02. Course Overview

What is Cyber security?

The NIST (National Institute of Standards and Technology) computer security handbook defines it as protections afforded to an information system to preserve confidentiality, integrity, availability (CIA) of system resources.

Terminology:

• Threat: potential security harm to an asset/system resource
• Attack: thread that is carried out. If successful, leads to undesirable violation of security
• Countermeasure: means taken to deal with attacks (prevention, detection, recovery)
• Vulnerabilities:
  • Leaky: access to information given when it should not
  • Corrupted: does the wrong thing or gives wrong answers
  • Unavailable: impossible/impractical to access

Key questions:

• What assets need to be protected
• How are the assets threatened
• How can the threats be countered

Assets include:

• Hardware
• Software: OS, system utilities, applications
• Data: files, DB
• Networks: local/wide area network links, bridges, routers etc.

Types of Attacks

Passive:

• Does not alter information or resources in the system
• Hard to detect, easy to prevent
• Types of passive attacks:
  • Eavesdropping/interception: attacker directly accesses sensitive data in transit
  • Traffic analysis/inference: observations of the amount of traffic between the source and destination

Active:

• Alters information or system resources
• Hard to prevent, easy to detect
• Types of active attacks:
  • Masquerade: attacker claims to be a different entity
  • Message modification (falsification): message modified in transit
  • DDoS (misappropriation): attacker prevents legitimate users from accessing resources

Inside:

• Initiated by entity inside the security perimeter
• Authorized to use the systems, but used in a malicious way
• Types of inside attacks:
  • Exposure: sensitive data intentionally released to outsider
  • Falsification: data altered or replaced

Outside:

• Initiated from outside the perimeter by an unauthorized or illegitimate user
• Types of outside attacks:
  • Obstruction: communication links disabled, or communication control information altered
  • Intrusion: attacker gains unauthorized access to sensitive data

Fundamental Requirements

Information security management requires:

1. Threat identification
2. Classification by likelihood and severity
3. Security controls applied based on cost-benefit analysis

Countermeasures to threats and vulnerabilities:

• Computer security technical measures (access control, authentication etc.)
• Management measures (awareness, training)

What is Information Security?

ISO security architecture defines:

• Security: when vulnerabilities in assets/resources are minimized
• Asset: anything of value
• Vulnerability: any weakness that could be exploited to violate a system or its information
• Threat: potential security violation

Hence, information security is security where the assets/resources are information systems

Security Services and Mechanisms

OSI Security Architecture X.800: dated, but most definitions/terminology still relevant. Defines security threats, services, and mechanisms.

Security Services

A security service is processing/communication service that gives a specific kind of protection to system resources.

Security services include:

• Peer entity authentication: confirms entity is who they claim to be
• Data origin authentication: confirms origin of data unit/message
• Access control: protects against unauthorized use of resources
• Data confidentiality: protects data against unauthorized disclosure
• Traffic flow confidentiality: protects disclosure of data that can be derived from knowledge of traffic flow
• Data integrity: detects modification/reply of data in messages
• Non-repudiation: protects against the message creator falsely denying to creating the data
• Availability: protects against DDoS
• Encipherment: transforms data to hide its content
• Digital signature: mechanism to transform data using a signing key

From Stack Exchange:

• Non-repudiation: entity cannot deny to having sent/signed the message
• Message (or data origin) authentication: entity originally made the message
• Entity authentication: entity involved in current communication session

Security Mechanisms

A security mechanism is a method of implementing one or more security services.

Security mechanisms include:

• Data integrity: corruption-detection techniques
  • Message Authentication Codes
• Authentication exchange: protocols to ensure identify of participants
  • TLS
• Traffic padding: spurious traffic generated to protect against traffic analysis; usually used in combination with encipherment
• Control lists, passwords, tokens which indicate access rights
• Routing control: use of specific secure routes
• Notarization: use of trusted third party to assure source/receipt of data