- The document discusses information systems security and identifies its key components of confidentiality, integrity and availability (CIA).
- It describes various tools used for information security like authentication, access control, encryption, passwords, backups, firewalls and security policies.
- Basic concepts around threats to information security are also covered like types of attackers, levels of vulnerabilities and ways data confidentiality, integrity and availability can be attacked.
2. Introduction
• Computers and digital devices
are becoming integral to
conducting business
– Which also makes them a target of attack
• Devices needs to be secured
• Networks that computers and
devices use should also be secured
3. 3. Basic Components of Security:
Confidentiality, Integrity, Availability (CIA)
• CIA
– Confidentiality: Who is authorized to use data?
– Integrity: Is data „good?”
– Availability: Can access data whenever need it?
C I
A
S
S = Secure
CIA or CIAAAN…
(other security components added to CIA)
Authentication
Authorization
Non-repudiation
…
4. The security triad
Availability
Confidentiality – restrict access to
authorized individuals
Integrity – data has not been
altered in an unauthorized
manner
Availability – information can be
accessed and modified by
authorized individuals in an
appropriate timeframe
5. • Confidentiality is the ability to prevent information and data from
being exposed to any unauthorized individual or party from inside
or outside the system. Maintaining data and information
confidentiality is done by applying encryption algorithms on stored
and transmitted data and by restricting access to the places where
data appear [15] . In CPS, Confidentiality is ensured by protecting
communication channels from eavesdropping to prevent the
system status from being deduced, which may occur due to
eavesdropping [16] .
• Integrity is the ability to keep data as it is and prevent any
unauthorized manipulation. In other words, the data must be kept
away from both outsiders and insiders who seek to modify it. Thus,
a destination will receive incorrect data and treat it as correct. In
CPS, Integrity is ensured by catching all possible attacks that seek to
ruin the CPS’s physical goals and change data that are collected and
sent by sensors [17] .
6. 3.Availability: Generally, this is the system’s ability to provide services and output
products in a time manner. Availability is the ability of all subsystems to work properly
and have their work done on time and when needed [18] . In other words, availability
ensures that all CPS subsystems are functioning correctly by preventing all types of
corruption, such as hardware and software failures, power failures and DoS attacks.
4) Authenticity: This is the ability to guarantee that all parties participating in any CPS
processes are supposed to do so. Authenticity must be realized in all subsystems and
processes to have an authentic and genuine CPS [15] .
5) Robustness is the degree to which CPS can continue to work properly, even in the
presence of limited disturbances. There are two types of failures: limited failures that
have limited consequences and occasional failures whose little effects disappear with
time [16] .
6) Trustworthiness is the degree to which people (e.g., Owners, users, and individuals)
can rely on the CPS to perform required tasks under specific domain constraints and
according to specific time conditions [19] . The software, hardware, and collected data
must all show level trustworthiness to consider a CPS feasible and trustworthy.
7.
8. Tools for Information Security
• Authentication
• Access Control
• Encryption
• Passwords
• Backup
• Firewalls
• Virtual Private Networks (VPN)
• Physical Security
• Security Policies
9. Authentication
• Persons accessing the information is who they say
they are
• Factors of identification:
– Something you know – user ID and password
• User ID identifies you while the password authenticates you
• Easy to compromise if weak password
– Something you have – key or card
• Can be lost or stolen
– Something you are – physical
characteristics (i.e., biometrics)
• Much harder to compromise
• A combination of at least 2 factors
is recommended
10. Access Control
• Once authenticated – only provide access to
information necessary to perform their job duties to
read, modify, add, and/or delete information by:
– Access control list (ACL) created for each resource
(information)
• List of users that can read, write, delete or add information
• Difficult to maintain all the lists
– Role-based access control (RBAC)
• Rather than individual lists
• Users are assigned to roles
• Roles define what they can access
• Simplifies administration
11. Encryption
• An algorithm (program) encodes or scrambles
information during transmission or storage
• Decoded/unscrambled by only authorized individuals to
read it
• How is this done?
– Both parties agree on the encryption method (there are
many) using keys
• Symmetric key – sender and receiver have the
key which can be risky
• Public Key – use a public and private key
where the public key is used to send an
encrypted message and a private key that the
receiver uses to decode the message
12. Passwords
• Single-factor authentication (user ID/password) is the
easiest to break
• Password policies ensure that this risk is minimized by
requiring:
– A certain length to make it harder to guess
– Contain certain characters – such as upper and lower case, one
number, and a special character
– Changing passwords regularly and do not a password to be
reused
– Employees do not share their password
– Notifying the security department if they
feel their password has been compromised.
– Yearly confirmation from employees that
they understand their responsibilities
13. Backup
• Important information should be backed up and
store in a separate location
– Very useful in the event that the primary computer
systems become unavailable
• A good backup plan requires:
– Understanding of the organizational information
resources
– Regular backups of all data
– Offsite storage of backups
– Test of the data restoration
• Complementary practices:
– UPS systems
– Backup processing sites
14. Firewalls
• Can be a piece of hardware and/or software
• Inspects and stops packets of information that don’t
apply to a strict set of rules
– Inbound and outbound
• Hardware firewalls are connected to the network
• Software firewalls run on the operating system and
intercepts packets as they arrive to a computer
• Can implement multiple firewalls to allow segments
of the network to be partially secured to conduct
business
• Intrusion Detection Systems (IDS)
watch for specific types of activities
to alert security personnel of potential
network attack
15. Virtual Private Networks (VPN)
• Some systems can be made private using an internal
network to limit access to them
– Can’t be accessed remotely and are more secure
– Requires specific connections such as being onsite
• VPN allows users to remotely access these systems over
a public network like the Internet
– Bypasses the firewall
– Encrypts the communication or the data exchanged
• CPP students have this ability for:
– Exchange services from your Outlook client
– Mapping a drive or mounting a file share
– Instructions to establish a VPN connection
can be found at
https://ehelp.wiki.cpp.edu/VPN_(Virtual_Private_Network):_
Requirements
16. Physical Security
• Protection of the actual equipment
– Hardware
– Networking components
• Organizations need to identify assets that need
to be physically secured:
– Locked doors
– Physical intrusion detection - e.g., using security
cameras
– Secured equipment
– Environmental monitoring –
temperature, humidity, and airflow
for computer equipment
– Employee training
17. Security Policies
• Starting point in developing an overall security plan
• Formal, brief, and high-level statement issued by senior
management
– Guidelines for employee use of the information resources
– Embraces general beliefs, goals, objectives, and acceptable
procedures
– Includes company recourse if employees violate the policy
• Security policies focus on confidentiality, integrity, and
availability
– Includes applicable government or industry regulations
• Bring Your Own Device (BYOD) policies for mobile devices
– Use when accessing/storing company information
– Intellectual property implications
• Difficult to balance the need for security and
users’ needs
18. Personal Information Security
• Simple steps that individuals can take to be more
secure:
– Keep your software up to date
– Install antivirus software
– Use public networks carefully
– Backup your data
– Secure your accounts with two-factor authentication
– Make your passwords long, unique, and strong
– Be suspicious of strange links and attachments
• For more information on personal
information security, visit the Stop,
Think, Connect website at
http://www.stopthinkconnect.org/
19. Summary
• Identified the information security triad
• Identified and understand the high-level
concepts surrounding information security
tools
• How to secure yourself digitally
20. Kinds of Threats
• Kinds of threats:
– Interception
• an unauthorized party (human or not) gains access to an
asset
– Interruption
• an asset becomes lost, unavailable, or unusable
– Modification
• an unauthorized party changes the state of an asset
– Fabrication
• an unauthorized party counterfeits an asset
[Pfleeger & Pfleeger]
• Examples?
21. Levels of Vulnerabilities / Threats
(reversed order to illustrate interdependencies)
• D) for other assets (resources)
• including. people using data, s/w, h/w
• C) for data
• „on top” of s/w, since used by s/w
• B) for software
• „on top” of h/w, since run on h/w
• A) for hardware
[Pfleeger & Pfleeger]
22. A) Hardware Level of Vulnerabilities / Threats
• Add / remove a h/w device
– Ex: Snooping, wiretapping
Snoop = to look around a place secretly in order to discover things about it or
the people connected with it. [Cambridge Dictionary of American English]
– Ex: Modification, alteration of a system
– ...
• Physical attacks on h/w => need physical security: locks and guards
– Accidental (dropped PC box) or voluntary (bombing a computer
room)
– Theft / destruction
• Damage the machine (spilled coffe, mice, real bugs)
• Steal the machine
• „Machinicide:” Axe / hammer the machine
• ...
23. Example of Snooping:
Wardriving / Warwalking, Warchalking,
• Wardriving/warwalking -- driving/walking around
with a wireless-enabled notebook looking for
unsecured wireless LANs
• Warchalking -- using chalk markings to show the
presence and vulnerabilities of wireless networks
nearby
– E.g., a circled "W” -- indicates a WLAN protected by
Wired Equivalent Privacy (WEP) encryption
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
24. B) Software Level of Vulnerabilities / Threats
• Software Deletion
– Easy to delete needed software by mistake
– To prevent this: use configuration management
software
• Software Modification
– Trojan Horses, , Viruses, Logic Bombs, Trapdoors,
Information Leaks (via covert channels), ...
• Software Theft
– Unauthorized copying
• via P2P, etc.
25. Types of Malicious Code
Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure.
Logic bomb - Malicious [program] logic that activates when specified conditions are met.
Usually intended to cause denial of service or otherwise damage system resources.
Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism
(usually software) installed by an intruder, who can activate the trap door to gain access to the
computer without being blocked by security services or mechanisms.
Trojan horse - A computer program that appears to have a useful function, but also has a
hidden and potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the program.
Virus - A hidden, self-replicating section of computer software, usually malicious logic, that
propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another
program. A virus cannot run by itself; it requires that its host program be run to make the virus
active.
Worm - A computer program that can run independently, can propagate a complete working
version of itself onto other hosts on a network, and may consume computer resources
destructively.
More types of malicious code exist… [cf. http://www.ietf.org/rfc/rfc2828.txt]
26. C) Data Level of Vulnerabilities / Threats
• How valuable is your data?
– Credit card info vs. your home phone number
– Source code
– Visible data vs. context
• „2345” -> Phone extension or a part of SSN?
• Adequate protection
– Cryptography
• Good if intractable for a long time
• Threat of Identity Theft
– Cf. Federal Trade Commission: http://www.consumer.gov/idtheft/
27. Identity Theft
• Cases in 2003:
– Credit card skimmers plus drivers license, Florida
– Faked social security and INS cards $150-$250
– Used 24 aliases – used false id to secure credit cards, open
mail boxes and bank accounts, cash fraudulently obtained
federal income tax refund checks, and launder the proceeds
– Bank employee indicted for stealing depositors' information to
apply over the Internet for loans
– $7M loss, Florida: Stole 12,000 cards from restaurants via
computer networks and social engineering
• Federal Trade Commission:
http://www.consumer.gov/idtheft/
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
28. Types of Attacks on Data CIA
• Disclosure
– Attack on data confidentiality
• Unauthorized modification / deception
– E.g., providing wrong data (attack on data integrity)
• Disruption
– DoS (attack on data availability)
• Usurpation
– Unauthorized use of services (attack on data confidentiality, integrity or
availability)
29. Ways of Attacking Data CIA
• Examples of Attacks on Data Confidentiality
– Tapping / snooping
• Examples of Attacks on Data Integrity
– Modification: salami attack -> little bits add up
• E.g/ „shave off” the fractions of cents after interest calculations
– Fabrication: replay data -> send the same thing again
• E.g., a computer criminal replays a salary deposit to his account
• Examples of Attacks on Data Availability
– Delay vs. „full” DoS
• Examples of Repudiation Attacks on Data:
– Data origin repudiation: „I never sent it”
Repudiation = refusal to acknowledge or pay a debt or honor a contract
(especially by public authorities). [http://www.onelook.com]
– Data receipt repudiation: „I never got it”
30. D) Vulnerab./Threats at Other Exposure
Points
• Network vulnerabilities / threats
– Networks multiply vulnerabilties and threats, due to:
• their complexity => easier to make design/implem./usage mistakes
• „bringing close” physically distant attackers
– Esp. wireless (sub)networks
• Access vulnerabilities / threats
– Stealing cycles, bandwidth
– Malicious physical access
– Denial of access to legitimate users
• People vulnerabilities / threats
– Crucial weak points in security
• too often, the weakest links in a security chain
– Honest insiders subjected to skillful social engineering
– Disgruntled employees
31. 5. Attackers
• Attackers need MOM
– Method
Skill, knowledge, tools, etc. with which to pull off an attack
– Opportunity
Time and access to accomplish an attack
– Motive
Reason to perform an attack
32. Types of Attackers
• Types of Attackers - Classification 1
– Amateurs
• Opportunistic attackers (use a password they found)
• Script kiddies
– Hackers - nonmalicious
• In broad use beyond security community: also malicious
– Crackers – malicious
– Career criminals
– State-supported spies and information warriors
• Types of Attackers - Classification 2 (cf. before)
– Recreational hackers / Institutional hackers
– Organized criminals / Industrial spies / Terrorists
– National intelligence gatherers / Info warriors
33. Example: Hacking As Social Protest
• Hactivism
• Electro-Hippies
• DDOS attacks on government agencies
• SPAM attacks as “retaliation”
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
34. • What is threat detection?
• As the term relates to computer security, a threat
refers to anything that has the potential to cause harm
to a computer system or network.
• Importantly, threats are not the same as attacks.
• Threats represent the potential for attacks to occur;
attacks are the act of breaking in or harming a
computer or network.
• A more advanced form of threat, the Advanced
Persistent Threat (APT), emerged several years ago.
• As the name suggests, the threat is sophisticated and
remains in your network for a prolonged period of time,
giving attackers a longer window to act.
• Threat detection is the process by which you find
threats on your network, your systems or your
applications.
35. • The idea is to detect threats before they are
exploited as attacks.
• Malware on an endpoint, for example, may or may
not have been exploited in an attack.
• For that reason, security teams have been shifting
their focus from so-called indicators of
compromise (IoC), like a malware infection, to
techniques, tactics, and procedures (TTPs).
• The goal is to catch the bad actor in the process of
introducing a threat by watching for telltale
techniques versus finding evidence that a threat
was already introduced by finding an IoC.
36. What are attackers after?
• Cybercriminals are usually after one of five things. Not surprisingly,
the end goal is usually monetary.
• User credentials—cybercriminals are often not after you, but rather
after your credentials. They want your username and password to
get into systems that you have access to. It’s much easier to open a
door with a key then pick a lock or break a window. Some attackers
will use a technique called privilege escalation to grant themselves
additional privileges by exploiting the underlying operating system.
They then use these escalated privileges to get to what they are
really after.
• Personally identifiable information (PII)—some criminals want
personal information they can use to impersonate you, such as a
social security number or driver’s license number. These and other
details can be used to apply for credit cards, open bank accounts in
your name, and the like.
• Intellectual property or sensitive corporate information—industrial
espionage is alive and well.
37. • Nation states are looking to steal trade secrets to boost their own
economies. Competitors are looking to gain an advantage or fill a
gap in their offerings by taking advantage of what their rivals know.
Employees are at risk for stealing important secrets for personal
gain, or perhaps out of spite for being passed over for a promotion.
Companies need to protect their product designs, customer
databases, business processes, marketing plans and more.
• Ransom—criminals have been extorting companies and individuals
for years online. Their two most potent weapons are ransomware
where endpoint or server files are encrypted and a ransom
demanded to unlock them and DDoS attacks where traffic floods
web servers or networks with bogus traffic until the ransom is paid.
• Revenge—some disgruntled users or so-called hacktivists look to
bring down or slow down systems to protest company policy. In
some cases, attackers may deface web pages to embarrass
companies or government organizations.
38. What are examples of threats?
• Here are some common examples of threats:
• Malware—malicious software that infects your
computer, such as computer viruses, worms, Trojan
horses, spyware, and adware.
• Phishing—fake emails disguised as legitimate
communications that seek to steal sensitive
information from an unwitting recipient.
• Ransomware—a malware that encrypts files on an
endpoint or server and then displays a message
demanding ransom in exchange for decrypting files.
• Trojan horse—a computer executable, sometimes
known as a back door, that can be remotely activated
to perform a variety of attacks.
39. How to identify threats?
• Successful threat detection is highly reliant on the
maturity of the local cybersecurity capabilities.
• It’s relatively simple to know the landscape, keep up
with intelligence and sector-related resources, and
have an internal program for identifying vulnerabilities.
• However, the larger an environment grows – the higher
the demand for solutions that can assist in advanced
threat detection, at least in part automatically,
becomes necessary.
• Furthermore, sophisticated actors that are targeting
your organization might not be so easy to identify. For
example, you can never be entirely sure if a state actor
has taken an interest in your research. Which has been
a cause of many high-profile breaches.
40. • Security refers to protection against
the unauthorized access of data. We
security controls in place to limit who
access the information.
• Privacy is harder to define, in part
because user-specific details can also
secure data. In the coming month, we
have a blog with more information on
Personally Identifiable Information
41. • For example, hospital and clinic staff use secure
systems to communicate with patients about
their health, instead of sending information via
personal email accounts.This type of data
transmission is an example of security. On the
other hand, privacy provisions, might limit
patient health record access to specific hospital
staff members, such as doctors, nurses, and
medical assistants. Privacy might also
stipulate when users can access specific
information (i.e. business hours only).
42. • privacy:In CPS, a huge data collection process
is constantly taking place, and this is what most
people are not aware of .Therefore, a person
has the right to access his own data, along with
being given the right to know what type of data
is being collected about them by data
collectors, and to whom these data is being
given or sold to. However, this also requires
preventing the illegal/unauthorised access to
the user’s personal data and their information
disclosure
43. • Threat modelling for Cyber-Physical Systems
(CPS)
• CPS is a combination of computation, physical
processes, and networking built on the traditional
embedded systems technology. Though it has
been around for some time, users and experts
alike have not truly realized its actual potential.
However, companies and institutions are
understanding the wealth of opportunities CPS
promises in recent years and are investing heavily
to catalyze its development.
• CPS is not immune to cyber or physical threats.
There are three main reasons for this: system
diversity, reliance on sensitive information, and
large-scale deployment. Exposure of these
systems to threats can have far-reaching
ramifications, but efficient threat modelling can
prevent this. Here are three ways threat modelling
can protect CPS:
44. 1. STRIDE
• STRIDE stands for a combination of six
security threats: Spoofing, Tampering,
Repudiation, Information Disclosure,
Denial of Service, and Elevation of
Privilege. Microsoft first developed it to
identify computer security
threats. Lightweight and effective, their
mechanism analyses missing security
properties that could help determine
emerging threat types. It also identifies
how a vulnerability in a system component
can weaken the security structure.
45. 3.LINDDUN
• LINDDUN stands for Linkability, Identifiability,
Nonrepudiation, Detectability, Disclosure of
Information, Unawareness, and Noncompliance. It is a
privacy threat modelling technique that systematically
mitigates privacy threats in software architectures. It
supports the customer in navigating the threat
modelling process in a structured way. LINDDUN gives
knowledge support to even non-experts for
understanding privacy threats.
• Using the LINDDUN framework, organizations can
model their systems with data flow diagrams,
determine the scenario and identify threats, and finally
map the threats back to a data flow diagram. Using
this analysis, companies get the support to prioritize
threats and create case-appropriate threat mitigation
and management strategies.
48. • What Are the Key Features of Cyber-Physical Systems?
• The Cyber-Physical systems are not only the interface between
physical systems and computational systems, but they are also
have all structural characteristics that emerge from combining
two different kinds of systems, as shown in Figure 2. Some key
features of CPS are [2] :
All physical objects have a cyber capability that is IT-
dominated.
Every action is predicted in CPSs.
Advanced sensing is applied to CPSs.
All software and systems that are used are trusted and highly
confident.
CPSs always have one or more feedback loops from their
output to their input.
CPSs are self-documenting, self-monitoring and self-optimizing.
CPSs should be securely connected via global networks.