11 ASSESSING THE NEED FOR SECURITY Chapter 1

Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts  Assets  Threats  Vulnerabilities  Countermeasures  Historical compromises  Security design concepts  Assets  Threats  Vulnerabilities  Countermeasures  Historical compromises

Chapter 1: Assessing the Need for Security3 SECURITY DESIGN INFLUENCES  Legal requirements  Business risk tolerance  Finance  Current events  Technology  Legal requirements  Business risk tolerance  Finance  Current events  Technology

Chapter 1: Assessing the Need for Security4 THE THREE PILLARS OF INFORMATION SECURITY  Confidentiality  Integrity  Availability  Confidentiality  Integrity  Availability

Chapter 1: Assessing the Need for Security5 DEFENSE-IN-DEPTH  Use multiple layers of defense. For example:  Security guards and security cameras  Network firewalls and host-based firewalls  Log on as a non-administrator and use antivirus software  Protects against any single vulnerability  Gives you time to test critical updates  Use multiple layers of defense. For example:  Security guards and security cameras  Network firewalls and host-based firewalls  Log on as a non-administrator and use antivirus software  Protects against any single vulnerability  Gives you time to test critical updates

Chapter 1: Assessing the Need for Security6 THE SCOPE OF SECURITY  Security architecture  Physical security  Cryptography  Access control  Network security  Security architecture  Physical security  Cryptography  Access control  Network security

Chapter 1: Assessing the Need for Security7 THE SCOPE OF SECURITY (CONT.)  Applications and systems development  Operations security  Security management practices  Law, investigations, and ethics  Business continuity planning  Applications and systems development  Operations security  Security management practices  Law, investigations, and ethics  Business continuity planning

Chapter 1: Assessing the Need for Security8 ATTACK COMPONENTS  Asset  Threat agent  Threat  Vulnerability  Compromise  Countermeasure  Asset  Threat agent  Threat  Vulnerability  Compromise  Countermeasure

Chapter 1: Assessing the Need for Security9 ASSET  Items that you have purchased:  Software  Hardware  Facilities  People  Information  Anything else deserving protection  Items that you have purchased:  Software  Hardware  Facilities  People  Information  Anything else deserving protection

Chapter 1: Assessing the Need for Security10 THREAT AGENT  The attacker:  Malicious attackers  Nonmalicious attackers  Mechanical failures  Catastrophic events  The attacker:  Malicious attackers  Nonmalicious attackers  Mechanical failures  Catastrophic events

Chapter 1: Assessing the Need for Security11 THREAT AGENT: MALICIOUS ATTACKERS  The classic hacker attacking from outside  Disgruntled employees attacking from inside  Likely to have specific goals and objectives  To anticipate their attacks, study their motivations  The classic hacker attacking from outside  Disgruntled employees attacking from inside  Likely to have specific goals and objectives  To anticipate their attacks, study their motivations

Chapter 1: Assessing the Need for Security12 THREAT AGENT: NONMALICIOUS ATTACKERS  People make mistakes that can cause damage such as invalid data or failed services  Examples: programming bugs, data-entry errors  Mitigate with:  Thorough testing procedures  Backups  Business continuity plans  People make mistakes that can cause damage such as invalid data or failed services  Examples: programming bugs, data-entry errors  Mitigate with:  Thorough testing procedures  Backups  Business continuity plans

Chapter 1: Assessing the Need for Security13 THREAT AGENT: MECHANICAL FAILURES  Power outages, hardware failures, network outages  Mitigate with:  Business continuity plans  Network redundancy  Server clustering  Service level guarantees  Power outages, hardware failures, network outages  Mitigate with:  Business continuity plans  Network redundancy  Server clustering  Service level guarantees

Chapter 1: Assessing the Need for Security14 THREAT AGENT: CATASTROPHIC EVENTS  Extreme weather: tornadoes, hurricanes, earthquakes, tsunami  Fire  Acts of war  Catastrophic events are rare, but the damage is tremendous. Therefore, the total risk is often high.  Extreme weather: tornadoes, hurricanes, earthquakes, tsunami  Fire  Acts of war  Catastrophic events are rare, but the damage is tremendous. Therefore, the total risk is often high.

Chapter 1: Assessing the Need for Security15 THREAT  Threat agent is the attacker, threat is the attack  Use STRIDE to remember the six main types of threat:  Spoofing identity  Tampering with data  Repudiation  Information disclosure  Denial-of-service  Elevation of Privilege  Threat agent is the attacker, threat is the attack  Use STRIDE to remember the six main types of threat:  Spoofing identity  Tampering with data  Repudiation  Information disclosure  Denial-of-service  Elevation of Privilege

Chapter 1: Assessing the Need for Security16 VULNERABILITY  Also known as a weakness  Has the potential to be a compromise when combined with a threat  Common vulnerability types:  Physical  Natural  Hardware and software  Media  Communications  Human  Also known as a weakness  Has the potential to be a compromise when combined with a threat  Common vulnerability types:  Physical  Natural  Hardware and software  Media  Communications  Human

Chapter 1: Assessing the Need for Security17 COMPROMISE  A successful attack, often called an exploit  Occurs when a threat agent creates a threat for an unprotected vulnerability  If the threat does not penetrate your defenses, you were merely attacked. Attacks are not a problem; compromises are a problem.  A successful attack, often called an exploit  Occurs when a threat agent creates a threat for an unprotected vulnerability  If the threat does not penetrate your defenses, you were merely attacked. Attacks are not a problem; compromises are a problem.

Chapter 1: Assessing the Need for Security18 COUNTERMEASURE  Also known as a safeguard  Reduce the likelihood of a vulnerability  Does not eliminate a vulnerability  Three main types:  Preventative  Detective  Reactive  Also known as a safeguard  Reduce the likelihood of a vulnerability  Does not eliminate a vulnerability  Three main types:  Preventative  Detective  Reactive

Chapter 1: Assessing the Need for Security19 PREVENTATIVE COUNTERMEASURES  Prevent threats from exploiting a vulnerability  Examples:  Firewalls  Software updates  Antivirus software  Employee security training  Prevent threats from exploiting a vulnerability  Examples:  Firewalls  Software updates  Antivirus software  Employee security training

Chapter 1: Assessing the Need for Security20 DETECTIVE COUNTERMEASURES  Used to detect an attack or a compromise  Can enable you to respond after an attack begins, but before a compromise occurs  Can also be used to detect a successful attack  Examples:  Intrusion-detection system  Security logs  Used to detect an attack or a compromise  Can enable you to respond after an attack begins, but before a compromise occurs  Can also be used to detect a successful attack  Examples:  Intrusion-detection system  Security logs

Chapter 1: Assessing the Need for Security21 REACTIVE COUNTERMEASURES  Used after a compromise  Examples:  On-site or off-site backups  Disaster recovery plans  Law enforcement  Used after a compromise  Examples:  On-site or off-site backups  Disaster recovery plans  Law enforcement

Chapter 1: Assessing the Need for Security22 ATTACK COMPONENTS

Chapter 1: Assessing the Need for Security23 HISTORICAL COMPROMISES  The fundamentals of security design remain constant throughout history  A Windows network will be subject to the same types of attack that were used before computers even existed  “Those who cannot learn from history are doomed to repeat it”  The fundamentals of security design remain constant throughout history  A Windows network will be subject to the same types of attack that were used before computers even existed  “Those who cannot learn from history are doomed to repeat it”

Chapter 1: Assessing the Need for Security : POLES BREAK NAZI ENCRYPTION  Nazis use encryption to communicate privately over public radio communications  Poles spend many years studying the communications  Poles break the encryption because of Nazi mistakes  Lesson: Humans make mistakes  Nazis use encryption to communicate privately over public radio communications  Poles spend many years studying the communications  Poles break the encryption because of Nazi mistakes  Lesson: Humans make mistakes

Chapter 1: Assessing the Need for Security : CAP’N CRUNCH CRACKS PHONE SYSTEM  Blind children discover that a whistle in a Cap’n Crunch cereal box makes a hertz (Hz) tone also used by telephone equipment  Blow the whistle and get free long-distance calls  Telephone company’s services are stolen, but catch John Draper (a threat agent) by monitoring usage logs  Lesson: Do not rely on security by obscurity and use detective countermeasures  Blind children discover that a whistle in a Cap’n Crunch cereal box makes a hertz (Hz) tone also used by telephone equipment  Blow the whistle and get free long-distance calls  Telephone company’s services are stolen, but catch John Draper (a threat agent) by monitoring usage logs  Lesson: Do not rely on security by obscurity and use detective countermeasures

Chapter 1: Assessing the Need for Security : MITNICK STEALS CODE FROM DEC  Kevin Mitnick uses social engineering to gain access to user credentials  Abuses credentials to access internal network  FBI monitors, arrests, and convicts Mitnick of multiple computer crimes  Lesson: Sophisticated attackers use unconventional attacks  Kevin Mitnick uses social engineering to gain access to user credentials  Abuses credentials to access internal network  FBI monitors, arrests, and convicts Mitnick of multiple computer crimes  Lesson: Sophisticated attackers use unconventional attacks

Chapter 1: Assessing the Need for Security : ATTACKER STEALS MICROSOFT SOURCE CODE  Microsoft employee runs Trojan horse received in  Trojan horse opens a back door that contacts threat agents  Threat agents use access to collect passwords and steal source code  Damage limited because credentials gave threat agents access to limited portions of the source code  Microsoft’s tarnished security reputation caused immeasurable damage  Lesson: Valuable data deserves expensive countermeasures  Microsoft employee runs Trojan horse received in  Trojan horse opens a back door that contacts threat agents  Threat agents use access to collect passwords and steal source code  Damage limited because credentials gave threat agents access to limited portions of the source code  Microsoft’s tarnished security reputation caused immeasurable damage  Lesson: Valuable data deserves expensive countermeasures

Chapter 1: Assessing the Need for Security28 SUMMARY  Technology is the least important of the influences to security design  Important assets deserve multiple layers of protection  Understand the components of an attack  Learn from the mistakes of other security designers  Technology is the least important of the influences to security design  Important assets deserve multiple layers of protection  Understand the components of an attack  Learn from the mistakes of other security designers