The document outlines essential cybersecurity concepts, identifying threats from hackers, insiders, and natural disasters, while emphasizing the importance of awareness and education. It details key areas of concern such as risk acceptance, security policies, and various cyber threats like denial of service and tampering. Additionally, it discusses solutions for authentication, confidentiality, integrity, availability, and non-repudiation, along with a framework for reducing risks through policies and technology.

1. Reunión del proyecto
2015 - Dartmouth Research & Consulting
T. J. Saotome
5
Basic Cybersecurity Concepts
You Must Know

2. Who/What Poses Threat?
2
•Hackers – casual or pro
•Intruders – organized crime, states
•Insiders – employees can steal
•Contractors – hired guns can steal
•Nature – hurricanes, fire, disasters
•Human Error – input error, deletion

3. What’s the Problem?
3
•General Lack of Awareness
– Vague understanding of users threats & risks
associated with computers and the Internet
•General Lack of Quality Help
– Many view security as cumbersome
– Many think it is complicated& expensive
•Complacency
– Software is in place
– Does not involve me

4. Key Areas of Concerns
4
• Do you accept the risk level?
– Ignore it
– Take insurance against it
– Do something about it
• What are your concerns?
Policies/proce
dures &
education
Authentication
Availability
Confidentiality
Integrity
Non-
repudiation

5. Security Model
Types of Threat
• Masquerade
• Interception
• Tampering
• Denial of Service
• No Evidence
• Complacency
Types of Solutions
• Authentication
• Confidentiality
• Integrity
• Availability
• Non-Repudiation
• Training & education

6. Is it Possible to Eliminate All Risks?
• You know the
answer – No,
impossible
• But you can get
close by employing
“Defense in Depth”
6
ProtectionLayers
Authentication
Access Control
Confidentiality
Availability

7. Concept #1 - Authentication
7
Permission to Access
Resources
Password
Biometrics
Electronic Token
2 Factor
Authentication
Passwords are easily
“cracked”
By guessing
Social Engineering
Deception
Widely available
cracking tools

8. Concept #2 - Confidentiality
Symmetric
Encryption
Same key for
encryption/decryption
RC4, DES, 3DES, AES,
IDEA, Blowfish, Twofish
Asymmetric
Encryption
Different keys for
encryption/description
PGP, GnuPG, PKI
(using X.509)
Cryptography promotes confidentiality

9. Concept #3 – Information Integrity
Hash
Algorithm
MD5 (RFC 1321), SHA (RFC
3174)
Digital
Signature
Combination of PKI & Hash
technology
Digital Signature - Encrypted
Hash of Private Key
Digital Signature Standard – US DSS
uses SHA-1 for Hash & DSA (Digital
Signature Algorithm) for encryption
Tampering can be detected by integrity
mechanisms

10. Concept #4 - Availability
Denial of Service
Attacks
Via Internet (e.g. Ping
of Death)
Via errant applications
on LAN
Via Trojan Horse
Guard Against DOS &
Sabotage
Physical Security
Dual and Multi Paths
Redundant storage
Good backup is
essential
Cryptography promotes confidentiality

11. Concept #5 - Non-Repudiation
Destroying Evidence
Log all access to covered
entities
Separate sys admin rights
to log access rights
Set event alarms for log
tampering
Hacker or employee may cover tracks by
destroying evidence

12. System & Network Intrusion
• Trojan Horse
• Masquerading insider
• Dormant malware
• NetBIOS on TCP/IP
especially vulnerable
Many Faces of Attack
Data breach
Authentication
info
Denial of
Service

13. Security Administration
13
• Operating System Security
– Earlier versions of Windows OS lacked security
mechanism
– “OS Hardening” needed for critical systems
• User account password/permission
• Internet Security
– Encrypting communication (e.g. IPSec)
– SSL and TLS for Web
• Scan for vulnerabilities

14. Mitigating Risk – a balancing act
Security Policies
Procedures
Backup and Disaster
Recovery Plan
Off-site and Contingency
Plan
User Education
Firewalls
Anti-Virus
Biometrics
Cryptography
PKI
Intrusion Detection
Logs
TechnologyTools
Non-TechTools
• Security Policies
• Procedures
• Backup & Disaster
Recovery Plan
• Off-site &
Contingency Plan
• User Education
• Firewalls
• Anti-Virus
• Biometrics
• Cryptography
• PKI
• Intrusion Detection
• Logs

15. Reducing the Risks – How?
Policies &
Procedures
• Define Security Policies
• Define Security Process
Security
Technology
• Employ Security Technologies for enforcement
• Automate Event Monitoring/Compliance
• Employ Intelligent Event Correlation
Residual
Risks
• Recognize that there will be residual risks
• Take insurance against it, or transfer the risks
15

16. Security Policies – Key Elements
Network access/
permission
Information
Retention
Passwords
Account Access
Virus UpdatesLog Updates
Security Fixes
Backup Restore
& Verify
Network
security audit

17. How you can start
Objective
Assessment
off the
current state
& desired
future state
Combination
of policies &
technology
appropriate
for the risks
Continuous
User
Education
Monitoring &
Due
Diligence
Periodic
Audit & Fire
Drill

18. Resources
18
•These slides are available at
– www.Dartmouth-research.com
•Security Templates
www.sans.org – Security Tools and Training
www.cert.org – CERT Coordination Center
www.itl.nist.gov – NIST IT Security Checklist