Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
©2018CrySySLab,BME
BasicSecurityConceptsLevente ButtyánCrySyS Lab,[email protected]
w w w . c r y s y s . h u
|
(IT)Security
Securitymeansmanagementofrisksresultingfromdeliberateattacks
– lossofconfidentiality,integrity,oravailability (CIA)ofinformationthatisprocessed,stored,andtransferredbycomputingsystems,
– unauthorizedaccess tocomputingsystems,and
– illegitimateuse,corruption,ordenial ofservicesprovidedbycomputingsystems.
Basicsecurityconcepts 2
Confidentiality
Integrity Availability
Informationcannotbeobtained
Informationcannotbe
modified,added,ordeleted
Informationisavailable whenandtowhomitis
needed
CIAtriad
|
Security=RiskManagement
Securityisaprocess,nota(desired)stateofthesystem.
Basicsecurityconcepts 3
Securityengineering
selectionanddeploymentofsecuritycontrolstominimizeriskundersomebudgetconstraints
Securityoperations
usingsecuritycontrolsforattackpreventionanddetection+handlingsecurityincidents
|
Commoninformationsecuritygoals
§ Confidentiality§ Integrity§ Availability§ Authenticity§ Non-repudiation§ Privacy
Basicsecurityconcepts 4
CIA
|
Commonsystemsecuritygoals
§ (Entity)Authentication§ Authorization(accesscontrol)§ Accountability§ Integrity§ Availability§ Anonymity
Basicsecurityconcepts 5
AAA
|
Riskfactors
Basicsecurityconcepts 6
Likelihoodofattack Impact(Loss)directindirect(e.g.,reputation)
|
Threats(attackers,adversaries)
§ motivations§ informationgatheringcapabilities§ leveloftechnicalexpertise§ amountofresources
Basicsecurityconcepts 7
|
Commonattackermodels
Basicsecurityconcepts 8
technicalexpertise
informationgatheringcapabilities
+
+--
AdvancedPersistentThreat
cybercrimeorganization
securityresearcher
scriptkiddie
hacktivistgroup
disgruntledemployee
|
Vulnerabilities
§ Weaknessesatdifferentsystemarchitecturelevels– Hardware– Software– Interfaces(e.g.,API)– Protocols
§ Introducedindifferentsystemlifecyclephases– Designflaws– Implementationerrors– Operationalmistakes
Basicsecurityconcepts 9
|
Knownvulnerabilities
§ Technicalvulnerabilities(inadesignorimplementation)maybepubliclydisclosedthrougharesponsibledisclosureprocedure
§ Reportedvulnerabilitiesgetgloballyrecognizedidentifiers– CVEID– CommonVulnerabilitiesandExposures(cve.mitre.org)
§ Informationonreportedvulnerabilitiesisstoredinpubliclyavailabledatabases– structuredvulnerabilityinformationinasearchableform– example:USNationalVulnerabilityDatabase(nvd.nist.gov)
Basicsecurityconcepts 10
|
Zero-dayvulnerabilities
§ Somevulnerabilitiesare known only to attackers– some companiesmake their living outoffindingandselling such zero-
day vulnerabilities (or exploits)to criminals andgovernments
§ Zero-day vulnerabilitiesare dangerous,because potentialvictims are usually not prepared for them
§ They are expensive,henceoften used only intargeted attacks– successfully compromisingaparticular target isimportant– risk ofdetection andexposure ofthe zero-day vulnerability issmall
Basicsecurityconcepts 11
|
Whydovulnerabilitiesexist?
§ Complexityofsystems§ Lackorlimitationsofmethods
– fordesignandimplementationofsecuresystems– forsecurityverificationandtestingofexistingsystems
§ Limitationofresources– money– time– workforce
§ Makingwrongassumptions– duringdesign– duringoperations
§ Creatingpoorspecificationsforimplementers
Basicsecurityconcepts 12
|
Attacks
§ Anattackisaprocessinwhichvulnerabilitiesareexploitedbyanattackerinordertosubvertsecuritygoals
§ Anattackmaybeacomplexprocess…
Basicsecurityconcepts 13
Killchainmodel
Attacktreemodel
|
Securitymechanisms
§ mechanisms/controls/countermeasures§ Securitymechanismsaimatreducingrisk§ Generalclassificationofapproaches
– Prevention» Encryption» Passwordbaseduserauthentication» Referencemonitor intheOSchecking fileaccessrights» Firewallsfilteringnetworktraffic» …» Tamperresistanthousing ofHW» Securityeducation
– Detectionandreaction» Messageauthenticationcodes» Anti-virussoftware» Networkintrusion detectionsystem(IDS)» …
Basicsecurityconcepts 16
|
Securityengineering
§ Selectionanddeploymentofsecuritycontrolstominimizeriskundersomebudgetconstraints
§ Typicalquestionstoconsider:– Whatassetsdowehaveinoursystem?– Whataretheplausiblethreats?– Whataretheknownvulnerabilitiesofoursystem?– Whatisthelikelihoodofthosevulnerabilitiesbeingexploitedbythe
plausiblethreats?– Whatistheexpectedlosswhenassetsareattackedsuccessfully?– Whatcountermeasurescanreducetheriskinacosteffectiveway?
§ Resultingsecurityarchitecturewillhavetrade-offs– Securityvs.services,features,usability,efficiency,cost,…– Typically,somerisksremainuncovered!
Basicsecurityconcepts 17
|
Securityincidentresponse
§ Securityincident– resultofasuccessfulattack– Attackpreventionanddetectionmechanismsfailed– Onlytheconsequencesoftheattackaredetected
» Yourharddiscisencrypted» Someone logged inasroot(anditwasnotthesysadmin)» LargefilesaresentregularlytoanIPaddressinNorthKorea» Yourcompany’swebsiteisdefaced» Airbag inyourcardidnotopen inanaccidentL
§ Securityincidentresponsegoals– Containment– Recovery– Investigation– Feedback
Basicsecurityconcepts 18
Don’tpanic!
Needsproperpreparation!
backupslogs