & info doesn’t have to come from
him/her
Look for signs of phishing attacks
Don’t open attachments unless you expect them
Scan for viruses before opening attachments
Don’t click links in e-mail. Directly type in browser using known &
trusted URLs
Especially cautioned if ask for passwords, bank accounts, credit card
numbers, social security numbers, etc.
Ways to Protect against Phishing
101. 101
Most common reason for security bugs is invalid
programming assumptions that attackers will look for
Weak input checking
Buffer overflow
Integer overflow
Race condition (Time of Check / Time of Use
vulnerabilities)
Running programs in new environments
Software Security
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
102. 102
Feeping creaturism (Creeping featurism)
Log files that contain sensitive information
Configuration bugs
Unnecessary privileges
Monoculture
Security bypass
Software Security
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
103. 103
Consider a log-in form on a web page
Example of Weak Input Checking: SQL Injection
Source code would look
something like this:
statement = "SELECT * FROM users
WHERE name = '" + userName + "';"
Attacker would enter as username:
' or '1'='1
Which leads to this always-true query:
statement = "SELECT * FROM users
WHERE name = '" + "' or '1'='1" + "';"
statement = "SELECT * FROM users WHERE name = '' or '1'='1';"
http://en.wikipedia.org/wiki/SQL_injection
104. 104
Economy of Mechanism
Design should be small & simple
Fail-safe default
Complete mediation
Check every access to every object
Open design
Separation of privilege / Least Privilege
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
105. 105
Least common mechanism
Minimize complexity of shared components
Psychological acceptability
If users don’t buy in to security mechanism or don’t
understand how to use it, system is insecure
Work factor
Cost of attack should exceed resources attacker will
spend
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
106. 106
Compromise recording
If too expensive to prevent a compromise, record it
Tamper evident vs. tamperproof
Log files
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
Image source: http://www.flickr.com/photos/goobelyga/2340650133/
107. 107
Defense in Depth
Multiple layers of security defense are placed throughout
a system to provide redundancy in the event a security
control fails
Secure the weakest link
Promote privacy
Trust no one
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
http://en.wikipedia.org/wiki/Defense_in_depth_(computing)
108. 108
Modular design
Check error conditions on return values
Validate inputs (whitelist vs. blacklist)
Avoid infinite loops, memory leaks
Check for integer overflows
Language/library choices
Development processes
Secure Software Best Practices
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
111. 111
Virus
Propagating malware that requires user action to
propagate
Infects executable files, data files with executable
contents (e.g. Macro), boot sectors
Worm
Self-propagating malware
Trojan
A legitimate program with additional, hidden functionality
Malware
112. 112
Spyware
Trojan that spies for & steals personal information
Logic Bomb/Time Bomb
Malware that triggers under certain conditions
Backdoor/Trapdoor
A hole left behind by malware for future access
Malware
113. 113
Rogue Antispyware
Software that tricks or forces users to pay before fixing (real or
hoax) spyware detected
Rootkit
A stealth program designed to hide existence of certain processes
or programs from detection
Botnet
A collection of Internet-connected computers that have been
compromised (bots) which controller of the botnet can use to do
something (e.g. do DDoS attacks)
Malware
114. 114
Installed & updated antivirus, antispyware, & personal firewall
Check for known signatures
Check for improper file changes (integrity failures)
Check for generic patterns of malware (for unknown malware):
“Heuristics scan”
Firewall: Block certain network traffic in and out
Sandboxing
Network monitoring & containment
User education
Software patches, more secure protocols
Defense Against Malware
115. 115
Social media spams/scams/clickjacking
Social media privacy issues
User privacy settings
Location services
Mobile device malware & other privacy risks
Stuxnet (advanced malware targeting certain countries)
Advanced persistent threats (APT) by governments &
corporations against specific targets
Crypto-Ransomware
Newer Threats
116. 116
US-CERT
U.S. Computer Emergency Readiness Team
http://www.us-cert.gov/
Subscribe to alerts & news
Microsoft Security Resources
http://technet.microsoft.com/en-us/security
http://technet.microsoft.com/en-us/security/bulletin
Common Vulnerabilities & Exposures
http://cve.mitre.org/
More Information