Security Management Practices General overview of good security management processes. Introduces topics used in several other sections
Overview Basic Security Concepts Policies, Standards, Guidelines, & Procedures Roles played in security management Security Awareness Risk Management Data & Information Classification
Concepts C.I.A. - Confidentiality, Integrity, & Availability Identification, Authentication, Accountability, Authorization, Privacy Objective of Security Controls: reduce likelihood & impact of threats
Systems Security Lifecycle 1.Initiation 2.Development/Acquisition 3.Implementation 4.Operation/maintenance 5.Disposal
3 Primary Tenants of InfoSec Confidentiality Integrity Availability
Personnel Concepts Identification Authentication Accountability Authorization Privacy
System Concepts Assume external systems are insecure Examine the trade-offs (nothing is free) Use Layered Security (greater work factor) Minimize the system elements that are “trusted” Isolate public accessed systems Authenticate both users & processes Use Unique Identities to ensure accountability Implement least privilege
TOA: Trade-off Analysis Define the objective (in writing) Identify alternatives (courses of action) Compare alternatives Realize that there are no perfectly secure systems in opperation
Security Controls Objective: reduce vulnerabilities & minimize the effect of an attack Attack likelihood Attack cost Attack countermeasures Deterrent controls Corrective Controls Detective Controls
Simple Threat Matrix likelihood of an attack impact 0,0 A B C
Information Classification Why classify data & information Concepts Classification Terms Governmental Private Sector Criteria Roles used in the classification process
Roles… Owner Who gets the blame level of classification, review of protection, delegation to custodian, Custodian Actual day-to-day, backups, verify backups, restoration, policy maintenance User Operating procedures, user account management, detecting unauthorized/Illicit activity Termination
Implementation 1.Policy: 1.senior management (demonstration of commitment 2.general organizational 3.Policy: Functional 2.Implementation 1.Standards -- Baselines 2.Guidelines 3.Procedures
Risk management Risk can never be totally eliminated Primary purpose 1.Identification of risks 2.Cost / benefit analysis Benefits 1.Creates clear cost-to-value 2.Helps analysis process 3.Helps design and creation
Terms Asset Threat Vulnerability Safeguard Exposure Factor (EF) Single Loss Expectancy (SLE) Annualized Rate of Occurrence (ARO) Annualized Loss Expectancy (ALE)
Attacks Criminal Fraud-prolific on the Internet Destructive, Intellectual Property Identity Theft, Brand Theft Privacy: less and less available people do not own their own data Surveillance, Databases, Traffic Analysis Echelon, Carnivore Publicity & Denial of Service Legal
Brief Risk Analysis Overview Quantitative vs Qualitative Steps Potential losses Potential threats Asset valuation Safeguard selection Remedies
Risk Analysis “The identification and evaluation of the most likely permutation of assets, known and anticipated vulnerabilities, and known and anticipated types of attackers.”
Assets What are you trying to Protect Why is it being protected Risk for other systems on network Data Tampering vs. Stealing Liability
Attackers Categorize by Objective, Access, Resources, Expertise, and Risk Hackers: Galileo, Marie Curie Lone Criminals, Insiders, Espionage, Press, Organized Crime, Terrorists
Motives Business competitors Same motives as “real-life” criminals Financial motives Credit cards The Cuckcoo’s Egg Political motives Personal / psychological motives
Motives Honeypot “to learn tools tactics and motives of blackhat community” Honeypot Script Kiddies Canned Exploits of Perl or Shell scripts Still major threat Knowing motives helps predict attack Degrees of motivation Automated tools Hardened systems vs Easy Kills
Steps in an Attack 1.Identify Target & collect Information 2.Find vulnerability in target 3.Gain appropriate access to target 4.Perform the attack 5.Complete attack, remove evidence, ensure future access
After you get root 1.Remove traces of root compromise 2.Gather information about system 3.Make sure you can get back in 4.Disable or patch vulnerability
Vulnerability Landscape Physical World Laptops Virtual World Trust Model System Life cycled
Vulnerabilities Only potential until someone figures out how to exploit Need to identify and address Those applicable & which must mitigated now Are likely to apply & must be planned against Seem unlikely and/or are easy to mitagate
Attack Trees (Bruce Schneier) Visual Representation of attacks against any given target Attack goal is root Attack subgoals are leaf nodes For each leaf determine subgoals necessary to achieve And cost to achieve penetration using different types of attackers
Attack Tree Example Steal Customer Data Obtain Backup Media Burfglarize Office (Cost $10,000) Intercept Bribe Admin at ISP ($5,000) Hack remote users home system ($1,000) Hack SMTP Gateway ($2000) Hack into Server
Defenses Three general means of mitigating attack risk Reducing asset value to attacker Mitigating specific vulnerabilities Software patches Defensive Coding Neutralizing or preventing attacks Access control mechanisms Distinguish between trusted & untrusted users
Security Security is a process not a Product Weakest link in the process Examples of Threat Modeling in Secrets & Lies chapter 19
Security Awareness People are often the weakest link Benefits: Awareness of need to protect the system Skill & knowledge improvement More in-depth knowledge Be careful of over training Constant barrage == ignored Too much knowledge of how the system works
References Cohen, Fred “A Preliminary Classification Scheme for Information Security Threats, Attacks, and Defenses; A Cause and Effect Model; and Some Analysis Based on that Model.” Sandia National Laboratories, Sept 1998 ( effect.html) effect.html Bauer, Michael E. “Building Secure Servers with Linux.” O’Reilly, 2003