IT Infrastructure

Architecture

Security Concepts
(chapter 6)
 Computer crimes & Risk management
• Reasons for committing crime against IT infrastructures:
 Personal exposure and prestige
 Creating damage
 Financial gain
 Terrorism
 Warfare
• Risk (Probability × Impact) is calculated based on:
 Asset name - component that needs to be protected
 Vulnerability - weakness, process or physical exposure that makes the asset
susceptible to exploits
 Exploit - a way to use one or more vulnerabilities to attack an asset
 Probability - an estimation of the likelihood of the occurrence of an exploit (5:
Frequent, 4: Likely, 3: Occasional, 2: Seldom, 1: Unlikely)
 Impact - the severity of the damage when the vulnerability is exploited (4:
Catastrophic: Complete mission failure, death, bankruptcy; 3: Critical: Major
mission degradation, major system damage, exposure of sensitive data; 2:
Moderate: Minor mission degradation, minor system damage, exposure of data; 1:
Negligible: Some mission degradation)
• There four risk responses:
 Acceptance of the risk
 Avoidance of the risk - do not perform actions that impose risk
 Transfer of the risk - for instance transfer the risk to an insurance company
 Mitigation of the risk and accepting the residual risk

• Exploits: Information can be stolen in many ways

 Key loggers can send sensitive information like passwords to third parties
 Network sniffers can show network packages that contain sensitive
information or replay a logon sequence
 Data on backup tapes outside of the building can get into wrong hands
 Disposed PCs or disks can get into the wrong hands
 Corrupt or dissatisfied staff can copy information
 End users are led to a malicious website that steals information (phishing)
• Three core goals of security (CIA):
 Confidentiality - prevents the intentional or unintentional unauthorized
disclosure of data
 Integrity - ensures that:
 No modifications to data are made by unauthorized staff or processes
 Unauthorized modifications to data are not made by authorized staff or processes
 Data is consistent
 Availability - ensures the reliable and timely access to data or IT resources by the
appropriate staff

Confidentiality Level Description

1 Public information
2 Information for internal use only
Information for internal use by restricted
3
group
Secret: reputational damage if information is
4
made public
Top secret: damage to organization or society
5
if information is made public
Integrity Level Description
1 Integrity of information is of no importance
2 Errors in information are allowed
Only incidental errors in information are
3
allowed
No errors are allowed, leads to reputational
4
damage
No errors are allowed, leads to damage to
5
organization or society

Availability Level Description

1 No requirements on availability
Some unavailability is allowed during office
2
hours
Some unavailability is allowed only outside of
3
office hours
No unavailability is allowed, 24/7/365
4
availability, risk for reputational damage
No unavailability is allowed risk for damage to
5
organization or society
Security controls: Example
 Attack vectors
• Malicious code
 Applications that, when activated, can cause network and server overload, steal
data and passwords, or erase data

• Worms
 Self-replicating programs that spread from one computer to another, leaving
infections as they travel

• Virus
 Self-replicating program fragment that attaches itself to a program or file
enabling it to spread from one computer to another, leaving infections as it travels

• Trojan Horse
 Appears to be useful software but will actually do damage once installed or run on
your computer

• Denial of service attack

 An attempt to overload an infrastructure to cause disruption of a service
 Can lead to downtime of a system, disabling an organization to do its business
 In a Distributed Denial of Service (DDoS) attack the attacker uses many
computers to overload the server
 Groups of computers that are infected by malicious code, called botnets, perform
an attack
• DDoS countermeasures
 Immediately inform your internet provider and ask for help
 Run a script to terminate all connections coming from the same source IP address if the
number of connections is larger than ten
 Change to an alternative server (with another IP address)
 Scale-out the public facing environment under attack
 Reroute or drop suspected traffic

• Social engineering
 Social skills are used to manipulate people to obtain information which can be used in
an attack
 Like passwords or other sensitive information
 By nature, people want to help other people

• Phishing
 A technique of obtaining sensitive information
 The phisher sends an e-mail that appears to come from a legitimate source, like a bank
or credit card company, requesting "verification" of information
 The e-mail usually contains a link to a fraudulent web page

• Baiting
 Baiting uses physical media, like an USB flash drive, left to be found
 It relies on the curiosity of people to find out what is on it
 The attacker hopes some employee picks up the device and brings it inside the
organization
 When the device is put into an organization owned PC, malicious software is installed
automatically
 Security Patterns: Identity and Access
Management (IAM)
• The IAM process follows three steps:
 Users or systems claim who they are: identification (LDAP, Kerberos, Microsoft Active
Directory)
 The claimed identity is checked: authentication (password or PIN, bank card, a
token or a smartphone, iris scan)
 Permissions are granted related to the identity and the groups it belongs to:
authorization (granting permissions to individual identities, groups are granted
permissions)

• Segregation of duties (also known as separation of duties):

 Assigns related sensitive tasks to different people or departments
 No single person has total control of the system’s security mechanisms

• Least privilege:
 Users of a system should have the lowest level of privileges necessary to perform
their work

• A two-man control policy can be applied

 Two systems managers must review and approve each other’s work
 Two systems managers are needed to complete every security sensitive task
 Cryptography

• Encryption is the conversion of information from a readable state to

apparent random data. Only the receiver has the ability to decrypt this
data, transforming it back to the original information

• A cipher is a pair of algorithms that implements the encryption and

decryption process. The operation of a cipher is controlled by a key.

• Block ciphers (used across a wide range of applications, from ATM

machine data encryption to e-mail privacy and secure remote access)
 Input:
 A block of plaintext
 A key
 Output:
 A block of cipher text
 Standards:
 Data Encryption Standard (DES)
 Advanced Encryption Standard (AES)
Both the sender and receiver share the same key: Symmetric key encryption
Chicken-and-egg problem:
 The difficulty of securely establishing a secret key between two communicating parties,
when a secure channel does not already exist between them
• Two different but mathematically related keys are used: a public key and
a private key: Asymmetric key encryption

• Two different but mathematically related keys are used:

 a public key - may be freely distributed
 a private key - must remain secret by the organization

• Diffie–Hellman and RSA algorithms are the most widely used algorithms

• Disadvantage: slow
 About 1000 to 10,000 times slower than symmetric key encryption