Information Security Fundament
Information Security Fundament IT 223
Popular in Course
Popular in Information technology
This 10 page Class Notes was uploaded by Adonis Nader on Monday September 28, 2015. The Class Notes belongs to IT 223 at George Mason University taught by Michael Lyons in Fall. Since its upload, it has received 268 views. For similar materials see /class/215215/it-223-george-mason-university in Information technology at George Mason University.
Reviews for Information Security Fundament
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 09/28/15
IT 223 Information Security Fundamentals Fall 2010 Final Exam Study Guide This Study Guide is intended to assist students in reviewing the course content in preparation for the nal exam It contains a summary of the topics covered in course activities a er Lecture 5 The nal exam is comprehensive it covers the entire semester Refer to the Midterm Exam Study Guide for recommended usage of this Guide and for content through Lecture 5 Lecture 6 Defenseindepth military origin modern examples protectdetectreact paradigm balanced focus on people technology and operations Information Systems Security Engineering de nition three important principles ISSE process is modeled on general SE process IATF Protection Needs Elicitation process 7 parts Information Management Model describes an information domain de nition Least privilege de nition relationship to access control Threat Analysis process four harm types disclosure lossmodification denial of service repudiation HTI and PHE ratings threat levels Information Threat Tables 7 used to prioritize threats Risk de nition risk management risk identi cation risk assessment risk control Three broad areas of knowledge Relationship to communities of interest Risk identification steps in the process Assets tangible vs intangible classi cationcategorization missioncritical assets Risk probability likelihood and risk impact weighted factor analysis categorization ranking Threat identi cation vulnerabilities Ranked vulnerability worksheet risk likelihood asset value current controls uncertainty Risk control four strategies avoidance transference mitigation acceptance eifect ofeach on likelihood andor impact Risk tolerance risk appetite residual risk Copyright 2010 l chael X Lyons All rights reserved Page 1 of6 Lecture 7 Law values morals ethics de nitions relationships differences Code of conduct de nition usage ACM Code of Ethics and Professional Conduct IEEE Code of Ethics ECCouncil Code of Ethics Decisionmaking process for action Legal responsibility for action lies with the actor the quotNuremberg defensequot is not valid Law origin development compromise enforcement basis Rights of the individual vs needs of the community Expectation of privacy Intellectual property different forms electronic data les vs tangible assets Copyright legal concept applicability transferability implications in digital and online environments Unauthorized access to systems port scanning DoS CPU cycle the Corporate liability for employee actions Lecture 8 Plan policy standard practice procedure guideline de nitions relationships Two important observations De facto and de jure standards characteristics of de jure standards Principles and practices for information security computer security Policy de nition types of policy characteristics of policies requirements for each type Systemspeci c policy example access matrix subjects objects rights ACLs and capability lists Object classi cation subject clearance multilevel security scheme Simple and Star Properties Policies are living documents de nition characteristics implications Policy frameworks blueprints models Cyclic nature of policy development and maintenance Contingency planning de nitions types of plans relationships business impact analysis Copyright 2010 l chael X Lyons All rights reserved Page 2 of 6 Lecture 9 Physical security context security of both information and information systems tangible assets Primary services access control and availability 7 major sources of threat to physical security 3 communities of interest involved in physical security Challenges in providing physicals security need for access spaces occupied by people multi lnction buildings Physical security from human threats mantraps airlocks re exits etc Use of security guards employment work conditions armed guards Locks keyed combination keypad Card readers hardware tokens smart cards Biometrics for access control The challenge in transmitting authentication data and access control data Twofactor authentication Fire control special considerations for computer rooms Securing portable devices Attacks against physical security Threats to the power supply surge protectors UPSs Lecture 10 Computer security context So ware bugs historical origin of the name cause of modern bugs Patches updates version control the release cycle subsequent problems caused by updates Malicious so ware definition typical methods of introduction to a system human nature complexity Classifications code fragment independent application replicating not Types of malware definitions examples countermeasures legal issues Deleted data deleting a file removes it from the directory listing data is still on disk wiping data Computer security becomes more challenging in a networked environment Monitors and scanners definitions differences Copyright 2010 l chael X Lyons All rights reserved Page 3 of 6 Lecture 11 Network security context clientserver model shared resources Connection to a central device typically a switch requires addressing of data Layered architectures the ISO OSI Reference Model TCPIP enveloping of data headers and trailers Communication appears to be to the peer layer but is actually up and down the layers except Physical Boundary protection mechanisms need to de ne the boundary and protect it Intemetworks aka intemets The Internet 7 characteristics that make sit attractive to opponents Cannot provide physical security over assets we don t own and control Virtual private networks high cost of private networks lack of security in public networks compromise IP Security aka IPSec protocols AH ESP modes transport tunnel combinations AH provides authentication ESP provides encryption for con dentiality and can also do AH Transport mode protects packet payload tunnel mode protects entire packet Tunnel mode ESP provides some traf c ow con dentiality across a VPN SSLTLS origin allows negotiation of algorithms and then exchange of data providing con dentiality authentication of origin and of integrity in the Web context it authenticates the identity of the server authentication of the user is typically at a higher protocol Firewall controls passage of data between a trusted internal network and the outside typically the Internet types the DMZ concept screened host screened subnet multihomed host proxy server Back channel need to educate users enforce policy Attacks on network security incl snif ng spoo ng DoS need for defenseindepth Intrusion detection systems de nition Sensors binary twostate analog continuous range of values using athreshold to convert Detection and response response type depends on the purpose of the system Binary sensor results negative test failed or positive test succeeded False negative Type I errors false positive Type II errors aka quotfalse alarmquot Undetected intrusions false sense of security false alarms breed complacency need to compromise Proportion of alarms that are false will be much higher than most people would expect NIST de nition monitoring events analyzing for signs of intrusion 6 reasons for using an IDS IDS components information sources analysis response IDS classi cations networkbased hostbased applicationbased signaturebased anomalybased Pro les of expected behavior legitimate changes in pro les Dif culty in detecting behavioral anomalies of clever intruders Active response collect more data change the system counterattack risky Passive response ways to notify security personnel how to choose an appropriate channel IDS reporting need for quotfailsafequot provisions Control strategies centralized partially distributed llly distributed Complementary tools vulnerability assessment systems le integrity checkers honeypotsnets padded cells Honeypot de nition purpose not for prosecution challenge in making it attractive Padded cell de nition contrast with honyepot Legal issues related to intrusion honeypots etc Copyright 2010 lIichael X Lyons All rights reserved Page 4 of 6 Lecture 12 Components of an information system esp people HR activities positioning staf ng evaluating impact of security integrating security into personnel practices Personnel selection supply and demand selection criteria quali cations and requirements Entry into the profession Standard job descriptions Typical positions Credentials and certi cations Employment policies and practices Hiring evaluation termination hostile departure friendly departure Nonemployees temporary employees contractors consultants business partners Separation of duties and twoman control de nition purpose attacks against job rotation Security of data about individuals Attacks against personal data spyware adware phishing keylogging con guration changers dialers backdoors countermeasures Legislation and procedures Lecture 13 Security maintenance implementing a security program is not a onetime activity Using a model can help a program succeed Textbook uses the ISO Network Management Model fault management con guration and change management accounting and auditing management performance management security program management as atemplate for a Security Management Model external monitoring internal monitoring planning and risk assessment vulnerability assessment and remediation readiness and review Need to monitor external environment Need to monitor internal environment Planning and risk assessment are essential Need to understand importance of vulnerability assessment and remediation Different types of vulnerability assessment Need to understand why and how to build readiness and review procedures into information security maintenance Homework 2 PNE process Create an information domain model Assign Harm to Information HTI ratings Assign Potentially Harm ll Event PHE ratings Determine Threat Levels Risk management process Identify assets Prepare a Weighted Factor Analysis Identify threats Identify vulnerabilities Prepare a Ranked Vulnerability Risk Worksheet Copyright 2010 l chael X Lyons All rights reserved Page 5 of 6 IT 223 Information Security Fundamentals Fall 2010 Midterm Exam Study Guide This Study Guide is intended to assist students in reviewing the course content in preparation for the midterm exam It contains a summary of the topics covered in course activities through Lecture 5 The recommended usage of this Guide is as follows Read each topic shown here If you are con dent you understand the topic and are able to write about it in enough detail to complete an essay proceed to the next topic If you are not con dent you can write an essay on the topic review the assigned reading the lecture slides and your own notes from the lecture associated with the topic Remember that the ability to understand and be able to use correct terminology is essential in IT in general and in information security and assurance in particular Lecture 1 Information de nition difference between information and data Security de nitions freedom thing measure Historic perspectives isolation resource sharing likelihood of attack Components of information security models from textbooks Traditional CIA model additional characteristicsservices InfoSec is security of information and information systems components of an information system Information security implementation driven topdown at each point in the SDLC Information assurance vs information security reasons for understanding government initiatives Protectdetectreact model The IATF source objectives highlevel structure Communities of interest de nition three communities identi ed by WampM Three groups related to data Three ways of looking at information security Security is not absolute tradeoff between security and usability Terminology need to understand reference source Copyright 2010 l chael X Lyons All rights reserved Page 1 of5 Lecture 2 Information security service de nition Con dentiality secrecy privacy synonymous in everyday English not in ISIA Con dentiality de nitions anonymity is a subset Difference between con dentiality and privacy Two techniques isolation ob lscation Isolation feasible if physical access control possible dif cult in multiuser shared networked systems Ob lscation reason purpose two ways to do it The con dentiality of certain information indirectly provides con dentiality of the true data Steganography hides existence of data but not the data itself Modern context digital watermarking Cryptography cryptanalysis cryptology definitions Cryptography named for quothidden writingquot but is not steganography Encrypt encipher encode o en synonymous An encryption algorithm uses a key to turn plaintext into ciphertext decryption does the reverse De nitions note quotplaintextquot may not be plain may not be text Key is just a data value not a physical object Two fundamental operations Substitution replaces an element s value with another according to some rule Transposition permutation rearranges the order of a set of elements Product cipher combines substitution and transposition usually in a repeated sequence a quotroundquot A good cipher scheme produces ciphertext that is pseudorandom even from structured plaintext Symmetric cryptography so called because decryption uses the same key as encryption to perform the inverse operations in the reverse order Sharing the key is the major challenge with symmetric cryptography Con dentiality of the shared key indirectly provides con dentiality of the plaintext Encryption is used because the communications channel is insecure the key must shared quotout of bandquot The quotout of bandquot channel is not practical slow expensive hard to use for sending bulk data Notation see slide 42 quotCrackingquot a key gives access to all messages past present and lture encrypted with that key Changing keys o en limits the damage Asymmetric cryptography so called because it is NOT symmetric One key used to encrypt its partner key is the only one that can decrypt Typically one key is kept private the other made public Authenticating the public key is the major challenge with asymmetric cryptography Encryption with the public key of the recipient provides con dentiality only the recipient has the key needed to decrypt Most asymmetric schemes are based on modular or discrete exponentiation of integers We don39t know any feasible way to calculate modular or discrete logarithms RSA algorithm performs a second modular exponentiation with a different exponent exponents ie keys are related such that the result is the original value plaintext Modern asymmetric algorithms relatively slow compared to modern symmetric algorithms because they perform much more intensive computations Not practical to encrypt bulk data with an asymmetric scheme so a hybrid approach used a onetime value eg pseudorandom integer is generated as a quotsession keyquot asymmetric encryption of the session key with the recipient s public key for con dentiality symmetric encryption of the message data using the session key Attacks against encryption bruteforce dictionary statistical sidechannel factoring social eng Traffic analysis de nition padding is a countermeasure Copyright 2010 l chael X Lyons All rights reserved Page 2 of 5 Lecture 3 Authenticity de nition 7 some claim can be veri ed Authentication of the origin of data and of the integrity of data o en provided together by a single mechanism both needed before a message can be accepted cannot authentication origin of origin if data does not have integrity Integrity means no unauthorized changes additions deletions modi cations copies Integrity do es not mean accuracy Origin can be authenticated by sending additional data based on shared or private data Integrity can be authenticated by sending additional data based on the message content Generic authentication protocol sender and recipient perform same sequence of operations if recipient s result matches sender39s message is accepted A message authentication code MAC is generated from a shared value key and the message Recipient s MAC will match only if same message integrity and correct key origin used A hash lnction generates a value using only the message Hash value encrypted with private key of sender Recipient will decrypt received encrypted hash value and calculate hisher its own hash value for the received message Recipient s hash will match only if same message integrity and correct key origin used Since only the sender has sender s private key this also provides non repudiation of the origin if sender later denies sending the quotsignedquot message recipient can show athird party the denial is false Nonrepudiation of receipt is not practical 7 receipt is indirectly acknowledged with a return message Nonrepudiation is a deterrent not a preventive measure A MAC does not provide nonrepudiation because two or more entities have the shared key Accuracy depends on the relationship of data to the real world A publickey certi cate is used to authenticate the origin and integrity of a public key Certi cate contains public key value attributes of key attributes of subject attributes of issuer Certi cate data is signed by issuer 7 a hash of the data content is encrypted with issuer s private key Veri cation of the signature requires the issuer39s public key which is in another certi cate A certificate chain ends with a selfissued certi cate for a root certi cate authority root CA Strength of PKI is based on trust in the set of root CA certi cates lack of trusted platform is a concern Copyright 2010 lIichael X Lyons All rights reserved Page 3 of 5 Lecture 4 Access de nition Access control de nitions relationship to policy relationship to other services 4 categories identification and authentication IampA authorization decision enforcement Identity meaning contexts how to prove identity especially remotely IampA Identifying an entity and authenticating that identification when access is requested Identity needs to be unique to prevent masquerade a unique attribute or a unique set is required Identity must be in the form of data a system can process A unique identifier may be generated by the system e g SSN G number User ID commonly used to identify a user person or process User ID will be bound to a set of attributes profile for the user When access is requested user will send the User ID and some data to authenticate the claim of identity Authentication by something you know weak e g password PIN etc bad practice to store a password even encrypted best to store a hash of the password system cannot tell you or anyone your password if it only has a hash of it quotcollisionquot of different passwords onto same hash value is possible but extremely unlikely choice of poor password likely to be guessed is a much more significant problem Must not send authentication data that can be quotreplayedquot Authentication by something you have strong e g smart card token physical key etc Possession of the device indirectly shows authentication of identity presumes no loss of possession Modern devices generate onetime values that cannot be quotreplayedquot A smart card is a tiny computer that generates onetime data and signs it with a private key Authentication by something you are strong 139 e biometrics Based on statistically rare probably not unique physiology andor behavior Limited by the precision of the measurement and matching processes False negative or Type I error or false rejection 7test is incorrectly negative False positive or Type II error or false acceptance 7test is incorrectly positive Both false negative and false positives likely with any matching process 7 impossible to eliminate both Biometrics doesn t require user to remember any data or hold on to any object but legitimate changes to physiology or behavior are possible Multifactor authentication applies defenseindepth to authentication Typically adds a password or similar to either device or biometrics Authentication of identity of user by host mutual via trusted third party Authorization represents what an authenticated user is allowed to do should be based on policy Needs to be presented by codified data the system can process O en done by assigning users to groups privileges to groups thus indirectly privileges to users UNIX ACL an example of authorization data Decision process is a system implementation of an access control policy May be simple or complex Mandatory access control 7 rigid rules users cannot pass on rights Discretionary access control 7 users can pass on the rights they have to other users Multilevel security MLS schemes assign classifications to objects clearances to subjects Simple Security Property allows reading of objects at or below the subject s level Star Security Property allows writing to objects at or above the user39s level Rolebased access control takes into account identity and the role is user is performing at the time Decision needs to be communicated to an enforcement process where the control actually occurs Kerberos tickets one example of a way to communicate decision to enforcement Possession of a tangible object is mutually exclusive easy to understand Possession of digital data very difficult to control since every copy is the same as the original Copyright 2010 lIichael X Lyons All rights reserved Page 4 of 5 Lecture 5 Threat RFC de nition a potential violation of security A threat represents the potential for security to be compromised A threat action is a speci c instance of that potential being realized ie an event A threat agent is someone or something that creates a threat action Attack RFC de nition a deliberate attempt to violate security An attack requires malicious intent by a persons Availability de nition Closely related to access control utility Scheduled downtime usually not considered a lack of availability but constant 24x7 availability becoming a common requirement Constant availability requires continues support quotfollow the sunquot is one technique for global org ns Threats to availability hardware failure so ware faults natural events insuf cient resources for legitimate demand attempted unauthorized use denialofservice DoS attacks Some of these are threats of attacks Hardware failure is inevitable quotbathub curvequot So ware engineering relatively immature so ware typically released then quotpatchedquot to x quotbugsquot Natural events may damage or destroy system components or knock out required utilities Excessive legitimate demand can overwhelm a system catering for peak demand means a lot of underutilization most of the time Unauthorized use can impact legitimate use as a sideeffect if not a deliberate effect D08 is a deliberate attack on availability may be a secondary attack if the primary attack fails DDoS uses many systems together as attack agents those systems are o en parts of a quotbotnetquot DoS solutions awareness detection prevention response Really not much you can do if the attack is external and the origin is spoofed other than moving to a new IP address or domain Availability measures redundancy load balancing backup copies of data Backup issues limitations multiple copies etc avoid wasted time cost A common backup process periodic lll backup incremental backups in between Power supply quality incidents impact countermeasures Utility de nition ability to make decisions relationship to other services Homework 1 Shows processing by sender and recipient Provides con dentiality authentication of origin and integrity nonrepudiation Uses hybrid encryption for con dentiality asymmetric encryption with the recipient s public key of a session key symmetric encryption with the session key of a message recipient must use asymmetric decryption with the recipient s private key to obtain session key symmetric decryption with the session key to recover the message Asymmetric encryptiondecryption avoids the need to share a symmetric key in advance symmetric encryptiondecryption is relatively fast It is assumed the public key of the other party is authentic Uses generic authentication protocol using a hash function to show integrity asymmetric encryption of the hash value by the sender with the sender s private key and decryption by the recipient with the sender s public key to show origin Copyright 2010 l chael X Lyons All rights reserved Page 5 of 5