Chapter 8: Security Flashcards
Concepts of Security
- security is a management issue
- the time based model of security
- Defense in Depth
Security as a management issue:
- create pro-active culture
- inventory information assets and resources
- implement mitigation
- monitor effectiveness
4 basica management activities called domains:
- Plan and Organize
- Acquire and Implement
- Deliver and Support
- Monitor and Evaluate
5 information systems controls that most directly pertain to systems reliability
- security
- confidentiality
- privacy
- process integrity
- Availability
Defense-in-depth
employ multiple layers of controls in order to avoid having a single point of failure PDC
Time-based model of security
employ a combination of detective and corrective controls that identify an information security incident early enough to prevent the loss or compromise of information.
Basic steps criminals use to attack an organizations Information system:
- Conduct reconnaissance
- Attempt Social Engineering
- Scan and Map the Target
- Research
- Execute the attack
- cover tracks
What happens during conducting reconnaissance
collecting information about the target. The objective is to learn as much as possible about the target and to identify potential vulnerabilities.
What happens during social engineering
use information obtained during reconnaissance to ‘trick’ an unsuspecting employee into granting them access - social engineering.
Preventive Controls
- Training
- user Access Controls (authenticate/authorize)
- Physical Access controls
- network access controls
- Device and software hardening controls
Detective Controls
- Log analysis
- Intrusion Detection Systems
- Security testing and audits
- managerial reports
Corrective Controls
- Computer Incident Response teams (CIRT)
- Chief Information Security Officer (CISO)
- Patch management
Passwords are a type of
Authentication
Authentication
the process of verifying the identity of a person or device attempting to access the system. The objective is to ensure that only legitimate suers can access the system. ACCESS
Types of Authentication
Smart card id badges
Biometrics
Secure ID systems
Combine into multi-factor authentication
Multifactor Authentication
use of two or all 3 types of authentications in conjunction
Multimodal Authentication
using multiple credentials of the same type.
Authorization
the process of restricting access of authenticated users to specific portions of the system and limit what actions they are permitted to perform. Restrict users functions and views.
Access Control Matrix
how authorization controls are often implemented. When an employee attempts to access a particular information systems resource, the system performance a compatibility test that matches the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.
Security equation
P > D+C
Security
Access to the system and its data is controlled and restricted to legitimate users
Confidentiality
Sensitive organizational information is protected from unauthorized disclosure
Privacy
personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
Processing Integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization.
Availability
the system and its information are available to met operational and contractual obligations
Transmission Control Protocol (TCP)
specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassemble of the original documents or file at the destination.
Internet Protocol (IP)
specifies the structure of those packets and how to route them to the proper destination.
Border Router
connects an organizations information system to the internet. Captures packets addressed to the organization.
Static Packet Filtering
screen individual IP packets based solely on the contents of the source and destination fields in the IP header - performed by border routers.
Access Control List (ACL)
a set of rules which determines which packets are allowed entry and which are dropped off. Which packets are allowed entry and which are dropped.
Fire wall
inspects packets and filters out unacceptable and risky packets.
Stateful packet filtering
Creates and maintains a table in memory that lists all established connections between the organizations computers and the internet. Firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer.
Demilitarized Zone (DMZ)
a separate network that resides outside the internal network that permits controlled access from the INternet to selected resources, such as organization’s E-commerce web server,
router
special purpose devices designed to read the destination address fields in the IP packet headers to decided where to send the packet next.
Deep packet inspection
reads content of packet for inappropriate code, commands, data.
Intrusion prevention systems (IPS)
monitor patterns, rather than only inspecting individual packets, in packet traffic to identify attackers.
who can change configuration or load software
only administrator
what can the administrator do
change configuration or load software.
Hardening
process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.
Log Analysis
the process of examining logs to id evidence of possible attacks.
Intrusion Detection Systems (IDS)
consist of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for sings of attempted or successful intrusion.
key performance indicators relevant to information security:
- # of incidents with business impact
- % of users who do not comply with password standards
- % of cryptographic keys compromised and revoked.
Penetration test
an authorized attempt by either an internal audit team or an external security consulting firm to break into an organization’s information system.
Computer Incident Response team (CIRT)
911 call to immediately take action. responsible fro dealing with major incidents, and is a key component to being able to responds to security incidents promptly and effectively.
CIRT 4 steps.
- recognition that the problem exists
- containment of the problem.
- recovery
- follow up
Chief Information Security Officer (CISO)
senior executive who can implement effective security policies and technologies.
Patch Management
vendors constant fix bugs, close vulnerabilities and add functionality. Must be applied timely
Cloud Computing
connection and traffic over internet. Data and applications at third party, co-mingled operations.
Server Virtualization
run multiple systems on one machine because there is more risk on a single device.