IT Infrastructure Architecture

Infrastructure Building Blocks

and Concepts

Security Concepts
(chapter 4)
 Introduction
• Security is the
combination of:
– Availability
– Confidentiality
– Integrity
• Focused on the
recognition and
resistance of attacks
• For IT infrastructures
availability is a non-
functional attribute in
its own right
 Computer crimes
• Reasons for committing crime against IT
infrastructures:
– Personal exposure.
– Creating damage
– Financial gain
– Terrorism
– Warfare
Risk management
 Risk management
• Managing security is all about managing risks
• The effort we put in securing the
infrastructure should be directly related to the
risk at hand
• Risk management is the process of:
– Determining an acceptable level of risk
– Assessing the current level of risk
– Taking steps to reduce risk to the acceptable level
– Maintaining that level
 Risk list
• A risk list can be used to quantify risks
• Risk is calculated based on:
– Asset name - component that needs to be protected
– Vulnerability - weakness, process or physical exposure that
makes the asset susceptible to exploits
– Exploit - a way to use one or more vulnerabilities to attack
an asset
– Probability - an estimation of the likelihood of the
occurrence of an exploit
– Impact - the severity of the damage when the vulnerability
is exploited
 Risk list
• P=Probability
• I=Impact
• R=Risk
 Risk response
• There are four risk responses:
– Acceptance of the risk
– Avoidance of the risk - do not perform actions that
impose risk
– Transfer of the risk - for instance transfer the risk
to an insurance company
– Mitigation of the risk and accepting the residual
risk
 Exploits
• Information can be stolen in many ways
• Examples:
– Key loggers can send sensitive information like passwords to
third parties
– Network sniffers can show network packages that contain
sensitive information or replay a logon sequence
– Data on backup tapes outside of the building can get into wrong
hands
– Disposed PCs or disks can get into the wrong hands
– Corrupt or dissatisfied staff can copy information
– End users are led to a malicious website that steals information
(phishing)
 CIA
• Three core goals of security (CIA):
– Confidentiality - prevents the intentional or
unintentional unauthorized disclosure of data
– Integrity - ensures that:
• No modifications to data are made by unauthorized
staff or processes
– Availability - ensures the reliable and timely access
to data or IT resources by the appropriate staff
 CIA
• Example of confidentiality levels

Confidentiality Level Description

1 Public information
2 I nformation for internal use only
I nformation for internal use by restricted
3
group
Secret: reputational damage if information is
4
made public
Top secret: damage to organization or society
5
if information is made public
 CIA
• Example of integrity levels

I ntegrity Level Description

1 I ntegrity of information is of no importance
2 Errors in information are allowed
Only incidental errors in information are
3
allowed
No errors are allowed, leads to reputational
4
damage
No errors are allowed, leads to damage to
5
organization or society
 CIA
• Example of availability levels

Availability Level Description

1 No requirements on availability
Some unavailability is allowed during office
2
hours
Some unavailability is allowed only outside of
3
office hours
No unavailability is allowed, 24/ 7/ 365
4
availability, risk for reputational damage
No unavailability is allowed risk for damage to
5
organization or society
 Security controls
• Example
C C C C C I I I I I A A A A A
Control
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
Standard security policy X X X X X X X X X X X X X X X
Central archiving of documents X X X X
User based password protection X X X X X X X X X X X X
Anti- virus measures X X X X X X X X X X X X
Screensaver lock when leaving workplace X X X X X X
Webmail not allowed X X X
Logging of authentication and authorization
X X X X X X X X X
requests
Secured datacenter and systems management
X X X X X X
room
Encrypted laptops X X
Security key management X X
Penetration hack-tests X X X X X X
I DS systems X X X X X X
I nternet access limited to specific sites X X X X X X
Encrypted e-mail X X
Printing only allowed in specific closed rooms X X
 Attack vectors
• Malicious code
– Applications that, when activated, can cause network and server
overload, steal data and passwords.
• Worms
– Self-replicating programs that spread from one computer to another,
leaving infections as they travel
• Virus
– Self-replicating program fragment that attaches itself to a program or
file enabling it to spread from one computer to another, leaving
infections as it travels
• Trojan Horse
– Appears to be useful software but will actually do damage once
installed or run on your computer
 Attack vectors
• Denial of service attack
– An attempt to overload an infrastructure to cause
disruption of a service
– Can lead to downtime of a system, disabling an
organization to do its business
– In a Distributed Denial of Service (DDoS) attack the
attacker uses many computers to overload the
server
– Groups of computers that are infected by
malicious code, called botnets, perform an attack
 Attack vectors
• Preventive DDoS measures:
– Split business and public resources
– Move all public facing resources to an external cloud
provider
– Setup automatic scalability (auto scaling, auto
deployment) using virtualization and cloud technology
– Limit bandwidth for certain traffic
– Lower the Time to Live (TTL) of the DNS records to be
able to reroute traffic to other servers when an attack
occurs
– Setup monitoring for early detection
 Attack vectors
• DDoS countermeasures:
– Immediately inform your internet provider and ask
for help
– Run a script to terminate all connections coming
from the same source IP address if the number of
connections is larger than ten
– Change to an alternative server (with another IP
address)
– Scale-out the public facing environment under attack
– Reroute or drop suspected traffic
 Attack vectors
• Phishing
– A technique of obtaining sensitive information
– The phisher sends an e-mail that appears to come
from a legitimate source, like a bank or credit card
company, requesting "verification" of information
– The e-mail usually contains a link to a fraudulent
web page
 Attack vectors
• Baiting
– Baiting uses physical media, like an USB flash
drive, left to be found
– It relies on the curiosity of people to find out what
is on it
– The attacker hopes some employee picks up the
device and brings it inside the organization
– When the device is put into an organization
owned PC, malicious software is installed
automatically
Security Patterns
Identity and Access Management (IAM)
• The process of managing the identity of
people and systems, and their permissions
• The IAM process follows three steps:
– Users or systems claim who they are:
identification
– The claimed identity is checked: authentication
– Permissions are granted related to the identity
and the groups it belongs to: authorization
 Authentication
• Using one of three ways:
– Something you know, like a password or PIN
– Something you have, like a bank card, a token or a
smartphone
– Something you are, like a fingerprint.
• Multi-factor authentication:
– At least two types of authentication are required
Segregation of duties and least privilege
• Segregation of duties (also known as separation of
duties):
– Assigns related sensitive tasks to different people or
departments
– No single person has total control of the system’s security
mechanisms
• Least privilege:
– Users of a system should have the lowest level of privileges
necessary to perform their work
– Users should only have privileges for the shortest length of
time
Segregation of duties and least privilege
• In secure systems, multiple distinct administrative
roles should be configured:
– Security manager
– Systems manager
– Super user
• A two-man control policy can be applied
– Two systems managers must review and approve each
other’s work
– Two systems managers are needed to complete every
security sensitive task
 Layered security
• Layered security (also known as a Defense-In-Depth
strategy) implements various security measures in
various parts of the IT infrastructure
– Instead of having one big firewall and have all your security
depend on it, it is better to implement several layers of
security
• Preferably security layers make use of different
technologies
– This makes it harder for hackers to break through all barriers,
as they will need specific knowledge for each step
• Disadvantage: increases the complexity of the system
 Cryptography
• The practice of hiding information using encryption
and decryption techniques
• Encryption is the conversion of information from a
readable state to apparent random data
• Only the receiver has the ability to decrypt this data,
transforming it back to the original information
• A cipher is a pair of algorithms that implements the
encryption and decryption process
• The operation of a cipher is controlled by a key
 Cryptography
• Block ciphers
– Used across a wide range of applications, from
ATM machine data encryption to e-mail privacy
and secure remote access
– Standards:
• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
 Symmetric key encryption
• Both the sender and receiver share the same
key
 Symmetric key encryption
• Disadvantage: key management
• Each pair of communicating parties must share
a different key
• The number of keys required or a group of N
systems is
• Chicken-and-egg problem:
– The difficulty of securely establishing a secret key
between two communicating parties, when a secure
channel does not already exist between them
 Asymmetric key encryption
• Two different but mathematically related keys
are used: a public key and a private key
 Asymmetric key encryption
• Two different but mathematically related keys
are used:
– a public key - may be freely distributed
– a private key - must remain secret by the
organization
• Disadvantage: slow
– About 1000 to 10,000 times slower than
symmetric key encryption
 Asymmetric key encryption
• Mostly used to setup a channel between two parties, to
safely exchange a new, temporary symmetric key
– Pete creates a random secret key and encrypts it using the
public key from John
– The encrypted secret key is sent to John using an open channel
(like the internet)
– John is the only party that can decrypt the message, because
he has the private key that is related to the public key. John
decrypts the message and now knows the secret key
– Pete and John start communicating using symmetric key
encryption, using the exchanged secret key
– When the communication is finished, the shared key is no
longer valid and is deleted
 Hash functions
• Hash functions take some piece of data, and
output a short, fixed length text string (the hash)
• The hash is unique for that piece of data
– The input string “hello world” produces the following
MD5 hash:
5eb63bbbe01eeed093cb22bb8f5acdc3
– The input string “hallo world” produces the following
MD5 hash:
5fd591a948dc76dd731f8998e19c773a
– While only one letter was changed, the hash is
completely different
 Hash functions
• Hash functions can be used to validate the
integrity of the data
• It is practically impossible to find two pieces of
data that produce the same hash
 Digital signatures
• To create a digital signature of some text (like an e-mail), a
hash is created and encrypted with the private key of the
sender
• The receiver decrypts the hash key using the sender's public
key
• The receiver also calculates the hash of the text and compares
it with the decrypted hash to ensure the text wasn't tampered
with
• Since the hash was encrypted using a private key, it is
guaranteed that the hash was created by the owner of the
private key – the only person that could have created the
encrypted hash