15. 15
▪ Information risks
▪ Unauthorized access & disclosure of confidential information
▪ Unauthorized addition, deletion, or modification of information
▪ Operational risks
▪ System not functional (Denial of Service - DoS)
▪ System wrongly operated
▪ Personal risks
▪ Identity thefts
▪ Financial losses
▪ Disclosure of information that may affect employment or other personal
aspects (e.g. health information)
▪ Physical/psychological harms
▪ Organizational risks
▪ Financial losses
▪ Damage to reputation & trust
ผลกระทบ/ควำมเสียหำย
21. 21
▪ Privacy: “The ability of an individual or group to seclude
themselves or information about themselves and thereby
reveal themselves selectively.” (Wikipedia)
▪ Security: “The degree of protection to safeguard ... person
against danger, damage, loss, and crime.” (Wikipedia)
▪ Information Security: “Protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction” (Wikipedia)
Security & Privacy
25. 25
หลักจริยธรรมที่เกี่ยวกับ Privacy
• Autonomy (หลักเอกสิทธิ์/ควำมเป็นอิสระของผู้ป่วย)
• Beneficence (หลักกำรรักษำประโยชน์สูงสุดของผู้ป่วย)
• Non-maleficence (หลักกำรไม่ทำอันตรำยต่อผู้ป่วย)
“First, Do No Harm.”
26. 26
Hippocratic Oath
...
What I may see or hear in the course of
treatment or even outside of the treatment
in regard to the life of men, which on no
account one must spread abroad, I will keep
myself holding such things shameful to be
spoken about.
...
http://en.wikipedia.org/wiki/Hippocratic_Oath
38. 38
▪ Attack
▪An attempt to breach system security
▪ Threat
▪A scenario that can harm a system
▪ Vulnerability
▪The “hole” that is used in the attack
Common Security Terms
39. 39
▪ Identify some possible means an attacker could
use to conduct a security attack
Class Exercise
41. 41
Alice
Simplified Attack Scenarios
Server Bob
- Physical access to client computer
- Electronic access (password)
- Tricking user into doing something
(malware, phishing & social
engineering)
Eve/Mallory
42. 42
Alice
Simplified Attack Scenarios
Server Bob
- Intercepting (eavesdropping or
“sniffing”) data in transit
- Modifying data (“Man-in-the-middle”
attacks)
- “Replay” attacks
Eve/Mallory
43. 43
Alice
Simplified Attack Scenarios
Server Bob
- Unauthorized access to servers through
- Physical means
- User accounts & privileges
- Attacks through software vulnerabilities
- Attacks using protocol weaknesses
- DoS / DDoS attacks Eve/Mallory
45. 45
Alice
Safeguarding Against Attacks
Server Bob
Administrative Security
- Security & privacy policy
- Governance of security risk management & response
- Uniform enforcement of policy & monitoring
- Disaster recovery planning (DRP) & Business continuity
planning/management (BCP/BCM)
- Legal obligations, requirements & disclaimers
46. 46
Alice
Safeguarding Against Attacks
Server Bob
Physical Security
- Protecting physical access of clients & servers
- Locks & chains, locked rooms, security cameras
- Mobile device security
- Secure storage & secure disposition of storage devices
47. 47
Alice
Safeguarding Against Attacks
Server Bob
User Security
- User account management
- Strong p/w policy (length, complexity, expiry, no meaning)
- Principle of Least Privilege
- “Clear desk, clear screen policy”
- Audit trails
- Education, awareness building & policy enforcement
- Alerts & education about phishing & social engineering
48. 48
Alice
Safeguarding Against Attacks
Server Bob
System Security
- Antivirus, antispyware, personal firewall, intrusion
detection/prevention system (IDS/IPS), log files, monitoring
- Updates, patches, fixes of operating system vulnerabilities &
application vulnerabilities
- Redundancy (avoid “Single Point of Failure”)
- Honeypots
49. 49
Alice
Safeguarding Against Attacks
Server Bob
Software Security
- Software (clients & servers) that is secure by design
- Software testing against failures, bugs, invalid inputs,
performance issues & attacks
- Updates to patch vulnerabilities
50. 50
Alice
Safeguarding Against Attacks
Server Bob
Network Security
- Access control (physical & electronic) to network devices
- Use of secure network protocols if possible
- Data encryption during transit if possible
- Bandwidth monitoring & control
51. 51
Alice
Safeguarding Against Attacks
Server Bob
Database Security
- Access control to databases & storage devices
- Encryption of data stored in databases if necessary
- Secure destruction of data after use
- Access control to queries/reports
- Security features of database management systems (DBMS)
52. 52
Line เสี่ยงต่อกำรละเมิด Privacy ผู้ป่วยได้อย่ำงไร?
• ข้อมูลใน Line group มีคนเห็นหลายคน
• ข้อมูลถูก capture หรือ forward ไป share ต่อได้
• ข้อมูล cache ที่เก็บใน mobile device อาจถูกอ่านได้
(เช่น ทาอุปกรณ์หาย หรือเผลอวางเอาไว้)
• ข้อมูลที่ส่งผ่าน network ไม่ได้เข้ารหัส
• ข้อมูลที่เก็บใน server ของ Line ทางบริษัทเข้าถึงได้ และ
อาจถูก hack ได้
• มีคนเดา Password ได้
53. 53
ทำงออกสำหรับกำร Consult Case ผู้ป่วย
• ใช้ช่องทางอื่นที่ไม่มีการเก็บ record ข้อมูล ถ้าเหมาะสม
• หลีกเลี่ยงการระบุหรือ include ชื่อ, HN, เลขที่เตียง หรือ
ข้อมูลที่ระบุตัวตนผู้ป่วยได้ (รวมทั้งในภาพ image)
• ใช้ app ที่ปลอดภัยกว่า
• Limit คนที่เข้าถึง
(เช่น ไม่คุยผ่าน Line group)
• ใช้อย่างปลอดภัย (Password, ดูแลอุปกรณ์ไว้กับตัว,
เช็ค malware ฯลฯ)
55. 55
User Account Security
So, two informaticians
walk into a bar...
The bouncer says,
"What's the password."
One says, "Password?"
The bouncer lets them
in.
Credits: @RossMartin & AMIA (2012)
56. 56
What’s the Password?
Unknown Internet sources, via
http://pikabu.ru/story/interesno_kakoy_zhe_u_nikh_parol_4274737,
via Facebook page “สอนแฮกเว็บแบบแมวๆ”
57. 57
▪ Access control
▪ Selective restriction of access to the system
▪ Role-based access control
▪ Access control based on the person’s role (rather than
identity)
▪ Audit trails
▪ Logs/records that provide evidence of sequence of
activities
User Security
58. 58
▪ Identification
▪ Identifying who you are
▪ Usually done by user IDs or some other unique codes
▪ Authentication
▪ Confirming that you truly are who you identify
▪ Usually done by keys, PIN, passwords or biometrics
▪ Authorization
▪ Specifying/verifying how much you have access
▪ Determined based on system owner’s policy & system
configurations
▪ “Principle of Least Privilege”
User Security
59. 59
▪ Nonrepudiation
▪ Proving integrity, origin, & performer of an activity without
the person’s ability to refute his actions
▪ Most common form: signatures
▪ Electronic signatures offer varying degrees of
nonrepudiation
▪PIN/password vs. biometrics
▪ Digital certificates (in public key infrastructure - PKI) often
used to ascertain nonrepudiation
User Security
87. 87
▪ Don’t be too trusting of people
▪ Always be suspicious & alert
▪ An e-mail with your friend’s name & info doesn’t have to come from
him/her
▪ Look for signs of phishing attacks
▪ Don’t open attachments unless you expect them
▪ Scan for viruses before opening attachments
▪ Don’t click links in e-mail. Directly type in browser using known &
trusted URLs
▪ Especially cautioned if ask for passwords, bank accounts, credit card
numbers, social security numbers, etc.
Ways to Protect against Phishing
101. 101
▪ Most common reason for security bugs is invalid
programming assumptions that attackers will look for
▪ Weak input checking
▪ Buffer overflow
▪ Integer overflow
▪ Race condition (Time of Check / Time of Use
vulnerabilities)
▪ Running programs in new environments
Software Security
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
102. 102
▪ Feeping creaturism (Creeping featurism)
▪ Log files that contain sensitive information
▪ Configuration bugs
▪ Unnecessary privileges
▪ Monoculture
▪ Security bypass
Software Security
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
103. 103
▪ Consider a log-in form on a web page
Example of Weak Input Checking: SQL Injection
▪ Source code would look
something like this:
statement = "SELECT * FROM users
WHERE name = '" + userName + "';"
▪ Attacker would enter as username:
' or '1'='1
▪ Which leads to this always-true query:
▪ statement = "SELECT * FROM users
WHERE name = '" + "' or '1'='1" + "';"
statement = "SELECT * FROM users WHERE name = '' or '1'='1';"
http://en.wikipedia.org/wiki/SQL_injection
104. 104
▪ Economy of Mechanism
▪ Design should be small & simple
▪ Fail-safe default
▪ Complete mediation
▪ Check every access to every object
▪ Open design
▪ Separation of privilege / Least Privilege
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
105. 105
▪ Least common mechanism
▪ Minimize complexity of shared components
▪ Psychological acceptability
▪ If users don’t buy in to security mechanism or don’t
understand how to use it, system is insecure
▪ Work factor
▪ Cost of attack should exceed resources attacker will
spend
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
106. 106
▪ Compromise recording
▪ If too expensive to prevent a compromise, record it
▪ Tamper evident vs. tamperproof
▪ Log files
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
Image source: http://www.flickr.com/photos/goobelyga/2340650133/
107. 107
▪ Defense in Depth
▪ Multiple layers of security defense are placed throughout
a system to provide redundancy in the event a security
control fails
▪ Secure the weakest link
▪ Promote privacy
▪ Trust no one
Secure Software Design Principles
Saltzer & Schroeder (1975), Viega & McGraw (2000)
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
http://en.wikipedia.org/wiki/Defense_in_depth_(computing)
108. 108
▪ Modular design
▪ Check error conditions on return values
▪ Validate inputs (whitelist vs. blacklist)
▪ Avoid infinite loops, memory leaks
▪ Check for integer overflows
▪ Language/library choices
▪ Development processes
Secure Software Best Practices
Adapted from Nicholas Hopper’s teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271
111. 111
▪ Virus
▪ Propagating malware that requires user action to
propagate
▪ Infects executable files, data files with executable
contents (e.g. Macro), boot sectors
▪ Worm
▪ Self-propagating malware
▪ Trojan
▪ A legitimate program with additional, hidden functionality
Malware
112. 112
▪ Spyware
▪ Trojan that spies for & steals personal information
▪ Logic Bomb/Time Bomb
▪ Malware that triggers under certain conditions
▪ Backdoor/Trapdoor
▪ A hole left behind by malware for future access
Malware
113. 113
▪ Rogue Antispyware
▪ Software that tricks or forces users to pay before fixing (real or
hoax) spyware detected
▪ Rootkit
▪ A stealth program designed to hide existence of certain processes
or programs from detection
▪ Botnet
▪ A collection of Internet-connected computers that have been
compromised (bots) which controller of the botnet can use to do
something (e.g. do DDoS attacks)
Malware
114. 114
▪ Installed & updated antivirus, antispyware, & personal firewall
▪ Check for known signatures
▪ Check for improper file changes (integrity failures)
▪ Check for generic patterns of malware (for unknown malware):
“Heuristics scan”
▪ Firewall: Block certain network traffic in and out
▪ Sandboxing
▪ Network monitoring & containment
▪ User education
▪ Software patches, more secure protocols
Defense Against Malware
115. 115
▪ Social media spams/scams/clickjacking
▪ Social media privacy issues
▪ User privacy settings
▪ Location services
▪ Mobile device malware & other privacy risks
▪ Stuxnet (advanced malware targeting certain countries)
▪ Advanced persistent threats (APT) by governments &
corporations against specific targets
▪ Crypto-Ransomware
Newer Threats
116. 116
▪ US-CERT
▪ U.S. Computer Emergency Readiness Team
▪ http://www.us-cert.gov/
▪ Subscribe to alerts & news
▪ Microsoft Security Resources
▪ http://technet.microsoft.com/en-us/security
▪ http://technet.microsoft.com/en-us/security/bulletin
▪ Common Vulnerabilities & Exposures
▪ http://cve.mitre.org/
More Information