drc -- cybersecurity concepts2015
TRANSCRIPT
![Page 1: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/1.jpg)
Reunión del proyecto
2015 - Dartmouth Research & Consulting
T. J. Saotome
5 Basic Cybersecurity Concepts
You Must Know
![Page 2: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/2.jpg)
Who/What Poses Threat?
2
•Hackers – casual or pro• Intruders – organized crime, states• Insiders – employees can steal•Contractors – hired guns can steal•Nature – hurricanes, fire, disasters•Human Error – input error, deletion
![Page 3: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/3.jpg)
What’s the Problem?
3
•General Lack of Awareness– Vague understanding of users threats & risks
associated with computers and the Internet
•General Lack of Quality Help– Many view security as cumbersome– Many think it is complicated& expensive
•Complacency– Software is in place– Does not involve me
![Page 4: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/4.jpg)
Key Areas of Concerns
4
• Do you accept the risk level?– Ignore it– Take insurance against it– Do something about it
• What are your concerns?
Policies/procedures &
education
Policies/procedures &
education
AuthenticationAuthentication
AvailabilityAvailability
ConfidentialityConfidentiality
IntegrityIntegrity
Non-repudiation
Non-repudiation
![Page 5: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/5.jpg)
Security Model
Types of Threat
• Masquerade
• Interception
• Tampering
• Denial of Service
• No Evidence
• Complacency
Types of Solutions
• Authentication
• Confidentiality
• Integrity
• Availability
• Non-Repudiation
• Training & education
![Page 6: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/6.jpg)
Is it Possible to Eliminate All Risks?
• You know the answer – No, impossible
• But you can get close by employing “Defense in Depth”
6
Prote
ction
Laye
rs Authentication
Access Control
Confidentiality
Availability
![Page 7: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/7.jpg)
Concept #1 - Authentication
7
Permission to Access Resources
Password
Biometrics
Electronic Token
2 Factor Authentication
Passwords are easily “cracked”
By guessing
Social Engineering
Deception
Widely available cracking tools
![Page 8: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/8.jpg)
Concept #2 - Confidentiality
Symmetric Encryption
Same key for encryption/decryption
RC4, DES, 3DES, AES, IDEA, Blowfish, Twofish
Asymmetric Encryption
Different keys for encryption/description
PGP, GnuPG, PKI (using X.509)
Cryptography promotes confidentiality
![Page 9: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/9.jpg)
Concept #3 – Information Integrity
Hash Algorithm
MD5 (RFC 1321), SHA (RFC 3174)
Digital Signature
Combination of PKI & Hash technology
Digital Signature - Encrypted Hash of Private Key
Digital Signature Standard – US DSS uses SHA-1 for Hash & DSA (Digital Signature Algorithm) for encryption
Tampering can be detected by integrity mechanisms
![Page 10: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/10.jpg)
Concept #4 - Availability
Denial of Service Attacks
Via Internet (e.g. Ping of Death)
Via errant applications on LAN
Via Trojan Horse
Guard Against DOS & Sabotage
Physical Security
Dual and Multi Paths
Redundant storage
Good backup is essential
Cryptography promotes confidentiality
![Page 11: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/11.jpg)
Concept #5 - Non-Repudiation
Destroying Evidence
Log all access to covered entities
Separate sys admin rights to log access rights
Set event alarms for log tampering
Hacker or employee may cover tracks by destroying evidence
![Page 12: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/12.jpg)
System & Network Intrusion
• Trojan Horse• Masquerading insider• Dormant malware• NetBIOS on TCP/IP
especially vulnerable
Many Faces of AttackData breach
Authenticationinfo
Denial of Service
![Page 13: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/13.jpg)
Security Administration
13
• Operating System Security– Earlier versions of Windows OS lacked security
mechanism– “OS Hardening” needed for critical systems
• User account password/permission• Internet Security
– Encrypting communication (e.g. IPSec)– SSL and TLS for Web
• Scan for vulnerabilities
![Page 14: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/14.jpg)
Mitigating Risk
Security Policies
Procedures
Backup & Recovery Plan
Off-site & Contingency Plan
User Education
●
●
Firewalls
Anti-VirusBiometrics
CryptographyPKI
![Page 15: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/15.jpg)
15
Reducing Risks
• Non-Technical Solutions– Security Policies– Procedures– Backup and Disaster
Recovery Plan– Off-site and
Contingency Plan– User Education
• Security Technologies– Firewalls– Anti-Virus– Biometrics– Cryptography– PKI– Intrusion Detection– Logs
You must have a combination of
both to be effective
![Page 16: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/16.jpg)
Reducing the Risks – How?
Policies & Procedures
• Define Security Policies• Define Security Process• Define Security Policies• Define Security Process
Security Technology
• Employ Security Technologies for enforcement• Automate Event Monitoring/Compliance• Employ Intelligent Event Correlation
• Employ Security Technologies for enforcement• Automate Event Monitoring/Compliance• Employ Intelligent Event Correlation
Residual Risks
• Recognize that there will be residual risks• Take insurance against it, or transfer the risks• Recognize that there will be residual risks• Take insurance against it, or transfer the risks
16
![Page 17: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/17.jpg)
Security Policies – Key ElementsNetwork access/
permissionNetwork access/
permissionInformation Retention
Information Retention
PasswordsPasswords
Account AccessAccount Access
Virus UpdatesVirus UpdatesLog UpdatesLog Updates
Security FixesSecurity Fixes
Backup Restore & Verify
Backup Restore & Verify
Network security audit
Network security audit
![Page 18: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/18.jpg)
How you can start
Objective Assessment
off the current state
& desired future state
Combination of policies & technology appropriate for the risks
Continuous User
Education
Monitoring & Due
Diligence
Periodic Audit & Fire
Drill
![Page 19: DRC -- Cybersecurity concepts2015](https://reader031.vdocuments.pub/reader031/viewer/2022021922/58ec86821a28ab2b2b8b46e3/html5/thumbnails/19.jpg)
Resources
19
•These slides are available at– www.Dartmouth-research.com
•Security Templateswww.sans.org – Security Tools and Trainingwww.cert.org – CERT Coordination Centerwww.itl.nist.gov – NIST IT Security Checklist