Upload
tranthien
View
341
Download
10
Embed Size (px)
Citation preview
CNSS Security Model (cont.)
most challenging to protect
CNSS Security Model (cont.)
Example: Data Loss Prevention (DLP) System Data Loss Prevention identifies, monitors, and protects data transfer through deep content inspection and analysis of transaction parameters (source, destination, data object, and protocol), with a centralized management framework. I.e., DLP detects and prevents the unauthorized transmission of confidential information.
Protecting data-in-use accomplished by protecting data-at-rest and data-in-transit!
https://sc1.checkpoint.com/documents/R77/CP_R77_DataLossPrevention_AdminGuide/62453.htm
trusted environment(enterprise network)
DLPSystem
non-trusted environment
no explicit protection of ‘data in use’
But, what if no part of the network/environment is trusted?!
(e.g., in case of Cloud Computing)
CNSS Security Model (cont.)
CNSS Security Model (cont.)
Example: Data that needs protection in the Cloud
CNSS Security Model (cont.)
Example: Homomorphic Encryption
http://www.slideshare.net/NYTechCouncil/computing-on-encrypted-data
Example: Homomorphic Encryption (cont.)
CNSS Security Model (cont.)
http://www.slideshare.net/NYTechCouncil/computing-on-encrypted-data
Countermeasures/Safeguards Technology - software and hardware solutions (e.g.,
antivirus, firewalls, intrusion-detection systems, etc.)
Policy and practices - administrative controls, such asmanagement directives (e.g., acceptable use policies)
People - aka awareness, training, education - ensurethat users are aware of their roles & responsibilities
CNSS Security Model (cont.)
• Each of 27 cells in the cube represents an area thatmust be addressed to secure an information system e.g., intersection between data integrity, storage and
technology implies the need to use technology to protectdata integrity of information while in storage solution: new ‘file check sum’ is calculated every time a critical
file is modified …
Information states:
Desired goals:Measures:
CNSS Security Model (cont.)
CNSS Security Model (cont.)
Example: How to protect - confidentiality of data- while in transit (e.g., moved to/by USB)- through education/awareness?
Scenario: An employee stores companyinformation on a personal USB drive, in order to transfer it to another computer(e.g., work from home)
Safeguard: Educate employees aboutthe importance of carefully handling data and encrypting data before transferring it to insecure ‘movable’ media – in case that USB is infected or lost, encryption ensuresthat data cannot be read
Are all 27 aspects of security worth investing intoat every company?
CNSS Security Model (cont.)
Example: Protecting Confidentiality of Data OverWireless …
CNSS Security Model (cont.)
WiFi used in an area that is within outside reach.
WiFi used in an area that is NOT within outside reach.
• Three main components of a security threat: Target [asset with vulnerability]: organization’s asset that
might be attacked information (its confidentiality, integrity, availability), software,
hardware, network service, system resource, etc.
Agent [may or may not be present]: people/organizations originating the threat – intentional or non-intentional employees, ex-employees, hackers, commercial rivals, terrorists, …
Event: action that exploits target’s vulnerabilitymalicious / accidental destruction or alteration of information, misuse
of authorized information, etc.
Threats
• Security Threat – any action/inaction that could causedisclosure, alteration, loss, damage or unavailability ofa company’s/individual’s assets
Threats (cont.)
Example: Threat in WiFi network
Asset with v.WiFi within
outside reach
Agentcompetitor
interested in seizing your
data
Eventcompetitor
actually invests time & effort to
capture data
Threat
NO EVENT ⇒ NO THREAT !!!
Threats (cont.)
Example: Threat without Agent
Asset with v.
EventThreat
data on a server,not backuped!
flood or fire in the server room
Threats (cont.)
Assetwith vulnerability
Agent EventThreat
deliberateor accidental
outsideror insider
Example of insider agent: SysAdmin has added a new soft-ware to the system and has forgotten to change the password
Example: outsider vs. insider, deliberate vs. accidental
Threats (cont.)
Assetwith vulnerability
Agent EventThreat
THREAT EVENT DELIBERATELY EXECUTED BY AGENT = ATTACK
deliberate
Example: attack definition
Threats (cont.)
• Criteria for threat identification/prioritization : asset identification e.g. what are the company’s main assets:
(a) web servers (e-commerce company), or(b) workstations (software company)?
conditions under which its key assets operate e.g. are there any wireless links / access points?
organizational strategy regarding risk e.g. cost/time of encrypting every file/email vs. worker’s productivity
• Main Groups of Threat Events :
Threat EventsATTACKS
no human
with hum
an agent
• Categories of Threat Events :
Treat Events
Unintentional IntentionalAttacks
PassiveAttacks
ActiveAttacks
always involve humans
Threat Events (cont.)
Not-involving Humans
Involving Humans
• Top Threat-Driven Expenses (C-ACM study)
Threat Events (cont.)
Rating of different threat events based ontheir frequency and significance.
• Forces of Nature fire, flood, earthquake, hurricane, tsunami, electrostatic
discharge, dust contamination
cannot be predicted/prevented
organization must implement controls to limit damageas well as develop incident response plans and business continuity plans
• Hardware and Software Failures and Errors cannot be fully controlled/prevented by the organization
best defence: keep up-to-date about latest hardware and software vulnerabilities
Threat Events: Unintentional / No Human
• Act of Human Error or Failure organization’s own employee’s are
one of its greatest threats examples:
entry of erroneous data accidental deletion or modification of data failure to protect data storing data in unprotected areas
preventative measures: training and ongoing awareness activities enhanced control techniques: require users to type a critical command twice ask for verification of commands by a second party
Threat Events: Unintentional / Human
Much of human error or failure can be prevented!
• Deviations in Quality of Service in organizations that relies
on the Internet and Web,irregularities in available bandwidth can dramatically affect their operation
e.g. employees or customers cannot contact the system
possible ‘defence’: backup ISP
Threat Events: Unintentional / Human (cont.)
Active Attack - attemptsto alter system resources or affect their operation compromises Integrity or
Availability examples: masquerade,
data modification and DoS
Threat Events: Intentional Attacks
Passive Attack - attemptsto learn or make use of info.from the system but does notaffect system resources compromises Confidentiality generally hard to detect !!! examples: release of message
content and traffic sniffing
• Compromise to Intellectual Property (IP) IP = any intangible asset that consist of
human knowledge & ideas – creationsof the mind (copyright, patent, …)
any unauthorized use of IP constitutes a security threat
defense measures: use of digital watermarks and embedded code
Example: Peter Morch story – compromise to IP by insiderIn 2000, while still employed at Cisco Systems, Morch logged into a computer belonging to another Cisco software engineer, and obtained (burned onto a CD) proprietary information about an ongoing project. Shortly after, Morch started working for Calix Networks – a potential competitor with Cisco. He offered them Cisco’s information.Morch was sentenced to 3 years’ probation.
Threat Events: Intentional Attacks (cont.)
• Deliberate Act of Info. Extortion / Blackmail hacker or malicious insider steals
information and demands compensation for its return
example: theft of data files containing customer
credit card information
• Deliberate Act of Sabotage or Vandalism hacker or malicious insider destroys an
asset in order to cause financial loss ordamage the organization’s reputation
example: hackers accessing a system and damaging
or destroying critical data
Threat Events: Intentional Attacks (cont.)
Threat Events: Intentional Attacks (cont.)
Example: Two Kazakhstan employees story –info. extortion by insider
In 2002, two employees in a company in Kazakhstan allegedly got access to Bloomberg L.P. financial information database because their company was an affiliate of Bloomberg.
They allegedly demanded $200,000 from Bloomberg to reveal how they got access to the database.
Bloomberg opened an offshore account with $200,000 balance, and invited the pair to London to personally meet with Michael Bloomberg.The meeting was recorded. Soon after the two were arrested ....
In the end, there were sentences to 51 months in prison.
NOTE: finding a vulnerability and requiring payment to learn about it may be considered extortion.http://www.cybercrime.gov/zezevIndict.htm
Example: Maxus story – info. extortion by outsiderIn 2000, a mysterious hacker identified as Maxus demanded $100,000 from CDUniverse company in exchange for not releasing the names and credit card numbers of over 350,000 customers he had obtained from the companywebsite.
After CDUniverse failed to pay him, Maxus decided to set up the site, titled Maxus Credit Cards Datapipe, and to give away the stolen customer data. He announced the site’s presence Dec. 25th on an Internet Relay Chat group devoted to stolen credit cards.
Soon after launching his site, Maxus said it became so popular among creditcard thieves that he had to implement a cap to limit visitors to one stolen card at a time.
The case remains unsolved, as Maxus moved online using stolen accounts and relayed his emails through other sites to conceal the originating IP address …www.nytimes.com/2000/01/10/business/thief-reveals-credit-card-data-when-web-extortion-plot-fails.htmlwww.cyberagecard.com/news/?page=2
Threat Events: Intentional Attacks (cont.)
Example: Patrick McKenna story – information vandalismby insider
In 2000, McKenna was fired by Bricsnet (software company).
As a revenge, he remotely accessed his former employer’s computer server, and:1) deleted approximately 675 computer files;2) modified computer user access levels;3) altered billing records;4) sent emails, which appeared to have originated from an authorized
representative of the victim company to over 100 clients. Emailscontained false statement about business activities of the company.
He was sentenced to 6 months in prison, followed by 2-years of supervised release. He was also ordered to pay $13,614.11 for caused damages …
http://www.cybercrime.gov/McKennaSent.htm
Threat Events: Intentional Attacks (cont.)
• Deliberate Act of Trespass unauthorized access to info.
that an organization is trying to protect
low-tech e.g.: shoulder surfing
high-tech e.g.: hacking
shoulder surfing hacker profiles
Threat Events: Intentional Attacks (cont.)
Example: Princeton vs. Yale – trespass by outsiderYale University’s admission created a web-based system to enable applicants to check the status of their application on-line. To access the system, the applicants had to prove their identity by answering questions regarding their name, birth date, SIN.
Many of these students also applied to other top universities.
At Princeton, Associate Dean and Director of Admissions - Stephen LeMenager - knew that the private information that Yale used to control access was also in the applications that candidates submitted to Princeton. He used this information to log into the Yale system several times as applicants.
When the word got out, he admitted doing the break-ins but said that he was merely testing the security of the Yale system. Princeton put him on administrative leave.
NOTE: The case emphasizes that information used to control access must not be generally available …
Threat Events: Intentional Attacks (cont.)
• Deliberate Software Attacks a deliberate action aimed to violate / compromise a
system’s security through the use of specialized software
types of attacks:a) Use of Malware
b) Password Cracking
c) DoS and DDoS
d) Spoofing
e) Sniffing
f) Man-in-the-Middle
g) Phishing
h) Pharming
Threat Events: Software Attacks