Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Threats and Countermeasures

Published byJesse Smith Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Threats and Countermeasures"— Presentation transcript:

1 Cybersecurity Threats and Countermeasures
Unit 3: Cyber defense mechanisms

2 Learning Objectives Upon the conclusion of this module, the student will be able to: Identify common security services, including confidentiality, integrity, availability, authentication, authorization, and access control. Identify common security components. Describe common security control types (including preventive, deterrent, detective, and corrective). Describe the concept of “Defense-in-Depth”, or layered defense, covering security issues associated with hardware, software, and people. Explain the concept of trusted computing. Describe cyber defense tools, methods, and components. Describe important ethical issues to consider in computer security, including ethical issues associated with fixing or not fixing vulnerabilities and disclosing or not disclosing vulnerabilities.

3 Security Services Security can be defined as “the quality or state of being secure: such as freedom from danger” and provides an alternative definition as “something that secures: protection.” (Merriam-Webster) To this end, in order to protect our information assets (information and information systems), we can provide security services, such as confidentiality, integrity, availability, authentication, authorization, and access control, where warranted. The role of a security officer or system owner is to determine when, and where, these services should be applied to protect data. Not all of these services would be required for all data, as there is always the trade-off between security and usability.

4 Confidentiality Confidentiality is concerned with limiting access to data, ensuring that only authorized users have access. Examples of data that might need confidentiality would be user account data, or electronic medical records. Security components that provide for confidentiality include encryption technologies, firewalls, and other devices and components that control access to data.

5 Integrity Integrity is the assurance that information has not been modified by an unauthorized individual. Examples of data that must maintain integrity are bank records and electronic health records, both which could have significant negative ramifications if they were modified by an attacker. Technologies that provide integrity include cryptographic processes called “hashing”, which generate a digital fingerprint, or unique string, for an object. Integrity should not be confused with accuracy, which is a function of the application or user. File integrity checkers create hashes for files on a system and then compare those to later hashes. If they differ, the file has been modified.

6 Availability Availability is the assurance that the information or system will be accessible to users when it is needed. Examples of data that needs to be available would be, again, bank records and healthcare systems. Ensuring that there are redundant system components is important for providing for availability. As an example, multiple hard drives, redundant power supplies in servers, multiple web servers (clustered servers) in the event that one fails or must be taken down. The more critical availability is, the more redundancy that must be built in to the system. In 2016, a ransomware attack against MedStar Georgetown University Hospital crippled the hospital when it was unable to access patient records databases. Nurses where unable to ascertain when patients had received their medication.

7 Authentication Authentication is the verification that something, or someone, is what or who they are. Authentication of data is synonymous with integrity. We also can desire authentication of origin (knowing that an was really sent by the person in the From field) or authentication of identity (is that person attempting to log in to the system really that individual?). Security components that provide for authentication include hashing (integrity), identity credentials, such as passwords and digital signatures, or digitally signing network packets to prove their origin.

8 Authorization Once a user is authenticated to the system, he is granted authorization to use its resources. Authorization allows you in to the network resources. In order to actually access the resources within the network, you need to have permission. Access controls provide that permission.

9 Access Control Access controls provides control over what the user can do at the resource. There are different types of access controls: Mandatory Access Controls (MAC) – They strictly control the operation that can be performed against an object. Considered the most rigid. Discretionary Access Controls (DAC) – Associated with UNIX and Windows system. The least strict. Object owners can determine the access others have to the object. Role-Based Access Controls (RBAC) – access is determined by the user’s role. For instance, in a Learning Management System, a student can only see his or her data, but a TA can see everyone and a Teacher can modify the controls.

10 Security Controls Security controls are safeguards or protections (countermeasures) that secure information or information systems. There are several types of security controls that can work together to provide a layered defense. Among these, preventive, deterrent, detective, and corrective controls.

11 Preventive Controls Preventive controls prevent a risk from happening. An example of a preventive control is an 8’ fence topped with razor wire.

12 Deterrent Controls While preventive controls prevent a risk from being actualized, deterrent controls dissuade the attacker from attacker. Using our example of the fence, while an 8’ fence may be a preventive control, a 4’ fence would serve as a deterrent. An individual might step over it, however most will not.

13 Corrective Controls Security controls will fail. At that point, we will need to rely on corrective controls. When combined with other controls, corrective controls provide a successful strategy for mitigating risks. An example of a corrective control are data backups.

14 Putting it All Together
As a part of a layered defense approach, security controls should be combined. For example when implementing physical security controls to secure a data center you might implement the following: Preventive control Door locks on the data center doors. Detective control In the event that the attackers pick the lock, an alarm would sound when the intruder was detected in the room. Corrective control A security guard arrives on site in response to the alarm to secure the room.

15 Defense-in-Depth The concept of “defense-in-depth” is of military strategy origins, where multiple controls at different layers are implemented to secure the asset, so that when one layer fails, other controls are still in effect to mitigate the risk. These controls are generally implemented in hardware, software, and people. People/Process Software Hardware Data

16 Trusted Computing Finally, trusted computing is a broad term that relates to technologies that ensure that computers perform in expected ways, regardless of whether or not it has been compromised, enforced in hardware or software. The Federal Government requires purchases of its computers and operating systems, such as Microsoft Windows, to include a Trusted Platform Module (TPM) – a standard specifying a secure crypto processor that provides for platform integrity.

17 Other Cyber Defense Tools, Methods, and Components
In addition to implementing access controls, cryptography, firewalls and intrusion detection systems as discussed, other cyber defense tools include patching O/S and applications, vulnerability scanning, and penetration testing.

18 Patching Operating systems and applications contain flaws (“bugs”) that will be present from the point of release through its removal. Based on the severity of the issue, the vendor will issue security patches. Patches are software designed to fix or improve an issue, most often issues involving security vulnerabilities. It is important that security patches be reviewed and applied as quickly as possible, as these vulnerabilities are also known to attackers who will quickly develop exploits for them.

19 Vulnerability Scanning
Vulnerability scanning is an automated inspection of network devices, operating systems, and applications to determine what weaknesses exists. Vulnerabilities can be configuration weaknesses, such as weak or default passwords in use, or missing patches. Several vulnerability scanning tools exist, including Tenable Nessus and Rapid7, that are widely used. These maintain large lists of known vulnerabilities and configuration “best practices” and assess the devices or applications to these elements.

20 Penetration Testing Vulnerability assessments differ from penetration testing in that the former seeks to identify the vulnerabilities so that they can be remediated, penetration testing attempts to exploit those vulnerabilities. While a seemingly offensive act such as penetration testing, or ethical hacking may seem to be an unusual choice as a defense tool, however attempting to assume the role of the attacker to attack a system through its vulnerabilities serves to ensure that security controls are working as expected. Many federal agencies have their systems penetration tested once a year as a part of their compliance assessment.

21 Ethics Ethics can be defined as the moral principles that guide an individual’s actions. Ethics are developed collectively by communities in which the individual is a member. Failure to adhere to these ethical standards usually results in removal from that community. For instance, most companies have Codes of Ethics that employees must agree to follow. In the event that these are violated, the employee can be terminated.

22 Ethical Issues in Computer Security
Most organizations that issue certifications to IT security personnel identify a number of ethical issues in their Codes of Ethics. For instance, as a Certified Ethical Hacker (CEH), EC-Council expects the individual to: Keep information learned in your professional work private, not sharing it without consent. Protect intellectual property rights. Provide competent service. Disclose conflicts of interest. Not associate with malicious hackers. Ensure that all penetration testing is legal and authorized. Failure to follow these standards can result in the loss of certification. From the EC-Council Web site at Keep private and confidential information gained in your professional work, (in particular as it pertains to client lists and client personal information). Not collect, give, sell, or transfer any personal information (such as name, address, Social Security number, or other unique identifier) to a third party without client prior consent. Protect the intellectual property of others by relying on your own innovation and efforts, thus ensuring that all benefits vest with its originator. Disclose to appropriate persons or authorities potential dangers to any ecommerce clients, the Internet community, or the public, that you reasonably believe to be associated with a particular set or type of electronic transactions or related software or hardware. Provide service in your areas of competence, being honest and forthright about any limitations of your experience and education. Ensure that you are qualified for any project on which you work or propose to work by an appropriate combination of education, training, and experience. Never knowingly use software or process that is obtained or retained either illegally or unethically. Not to engage in deceptive financial practices such as bribery, double billing, or other improper financial practices. Use the property of a client or employer only in ways properly authorized, and with the owner’s knowledge and consent. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped. Ensure good management for any project you lead, including effective procedures for promotion of quality and full disclosure of risk. Add to the knowledge of the e-commerce profession by constant study, share the lessons of your experience with fellow EC-Council members, and promote public awareness of benefits of electronic commerce. Conduct oneself in the most ethical and competent manner when soliciting professional service or seeking employment, thus meriting confidence in your knowledge and integrity. Ensure ethical conduct and professional care at all times on all professional assignments without prejudice. Not to neither associate with malicious hackers nor engage in any malicious activities. Not to purposefully compromise or allow the client organization’s systems to be compromised in the course of your professional dealings. Ensure all penetration testing activities are authorized and within legal limits. Not to take part in any black hat activity or be associated with any black hat community that serves to endanger networks. Not to be part of any underground hacking community for purposes of preaching and expanding black hat activities. Not to make inappropriate reference to the certification or misleading use of certificates, marks or logos in publications, catalogues, documents or speeches. Not convicted in any felony, or violated any law of the land.

Download ppt "Cybersecurity Threats and Countermeasures"

Similar presentations

David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
The Islamic University of Gaza

The Islamic University of Gaza
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Information Security Policies and Standards

Information Security Policies and Standards
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google