Methods of Defense

Methods of Defense:

We can deal with harm that occurs when a threat is realized against a vulnerability in several ways:

• Prevent it, by blocking the attack or closing the vulnerability.

• Deter it, by making the attack harder, but not impossible.

• Deflect it, by making another target more attractive.

• Detect it, either as it happens or some time after the fact.

• Recover from its effects.

Controls:

• Encryption

• Software Controls - access limitations in a data base, in operating system protect each user from other users

• Hardware Controls –smartcard

• Policies - frequent changes of passwords

• Physical Controls

Software Controls:

• Program controls include:

• Internal program controls: part of the program that enforce security restrictions, such as access limitations in a database management program.

• Operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users.

• Independent control programs: application programs, such password checkers, intrusion detection utilities or virus scanners, that protect against certain types of vulnerabilities.

• Development controls: quality standards under which a program is designed, coded, tested and maintained, to prevent software faults from becoming exploitable vulnerabilities.

Hardware Controls:

• Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as:

• Hardware or smart card implementations of encryption

• Locks or cables limiting access or deterring theft

• Devices to verify user’s identities

• Firewalls

• Intrusion detection systems

• Circuit boards that control access to storage media

Policies & Procedure Controls:

• Controls can also be in place based on agreed-upon procedures or policies among users, rather than enforcing security through hardware or software means.

• Training and administration follow immediately after establishment of policies, to reinforce the importance of security policy and to ensure their proper use.

Encryption Controls:

• Encryption is the formal name for scrambling data so that interpretation is meaningless without the intruder’s knowing how the scrambling was done.

• Encryption can virtually nullify the value of an interception and the possibility of effective modification or fabrication.

• It clearly addresses the need for confidentiality of data.

• It also can be used to ensure integrity.

• Encryption is the basis of protocols that enable us to provide security while accomplishing an important system or network task.

Effectiveness of Controls:

• Principle of effectiveness: Controls must be used and used properly to be effective.

• There are several aspects that can enhance the effectiveness of controls:

• Awareness of problem

• Likelihood of use

• Overlapping controls

• Periodic review

Security Attacks Example

Passive Attacks: Release of Message Contents



Passive Attacks: Traffic Analysis



Active Attacks: Masquerade



Active Attacks: Replay



Active Attacks: Modification of Messages



Active Attacks: Denial of Service

Security Attacks / Threats

Active attacks

Active attacks: Involve some modification of the data stream or the creation of a false stream
Goal: to obtain authorization
Categories: masquerade, replay, modification of messages & denial of service

Passive attacks

Passive attacks: eavesdropping or monitoring the transmissions
Goal: to obtain information that is being transmitted
Types: release of message contents & traffic analysis

Security Principles

Confidentiality

Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred.

Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.

Integrity

In information security, integrity means that data cannot be modified without authorization. This is not the same thing as referential integrity in databases. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on.
There are many ways in which integrity could be violated without malicious intent. In the simplest case, a user on a system could miss-type someone's address. On a larger scale, if an automated process is not written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the integrity of the data compromised. Information security professionals are tasked with finding ways to implement controls that prevent errors of integrity.

Availability

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.

Security Area

Incident Trends

Incident Trends:

In the late 1980s and early 1990s, the typical intrusion was fairly straightforward. Intruders most often exploited relatively simple weaknesses, such as poor passwords and misconfigured systems, that allowed greater access to the system than was intended. Once on a system, the intruders exploited one or another well-known, but usually unfixed, vulnerability to gain privileged access, enabling them to use the system as they wished.

There was little need to be more sophisticated because these simple techniques were effective. Vendors delivered systems with default settings that made it easy to break into systems. Configuring systems in a secure manner was not straightforward, and many system administrators did not have the time, expertise, or tools to monitor their systems adequately for intruder activity.

Unfortunately, all these activities continue in 1996; however, more sophisticated intrusions are now common. Intruders has demonstrate increased technical knowledge, develop new ways to exploit system vulnerabilities, and create software tools to automate attacks. At the same time, intruders with little technical knowledge are becoming more effective as the sophisticated intruders share their knowledge and tools.

What is Security?

Definition: Security is the quality or state of being secure that is to be free from danger and to be protected from adversaries – from those who would do harm, intentionally or otherwise.

Information Security: Information Security is the protection of information and the systems and hardware that use, store, and transmit that information. (By NSTISSC)

Information security:

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.

Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Introduction

Security in Information Technology is a very important issue. It is an area that deserves study by computer professionals, students, and even many computer users. Through this course, student will learn how to control failures of confidentiality, integrity and availability in applications,databases, operating systems and networks alike. Beside that students should be able to implement the cyberlaw to protect their rights. Students also will learn on how to plan the recovery solution if any disaster happens to the computing environment.

Over the past two decades, the evolution of technology has quickened society’s transformation to a digital environment. These advances have been nonlinear and sometimes chaotic leading to disparities in the composition of the information technology (IT) workforce. The variation in training, expertise, acumen, and experience is a natural consequence and is found in the myriad of recruiting, education, and retention practices of employers. Since the very beginning of the digital revolution, public and private organizations, leaders, and experts have dedicated significant resources to developing the IT security field of practice, yet disparities remain.

Now more than ever, IT securities professionals must be prepared to meet the challenges that exist today and in the future. The convergence of voice and data communications systems, the reliance of organizations on those systems, and the emerging threat of sophisticated adversaries and criminals seeking to compromise those systems underscore the need for well trained, well equipped IT security specialists. Furthermore, the interconnectedness of government and industry through shared infrastructures and services demonstrates the need for a universal understanding across domains of the required roles, responsibilities, and competencies of the IT security workforce.

About

The overall goal for use of this blog is to facilitate the development or strengthening of a comprehensive, measurable, cost-effective application of the security concept and the cryptography algorithms. Protecting the value of an organization’s information assets demands no less. This blog also will provide the information on how to implement of the security services and mechanisms in computer programs, operating systems, databases, networks, administrations of computer security, permitting the most cost-effective allocation of limited IT security resources. It also will give an information on how to analyze the legal/ethical issues knowledge in computer security and decides the suitable cyberlaws based on security issues and how to determine and solve the risks of security in networking and computing.