UNIT 2 System Security Management
UNIT 2 System Security Management
Importance:
1. Human Layer
The human layer focuses on minimizing risks caused by human error or lack of knowledge,
which are common reasons for security breaches.
Examples:
The perimeter layer acts as the first line of defense, controlling network traffic based on
established policies.
Examples:
3. Network Layer
The network layer secures data as it moves between devices, preventing interception or
tampering.
Examples:
This layer ensures software and devices are free from vulnerabilities that attackers could
exploit.
Examples:
The endpoint layer protects devices like computers and smartphones that connect to the
network.
Examples:
• Endpoint Detection and Response (EDR): Detect and block malicious activities on
devices.
This layer focuses on protecting sensitive data from loss, theft, or unauthorized access.
Examples:
• Backups: Create copies of critical data to ensure availability during data loss.
7. Mission-Critical Assets
Protects assets essential for business operations, such as key systems and sensitive information.
Examples:
• Access restrictions: Ensure only authorized users can access critical systems.
2.Cyber Attacks
A cyber attack happens when hackers try to break into computer systems or networks to steal,
damage, or misuse information. These attacks can target anyone, from individuals to companies
or governments.
Common types:
1.Active Attackers
Attackers directly harm systems by altering data, injecting malicious code, or pretending to be
someone else.
Examples:
1. Masquerade Attack
2. Modification of Messages
3. Repudiation
4. Replay Attack
1.Masquerade Attack:
2. IP Address Masquerade:
3. Website Masquerade:
Creating a fake website that looks like a real one to steal user information or spread malware.
4. Email Masquerade:
Sending fake emails that look like they’re from trusted sources to trick recipients into sharing
sensitive data or downloading malicious files.
Masquerade attacks rely heavily on deception, making awareness and strong security measures
essential to prevent them.
2. Modification of Messages
Modification of messages happens when someone alters or changes parts of a message without
permission. This could involve changing the content or the order of the messages to cause
confusion or mischief.
For example, if you send a message saying, "Allow JOHN to read confidential file X," an
attacker could change it to "Allow Smith to read confidential file X," which could lead to
unauthorized access.
This kind of attack destroys trust in the information being sent and can cause serious security
issues, especially if sensitive information is altered or misused.
3.Repudiation
A repudiation attack occurs when someone does something harmful, like sending a damaging
message or making a financial transaction, and then denies doing it. This makes it hard to figure
out who is responsible for the action, complicating the process of tracking and holding the
person accountable.
1. Message Repudiation:
An attacker sends a message but later denies it. They may alter message headers or exploit
system weaknesses to hide their actions.
2. Transaction Repudiation:
An attacker makes a transaction (like a money transfer) and then denies it when asked for
proof. This could be done by exploiting system weaknesses or using stolen credentials.
3. Data Repudiation:
An attacker changes or deletes data and then denies it. This can happen by exploiting flaws
in the data storage system or using stolen credentials.
Repudiation attacks are dangerous because they allow attackers to escape responsibility for
their actions.
4. Replay
A replay attack happens when an attacker captures a message or data and sends it again later
to cause harm. The attacker doesn’t change the data but reuses it for unauthorized actions.
For example, an attacker might intercept a payment and replay it to make an illegal transaction.
This attack is risky because it allows old, legitimate data to be used wrongly.
5. Denial of Service (DoS) Attack
A Denial of Service (DoS) attack happens when an attacker floods a system or network with
too much traffic or too many requests, causing it to crash or become slow. This prevents real
users from accessing the system.
• Flood attacks: The attacker sends too many requests or data, overloading the system
and making it crash.
• Amplification attacks: The attacker uses other systems to increase the amount of
traffic directed at the target, making the attack stronger.
2. Passive Attacks
A Passive attack is when an attacker tries to collect information from a system without
affecting its resources or operations. In this type of attack, the attacker is just listening or
monitoring data being transmitted without changing or damaging it. The goal is to gather
sensitive information, not to harm the system.
• Sniffing: The attacker captures and analyzes data packets moving through the network
to steal confidential information.
2. Traffic Analysis
2. Traffic Analysis
Even if encryption is used to protect the content of a message, an attacker can still gain
valuable information through traffic analysis.
While the actual message remains unreadable, the attacker can observe:
• The location and identity of the communicating hosts.
• The frequency and length of messages exchanged.
This type of information can help the attacker infer the nature of the communication, even if
they can't decipher the actual content.
To protect against traffic analysis, the most effective method is encrypting SIP traffic. By
encrypting the communication, an attacker would need to access the SIP proxy or its call log
to determine who made the call, thus adding an extra layer of security.
3.Foundations of Computer Security
These steps help protect your computer and personal information from attackers, ensuring a
safer digital experience.
4.Data vs Information
Understanding the distinction between data and information is crucial in today’s digital
landscape. Data comprises raw, unprocessed facts that need context to become useful, while
information is data that has been processed, organized, and interpreted to add meaning and
value. This explanation sets the stage for how businesses can transform data into strategic assets
through effective knowledge management.
4.1 What is Data?
Data represents raw elements or unprocessed facts, including numbers and symbols to text and
images. When collected and observed without interpretation, these elements remain just data—
simple and unorganized. When these pieces are analyzed and contextualized, they transform
into something more meaningful.
Qualitative data is descriptive but non-numerical, such as a person’s name and sex.
You get information when data is processed, organized, interpreted, and structured. The
comprehensible output derived from raw data helps inform decisions, strategies, and actions.
Information is essentially data made valuable and accessible—an integral component of
decision-making.
For instance, if data points include daily temperature readings over a year, information is
recognizing the trend of temperatures, understanding seasonal changes, and predicting future
weather conditions.
In the context of system security management, understanding the difference between data and
information is essential to securing sensitive systems and making informed decisions. Data
refers to raw, unprocessed facts that, on their own, don't offer much insight. Information, on
the other hand, is data that has been processed, analyzed, and interpreted to provide meaningful,
actionable insights. In system security, data can represent raw logs, alerts, or system events,
while information represents a deeper understanding of security threats, vulnerabilities, and
effective countermeasures.
Data in security is the raw, unorganized facts that are collected from systems. This can include:
- Network traffic: Data about what’s happening on the network (who’s sending what to
whom).
- User activities: Information about who logged in and what they did.
On its own, this data doesn’t tell you much. It’s like a collection of puzzle pieces waiting to be
put together.
Information is when that raw data is analyzed and organized to make it meaningful. For
example:
- Finding threats: Realizing that multiple failed login attempts mean someone might be trying
to hack into the system.
- Understanding patterns: Noticing a sudden spike in network traffic, which could be a sign
of a cyberattack.
- Recognizing behavior: Seeing that a user is accessing files they shouldn’t be, which might
mean their account is compromised.
1. Data is like raw ingredients, while Information is the final dish that tells you something
useful, like "we’re under attack."
2. Data is raw and unprocessed, but Information gives meaning and helps make decisions.
3. Data can be overwhelming and messy, but Information is clear and useful for solving
problems.
- Data Example: A log showing that a user tried to log in five times in one minute.
- Information Example: Realizing this is a hacker trying to break into the system by using
different passwords.
-Data Example: An alert from the antivirus software saying it found something suspicious.
- Information Example: Understanding that the suspicious file is malware, which needs to be
removed immediately.
In the digital world, protecting data and systems is essential to prevent unauthorized access,
theft, and attacks. Computer security principles provide a framework for ensuring systems are
safe, reliable, and available when needed. These principles help businesses safeguard their
sensitive information and maintain trust among users. Below are five key principles of
computer security explained simply.
1. Confidentiality
For example, when you log into your email account, confidentiality ensures that no one else
can read your private messages. This is often achieved through encryption, strong passwords,
and access control measures. In a business context, ensuring confidentiality means that
customer data, financial records, or trade secrets are kept secure from competitors or hackers.
2. Integrity
Integrity ensures that the data remains accurate, consistent, and trustworthy over its lifecycle.
This principle prevents unauthorized changes or corruption of data, whether by error or
malicious intent.
For example, when a company sends a product order, integrity ensures the information in the
order is not altered during the transmission process. It is maintained by techniques such as
hashing and checksums, which verify that data has not been tampered with, providing
confidence that the information is accurate and reliable.
3. Availability
Availability ensures that systems and data are accessible to authorized users whenever they are
needed. This principle focuses on preventing downtime and ensuring that systems remain
operational even during failures.
For example, a website needs to be available for customers to shop online, and an employee
must be able to access files on a server without interruptions. To ensure availability, businesses
often use backup systems, failover solutions, and regular maintenance checks to minimize
disruptions and protect against cyber-attacks or hardware failures.
4. Authentication
Authentication is the process of verifying the identity of a user, device, or system before
granting access to resources. This principle ensures that only legitimate users can access
sensitive information or perform specific actions.
For example, when you log into your online banking account, the system checks your
username and password to authenticate that you are the account holder. More secure systems
may also use multi-factor authentication (MFA), which requires additional methods such as a
fingerprint scan or a code sent to your phone to confirm your identity.
5. Authorization
For example, an employee in a company may be authorized to view inventory data but may not
have the permission to change pricing information. By setting clear roles and permissions,
businesses ensure that users only access what they need to do their jobs, helping to protect
critical systems and data from misuse.
6.Security Management
There are different types of security management, each focusing on a specific area of
protection:
Security management is critical because it helps organizations protect their data and systems
from cyberattacks, theft, and other risks. Effective security management ensures that
businesses can quickly recover from attacks, reduce downtime, and protect sensitive data. It
also helps organizations stay compliant with regulations and industry standards. Without a
proper security management strategy, companies risk facing significant financial losses, data
breaches, and damage to their reputation.
1. Assessment: This is the first step, where security leaders assess the organization’s IT
assets and identify potential vulnerabilities. This helps in creating policies and
procedures to protect these assets.
2. Awareness: Once the security measures are set, the next step is educating employees
about cybersecurity best practices and their specific roles in maintaining security. This
ensures everyone is aware of their responsibilities.
3. Activation: In this phase, security strategies are implemented, and ongoing monitoring
is performed to ensure the system is secure. It includes responding to incidents,
enforcing compliance, and making necessary updates to the security strategy.
Risk and threat analysis is a crucial process used by organizations to identify, assess, and
prioritize potential risks and threats to their assets, systems, and operations. By understanding
where vulnerabilities lie and the potential impact of various threats, organizations can develop
effective strategies to mitigate those risks and safeguard their operations.
1. Identify Risks: Recognize all possible risks that could affect the business. This could
involve external factors (like cyberattacks) or internal factors (like system failures or human
errors).
2. Assess Likelihood: Estimate the probability of each risk happening. Is it something that
could happen frequently, or is it a rare event?
3. Determine Impact: Evaluate the potential damage a risk could cause, including financial
loss, reputation damage, or legal consequences.
4. Prioritize Risks: Once risks are identified and assessed, they are ranked based on their
likelihood and potential impact. This allows an organization to focus on the most critical risks
first.
Threat analysis focuses specifically on identifying and evaluating the threats that could exploit
an organization’s vulnerabilities. A threat is any circumstance or event that has the potential to
cause harm. In cybersecurity, for example, threats could be hackers, malware, or phishing
attacks. Understanding threats helps organizations prepare defensive strategies to protect
themselves.
2.Evaluate Threat Impact: Assess how these threats could harm the organization, such as
through data breaches, operational downtime, or financial loss.
3.Develop Mitigation Strategies: Create strategies to prevent or reduce the likelihood of these
threats materializing. This could include implementing firewalls, security protocols, or
employee training.
While both risk and threat analysis aim to protect an organization, they focus on different
aspects. Risk analysis looks at the broader picture of potential hazards and their consequences,
while threat analysis focuses specifically on the actors or events that could exploit
vulnerabilities. Both analyses complement each other to help create a comprehensive security
strategy.
Performing risk and threat analysis is essential for identifying and understanding vulnerabilities
in an organization. Without these analyses, businesses would be unprepared for potential
threats, leading to unexpected security breaches, financial losses, or operational disruptions.
By conducting regular assessments, organizations can implement proactive measures to reduce
risk, protect assets, and ensure business continuity.
1. Prevents Problems:
Helps identify threats early so you can prevent problems before they happen.
2. Better Security:
Finds weaknesses in your system, allowing you to fix them and protect your data.
Focuses on the most serious risks first, saving time and money.
4. Legal Protection:
5. Improves Decisions:
Makes it easier to make smart decisions about security and risk management.
4. Can Be Complicated:
Risk and threat analysis helps organizations understand potential dangers and plan how to
protect themselves. It has many benefits, like preventing problems and improving security, but
also requires time, resources, and regular updates.
Cryptographic Algorithms
A cryptographic algorithm is a set of steps that can be used to convert plain text into cipher
text. A cryptographic algorithm is also known as an encryption algorithm.
A cryptographic algorithm uses an encryption key to hide the information and convert it into
an unreadable format. Similarly, a decryption key can be used to convert it back into plain-
readable text.
Process of Cryptography
Types of Cryptographic Algorithms
To protect sensitive data and conversations, cryptography uses complex algorithms. These
mathematical formulas enable the encryption, decryption, signature, and verification
processes that protect secret data during transmission and storage.
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity
of a digital document, message or software. It's the digital equivalent of a handwritten signature
or stamped seal, but it offers far more inherent security. A digital signature is intended to solve
the problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions and digital messages. Signers can also use them to acknowledge informed consent.
In many countries, including the U.S., digital signatures are considered legally binding in the
same way as traditional handwritten document signatures.
Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm, such as Rivest-Shamir-Adleman, or RSA, two
keys are generated, creating a mathematically linked pair of keys: one private and one public.
Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. For encryption and decryption, the person who creates the digital signature
uses a private key to encrypt signature-related data. The only way to decrypt that data is with
the signer's public key.
If the recipient can't open the document with the signer's public key, that indicates there's a
problem with the document or the signature. This is how digital signatures are authenticated.
Digital signing certificates, also called public key certificates, are used to verify that the public
key belongs to the issuer. Signing certificates are sent with the public key; they contain
information about the certificate's owner, expiration dates and the digital signature of the
certificate's issuer. Trusted third-party certificate authorities (CAs), such as DocuSign or
GlobalSign, issue signing certificates.
Digital signature technology requires all parties to trust that the person who creates the
signature image has kept the private key secret. If someone else has access to the private signing
key, that party could create fraudulent digital signatures in the name of the private key holder.
Digital signatures get their official status through signing certificates. Signing certificates serve
as authentication for transmitted documents, their contents and the author of these documents.
An official third-party certificate authority is responsible for administering these certificates.
CAs verify that organizations are in compliance with cybersecurity standards, such as
International Organization for Standardization (ISO) standards. Only after an organization has
been approved is a certificate provided.
The approval process starts with the CA assessing the needs of the author and ensuring their
methods comply with regulations. The CA then issues a signing certificate and the
cryptographic key pair needed to secure the documents' contents. A mathematical algorithm
generates this key pair to ensure the contents can't be accessed without both keys. Ultimately,
the digital signature includes the following:
• A piece of data called a cryptographic hash that is unique to the author's documents and is
used to verify the authenticity of the document.
• The signing certificate from the CA, which contains the public key and the written proof
that the CA has approved the process.
• The private key, which the author must keep confidential and which is used to encrypt the
documents.
Signing certificates assure recipients of the authenticity of both the author and documents and
that the documents are free from prior tampering or forgery. The author sending the documents
and the recipient receiving them must agree to use a given CA.
• Timestamping. This provides the date and time of a digital signature and is useful when
timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings.
• Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. With digital signatures
becoming an international standard, more countries are accepting them as legally binding.
• Time savings. Digital signatures simplify the time-consuming processes of physical
document signing, storage and exchange, letting businesses quickly access and sign
documents.
• Cost savings. Organizations can go paperless and save money previously spent on the
physical resources, time, personnel and office space used to manage and transport
documents.
• Positive environmental effects. Reducing paper use cuts down on the physical waste
paper generates and the negative environmental impact of transporting paper documents.
• Traceability. Digital signatures create an audit trail that makes internal record-keeping
easier for businesses. With everything recorded and stored digitally, there are fewer
opportunities for a manual signee or record-keeper to make a mistake or misplace
something.
Challenges sometimes crop up when organizations use digital signatures. These include the
following:
• Insecure channels. Despite the security layer digital signatures provide, the channels used
to transmit documents can still have inadequate security measures. Without proper
encryption and authentication, they could lead to compromised documents and data loss.
• Key management. Compromised or lost keys are useless; therefore, organizations must be
prepared to craft policies and procedures for employees to properly manage their keys,
which can be complicated.
To create a digital signature, signing software, such as an email program, is used to provide a
one-way hash of the electronic data to be signed.
A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital
signature creator's private key is used to encrypt the hash. The encrypted hash -- along with
other information, such as the hashing algorithm -- is the digital signature.
The reason for encrypting the hash instead of the entire message or document is because a hash
function can convert an arbitrary input into a fixed-length value, which is usually much shorter.
This saves time, as hashing is much faster than signing.
The value of a hash is unique to the hashed data. Any change in the data -- even a modification
of a single character -- results in a different value. This attribute lets others use the signer's
public key to decrypt the hash to validate the integrity of the data.
If the decrypted hash matches a second computed hash of the same data, it proves that the data
hasn't changed since it was signed. But, if the two hashes don't match, the data has either been
tampered with in some way and is compromised or the signature was created with a private
key that doesn't correspond to the public key presented by the signer. This signals an issue with
authentication.
A
person creates a digital signature using a private key to encrypt a signature. At the same time,
hash data is created and encrypted. The recipient uses a signer's public key to decrypt the
signature.
A digital signature can be used with any kind of message, whether or not it's encrypted, simply
so the receiver can be sure of the sender's digital identity and that the message arrived intact.
Digital signatures make it difficult for the signer to deny having signed something, as the digital
signature is unique to both the document and the signer, and it binds them together. This
property is called nonrepudiation.
The signing certificate is the electronic document that contains the digital signature of the
issuing CA. It's what binds together a public key with an identity and can be used to verify that
a public key belongs to a particular person or entity. Most modern email programs support the
use of digital signatures and signing certificates, making it easy to sign any outgoing emails
and validate digitally signed incoming messages.
Digital signatures are also used to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the internet.
There are three different classes of digital signature certificates (DSCs) as follows:
1. Class 1. This type of DSC can't be used for legal business documents because they're
validated based only on an email ID and username. Class 1 signatures provide a basic level
of security and are used in environments with a low risk of data compromise.
2. Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents,
including income tax returns and goods and services tax returns. Class 2 digital signatures
authenticate a signer's identity against a preverified database. Class 2 digital signatures are
used in environments where the risks and consequences of data compromise are moderate.
3. Class 3. The highest level of digital signatures, Class 3 signatures, require people or
organizations to present in front of a CA to prove their identity before signing. Class 3
digital signatures are used for e-auctions, e-tendering, e-ticketing and court filings, as well
as in other environments where threats to data or the consequences of a security failure are
high.
Digital signature tools and services are commonly used in contract-heavy industries, including
the following:
• Healthcare. Digital signatures are used in the healthcare industry to improve the efficiency
of treatment and administrative processes, strengthen data security, e-prescribe and process
hospital admissions. The use of digital signatures in healthcare must comply with
the Health Insurance Portability and Accountability Act of 1996.
• Financial services. The U.S. financial sector uses digital signatures for contracts, paperless
banking, loan processing, insurance documentation and mortgages. This heavily regulated
sector uses digital signatures, paying careful attention to the regulations and guidance put
forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act),
state Uniform Electronic Transactions Act regulations, the Consumer Financial Protection
Bureau and the Federal Financial Institutions Examination Council.
• Non-fungible tokens (NFTs). Digital signatures are used with digital assets, such as
artwork, music and videos, to secure and trace these types of NFTs anywhere on the
blockchain.