ASSESSING THE NEED FOR SECURITY

1
ASSESSING THE NEED FOR SECURITY

• Chapter 1

2
ASSESSING THE NEED FOR SECURITY

• Security design concepts
• Assets
• Threats
• Vulnerabilities
• Countermeasures
• Historical compromises

3
SECURITY DESIGN INFLUENCES

• Legal requirements
• Business risk tolerance
• Finance
• Current events
• Technology

4
THE THREE PILLARS OF INFORMATION SECURITY

• Confidentiality
• Integrity
• Availability

5
DEFENSE-IN-DEPTH

• Use multiple layers of defense. For example
• Security guards and security cameras
• Network firewalls and host-based firewalls
• Log on as a non-administrator and use antivirus
  software
• Protects against any single vulnerability
• Gives you time to test critical updates

6
THE SCOPE OF SECURITY

• Security architecture
• Physical security
• Cryptography
• Access control
• Network security

7
THE SCOPE OF SECURITY (CONT.)

• Applications and systems development
• Operations security
• Security management practices
• Law, investigations, and ethics
• Business continuity planning

8
ATTACK COMPONENTS

• Asset
• Threat agent
• Threat
• Vulnerability
• Compromise
• Countermeasure

9
ASSET

• Items that you have purchased
• Software
• Hardware
• Facilities
• People
• Information
• Anything else deserving protection

10
THREAT AGENT

• The attacker
• Malicious attackers
• Nonmalicious attackers
• Mechanical failures
• Catastrophic events

11
THREAT AGENT MALICIOUS ATTACKERS

• The classic hacker attacking from outside
• Disgruntled employees attacking from inside
• Likely to have specific goals and objectives
• To anticipate their attacks, study their
  motivations

12
THREAT AGENT NONMALICIOUS ATTACKERS

• People make mistakes that can cause damage such
  as invalid data or failed services
• Examples programming bugs, data-entry errors
• Mitigate with
• Thorough testing procedures
• Backups
• Business continuity plans

13
THREAT AGENT MECHANICAL FAILURES

• Power outages, hardware failures, network outages
• Mitigate with
• Business continuity plans
• Network redundancy
• Server clustering
• Service level guarantees

14
THREAT AGENT CATASTROPHIC EVENTS

• Extreme weather tornadoes, hurricanes,
  earthquakes, tsunami
• Fire
• Acts of war
• Catastrophic events are rare, but the damage is
  tremendous. Therefore, the total risk is often
  high.

15
THREAT

• Threat agent is the attacker, threat is the
  attack
• Use STRIDE to remember the six main types of
  threat
• Spoofing identity
• Tampering with data
• Repudiation
• Information disclosure
• Denial-of-service
• Elevation of Privilege

16
VULNERABILITY

• Also known as a weakness
• Has the potential to be a compromise when
  combined with a threat
• Common vulnerability types
• Physical
• Natural
• Hardware and software
• Media
• Communications
• Human

17
COMPROMISE

• A successful attack, often called an exploit
• Occurs when a threat agent creates a threat for
  an unprotected vulnerability
• If the threat does not penetrate your defenses,
  you were merely attacked. Attacks are not a
  problem compromises are a problem.

18
COUNTERMEASURE

• Also known as a safeguard
• Reduce the likelihood of a vulnerability
• Does not eliminate a vulnerability
• Three main types
• Preventative
• Detective
• Reactive

19
PREVENTATIVE COUNTERMEASURES

• Prevent threats from exploiting a vulnerability
• Examples
• Firewalls
• Software updates
• Antivirus software
• Employee security training

20
DETECTIVE COUNTERMEASURES

• Used to detect an attack or a compromise
• Can enable you to respond after an attack begins,
  but before a compromise occurs
• Can also be used to detect a successful attack
• Examples
• Intrusion-detection system
• Security logs

21
REACTIVE COUNTERMEASURES

• Used after a compromise
• Examples
• On-site or off-site backups
• Disaster recovery plans
• Law enforcement

22
ATTACK COMPONENTS
23
HISTORICAL COMPROMISES

• The fundamentals of security design remain
  constant throughout history
• A Windows network will be subject to the same
  types of attack that were used before computers
  even existed
• Those who cannot learn from history are doomed
  to repeat it

24
1938 POLES BREAK NAZI ENCRYPTION

• Nazis use encryption to communicate privately
  over public radio communications
• Poles spend many years studying the
  communications
• Poles break the encryption because of Nazi
  mistakes
• Lesson Humans make mistakes

25
1972 CAPN CRUNCH CRACKS PHONE SYSTEM

• Blind children discover that a whistle in a Capn
  Crunch cereal box makes a 2600-hertz (Hz) tone
  also used by telephone equipment
• Blow the whistle and get free long-distance calls
• Telephone companys services are stolen, but
  catch John Draper (a threat agent) by monitoring
  usage logs
• Lesson Do not rely on security by obscurity and
  use detective countermeasures

26
1988 MITNICK STEALS CODE FROM DEC

• Kevin Mitnick uses social engineering to gain
  access to user credentials
• Abuses credentials to access internal network
• FBI monitors, arrests, and convicts Mitnick of
  multiple computer crimes
• Lesson Sophisticated attackers use
  unconventional attacks

27
2000 ATTACKER STEALS MICROSOFT SOURCE CODE

• Microsoft employee runs Trojan horse received in
  e-mail
• Trojan horse opens a back door that contacts
  threat agents
• Threat agents use access to collect passwords and
  steal source code
• Damage limited because credentials gave threat
  agents access to limited portions of the source
  code
• Microsofts tarnished security reputation caused
  immeasurable damage
• Lesson Valuable data deserves expensive
  countermeasures

28
SUMMARY

• Technology is the least important of the
  influences to security design
• Important assets deserve multiple layers of
  protection
• Understand the components of an attack
• Learn from the mistakes of other security
  designers