DRC -- Cybersecurity concepts2015
1 like300 views
This document discusses basic cybersecurity concepts that everyone should be aware of. It outlines different types of threats like hackers, insiders, and human error. It also discusses common cybersecurity problems like a lack of awareness and complacency. The rest of the document delves into specific cybersecurity concepts like authentication, confidentiality, integrity, availability, and non-repudiation. It emphasizes adopting both security policies and technologies, as well as user education, to mitigate risks in a layered defense approach. While no system can be completely secure, a combination of measures can get close to eliminating risks.
DRC -- Cybersecurity concepts2015
- 1. Reunión del proyecto 2015 - Dartmouth Research & Consulting T. J. Saotome 5 Basic Cybersecurity Concepts You Must Know
- 2. Who/What Poses Threat? 2 •Hackers – casual or pro •Intruders – organized crime, states •Insiders – employees can steal •Contractors – hired guns can steal •Nature – hurricanes, fire, disasters •Human Error – input error, deletion
- 3. What’s the Problem? 3 •General Lack of Awareness – Vague understanding of users threats & risks associated with computers and the Internet •General Lack of Quality Help – Many view security as cumbersome – Many think it is complicated& expensive •Complacency – Software is in place – Does not involve me
- 4. Key Areas of Concerns 4 • Do you accept the risk level? – Ignore it – Take insurance against it – Do something about it • What are your concerns? Policies/proce dures & education Policies/proce dures & education AuthenticationAuthentication AvailabilityAvailability ConfidentialityConfidentiality IntegrityIntegrity Non- repudiation Non- repudiation
- 5. Security Model Types of Threat • Masquerade • Interception • Tampering • Denial of Service • No Evidence • Complacency Types of Solutions • Authentication • Confidentiality • Integrity • Availability • Non-Repudiation • Training & education
- 6. Is it Possible to Eliminate All Risks? • You know the answer – No, impossible • But you can get close by employing “Defense in Depth” 6 ProtectionLayers Authentication Access Control Confidentiality Availability
- 7. Concept #1 - Authentication 7 Permission to Access Resources Password Biometrics Electronic Token 2 Factor Authentication Passwords are easily “cracked” By guessing Social Engineering Deception Widely available cracking tools
- 8. Concept #2 - Confidentiality Symmetric Encryption Same key for encryption/decryption RC4, DES, 3DES, AES, IDEA, Blowfish, Twofish Asymmetric Encryption Different keys for encryption/description PGP, GnuPG, PKI (using X.509) Cryptography promotes confidentiality
- 9. Concept #3 – Information Integrity Hash Algorithm MD5 (RFC 1321), SHA (RFC 3174) Digital Signature Combination of PKI & Hash technology Digital Signature - Encrypted Hash of Private Key Digital Signature Standard – US DSS uses SHA-1 for Hash & DSA (Digital Signature Algorithm) for encryption Tampering can be detected by integrity mechanisms
- 10. Concept #4 - Availability Denial of Service Attacks Via Internet (e.g. Ping of Death) Via errant applications on LAN Via Trojan Horse Guard Against DOS & Sabotage Physical Security Dual and Multi Paths Redundant storage Good backup is essential Cryptography promotes confidentiality
- 11. Concept #5 - Non-Repudiation Destroying Evidence Log all access to covered entities Separate sys admin rights to log access rights Set event alarms for log tampering Hacker or employee may cover tracks by destroying evidence
- 12. System & Network Intrusion • Trojan Horse • Masquerading insider • Dormant malware • NetBIOS on TCP/IP especially vulnerable Many Faces of Attack Data breach Authentication info Denial of Service
- 13. Security Administration 13 • Operating System Security – Earlier versions of Windows OS lacked security mechanism – “OS Hardening” needed for critical systems • User account password/permission • Internet Security – Encrypting communication (e.g. IPSec) – SSL and TLS for Web • Scan for vulnerabilities
- 14. Mitigating Risk Security Policies Procedures Backup & Recovery Plan Off-site & Contingency Plan User Education ● ● Firewalls Anti-Virus Biometrics Cryptography PKI
- 15. 15 Reducing Risks • Non-Technical Solutions – Security Policies – Procedures – Backup and Disaster Recovery Plan – Off-site and Contingency Plan – User Education • Security Technologies – Firewalls – Anti-Virus – Biometrics – Cryptography – PKI – Intrusion Detection – Logs You must have a combination of both to be effective
- 16. Reducing the Risks – How? Policies & Procedures • Define Security Policies • Define Security Process • Define Security Policies • Define Security Process Security Technology • Employ Security Technologies for enforcement • Automate Event Monitoring/Compliance • Employ Intelligent Event Correlation • Employ Security Technologies for enforcement • Automate Event Monitoring/Compliance • Employ Intelligent Event Correlation Residual Risks • Recognize that there will be residual risks • Take insurance against it, or transfer the risks • Recognize that there will be residual risks • Take insurance against it, or transfer the risks 16
- 17. Security Policies – Key Elements Network access/ permission Network access/ permission Information Retention Information Retention PasswordsPasswords Account AccessAccount Access Virus UpdatesVirus UpdatesLog UpdatesLog Updates Security FixesSecurity Fixes Backup Restore & Verify Backup Restore & Verify Network security audit Network security audit
- 18. How you can start Objective Assessment off the current state & desired future state Combination of policies & technology appropriate for the risks Continuous User Education Monitoring & Due Diligence Periodic Audit & Fire Drill
- 19. Resources 19 •These slides are available at – www.Dartmouth-research.com •Security Templates www.sans.org – Security Tools and Training www.cert.org – CERT Coordination Center www.itl.nist.gov – NIST IT Security Checklist