Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Security Concepts

Published byKenneth Herbert Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "General Security Concepts"— Presentation transcript:

1 General Security Concepts
Chapter 2

2 Objectives Define basic terms associated with computer and information security. Identify the basic approaches to computer and information security. Distinguish among various methods to implement access controls. Describe methods used to verify the identity and authenticity of an individual. Recognize some of the basic models used to implement security in operating systems.

3 Key Terms *-property Confidentiality Access control Data aggregation
Auditability Diversity of defense Authentication Hacking Availability Host security Bell-LaPadula security model Implicit deny Biba security model Integrity Clark-Wilson security model layered security *-property – This principle states that a subject can write to an object only if its security classification is less that or equal to the objects security classification. Access control - This refers to all security features used to prevent unauthorized access to a computer system or network. Auditability: -The condition that a control can be verified as functioning. Authentication - This ensures that an individual is who they claim to be before allowing them to access information they are authorized to access. Availability - This ensures that the data, or the system itself, is available for use when the authorized user wants it. Bell-La Padula security model - A security model first utilized by the U.S. military (data confidentiality is a chief concern for the military and is essential to its operations). Biba model - Kenneth Biba studied the integrity issue and developed the Biba security model in the late 1970s. In the Biba security model, integrity levels are used instead of security classifications. The integrity levels principle contends that data with a higher integrity level is more accurate or reliable than data with a lower integrity level. Integrity levels indicate the level of trust that can be placed in the information at the different levels. Integrity levels also differ from security classifications because they limit the modification of information as opposed to the flow of information. An essential piece to implementing an integrity-based security model is the Low Water-Mark  policy. Clark-Wilson model - Created in the 1980s, the Clark-Wilson security model takes an entirely different approach than the Bell-La Padula security model and the Biba security model. This is because the Clark-Wilson security model uses transactions as the basis of its rules. It defines only two levels of integrity: constrained data items (CDI) and unconstrained data items (UDI). CDI data is subject to integrity controls while UDI data is not. The model then defines two types of processes: integrity verification processes (IVPs) and transformation processes (TPs). Confidentiality - This ensures that only those individuals who have the authority to view a piece of information may do so. Data aggregation – A methodology of collecting information through the aggregation of separate pieces and analyzing the effect on their collection. Diversity of defense - A concept that involves making different layers of security dissimilar from each other in order to deter attacks; it complements the layered security principle. Hacker/ Hacking - An individual who understands the technical aspects of computer systems and networks. Host security - A granular view of security, which focuses on protecting each computer and device individually, instead of addressing protection of the network as a whole. Implicit deny - If a particular situation is not covered by any of the rules, access cannot be granted. Integrity - This ensures that only authorized individuals should ever be able to create or change (delete) information. Layered security - Different access controls and the utilization of various tools and devices are implanted within a security system on multiple levels.

4 Key Terms (continued) Least privilege Low-Water-Mark policy
Ring policy Network security Security through Obscurity Nonrepudiation Separation of Duties Operational model of computer security Simple Security Rule Social engineering Phreaking Least privilege - This states that a subject (user, application, or process) should have only the necessary rights and privileges to perform its task with no additional permissions. Low-water-mark policy – An integrity-based information security model derived from the Bell-La Padula model. Network security - This concentrates security on the network as a whole and places an emphasis on controlling access to internal computers from external entities. Nonrepudiation - This ensures that the ability to verify that a message has been sent or received, and that the sender can be verified or identified is available. Operational Method of Computer Security  – Structuring activities into prevention, detection, and response. Protection = Prevention + (Detection + Response) Phreaking - This is a method for gaining unauthorized access to computer systems and networks used by the telephone company to operate the telephone network. Ring policy – The aspect of the Biba model that is associated with allowing any subject to read any object without regard to the object’s level of integrity and without lowering the subject’s integrity level. Security through obscurity - This concept states that the security is effective if the environment and protection mechanisms are confusing or supposedly not generally known. Separation of duties - This concept ensures that for any given task, more than one individual needs to be involved. This security concept is successful because no single individual can abuse the system for his or her own gain. Simple Security Rule – The principle that states complexity makes security more difficult and hence values simplicity. Social engineering - One of the most successful methods that attackers have used to gain access to computer systems and networks.  According to the style guide for the book, these policies and terms are almost all lowercase and I’ve changed them to match.

5 Basic Terms Hacking Phreaking
Previously used as a term for a person who had a deep understanding of computers and networks. He or she would see how things worked in their separate parts (or hack them). Media has now redefined the term as a person who attempts to gain unauthorized access to computer systems or networks. Phreaking Hacking of the systems and computers used by phone companies

6 The CIA of Security CIA Additional Concepts Confidentiality Integrity
Availability Additional Concepts Authentication Nonrepudiation Auditability Note that all of the following are key terms. Also note that CIA is a common concept in security referred to often. Ensure that these terms are well understood. 1. Confidentiality: ensures that only those individuals who have the authority to view a piece of information may do so. 2. Integrity: ensures that only authorized individuals should ever be able to create or change (delete) information. 3. Availability: ensures that the data, or the system itself, is available for use when the authorized user wants it. 4. Authentication: ensures that an individual is who they claim to be before accessing information they are authorized to access. 5. Nonrepudiation: ensures that the ability to verify that a message has been sent or received and that the sender can be verified or identified is available. 6. Auditability: the condition that a control can be verified as functioning. *Note: These last three terms are not necessarily included within the CIA of Security, but are essential to achieving the main goals of security (confidentiality, integrity and availability) nonetheless.

7 The Operational Method of Computer Security
Protection = Prevention Previous model Protection = Prevention + (Detection + Response) Includes operational aspects Protection = Prevention A. Previously, the focus of security was prevention. It was reasoned that if unauthorized access to computer systems and networks was prevented, security had been achieved. As security attacks have evolved and unauthorized users have found multiple ways to bypass these safeguards has led to a modification of the basic security model: Protection = Prevention. Protection = Prevention + (Detection + Response) B. The updated model is known as The Operational Model of Computer Security and is as follows: Protection = Prevention + (Detection + Response). The modification means that two new elements of security come into play with any security system: detection and response. Detection gives security professionals the ability to be alerted of a threat and response allows for ways to solve the problem before it becomes unmanageable. Every security technique and technology falls into at least one of the elements of this model.

8 Sample Technologies in the Operational Model of Computer Security
Here are some of the different technologies that can be used in the different areas of the operational model of computer security. We will discuss each of these tools in more detail in later chapters.

9 Security Principles Security approaches Least privilege
Separation of duties Implicit deny Job rotation Layered security Defense in depth Security through obscurity Keep it simple This is an agenda slide for the next eight slides – to introduce the coming topics. These are important principles that guide our decision-making process in designing, planning, and implementing secure information systems. Note that four of the items address specific Comptia Objectives Comptia Security+ Objectives Exam SY0-301 Security approaches - Least privilege – 2.1, 5.2 Separation of duties – 2.1, 5.2 Implicit deny – 1.2, 5.2 Job rotation – 2.1,5.2 Layered security Defense in depth Security through obscurity Keep it simple

10 Security Approaches Ignore Security Issues Host Security
Security is simply what exists on the system “out of the box.” Host Security Each computer is “locked down” individually. Maintaining an equal and high level of security amongst all computers is difficult and usually ends in failure. Network Security Controlling access to internal computers from external entities There are three ways an organization can choose to address the protection of its networks: ignore security issues, provide host security and approach security at a network level. A. Ignore Security Issues: An organization that chooses to ignore security issues is the only security method that does not utilize the previously mentioned Operational Method of Computer Security components: prevention, detection and response. This is because an organization that chooses to ignore security issues has chosen to utilize the minimal amount of security that is provided with its workstations, servers and devices. This is obviously a poor choice, but is still chosen by some organizations either by ignorance or frugality. B. Host Security: Host security, however, takes a granular view of security by focusing on each computer and device individually instead of addressing network protection as a whole. In other words, each computer is expected to protect itself. Host security is important, but security should not stop at this level. C. Network Security: Network security concentrates security on the network as a whole. Host security is fine in smaller environments, but as systems become connected into networks and the area vulnerable to attack becomes more complex, network security becomes critical. Network environments tend to be unique entities, which means network security is diverse and varied as no network has the same amount of computers or applications installed and so on. *Note: Although host security and network security separately focus on two different areas of security, combine the two types together and an organization is more likely to be effectively secure.

11 Least Privilege Least privilege means a subject (user, application, or process) should have only the necessary rights and privileges to perform its task with no additional permissions. By limiting an object's privilege, we limit the amount of harm that can be caused. For example, a person should not be logged in as an administrator—they should be logged in with a regular user account, and change their context to do administrative duties. Security+ objective 5.2 Organize into groups and roles 1. One of the most fundamental approaches to security is least privilege. 2. There are two prominent drawbacks to this security concept, however. A. First, if the concept isn't utilized correctly by allowing everyone the same rights and permissions just because it is easier, then the entire purpose of using least privilege is cancelled out. B. Second, programs should execute only in the security context that is needed for that program to perform its duties successfully. If all the programs run under a main administrator account, then any attack through that domain would have an elevated access level and could cause much more damage. If a person is logged in as an administrator, then any program that is run, including malware, will run as an administrator (this is what we mean by context). Many of the things that malware tries to do to a system would not work as a normal user and would stop some of the viruses from being successful.

12 Separation of Duties For any given task, more than one individual needs to be involved. Applicable to physical environments as well as network and host security. No single individual can abuse the system. Potential drawback is the cost. Time – Tasks take longer Money – Must pay two people instead of one Security+ objective 2.1 Separation of Duties

13 Implicit Deny If a particular situation is not covered by any of the rules, then access can not be granted. Any individual without proper authorization cannot be granted access. The alternative to implicit deny is to allow access unless a specific rule forbids it. Security+ objective 1.2 Implicit Deny One of the less friendly, but fundamental, approaches to security are known as implicit deny. Implicit deny is an essential default setting for any security system. An example can be found in the programs used to monitor and block access to certain web sites. The first approach would provide a list websites the users cannot access. The opposite approach would block all access to sites not identified as authorized. Either approach of this concept is effective, whichever one is chosen for an organization is chosen based on the security objectives or policies of the organization.

14 Job Rotation The rotation of individuals through different tasks and duties in the organization's IT department. The individuals gain a better perspective of all the elements of how the various parts of the IT department can help or hinder the organization. Prevents a single point of failure, where only one employee knows mission critical job tasks. Security+ objective 2.1d Job Rotation More basic but essential approaches to security would be job rotation and layered security. A drawback to job rotation occurs when an organization relies on this concept too heavily. Since the IT world is very technical, some of the skills and aspects of expertise required for the various areas of IT require years of study and development to master. By rotating the individuals through the jobs too much, they lose the ability to take the time necessary to gain better expertise in different areas of IT.

15 Layered Security Layered security implements different access controls and utilizing various tools and devices within a security system on multiple levels. Compromising the system would take longer and cost more than its worth. Potential downside is the amount of work it takes to create and then maintain the system. More basic, but essential approaches to security would be job rotation and layered security. Layered security is a security approach that focuses on a security system as a piece of architecture. Example of layered security could be found in the layout of a bank. A bank does not protect the money that it stores only by using a vault. It has one or more security guards as a first defense to watch for suspicious activities and to secure the facility when the bank is closed. It may have monitoring systems that watch various activities that take place in the bank, whether involving customers or employees. The vault is usually located in the center of the facility, and thus there are layers of rooms or walls before arriving at the vault. There is access control, which ensures that the people entering the vault have to be given the authorization beforehand. And the systems, including manual switches, are connected directly to the police station in case a determined bank robber successfully penetrates any one of these layers of protection.

16 Diversity of Defense This concept complements the layered security approach. Diversity of defense involves making different layers of security dissimilar. Even if attackers know how to get through a system that compromises one layer; they may not know how to get through the next layer that employs a different system of security. An example of Diversity of Defense: A. If an environment has two firewalls that form a demilitarized zone (DMZ). For example, one firewall may be placed at the perimeter of the Internet and the DMZ. This firewall analyzes the traffic that is entering through that specific access point and enforces certain types of restrictions. The other firewall may then be placed between the DMZ and the internal network. When applying the diversity of defense concept, you should set up these two firewalls to filter for different types of traffic and provide different types of restrictions. The first firewall, for example, may make sure that no FTP, SNMP, or Telnet traffic enters the network but allow SMTP, SSH, HTTP, and SSL traffic through. The second firewall may not allow SSL or SSH through and may interrogate SMTP and HTTP traffic to make sure that certain types of attacks are not part of that traffic. Another example of diversity of defense: B. An organization may use products from different vendors. Every product has its own security vulnerabilities that are usually known to experienced attackers in the community. A check point firewall has different security issues and settings than the open source sentry firewall; thus different exploits can be used against them to crash them or compromise them in some fashion. Combining this type of diversity with the preceding example, you might utilize the check point firewall as the first line of defense. If attackers are able to penetrate it, they are less likely to get through the next firewall if it is one from another vendor, such as a Cisco PIX firewall or a sentry firewall. A drawback is this adds complexity to the network and makes it more difficult to maintain.

17 Security Through Obscurity
Security through obscurity states that the security is effective if the environment and protection mechanisms are confusing or supposedly not generally known. The concept’s only objective is to hide an object (not to implement a security control to protect the object). It’s not effective. In this day and age, when any subject can be researched or discussed on the internet and technology is more widely understood, this concept is not effective. Since security through obscurity only seeks to hide an object, and not implement a security control to protect the object, any successful attack to the system or leak of information could compromise the system.

18 Keep It Simple The simple security rule is the practice of keeping security processes and tools is simple and elegant. Security processes and tools should be simple to use, simple to administer, and easy to troubleshoot. A system should only run the services that it needs to provide and no more. The terms security and complexity are often at odds with each other, because the more complex something is, the harder it is to understand, and it’s nearly impossible to secure something that cannot be understood. Another reason complexity can destroy security is that it allows too many opportunities for something to go wrong. The default controls on most computer systems is to leave many services and programs running at one time. The keep it simple principle ensures that the processes that are running unnecessarily be eliminated. This is a good ideal to apply to security as well, since it results in fewer applications that can be exploited and fewer services that the administrator is responsible for securing. Alternately, the extreme of this approach is to assume that no service is necessary and activate services and ports only as they are requested. Whichever approach is taken towards the keep it simple principle, balance between providing functionality and maintaining security is essential.

19 Security Topics Access control Authentication Social engineering
This is a mini-agenda slide for topics that will be covered throughout the book Each of these has its own slide.

20 Access Control Access control is a term used to define a variety of protection schemes. This is a term sometimes used to refer to all security features used to prevent unauthorized access to a computer system or network. It’s often confused with authentication. Security+ objective 5.2 ACL An important aspect to security is access control. An important term to know regarding access controls is an access control list (ACL). An ACL is a mechanism that is used to define whether a user has certain access privileges for a system. There are multiple different types of access control mechanisms, such as: discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and rule-based access control (RBAC).

21 Authentication Authentication deals with verifying the identity of a subject while access control deals with the ability of a subject (individual or process running on a computer system) to interact with an object (file or hardware device). Three types of authentication Something you know (password) Something you have (token or card) Something you are ( biometric) Authentication is the use of a mechanism to prove that an individual is who they claim to be. There are three general methods used in authentication by providing either something you know, something you have, or something about you (something that you are). A. The most common authentication mechanism is to provide something that only a specific individual would know, such as a common user ID or password. Since passwords and usernames are not supposed to be shared with the public by providing the system with that information at the authentication level of security, an individual is ensuring the system that they have access. B. Certificates are another form of establishing authenticity such as an individual's public key or downloaded software. A digital certificate is generally an attachment to a message and is used to verify that the message came from the entity it claims to be sent from. A digital certificate can also contain a key that can be used to further encrypt information.

22 Access Control vs. Authentication
Authentication – This proves that you (subject) are who you say you are. Access control – This deals with the ability of a subject to interact with an object. Once an individual has been authenticated, access controls then regulate what the individual can actually do on the system. Digital certificates – This is an attachment to a message, and is used for authentication. It can also be used for encryption. Access control is a term sometimes used to refer to all security features used to prevent unauthorized access to a computer system or network (which means it is often confused with authentication). Authentication, however, deals with verifying the identity of a subject while access control deals with the ability of a subject (individual or process running on a computer system) to interact with an object (file or hardware device). In other words, once an individual has verified their identity through authentication, access controls then regulate what the individual can actually do on the system. An individual may be granted entry, but they may not be able to access all the data the system contains. It's important to know the difference between authentication and access controls, as the two concepts can be easily interchanged. Also mentioned in this chapter are the terms Access Control List (ACL), Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Rule-based Access Control (RBAC). These terms will be discussed in detail in chapter 11 but you may wish to sensitize them to the different types of access control. Access control , MAC, DAC and authentication are part of the Comptia Access Control Domain 3.0.

23 Authentication and Access Control Policies
Group policy By organizing users into groups, a policy can be made that will apply to all users in that group. Password policy Passwords are the most common authentication mechanism. Should specify: character set, length, complexity, frequency of change and how it is assigned. Security+ objective 5.3c Group Policies Security+ objective 2.4e, 5.3b Password Policy Security+ objective 5.3b Password Complexity Group policy allows administrators to organize the users on a system into groups. A. This helps to save time and effort when granting different users with different areas of access in the system. B. Since the administrator will not have to create an individual profile for each new user, instead determining which group the new user belongs to, the determination of access for an entire network can be implemented effectively and efficiently. C. As long as the policy is not compromised by allowing all the individuals on the network to have the same access, it can be effective in protecting the system. Password policy concerns the most common protection mechanism in authentication, which is why it is most essential for an organization to be sure to establish their policy on passwords when addressing security policies. A. The list of authorized users forms the basis of the ACL the computer system or network that the passwords will help control. B. The password policy should address the procedures used for selecting user passwords, the frequency at which they must be changed, and how they will be distributed. Passwords will be discussed in detail in Chapters 11 and 22; however you may want to take some time to talk to the students about what makes a strong or weak password and methods for choosing complex passwords that will be easy to remember. One such method is to take a favorite song, rhyme, phrase, or speech and take the first letter of each word. Mix in capitals, numbers and special characters as well.

24 Social Engineering Social engineering is the process of convincing an individual to provide confidential information or access to an unauthorized individual. Social engineering is one of the most successful methods that attackers have used to gain access to computer systems and networks. The technique relies on an aspect to security that can be easily overlooked: people. Most people have an inherent desire to be helpful or avoid confrontation. Social engineers exploit this fact. Social engineers will gather seemingly useless bits of information, that when put together, divulge other sensitive information. This is “data aggregation.” Security+ objective 2.4 Education and Training Social engineering is the process of convincing an individual to provide confidential information or access to an unauthorized individual. It is a security attack that takes advantage of what continually turns out to be the weakest point of security perimeter: the people. The process of social engineering first employs a pleasant approach, then a more aggressive approach. Kevin Mitnick, a convicted cybercriminal turned security consultant, once stated “Don’t rely on network safeguards and firewalls to protect your information. Look to your most vulnerable spot. You’ll usually find that vulnerability lies in your people.” In 2000 after being released from jail, Mitnick testified before Congress and spoke on several other occasions about social engineering and how effective it is. He stated that he “rarely had to resort to a technical attack” because of how easily information and access could be obtained through social engineering. The ultimate goal of social engineering is to gradually obtain the pieces of information necessary to make it to the next step. This process is repeated multiple times until the ultimate goal is reached. The most effective protection against social engineering is the training and education of users, administration and security personnel. All employees should be instructed in the techniques that attackers might use and trained to recognize when a social engineering attack is being attempted. There are more indirect forms of social engineering as well, such as phishing or dumpster diving.

25 Security Policies & Procedures
Policy – High-level statements created by management that lay out the organization's positions on particular issues Security policy – High-level statement that outlines both what security means to the organization and the organization's goals for security Procedure – General step-by-step instructions that dictate exactly how employees are expected to act in a given situation or to accomplish a specific task Every organization should have several common security policies and procedures in place in addition to the policies concerning authentication and access controls. The main security policy can then be broken down into additional policies that cover specific topics. Examples of these additional policies would include policies regarding change management, classification of information policies, acceptable use policies, due care and due diligence, due process, need to know, disposal and destruction of data, service level agreements and human resource issues. All policies are reviewed by the organization's legal counsel and then a plan is outlined that describes how the organization will ensure that the employees will be made aware of the policies. Policies could also be made stronger by including a reference to the authority who first implemented the policy and references to any laws or regulations that are applicable to the specific policy and environment.

26 Acceptable Use Policy The acceptable use policy outlines the behaviors that are considered appropriate when using a company’s resources. Internet use policy This covers the broad subject of Internet usage. usage policy This details whether non-work traffic is allowed at all or severely restricted. Security+ objective 2.1c Acceptable Use Acceptable use policy (AUP): outlines what the organization considers to be the appropriate use of company resources, such as: computer systems, , Internet usage, and networks. A. Organizations should be concerned with personal use of organizational assets that does not benefit the company. B. The goal of AUP is to ensure employee productivity while limiting organizational liability through inappropriate use of the organization's assets. The AUP clearly dictates which activities are not allowed and address the issues of using company resources to conduct personal business, installation of new hardware or software, remote access to systems and networks, the copying of company-owned software, and the responsibility of users to protect company assets including data and hardware or software. C. Statements regarding possible penalties for infractions should be included. An organization can also create an Internet usage policy to cover the broad subject of Internet usage within the AUP. Internet Use Policy: covers the broad subject of Internet usage within the AUP. A. The goal of an Internet usage policy is to ensure maximum employee productivity and to limit potential liability to the organization from inappropriate use of the Internet in the workplace. B. The internet can provide both a tremendous temptation for employees to waste time not working on company business and can be considered offensive to others in the workplace. Usage Policy: details whether non-work traffic is allowed at all or severely restricted, the types of messages considered appropriate or inappropriate, and any disclaimers that must be attached to an employee's message sent to an individual outside the company. By an organization not only establishing an acceptable use policy, but an Internet usage policy and an usage policy as well, it ensures that all issues concerning the applicable use of company resources are covered.

27 Different Security Policies
Change management policy This ensures proper procedures are followed when modifications to the IT infrastructure are made. Classification of information policy This establishes different categories of information and the requirements for handling each category. Due care and due diligence Due care is the standard of care a reasonable person is expected to exercise in all situations Due diligence is the standard of care a business is expected to exercise in preparation for a business transaction. Security+ objective 2.2b Change Management Security+ objective 2.4c Classification of Information Security+ objective 2.4e Due Care, 2.4e Due Diligence Change management policy: ensure proper procedures are followed when modifications to the IT infrastructure are made. These modifications can be prompted by a number of events, such as: new legislation, updated versions of software or hardware, implementation of new software or hardware, or improvements to the infrastructure. The term 'management' implies the purpose of the process being controlled in some systematic way. A. Changes to the infrastructure without a policy on how to handle the change properly could have a detrimental impact on operations. Change management policy should include a method to request a change to the infrastructure, a review and approval process for the request, an examination of the consequences of the change, resolution (or mitigation) of any detrimental effects the change might incur, implementation of the change, and documentation of the process as it related to the change. Classification of information policy: the protection of the information processed and stored on the computer systems and network, which is a key component of IT security. A. Factors that affect the classification of specific information include its value to the organization, its age, and the laws that govern its protection. The most widely known classification system is the system used by the military which classifies information into categories such as Confidential, Secret and Top Secret. Each policy for the classification of information should describe how it should be protected, who may have access to it, who has the authority to release it, and how it should be destroyed. All employees in an organization should be trained in the procedures for handling the information that they are authorized to access. Discretionary and mandatory access control techniques utilize classifications as a method to identify who may have access to what resources.

28 Different Security Policies (continued)
Due process policy Due process guarantees fundamental fairness, justice and liberty in relation to an individual’s rights. Need-to-know policy This policy reflects both the principle of need to know and the principle of least privilege. Disposal and destruction policy This policy outlines the methods for destroying discarded sensitive information. Security+ objective 2.4e Due Process Security+ objective 2.4d Secure Disposal Due process policy: concerns the guarantee of an individual's rights as outlined by the Constitution and Bill of rights. Due process guarantees fundamental fairness, justice and liberty in relation to an individual's rights. A. Due care and due diligence are terms used in the legal and business community to address issues where on party's actions might have caused loss or injury to another. The law recognizes the responsibility of an individual or organization to act reasonably relative to another, with diligence being the degree of care and caution exercised. Precautions need to be taken to indicate that the organization is being responsible. Due care refers to the standard of concern or care a reasonable person would be expected to display and due diligence refers to the preparations prior to a business transaction. In terms of security, organizations are expected to take reasonable precautions to protect the information that it maintains on individuals. Need-to-know policy: concerns two security principles as guiding philosophies to an organization's security. These two principles are the need to know security principle and the least privilege security principle. A. The need to know principle is that each individual in the organization is given the minimum amount of information and privileges they need to perform their work tasks. To obtain access to any piece of information, the individual must have a justified 'need to know', hence the name of the principle and policy. The need to know policy should address who in the organization can grant access to information and who can assign privileges to employees. Disposal and destruction policy: This policy outlines the necessary methods of destroying discarded important or sensitive information so that individuals from outside the company cannot access it after it is discarded. A. Important papers should be shredded, and important means anything that may be useful to potential intruders. A safe method of destroying files from a storage device is to destroy the data magnetically, using a strong magnetic field to degauss the media. Service level agreements Policy: Service level agreements (SLAs) are contractual agreements between entities that describe specific levels of service that the servicing entity agrees to guarantee for the customer. These agreements clearly lay out the expectations in terms of the service provided and the support expected. A. SLAs should also include penalties should the described level of support not be provided. An organization contracting with a service provider include in the agreements a section regarding the service provider's responsibility in terms of business continuity and disaster recovery. The provider's backup plans and processes for restoring lost data should also be clearly described.

29 Service Level Agreements
Service level agreements are contractual agreements between entities that describe specified levels of service, and guarantee the level of service. A web service provider might guarantee 99.99% uptime. Penalties for not providing the service are included. Security+ objective 2.5 SLA

30 Human Resources Policies
Employee hiring and promotions Hiring – Background checks, reference checks, drug testing Promotions – Periodic reviews, drug checks, change of privileges Retirement, separation, and termination of an employee Determine the risk to information, consider limiting access and/or revoking access Mandatory vacation An employee that never takes time off may be involved in nefarious activities and does not want anyone to find out. Security+ objective 2.1c Security Related HR policy Security+ objective 2.1c Mandatory Vacations Human resources policies are essential to every organization since the weakest point in any security system are the people. Employee hiring and promotions covers background checks and other methods to ensure that the organization only hires the most capable and trustworthy employees. A. After an employee has been hired, the organization reduces the risk of the employee ignoring policies and affecting the security of the company through additional methods, such as: periodic reviews, drug checks, or monitoring of activity during work. All the policies and procedures concerning these methods implemented by the company should be covered within the human resources policy. Retirement, separation, and termination of an employee implements a set of policies that will protect the organization from potentially disgruntled employees who may use access that has not yet been removed to attempt an attack. Mandatory vacation should also be included within one of these policies, as a from a security standpoint an employee who never takes time off may be involved with some nefarious activity in the company and won't take leave so as not to risk their activities being detected while they are away from their desk. As a result, requiring employees to utilize all of their mandatory vacation time can be considered a security mechanism because of its preventive measures.

31 Security Models Confidentiality models Integrity models
Bell-LaPadula security model Integrity models Biba model Clark-Wilson model Confidentiality Models aew security models with the main goal of ensuring confidentiality. Integrity Models are security models with the main goal of ensuring integrity. Bell-La Padula Security Model was the security model first utilized by the U.S. Military (since data confidentiality is a chief concern for the military and is essential to its operations). Each security model, whether integrity-based or confidentiality-based, focuses on the chosen security policy of the organization implementing the model. Each security model also utilizes a system of checks and balances to ensure there are no weak points in the security of the computer systems and networks they are protecting.

32 Bell-LaPadula Security Model
Two principles Simple security rule (“no read up”) The *-property (pronounced "star property") principle (“no write down”) Objective – Protect confidentiality A prime example of a confidentiality-based model is the development of the Bell-La Padula security model utilized by the U.S. Military. Since data confidentiality is a chief concern for the military and is essential to its operations, The Bell-La Padula security model is designed to address data confidentiality in computer operating systems. The model is especially useful in creating the multilevel security systems that implement the military's hierarchal security scheme, which includes levels of classification such as Unclassified, Confidential, Secret and Top Secret. Similar classifications more commonly used in industry but based off of this model include Publicly Releasable, Proprietary, and Company Confidential. The Bell-La Padula security model employs both mandatory and discretionary access control mechanisms when implementing its two basic security principles. Its two basic security principles are the Simple Security Rule and the *-property (pronounced "star property") principle. The Simple Security Rule states that no subject (such as a user or program) can read information from an object (file or document) with a security classification higher than that possessed by the subject itself. This means that the system must prevent a user with only a Secret clearance from reading a document labeled Top Secret. This rule is also referred to as the "no-read-up" rule. The *-property principle states that a subject can write to an object only if its security classification is less than or equal to the object's security classification. This means a user with a Secret clearance can write to a file classified as Secret or Top Secret, but not to a file classified only as Unclassified. Since integrity is not the main goal of the security model, this principle allows users to write to files they cannot view and delete files they are not authorized to access. The *-property principle does not allow users to create or change information to files classified beneath their clearance to avoid either accidental or deliberate security disclosures. The system is designed to make it as close to impossible for data to be disclosed to those without the appropriate level to view it. In other words, if it were possible for a user with Top Secret clearance to write or change a document classified as Secret either accidentally or deliberately, then a user with Secret clearance could then access that file and view it. That would mean data would have been disclosed to an individual not authorized to view it and would defeat the purpose of a confidentiality-based security model. The *-property principle is also referred to as the "no-write-down" rule. Not all organizations or environments are more concerned with confidentiality than integrity, however. A financial institution that relies on its customer’s accounts being kept current with accurate balances would place more importance on the integrity of its accounts rather than the confidentiality. A different model from the confidentiality-based Bell-La Padula security model would be used.

33 Biba Model Two principles based on integrity levels
Low-water policy (“no write up”) Ring policy (“no read down”) Objective – Protect integrity Kenneth Biba studied the integrity issue and developed the Biba security model in the late 1970s and in the 1980s the Clark-Wilson security model was created. Both of these models focus on the goal of integrity rather than confidentiality. In the Biba security model, instead of security classifications, integrity levels are used. The integrity levels principle is that data with a higher integrity level is believed to be more accurate or reliable than data with a lower integrity level. Integrity levels indicate the level of trust that can be placed in the information at the different levels. Integrity levels also differ from security classifications as they limit the modification of information as opposed to the flow of information. An essential piece to implementing an integrity-based security model is the Low-Water-Mark policy. The Low-Water-Mark policy is in many ways the opposite of the above mentioned *-property principle because it prevents subjects from writing to objects that are at a higher integrity level. This policy also employs a second rule that states the integrity level of a subject will be lowered if it reads an object of a lower integrity level. The reason behind this rule is that if the subject then uses the data from that object, the highest integrity level integrity for a new object created from the first object will be the same level of integrity as the original. In other words, the level of trust placed on data formed from a specific integrity level cannot be higher than the level of trust in the subject creating the new data object, and the level of trust in the subject can only be as high as the level of trust held in the original data. The final rule implemented in the Low-Water-Mark policy is that a subject can execute a program only if the program's integrity level is equal to or less than the integrity level of the subject. This ensures the data modified by a program only has the integrity level that can be placed on the individual who executed the program. The Low-Water-Mark policy is effectively prevents unauthorized modification of data, but it has the unfortunate side effect of eventually lowering the integrity levels of all subjects to the lowest level on the system (unless the subject always views objects with the same level of integrity). This is because of the second rule implemented within the Low-Water-Mark policy which lowers the subject's integrity level if it changes the data of an object with a lower integrity level. This is a drawback because there is no procedure specified within the policy to raise the subject's integrity level back to its initial value. A second policy, the Ring policy, addresses this important issue. The Ring policy allows any subject to read any object without regard to the object's level of integrity and without lowering the subject's integrity level. Unfortunately, this can lead to a situation where data created by a subject after reading data of a lower integrity level could have a higher level of integrity placed upon it than it should. The Biba model implements a hybrid of the Low-Water-mark policy and the Ring policy. Biba's model of security is the opposite of the Bell-La Padula security model in that what is enforces are "no-read-down" and "no-write-up" policies. The Biba security model also implements a third rule that prevents subjects from executing programs at a higher level, which then addresses both of the problems mentioned with the Low-Water-Mark policy and the Ring policy.

34 Clark-Wilson Model Uses transactions as a basis for rules
Two levels of integrity Constrained data items (CDI) Subject to integrity controls Unconstrained data items (UDI) Not subject to integrity controls Two types of processes integrity verification processes (IVPs) transformation processes (TPs) The Clark-Wilson security model takes an entirely different approach than the Bell-La Padula security model and the Biba security model. This is because the Clark-Wilson security model uses transactions as the basis of its rules. It defines only two levels of integrity: constrained data items (CDI) and unconstrained data items (UDI). CDI data is subject to integrity controls while UDI data is not. The model then defines two types of processes: integrity verification processes (IVPs) and transformation processes (TPs). Integrity verification processes ensure that CDI data meets integrity constraints in order to ensure the system is in a valid state. Transformation processes change the state of data from one valid state to another. Data in this model cannot be modified directly by a user because it can only be changed by trusted TPs to which access can be restricted. This restricts the ability of users to perform certain activities. A prime example of an organization using an integrity-based security model would be a financial institution. In the Clark-Wilson security model, the account balance of the banking account would be a CDI because its integrity is a critical function of the bank. A client's color preference of debit card is not a critical function to the bank and would be considered an UDI. Since the integrity of account balances is of extreme importance, changes to a person's balance must be done through the use of a TP. Ensuring the balance is correct would be done by an IVP. Only certain employees of the bank would have the ability to modify a bank account, which would be controlled by limiting the number of individuals who have the authority to execute TPs that result in account modification. Certain critical functions could actually be split into multiple TPs within the Clark-Wilson model, which enforces the important security principle, separation of duties. This limits the authority any one individual has so that multiple individuals would be required to execute certain critical functions. Each security model, whether integrity-based or confidentiality-based, focuses on the chosen security policy of the organization implementing the model. Each security model also utilizes a system of checks and balances to ensure there are no weak points in the security of the computer systems and networks they are protecting.

35 Model Summary Model Objective Policies Bell-LaPadula Confidentiality
No read up No write down Biba Integrity No read down No write up Clark-Wilson Two levels of integrity – UDI and CDI IVP monitor TP (Transformation Processes)

36 Chapter Summary Define basic terms associated with computer and information security. Identify the basic approaches to computer and information security. Distinguish among various methods to implement access controls. Describe methods used to verify the identity and authenticity of an individual. Recognize some of the basic models used to implement security in operating systems. Be sure that all of the learning objectives are understood fully in order to fully comprehend the chapter contents. Utilize the chapter exercises, exam tips, and general notes to better understand the chapter as well. Chapter Notes: A. The general public is becoming more aware of the terminology used in computer security fields due to increasing media coverage of the subject. Be sure to understand the definitions of terms that have been around for many years or have become more common recently, such as: hacking, cracking, phishing, phreaking, vishing, pharming, and spear phishing. As security constantly evolves, it's important to keep aware of the new creation of terms or what the terms are used to explain. B. While there is not yet a universal agreement on whether authentication, auditability, and nonrepudiation are necessary additions to the original CIA of Security, the original three goals of security are known as the basic principles of security. It's important to fully understand these basic principles as they are the building blocks of most security hardware, software, policies and procedures. C. There was a lengthy debate over whether host-based or network-based security was the most important. It was decided that a combination of both is needed to adequately address the wide range of security threats. Certain attacks are more easily detected or prevented by security tools that are designed for specific tasks or approaches. D. Security professionals are often amazed at how often security through obscurity is utilized as a main line defense for multiple individuals. Relying on a piece of information remaining secret is generally not a good idea, especially in this current era where methods of obtaining secret information is becoming more advanced. Reverse-engineering is an example of such a method, where individuals analyze the binaries of programs to discover embedded password or cryptographic keys. The biggest problem or drawback to the method of security through obscurity is that once the secret being hidden becomes known, there is often no easy way to modify the secret to re-secure it. E. Social engineering is one of the most successful methods that attackers have used to gain access to computer systems and networks. The technique relies on an aspect to security that can be easily overlooked: people. Most people have an inherent desire to be helpful or avoid confrontation. With a plausible background and a good story, an experienced social engineer can frequently talk individuals into divulging information that would normally be kept secret. An example of social engineering in its simplest form could take place in front of a locked door within an organization, where the social engineer strikes up a casual conversation with the individual unlocking the door so that when the door is opened, the conversation is carried on with the social engineer following the individual through the door without using a key. For many people, if the social engineer seems friendly and doesn't look suspicious, the individual will assume the attacker belongs to the organization. F. CROSSCHECK: (Social Engineering) In Chapter 1 the topic of social engineering attacks was discussed in multiple forms. They are the most common attack that most users will be faced with, which is why it is essential to fully understand the different types of social engineering attacks and how each can be used as part of an overall plan to attack an organization. G. Accounts of ex-employees are often found by security professionals conducting security assessments of organizations. This is especially true for larger organizations, which may lack a clear process for the personnel office to communicate with the network administrators when an employee leaves the organization. These old accounts left open through negligence provide a weak point in any security system and should be eliminated immediately. H. In order to prevent the rash actions of disgruntled employees, it can be wiser for an organization to grant employees with decent paid vacation or other benefits in order to avoid them potentially damaging sensitive files to which they have access or allowing an attack on a network through negligence. Because employees typically understand the pattern of management behavior in respect to termination, doing the right thing will pay dividends in the future for an organization. I. The Simple Security Rule is the most basic of security rules, just like its title. It states that in order for an individual to access something, they must be authorized to do so. It's similar to the least privilege and implicit deny security principles. Chapter Exercises: A. Least Privilege Security Concept: Examine the security policies of an organization have in place to see if there are identifiable examples of where the principle of least privilege has been used. B. Control of Resources: An important aspect of the security principle is the ability to apply the appropriate security control to file and print resources. Examine different operating systems of computers to compare the different methods used to provide the ability to control file and print resources. C. Acceptable Use Policy: Make sure to understand that the acceptable use policy outlines what is considered acceptable behavior for users of a computer system. This policy pairs with an organization's Internet usage policy, as they often share acceptable behaviors and topics. Obtain a copy of an organization's acceptable use policy. Compare it with samples of others and mark the differences or similarities of the documents. Chapter Exam Tips: A. Implicit deny is a fundamental principle of security and its important to understand this principle fully. Similar to the least privilege security principle, this principle states that an individual without the authorization for access is denied. B. Password policy is one of the most basic policies that an organization can have. Make sure that in order to understand the policy completely you concentrate on what constitutes a good password along with the drawbacks of the password policy such as expiration, age and use. C. It's not uncommon for an organization to neglect to establish a working policy that mandates the removal of an individual's computer access upon termination. Not only should such a policy exist, but it should also include procedures to reclaim a terminated employee's computer system and accounts. Make sure to understand what a standard policy and procedure for this process would be.

Download ppt "General Security Concepts"

Similar presentations

Operating System Security

Operating System Security
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Access Control Methodologies

Access Control Methodologies
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Information Systems Security Operational Control for Information Security.

Information Systems Security Operational Control for Information Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Information Systems Security

Information Systems Security
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Similar presentations

Ads by Google