Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | griselda-montgomery |
View: | 219 times |
Download: | 0 times |
Copyright,2013-15
1
Copyright,2013-15
2
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2013-15
3
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.QuickTime™ and a
TIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2013-15
4
•
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright,2013-15
5
Neworked Information SystemsThis Series of Six Lectures1. Application Architectures
.1 Master-Slave Architecture
.2 Client-Server Architecture• Cloud Computing
.3 Peer-to-Peer (P2P) Architecture2. Categories of Networked Application
.1 Mobile Computing
.2 Web 2.0 and Social Media
3. Networked Info Systems Security
.1 Security of Info and I.T.
.2 Malware and Other Attacks
.3 Mobile Security
Copyright,2013-15
6
COMP 2410 – Networked Information Systems
SC1 – Security of Information and I.T.
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor, A.N.U. and U.N.S.W.
http://www.rogerclarke.com/II/NIS2410.html#L4http://www.rogerclarke.com/II/NIS2410-4 {.ppt, .pdf}
ANU RSCS, 1 April 2015
Copyright,2013-15
7
The Notion of Security
A condition in which harm does not arise
despite the occurrence of threatening events
A set of safeguards whose purpose is
to achieve that condition
Copyright,2013-15
8
Information Security
• Data SecrecyPrevent access by those who should not
see it
Copyright,2013-15
9
Information Security
• Data SecrecyPrevent access by those who should not see
it
• Data Quality / Data IntegrityPrevent inappropriate change and deletion
• Data AccessibilityEnable access by those who should have it
Copyright,2013-15
10
Information Security
• Data Secrecy ConfidentialityPrevent access by those who should not see
it
• Data Quality / Data ... IntegrityPrevent inappropriate change and deletion
• Data Accessibility AvailabilityEnable access by those who should have it
'The CIA Model'
Copyright,2013-15
11
IT Security• Security of Service
• Fit• Reliability
• Availability• Accessibility• Robustness• Resilience• Recoverability
• Integrity• Maintainability
• Security of Investment
• Assets• The Business
http://www.rogerclarke.com/II/CCSA.html#RA
Copyright,2013-15
12
2. The Conventional Security Model
• Threats act on Vulnerabilities and result in Harm
• Each Threatening Event is a Security Incident
• Safeguards are deployed to provide protection
• Countermeasures are used against Safeguards
Copyright,2013-15
13
The Key Concepts
• A Threat is a circumstance that could result in HarmA Threatening Event is an instance of a generic ThreatA Threat may be natural, accidental or intentional
An intentional Threatening Event is an AttackA party that creates an Intentional Threat is an
Attacker
Copyright,2013-15
14
The Key Concepts
• A Threat is a circumstance that could result in HarmA Threatening Event is an instance of a generic ThreatA Threat may be natural, accidental or intentional
An intentional Threatening Event is an AttackA party that creates an Intentional Threat is an
Attacker
• A Vulnerability is a susceptibility to a Threat
• Harm is any kind of deleterious consequence to an Asset
• A Safeguard is a measure to counter a Threat• A Countermeasure is an action to circumvent a
Safeguard
Copyright,2013-15
15
http://www.rogerclarke.com/EC/PBAR.html#App1
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
ConventionalIT Security
Model
Copyright,2013-15
16
Categories of Threat• Environmental Events (Acts of God or
Nature)• Accidents, caused by:
• Humans who are directly involved• Other Humans• Artefacts and their Designers
• Attacks, by:• Humans who are directly involved• Other Humans• The Designers of Artefacts
Copyright,2013-15
17
Situations in Which Threats Arise
Corp.Wkstns
CorporationsGovernment AgenciesIndividualsBotsThe InternetCorp.Servers
. . .
Copyright,2013-15
18
Situations in Which Threats Arise
• Computing and Comms Facilities, incl.
• Data Storage• Software• Data Transmission
• of:• The Organisation• Service Providers• Users• Others
• Physical Premises housing relevant facilities
• Supporting Infrastructure, incl. data cabling, telecomms infrastructure, electrical supplies, air-conditioning, fire protection systems
• Manual Processes, Content and Data Storage
Copyright,2013-15
19
Intentional Threats / Attacks
• Physical Intrusion
• Social Engineering• Confidence Tricks• Phishing
• Masquerade
• Abuse of Privilege• Hardware• Software• Data
• Electronic Intrusion• Interception• Cracking / ‘Hacking’
• Bugs• Trojans• Backdoors• Masquerade
• Distributed Denialof Service (DDOS)
• Infiltration by Software with a Payload
By Outsiders & Insiders – Host/Server-side, User/Client-side
Copyright,2013-15
20
Categories of Harm
• Data Loss, Alteration, Access or Replication
• Reputation or Confidence Loss• Asset Value Loss• Financial Loss• Opportunity Cost
• Property Damage• Personal Injury
Copyright,2013-15
21
IT and Data Security Safeguards
The Physical Site• Physical Access Control
(locks, guards, ...)• Smoke Detectors, UPS, ...
Hardware• Parity-checking, read-after-
write• Backup and Recovery
Network• Channel encryption• Firewalls• Intrusion Detection
Software• Authentication of data, of value,
of (id)entity, and/or of attributes• Access Control, Authorisations
Liveware• Human Procedures
Control Totals, Reconciliations
• OrganisationRespy/Authy, Separation of duties
Legal Measures• Duty Statements, Terms of Use,
Contractual Commitments
Copyright,2013-15
22
Summary of Key Terms• Threat
A circumstance that could result in Harm
• VulnerabilityA susceptibility to a Threat
• Threatening EventAn occurrence of a Threat
• SafeguardA measure to prevent, to enable detection or investigation of, or to mitigate Harm from, a Threatening Event
• Risk“The likelihood of Harm arising from a Threat”A measure of the likelihood and/or seriousness of Harm arising from a Threatening Event impinging on a Vulnerability and not being dealt with satisfactorily by the existing Safeguards
Copyright,2013-15
23
3. Business Processes
1. Risk AssessmentIdentify and Prioritisethe Residual Risks You Face
2. Risk ManagementDo something about them!!
Copyright,2013-15
24
3.1 Risk Assessmentcf. Analysis
• Define Objectives and Constraints• Identify Stakeholders, Assets, Values,
Harm• Identify Threats, Vulnerabilities,
and Threat-Vulnerability Combinations• Consider Existing Safeguards• Evaluate the Residual Risks• Prioritise the Residual Risks
Copyright,2013-15
25
3.2 Risk Managementcf. Design and Implementation
• Define additional and adapted Safeguards that will address the Priority Risks
• Express a Plan to implement the Safeguards
• Implement the Plan• Monitor the Implementation• Audit the Implementation
ISO 27005, NIST 800-30, DSD/ASD ISM
Copyright,2013-15
26
Generic Risk Management Strategies
• Proactive Strategies
• Avoidance• Deterrence• Prevention
• Reactive Strategies• Isolation• Recovery• Transference• Insurance
• Non-Reactive Strategies
• Tolerance• Abandonment• Dignified Demise• Graceless
Degradation
Copyright,2013-15
274. Security Safeguards
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
ExternalSecurity
InternalSecurity
PerimeterSecurity
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Copyright,2013-15
28
Key IT Security Safeguards Categories
External Security• Content Transmission
Security ('Confidentiality')e.g. SSL/TLS
• Authentication of Sender, Recipient, Contente.g. Dig Sigs, SSL/TLS, Tunnelling, VPNs
• 'White Hat Hacking'• Network-Based
Intrusion Detection (ID)• ...
Copyright,2013-15
29
Key IT Security Safeguards Categories
External Security• Content Transmission
Security ('Confidentiality')e.g. SSL/TLS
• Authentication of Sender, Recipient, Contente.g. Dig Sigs, SSL/TLS, Tunnelling, VPNs
• 'White Hat Hacking'• Network-Based
Intrusion Detection (ID)• ...
Perimeter SecurityInspection and Filtering• Traffic, i.e. 'Firewalls'• Malcontent, Malware
Copyright,2013-15
304. Security Safeguards
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
ExternalSecurity
InternalSecurity
PerimeterSecurity
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Copyright,2013-15
31
Key IT Security Safeguards Categories
External Security• Content Transmission
Security ('Confidentiality')e.g. SSL/TLS
• Authentication of Sender, Recipient, Contente.g. Dig Sigs, SSL/TLS, Tunnelling, VPNs
• 'White Hat Hacking'• Network-Based
Intrusion Detection (ID)• ...
Perimeter SecurityInspection and Filtering• Traffic, i.e. 'Firewalls'• Malcontent, MalwareInternal Security• Access Control• Vulnerability Inspection• Intrusion (Threat)
Detection• Safeguard Testing• Backup and Recovery,
Business Continuity,Disaster Recovery
Copyright,2013-15
32
Backup of What Data Assets?
• Personal Dataincl. sensitive data:
• of an individual• of family• of other people
• Infrastructure Config Data (settings, parameters, scripts to support normal computing operations)
• Business-Related Content
• Identity Authenticators (passwords, passport and driver's licence details)
• Payment Authenticators (PINs, credit-card details)
• Financial Data• Funds, e.g. bitcoin
wallets
http://www.rogerclarke.com/EC/PBAR.html#Tab2
Copyright,2013-15
33
Harm to Values Associated with Data
• Accessibility• Data Loss
• In Volatile Memory
• In Non-Volatile Memory
• Theft, Destruction, Malfunction
• Data Unavailability
• Inaccessibility• Data Access• Data Disclosure• Data Interception
• Quality• Low when collected• Low at time of use,
(Data Modification, Data Integrity Loss, Corruption)
http://www.rogerclarke.com/EC/PBAR.html#Tab4
Copyright,2013-15
34
Some Threat-Vulnerability Combinations
• You make changes to a file, and regret it, and want to get back to the earlier version
• Disk-Crash
• Data Hostage 'Cryptohack'
• ...
Copyright,2013-15
35
Backup
To Where?
• An internal storage-medium• An external storage-medium• Local Network Attached
Storage (NAS)
• Remote storage-medium
• Stored locally / remotely• Stored online / offline
How often?
• Instant• Frequent• Occasional
Copyright,2013-15
36
Backup Procedures
1. Single-File Backup2. Periodic Full Backup3. Incremental Multi-
File Backup with Overwrite of Prior Versions
4. Incremental Multi-File Backup with Retention
of Prior Versions5. Mirror File Backup6. Rotation of File
Backups
7. Off-Site / 'Fire' Backup
8. Storage-Medium or Partition Backup
9. Write-Twice / Copy-On-Write
10. Archival11. Spooling of
Storage-Media12. Spooling of
Storage-Media Type
http://www.rogerclarke.com/EC/PBAR.html#App3
Copyright,2013-15
37
Threat-Vulnerability Relevant Backup Combinations Procedures
• Mistaken File Amendment, Deletion, or Overwrite
• Storage-Media Failure
• Malware or Hacking Attack denying access to the data
1. File-Versioning; or4. Incremental File Backup
& Retention of Old Versions
2. Full File Backup; or3. Full plus Incrementals; or8. Storage-Medium Backup
Offline Storage &2, 3 or 8
Copyright,2013-15
38
Security of Information and I.T.Agenda
1. The Concept of Security2. The Conventional Security Model3. Business Processes
3.1 Risk Assessment3.2 Risk Management
4. Security Safeguards4.1 Backup and Recovery
Copyright,2013-15
39
COMP 2410 – Networked Information Systems
SC1 – Security of Information and I.T.
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor, A.N.U. and U.N.S.W.
http://www.rogerclarke.com/II/NIS2410.html#L4http://www.rogerclarke.com/II/NIS2410-4 {.ppt, .pdf}
ANU RSCS, 1 April 2015
Copyright,2013-15
40
Drill-Down Slides
Copyright,2013-15
41
Costs of Risk Mitigation• Executive Time, for assessment, planning, control• Consultancy Time, for assessment, design• Operational Staff Time for:
• Training, Rehearsals, Incident Handling, Backups• Computer Time for backups• Storage costs for on-site and off-site (‘fire backup’)
copies of software, data and log-files• Transmission Costs for database replication• Loss of Service to clients during backup time• Redundant Capacity (Hardware, Networks)• Contracted Support from a 'hot-site' / 'warm-site'
Copyright,2013-15
42
4.1 Access ControlAn Important Example of a
Safeguard
• Protect System Resources against Unauthorised Access
• Provide convenient access to the right people, to relevant data and software capabilities, by providing User Accounts with Privileges and Restrictions
• Prevent access by the wrong people to data and software capabilities
• Person-Based, or Role-Based (RBAC)
Copyright,2013-15
43
Access ControlPre-Authentication
of Evidence ofIdentity or Attribute
Permissions Storeor Access
Control List
Authenticationusing the Issued
Authenticator
AuthorisationAccessControl
Registerof
Authenticators
Copyright,2013-15
44
Threats to Passwords1. Guessing2. 'Brute Force' Guessing3. Visual Observation4. Electronic Observation5. Interception6. Phishing7. Use of One Password for Multiple Accounts8. Discovery of a Password Database9. Compromise of the Password-Reset Process10. Continued Use of a Compromised Password11. Compromise of a Password Stored by a Service-Provider12. Acquisition and Hacking of the Password-Hash File
http://www.rogerclarke.com/II/Passwords.html
Copyright,2013-15
45
Ways of Strengthening Access Control
• Channel Encryption, e.g. SSL/TLS, so that even if the password is intercepted, it is not ‘in clear’
• Transmission of only a hash of the password• Server-Side Storage of only a hash of the
password• One-Time Passwords
Copyright,2013-15
46
Ways of Strengthening Access Control
• what you knowpassword, 'shared secrets'
• what you haveone-time password gadget, a digital signing key
• where you areyour IP-address, device-ID
• what you area biometric, e.g. fingerprint
• what you dotime-signature of password-typing key-strikes
• who or what you arereputation, 'vouching'
• Channel Encryption, e.g. SSL/TLS, so that even if the password intercepted, it is not ‘in clear’
• Transmission of only a hash of the password• Server-Side Storage of only a hash of the password• One-Time Passwords• Multi-Factor Use Authentication: