1.TMHG 529Health InformationPrivacy & Security Nawanan Theera-Ampornpunt, M.D., Ph.D.Faculty of Medicine Ramathibodi Hospital Mahidol University April 22, 2013http://www.SlideShare.net/Nawanan

2. Outline Introduction to Information Privacy & Security Protecting Information Privacy & Security User Security Software Security Cryptography Malware Security Standards Privacy & Security Laws will be in next topic 3. Introduction toInformation Privacy &Security 4. Threats to Information SecurityMalware 5. Sources of the Threats Hackers Viruses & Malware Poorly-designed systems Insiders (Employees) Peoples ignorance & lack of knowledge Disasters & other incidents affectinginformation systems 6. Consequences of Security Attacks Information risks Unauthorized access & disclosure of confidential information Unauthorized addition, deletion, or modification of information Operational risks System not functional (Denial of Service - DoS) System wrongly operated Personal risks Identity thefts Financial losses Disclosure of information that may affect employment or otherpersonal aspects (e.g. health information) Physical/psychological harms Organizational risks Financial losses Damage to reputation & trust Etc. 7. Privacy & Security Privacy: The ability of an individual or groupto seclude themselves or information aboutthemselves and thereby reveal themselvesselectively. (Wikipedia) Security: The degree of protection to safeguard... person against danger, damage, loss, andcrime. (Wikipedia) Information Security: Protecting informationand information systems from unauthorizedaccess, use, disclosure, disruption, modification,perusal, inspection, recording or destruction(Wikipedia) 8. Information Security Confidentiality Integrity Availability 9. Examples of Confidentiality Riskshttp://usatoday30.usatoday.com/life/people/2007-10-10-clooney_N.htm 10. Examples of Integrity RisksOperation Aurora Alleged Targets: Google, Adobe, Juniper Networks, Yahoo!, Symantec, Northrop Grumman, Morgan Stanley, Dow Chemical Goal: To gain access to and potentially modify source code repositories at high tech, security & defense contractor companieshttp://www.wired.com/threatlevel/2010/03/source-code-hacks/http://en.wikipedia.org/wiki/Operation_Aurora 11. Examples of Integrity Risks Web Defacementshttp://news.softpedia.com/news/700-000-InMotion-Websites-Hacked-by-TiGER-M-TE-223607.shtml 12. Examples of Availability Risks Viruses/worms that led to instability & system restart (e.g. Blaster worm)http://en.wikipedia.org/wiki/Blaster_worm 13. Examples of Availability Risks Ariane 5 Flight 501 Rocket Launch Failure Cause: Software bug on rocket acceleration due to data conversion from a 64-bit floating point number to a 16-bit signed integer without proper checks, leading to arithmatic overflowhttp://en.wikipedia.org/wiki/Ariane_5_Flight_501 14. Interesting Resources http://en.wikipedia.org/wiki/List_of_software_bugs http://en.wikipedia.org/wiki/Notable_computer_viruses_and_worms http://en.wikipedia.org/wiki/Hacktivism http://en.wikipedia.org/wiki/Website_defacement http://en.wikipedia.org/wiki/Hacker_(computer_security) http://en.wikipedia.org/wiki/List_of_hackers 15. Protecting InformationPrivacy & Security 16. Common Security Terms Attack An attempt to breach system security Threat A scenario that can harm a system Vulnerability The hole that is used in the attack 17. Class Exercise Identify some possible means anattacker could use to conduct asecurity attack 18. Simplified Attack Scenarios AliceServerBob Eve/Mallory 19. Simplified Attack ScenariosAliceServer Bob- Physical access to client computer- Electronic access (password)- Tricking user into doing something(malware, phishing & socialEve/Malloryengineering) 20. Simplified Attack ScenariosAlice ServerBob- Intercepting (eavesdropping orsniffing) data in transit- Modifying data (Man-in-the-middle attacks) Eve/Mallory- Replay attacks 21. Simplified Attack Scenarios AliceServerBob- Unauthorized access to servers through- Physical means- User accounts & privileges- Attacks through software vulnerabilities- Attacks using protocol weaknesses- DoS / DDoS attacks Eve/Mallory 22. Simplified Attack ScenariosAliceServer BobOther & newer forms of attacks possibleEve/Mallory 23. Safeguarding Against Attacks AliceServerBobAdministrative Security- Security & privacy policy- Governance of security risk management & response- Uniform enforcement of policy & monitoring- Disaster recovery planning (DRP) & Business continuityplanning/management (BCP/BCM)- Legal obligations, requirements & disclaimers 24. Safeguarding Against Attacks Alice ServerBobPhysical Security- Protecting physical access of clients & servers- Locks & chains, locked rooms, security cameras- Mobile device security- Secure storage & secure disposition of storage devices 25. Safeguarding Against AttacksAliceServer BobUser Security- User account management-Strong p/w policy (length, complexity, expiry, no meaning)-Principle of Least Privilege-Clear desk, clear screen policy-Audit trails- Education, awareness building & policy enforcement-Alerts & education about phishing & social engineering 26. Safeguarding Against AttacksAlice ServerBobSystem Security- Antivirus, antispyware, personal firewall, intrusiondetection/prevention system (IDS/IPS), log files, monitoring- Updates, patches, fixes of operating system vulnerabilities &application vulnerabilities- Redundancy (avoid Single Point of Failure)- Honeypots 27. Safeguarding Against AttacksAliceServer BobSoftware Security- Software (clients & servers) that is secure by design- Software testing against failures, bugs, invalid inputs,performance issues & attacks- Updates to patch vulnerabilities 28. Safeguarding Against AttacksAlice ServerBobNetwork Security- Access control (physical & electronic) to network devices- Use of secure network protocols if possible- Data encryption during transit if possible- Bandwidth monitoring & control 29. Safeguarding Against Attacks Alice Server BobDatabase Security- Access control to databases & storage devices- Encryption of data stored in databases if necessary- Secure destruction of data after use- Access control to queries/reports- Security features of database management systems (DBMS) 30. Privacy Safeguards Security safeguards Informed consent Privacy culture User awareness building & education Organizational policy & regulations Enforcement Ongoing privacy & security assessments, monitoring,and protectionImage: http://www.nurseweek.com/news/images/privacy.jpg 31. User Security 32. User Security Access control Selective restriction of access to the system Role-based access control Access control based on the persons role(rather than identity) Audit trails Logs/records that provide evidence ofsequence of activities 33. User Security Identification Identifying who you are Usually done by user IDs or some other unique codes Authentication Confirming that you truly are who you identify Usually done by keys, PIN, passwords or biometrics Authorization Specifying/verifying how much you have access Determined based on system owners policy & systemconfigurations Principle of Least Privilege 34. User Security Nonrepudiation Proving integrity, origin, & performer of anactivity without the persons ability to refutehis actions Most common form: signatures Electronic signatures offer varying degrees ofnonrepudiation PIN/password vs. biometrics Digital certificates (in public keyinfrastructure - PKI) often used to ascertainnonrepudiation 35. User Security Multiple-Factor Authentication Two-Factor Authentication Use of multiple means (factors) for authentication Types of Authentication Factors Something you know Password, PIN, etc. Something you have Keys, cards, tokens, devices (e.g. mobile phones) Something you are Biometrics 36. Need for Strong Password PolicySo, two informaticianswalk into a bar...The bouncer says,"Whats the password."One says, "Password?"The bouncer lets themin. Credits: @RossMartin & AMIA (2012) 37. Recommended Password Policy Length 8 characters or more (to slow down brute-force attacks) Complexity (to slow down brute-force attacks) Consists of 3 of 4 categories of characters Uppercase letters Lowercase letters Numbers Symbols (except symbols that have special uses by the system or that can be used to hack system, e.g. SQL Injection) No meaning (Dictionary Attacks) Not simple patterns (12345678, 11111111) (to slow down brute-force attacks & prevent dictionary attacks) Not easy to guess (birthday, family names, etc.) (to preventunknown & known persons from guessing)Personal opinion. No legal responsibility assumed. 38. Recommended Password Policy Expiration (to make brute-force attacks not possible) 6-8 months Decreasing over time because of increasing computers speed But be careful! Too short duration will force users to write passwords down Secure password storage in database or system(encrypted or store only password hashes) Secure password confirmation Secure forget password policy Different password for each account. Create variationsto help remember. If not possible, have different sets ofaccounts for differing security needs (e.g., bankaccounts vs. social media sites)Personal opinion. No legal responsibility assumed. 39. Techniques to Remember Passwords http://www.wikihow.com/Create-a-Password-You-Can-Remember Note that some of the techniques are less secure! One easy & secure way: password mnemonic Think of a full sentence that you can remember Ideally the sentence should have 8 or more words, withnumbers and symbols Use first character of each word as password Sentence: I love reading all 7 Harry Potter books! Password: Ilra7HPb! Voila!Personal opinion. No legal responsibility assumed. 40. Social Engineering Examples Dear mail.mahidol.ac.th Email Account User, We wrote to you on 11th January 2010 advising that you change the password on your account in order to prevent any unauthorised account access following the network instruction we previously communicated. all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period. We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old [https://mail.mahidol.ac.th/l accounts which are no longer active to create more space for new accountsusers. we have also investigated a system wide security audit to improve and enhance our current security. In order to continue using our services you are require to update and re-comfirmed your email account details as requested below. To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below. Username : Password : Date of Birth: Future Password :Real social-engineering e-mail received by Speaker 41. PhishingReal phishing e-mail received by Speaker 42. Signs of a Phishing Attack Poor grammar Lots of typos Trying very hard to convince you to openattachment, click on link, or reply withoutenough detail May appear to be from known person (rely ontrust & innocence) 43. Ways to Protect against Phishing Dont be too trusting of people Always be suspicious & alert An e-mail with your friends name & info doesnt haveto come from him/her Look for signs of phishing attacks Dont open attachments unless you expect them Scan for viruses before opening attachments Dont click links in e-mail. Directly type in browserusing known & trusted URLs Especially cautioned if ask for passwords, bankaccounts, credit card numbers, social security numbers,etc. 44. Software Security 45. Software Security Most common reason for security bugs is invalid programming assumptions that attackers will look for Weak input checking Buffer overflow Integer overflow Race condition (Time of Check / Time of Use vulnerabilities) Running programs in new environmentsAdapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 46. Software Security Feeping creaturism (Creeping featurism) Log files that contain sensitive information Configuration bugs Unnecessary privileges Monoculture Security bypassAdapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 47. Example of Weak Input Checking:SQL Injection Consider a log-in form on a web page Source code would look something like this: statement = "SELECT * FROM users WHERE name = " + userName + ";" Attacker would enter as username:or 1=1 Which leads to this always-true query: statement = "SELECT * FROM users WHERE name = " + " or 1=1" + ";"statement = "SELECT * FROM users WHERE name =or 1=1;"http://en.wikipedia.org/wiki/SQL_injection 48. Secure Software Design Principles Economy of Mechanism Design should be small & simple Fail-safe default Complete mediation Check every access to every object Open design Separation of privilege / Least PrivilegeSaltzer & Schroeder (1975), Viega & McGraw (2000)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 49. Secure Software Design Principles Least common mechanism Minimize complexity of shared components Psychological acceptability If users dont buy in to security mechanism or dont understand how to use it, system is insecure Work factor Cost of attack should exceed resources attacker will spendSaltzer & Schroeder (1975), Viega & McGraw (2000)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 50. Secure Software Design Principles Compromise recording If too expensive to prevent a compromise, record it Tamper evident vs. tamperproof Log filesSaltzer & Schroeder (1975), Viega & McGraw (2000)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271Image source: http://www.flickr.com/photos/goobelyga/2340650133/ 51. Secure Software Design Principles Defense in Depth Multiple layers of security defense are placed throughout a system to provide redundancy in the event a security control fails Secure the weakest link Promote privacy Trust no oneSaltzer & Schroeder (1975), Viega & McGraw (2000)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271http://en.wikipedia.org/wiki/Defense_in_depth_(computing) 52. Secure Software Best Practices Modular design Check error conditions on return values Validate inputs (whitelist vs. blacklist) Avoid infinite loops, memory leaks Check for integer overflows Language/library choices Development processesAdapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 53. Cryptography 54. Eve Cryptography Alice Bob Goal: provide a secure channel between Alice & Bob A secure channel Leaks no information about its contents Delivers only messages from Alice & Bob Delivers messages in order or not at allAdapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 55. Cryptography Use of keys to convert plaintext intociphertext Secret keys only Alice & Bob know History: Caesars cipher, substitution cipher, polyalphabetic rotation Use of keys and some generator function to create random-looking strings (e.g. stream ciphers, block ciphers)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 56. Encryption Using Secret Key (Symmetric Cryptography) Alice Eve Bob1. Encrypt message using secret key3. Decrypt message2. Send encrypted message to Bob using same secret keyEve doesnt know secret key(but there are various ways to discover the key)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 57. Cryptography What if no shared secret exists? Public-key cryptography Each publishes public key publicly Each keep secret key secret Use arithmetic to encrypt & decrypt messageAdapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 58. Public-Key Cryptography (Asymmetric Cryptography) AliceEveBob1. Obtains Bobs public key from public server 4. Decrypt message using2. Use Bobs public key to encrypt message own private key3. Send encrypted message to Bob Even if Eve knows public key, cant discovermessage (unless weakness in algorithm)Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 59. Digital Signatures Alice Bob 3. Use Alices public key1. Sign message using own private key against plaintext received2. Send plaintext and random-looking stringto get digital signature(digital signature) to Bob 4. Compare to match Alices digital signatureProvides nonrepudiationreceived against signature obtained in #3Adapted from Nicholas Hoppers teaching slides for UMN Computer Security Class Fall 2006 CSCI 5271 60. Malware 61. Malware Malicious software - Any code with intentional,undesirable side effects Virus Worm Trojan Spyware Logic Bomb/Time Bomb Backdoor/Trapdoor Rootkit Botnet 62. Malware Virus Propagating malware that requires user actionto propagate Infects executable files, data files withexecutable contents (e.g. Macro), boot sectors Worm Self-propagating malware Trojan A legitimate program with additional, hiddenfunctionality 63. Malware Spyware Trojan that spies for & steals personalinformation Logic Bomb/Time Bomb Malware that triggers under certain conditions Backdoor/Trapdoor A hole left behind by malware for future access 64. Malware Rogue Antispyware (Ransomware) Software that tricks or forces users to pay before fixing(real or hoax) spyware detected Rootkit A stealth program designed to hide existence ofcertain processes or programs from detection Botnet A collection of Internet-connected computers that havebeen compromised (bots) which controller of thebotnet can use to do something (e.g. do DDoS attacks) 65. Defense Against Malware Installed & updated antivirus, antispyware, &personal firewall Check for known signatures Check for improper file changes (integrity failures) Check for generic patterns of malware (for unknownmalware): Heuristics scan Firewall: Block certain network traffic in and out Sandboxing Network monitoring & containment User education Software patches, more secure protocols 66. Newer Threats Social media spams/scams/clickjacking Social media privacy issues User privacy settings Location services Mobile device malware & other privacy risks Stuxnet (advanced malware targeting certaincountries) Advanced persistent threats (APT) bygovernments & corporations against specifictargets 67. Security Standards 68. Some Information Security Standards ISO/IEC 27000 Information security management systems Overview andvocabulary ISO/IEC 27001 Information security management systems Requirements ISO/IEC 27002 Code of practice for information security management ISO/IEC 27003 Information security management system implementation guidance ISO/IEC 27004 Information security management Measurement ISO/IEC 27005 Information security risk management ISO/IEC 27031 Guidelines for information and communications technology readinessfor business continuity ISO/IEC 27032 Guideline for cybersecurity (essentially, being a good neighbor onthe Internet) ISO/IEC 27033-1 Network security overview and concepts ISO/IEC 27033-2 Guidelines for the design and implementation of network security ISO/IEC 27033-3:2010 Reference networking scenarios - Threats, design techniquesand control issues ISO/IEC 27034 Guideline for application security ISO/IEC 27035 Security incident management ISO 27799 Information security management in health using ISO/IEC 27002 69. More Information US-CERT U.S. Computer Emergency Readiness Team http://www.us-cert.gov/ Subscribe to alerts & news Microsoft Security Resources http://technet.microsoft.com/en-us/security http://technet.microsoft.com/en-us/security/bulletin Common Vulnerabilities & Exposures http://cve.mitre.org/ 70. Q&A