Description: Topics covered in this lecture include:
What is security?
What is computing security?
'A computer is secure if you can depend on it and its software to behave as you expect'
– Garfinkel et al., Practical Unix & Internet Security
Security is a process, not a state or a product
We can aim to be in a secure state, but we need to have the process in place to maintain 'security'
Security involves
“The Golden Triangle”:
Attacker's and terminology
Attacker – generic term
Black hat / cracker – nefarious attacker
White hat – good guy / researcher
Hacker – the media's term for attacker
Who and why?
Organised crime
Corporate espionage (gather information)
Insider threats (disgruntled employees)
Hacktivists
Botnet operators
Government sponsored attacks
Many nations have capabilities, such as China and USA
Stuxnet escaped into the wild
Many attacks originate from China (allegedly state sponsored)
Government sponsored attacks
The NSA attacked Google, Yahoo and various other companies (incl. data center links)
NSA Tailored Access Operations (TAO)
QUANTUM, FOXACID, intercept traffic and attack end users
Government sponsored attacks
NSA intercept network equipment being shipped, and implant firmware
Advanced persistent threat (APT): a long term pattern of targeted, sophisticated attacks
Aimed at governments, organisations, or activists
APT1: China, APT28: Russia
Weakest Link
'Principle of Easiest Penetration...'
– Pfleeger and Pfleeger, Security in Computing
Break into and reseal a locked suitcase demonstration
Security goals
Computing security is often described as having three main goals, that of:
Confidentiality
Integrity
Availability
Confidentiality
Secrecy / Privacy
Only accessed by those authorised
Need to know
Confidentiality
Integrity
Data is accurate
Unmodified
Only modified in authorised ways
Integrity
Availability
Services are usable
Respond fast enough, for authorised users
Mitigate denial of service attacks
Availability
Cost
Security breaches can cost an organisation either
directly financially
or indirectly
Reputation
Customer relations
Vulnerabilities and Threats
Vulnerability – a weakness in the security system
Threat – circumstance that has the potential to do harm
Threats include...
Some general threats include unauthorised:
Disclosure of information
Modification
Snooping ('wiretapping')
Masquerading or spoofing
Denial of service
Following are some concrete examples...
Threats include...
Unauthorised local people
Attempting to access a computer
Users with access
May misuse their access to a computer system
May attempt to get access to additional resources
Threats include...
'Misbehaving' programs
Software bugs or design problems
Malicious software (malware)
Misconfiguration of software/security
May accidentally grant access (directly or indirectly)
Threats include
Remote attackers
Looking for any kind of access
Intercepting or modifying communications
Masquerading or spoofing (impersonating) others
Behaving unexpectedly (attempting to exploit software vulnerabilities)
Attempting to trick legitimate users/processes to act on their behalf
A security policy defines what is, and what is not, allowed
Policy can be a set of rules for a program or for people to follow
Needs to be designed to mitigate threats
A 'security mechanism', or 'control', is something that enforces a security policy
Can be a method, tool, or procedure
Actively mitigates threats
Examples include:
Passwords for authentication
Access control for restricting what users and processes can do
Firewalls for limiting the network traffic that is allowed
Sandboxes and Virtualisation for isolation
Encryption for 'scrambling' data
Non-technical procedures: for example, requiring proof of identity
Security teams
Security goals
Prevention
Means that an attack will fail
For example, by employing controls
This is the focus of this module
Detect
Determine that an attack has occurred or is happening
For example, by monitoring activity
Recover
Stop an attack and repair damage
For example, by restoring data
Security Jobs
Thinking like an attacker
– Bruce Schneier
Challenging
It is arguably easier to break a system than to keep it secure
It only takes one weakness...
Computing security is challenging – and can be fun
Conclusion
We have discussed important security concepts, including:
the motivation for security
common security threats
and security goals
For More Information Please Visit:- http://z.cliffe.schreuders.org/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.