Core Principles 1.2 Flashcards
The principle of least privilege
- Everyone can do everything they need to do, and nothing more
- Everyone can do everything: If security gets in the way of the mission security is wrong not the mission – your security implementation must not prevent others from doing their jobs. For example, some security measures increase latency, which makes the network extremely slow.
- Nothing more: Users should only have access to parts of the network that they require to perform their duties. If everyone has access to everything, when a malicious actor compromises one account they can access the entire system.
Confidentiality/Integrity/Availability: The Non-Triad:
- Confidentiality: One those who require access have that access
- Integrity: Data is edited correctly by the right people
- Availability: Available to use when you need it
In reality the three of these are not equal parts
- Government and pharmaceuticals: confidentiality is the number #1 priority in a classified space. For example, pharmaceutical companies who didn’t receive a patent yet while do whatever it takes to protect its exact formula
- Online banking: Integrity is most important here – if someone can change your balance, it means that they’ve stolen your money.
- E-commerce: The availability of an e-commerce website like amazon is most important, a DDoS attack can result in a $734,410 lose in one minute
- Key takeaway: There is no CIA triad because you cannot prioritize all three equally, you need to use it as a measure of prioritization to figure out which of the three is most important to an organization or a specific department
The AAA
- Authentication: Verification of someone’s identity. We force the user to authenticate so that we know for certain he is who he says he is.
- Authorization: Once authenticated, what files will we allow the user to access, what resources will be available to them?
- Accountability: What did the user do, did they try to access unauthorized files, services, or resources, did they visit inappropriate websites?
PPT:
- Policy: Broad general statement of management’s intent – they describe the step-by-step procedures to implement the management’s intent.
- Procedure: Detailed steps to dictate how policy should be put into place.
- Training: How everyone knows what the policies and procedures say. You need an awareness program that at minimum makes people aware of the policies and procedures they need to uphold.
Validated Backup:
- An organization can incur financial blows due to not having backups and suffering ransomware attacks – validated backups are backup files essential for operations that have been checked “validated” as successfully working – they must be stored on a separate network that would be available if the main network was compromised.
Patch Management:
- Software bugs are inevitable – and fixed via patching
- Keeping systems updated is important to ensuring security and stability
- Microsoft Windows 10 has 50 million lines of code – there’s no way you can debug all of the bugs, so they will always be a problem
- Patch management is about ensuring all systems are kept completely up-to-date on all patches
Prevent/Detect/Respond
- Prevention: Organizations should put all prevention mechanisms and technologies that defend against a malicious attack occurring in the first place.
- Detection: Since any human defence can be broken by other humans with enough time and resources, you want to be able to detect all the cases that you can’t prevent. When failure of prevention occurs you need detection.
- Respond: Once a failure is detected – you must do something about it. Companies who IDS but don’t respond once an incident is detected, that’s useless. Response consists of incident management to restore operations and forensic analysis to determining what went wrong to prevent it again.
