Information Security

Security in Computing, 5th Edition

By Charles P. Pfleeger - Pfleeger Consulting

Group, Shari Lawrence Pfleeger -
RAND Corporation; 2015
Outline of the Course
Introduction Chapter 1:

Toolbox: Authentication, Access

Chapter 2:
Control, and Cryptography

Programs and Programming Chapter 3:

The Web—User Side (may be) Chapter 4:

Operating Systems Chapter 5:

Networks Chapter 6:
Database ?? Chapter 7:
Course Objectives
• primary goal to this course, a student
able to:
 identify security and privacy issues in various
aspects of computing, including:
− Programs
− Operating systems
− Networks
− Internet applications
 use this ability to design systems that are more
protective of security and privacy.
 Information Security

Chapter 1: 1st Part

Introduction
Charles P. Pfleeger
Overview (1)
• Early, the bank robberies are more;
 Kept large amount of cash, gold & silver, which could not
be traced easily,
 Communication & transportation facilities it might be;
― hours before to were informed of a robbery,
― days before they could arrives at the scene of the crime.
 A single guard for the night was only marginally effective.

• Today; many factors work against the potential

criminal;
 Very sophisticated alarm systems and camera systems
silently protect secure places, Ex.; banks.
 The techniques of criminal investigation have become
very effective, a person can be identified by;
―Composite sketch, ballistics evidence,
―Fingerprint, voice recognition, retinal patterns, and
―genetic material (DNA).
 Overview (2)
Protecting Valuables:
• The security differences between
computing systems and banks;
 Size and portability:
― the physical devices in computing are so small or large,
 Ability to avoid physical contact:
― Electronic funds transfer account for most transfer of money
between banks,
 Value of assets:
― Variable; from very high to very low, an information stored in
a computer is also high;
 Confidentiality inf.; About a person’s taxes, investments,
medical history, or education,
 Very sensitive information; About new product lines, sales
figures, marketing strategy,
 Military information; military targets, troop movements,
weapons capabilities.
 Overview (3)
differences between computing systems and banks
Bank Protecting Characte
People Protecting Information
Money ristic
Sites storing money are
Items storing valuable assets are very small
large, unwieldy, not at all
.and portable
portable. Buildings
The physical devices in computing can be so Size and
require guards, vaults,
small that thousands of dollars' worth of portability
many levels of physical
computing gear can fit comfortably in a
security to protect
.briefcase
.money
Simple; When information is handled Difficult; When banks
electronically, no physical contact is necessary. deal with physical
Ability to
Indeed, when banks handle money currency, a criminal must
avoid
electronically, almost all transactions can be physically demand the
physical
done without any physical contact. Money can money and carry it away
contact
be transferred through computers, mail, or from the bank's
.telephone premises.
Variable, from very high to very low. Some
information, such as medical history, tax
payments, investments, or educational
background, is confidential. Other information,
Value of
about troop movements, sales strategies, .Very high
assets
buying patterns, can be very sensitive. Still
other information, such as address and phone
number, may be of no consequence and easily
accessible by other means.
Overview (4)
Definition of Information Security;
• Information Security;
 is the protection of information and its critical
elements, including the systems and HW that use,
store, and transmit that information;
 information security includes the broad areas of information
security management, computer & data security, and
network security.

Information Security areas

Overview (5)
Privacy Concept
• A privacy is the right to control who knows certain
aspects about you;
 your communications, and your activities.

• Privacy is a human right;

 Laws and ethics, this disagreement may have cultural,
historical, or personal roots.
 Economics, determine how much privacy we are able or
willing to provide.
• the right to privacy depends on;
 the situation in which privacy is desired,
 the ownership and persistence of data, and
 the legal rights and responsibilities of the affected parties.
• Information privacy has three aspects:
 sensitive data, affected parties, and controlled disclosure.
Overview (6)
Information Security Classification
• The type of information security classification
labels selected and used will depend on the
nature of the organization, examples:
 In the business sector, labels such as:
 Public, Sensitive, Private, Confidential.
 In the government sector, labels such as:
 Unclassified, Unofficial, Protected, Confidential,
Secret, Top Secret and their non-English equivalents.
 In cross-sectorial formations, the Traffic Light Protocol,
which consists of:
 White, Green, Amber, and Red.
 Overview (7)
Characteristics of Computer Intrusion
• Any part of a computing system can be the
target of a crime;
 For instance, we tend to think that the most valuable
property in a bank is the cash, gold, or silver in the
vault;
― in fact the customer information in the bank's computer
may be far more valuable;
 Stored on paper, recorded on a storage medium, resident
in memory, or transmitted over telephone lines or satellite
links.
― this information can be used in myriad ways to make
money illicitly, How?
Overview (8)
Characteristics of Computer Intrusion
• Ex:
 A robber intent on stealing something from your
house will not attempt to penetrate a two-inch-
thick metal door if a window gives easier access.
• The weakest point is the most serious
vulnerability;
• A Principle of Easiest Penetration:
‘An intruder must be expected to use
any available means of penetration’
 What Is Computer Security?
• Computer security is the protection of the
items you value, called the assets of a
computer or computer system;
 A computing system is a collection of HW, SW,
storage media, data, and person that an
organization uses to do computing tasks.
 A computer assets, involving;
 HW, SW, data, people, processes, or
combinations of these.

FIGURE 1-2: Computer Objects of

 What Is Computer Security?
Values of Assets;
• To determine what to protect;
 we must first identify what has value and to whom.
 After identifying the assets to protect, we next
determine their value;
• The value of an asset depends on;
 the asset owner’s or user’s perspective,
and
 it may be independent of monetary
cost.

FIGURE 1-3: Values of Assets.

What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
• The goal of computer security is protecting
valuable assets;
 To study different ways of protection, we use a framework
that describes;
 how assets may be harmed, and;
 how to counter or mitigate that harm.
• A vulnerability:
 are a weaknesses in the system, for example, in procedures,
design, or implementation, that might be exploited to cause
loss or harm; Or;
 are weaknesses in products, systems, protocols, algorithms,
programs, interfaces, and designs.
 Examples;
─ The system may be vulnerable to unauthorized data manipulation,
 the system does not verify a user's identity before allowing data access.
 What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
• Threats: a threats to computing systems are
circumstances that have the potential to
cause loss or harm; Or;
• A threat is a condition that could exercise a
vulnerability.
 Ex.;Human attacks, Natural disasters, Inadvertent human
errors; and Internal HW or SW flaws.
• Figure 1-4 illustrates a difference
between a threat and a vulnerability

FIGURE 1-4: Threat and Vulnerability

What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
• There are many threats to a computer
system, including human-initiated and
computer initiated ones;
 We have all experienced, for example;
 the results of inadvertent human errors, HW
design flaws, and SW failures,
 natural disasters are threats, too;
 they can bring a system down when the computer
room is flooded or the data center collapses from an
earthquake.
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
• A Control; is a protective measure- an
action, a device, a procedure, or a
technique- that removes or reduces a
vulnerability;
• In general, we can describe the
relationship among threats, controls, and
vulnerabilities in this way:

 A threat is blocked by control of a

vulnerability.
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
• An Exposure: is a form of possible loss or harm in
a computing systems;
 Examples;
─ Unauthorized disclosure of data,
─ modification of data, or
─ denial of legitimate access to computing.

• Attacker: is a human who exploits a vulnerability

and perpetrates an attack on the system;
 An attack can also be launched by another system;
− one system sends an overwhelming set of messages to another
system,
 virtually shutting down the second system's ability to function.
• How do we address these problems?
 We use a control or countermeasure as protection.
Threats;
CIA Triad
• We can consider potential harm to assets in two
ways: we can look at;
 what bad things can happen to assets, and;
 who or what can cause or allow those bad things to happen.
• These two perspectives enable us to determine how
to protect assets;
• What makes your computer valuable to you;
 First; you use it as a tool for performing many tasks;
− you expect it to be available for use when you want it.
 Second; you rely heavily on your computer’s integrity;
− When you write a file and save it;
 you trust that the files will reload exactly as you saved it.
 Third; you expect the “personal” aspect of a personal
computer to stay personal, confidentiality.
• These three aspects, confidentiality, integrity, and
availability;
Threats;
CIA Triad
• A Computer security mean that we are addressing
three important properties/goals of any computer-
related system;
 confidentiality: the ability of a system to ensure that an
asset is viewed only by authorized parties,
─ means that the assets of computing system are accessible only by
authorized parties,
 “read”-type access: reading, viewing, printing.
 integrity: the ability of a system to ensure that an asset is
modified only by authorized parties,
─ means that assets can be modified by authorized parties,
 writing, changing status, deleting, and creating.
 availability: the ability of a system to ensure that an asset
can be used by any authorized parties,
─ means that assets are accessible to authorized parties at
appropriate times, (denial of service).
• These properties are called the C-I-A/security triad;
Threats;
CIA Triad
• The privacy is the fourth leg of the three
legs of the CIA triad;
• Privacy relates to you and your personal
identifiable information (PII);
 This is whether it's at a business site or if it's with
you personally,
 your personal information, your medical records or your
Social Security number, Your data's there, it's not available to
you and you might need it.
 Perhaps you don't want people to know your address.
Whatever this is, is with you or it could be with a business
that you've done business with, if you've purchased
products. That information needs to be protected. Not
everything, but the things that we want protected. Also,
organizations may have very specific legal requirements.
 Threats;
CIA Triad
• ISO 7498-2 adds to them two more properties that are
desirable, particularly in communication networks:
 authentication: the ability of a system to confirm the identity of
a sender,
 nonrepudiation or accountability: the ability of a system to
confirm that a sender cannot convincingly deny having sent
something.
 U.S. Department of Defense adds auditability:
 Auditability: the ability of a system to trace all actions related to a
given asset.
 Authorization: Determining whether a subject is permitted
certain services from an object;
 authorization makes sense only if the requesting subject has
been authenticated.
 checking that the user has the rights to access the data
C or
undertake the transaction requested.
• The following figure illustrates the relationship Asset
between security C-I-A and how they apply to every
asset we protect I A
Threats;
CIA Triad
• A threat is any human or piece of software that could
adversely impact you, your company, any of your data,
anything that would impact you in a negative way;
 Threats
Harm acts
• The C-I-A triad can be viewed from a different perspectives:
 the nature of the harm caused to assets;
 Harm can also be characterized by four acts:
 interception, interruption, modification, and fabrication.
• Interruption;
 an asset of the system becomes lost or unavailable or unusable,
Examples;
─ malicious destruction of a HW device,
─ Erasure of a program or data file, or
─ Malfunction or failure of an OS file manager.
 Effect on availability.
• Interception;
 means that some unauthorized party has gained access to an asset;
─ The outside party can be a person, a program, or a computing system,
─ Example: illicit copying of program or data files; or wiretapping to obtain data in
network,
─ a silent interceptor may leave no traces by which the interception can be
readily detected,
 Effect on confidentiality.
Threats
Harm acts
• Modification;
 when an unauthorized party can be access and
tampers with an asset;
─ modify the values in a data base, Alter program, or
─ Modify data being transmitted electrically,
─ It is possible to modify HW,
 Some cases of modification can be detected with simple
measures, but other,
─ more subtle, changes may be almost impossible to detect.
 Effect on integrity.
• Fabrication;
 when an unauthorized party can be fabricates
counterfeit objects for a computing system;
─ The intruder may wish to;
 add spurious transactions to a network communication system,
 add records to an existing data base.
 Effect on authenticity
Threats
Harm acts
• The fig. illustrates the four acts to cause a
security harm;

FIGURE 1-5: Four Acts to Cause Security Harm

Threats;
Confidentiality;
• authorized people or systems can access to protected data;
• Ensuring confidentiality can be difficult, Exs:
─ who determines which people or systems are authorized to access
the current system?
─ By "accessing" data, do we mean that an authorized party can
access;
a single bit? the whole collection? pieces of data out of context?
─ Can someone who is authorized disclose those data to other
parties?
─ Who owns the data: If you visit a web page?
• Here are some properties that could mean a failure of data
confidentiality:
─ An unauthorized person, process or program accesses a data item,
─ A person authorized to access certain data, where is accesses other
data not authorized,
─ An unauthorized person accesses an approximate data value,
─ An unauthorized person learns the existence of a piece of data.
 Threats;
Confidentiality;
• A person, process, or program is (or is not) authorized
to access a data item in a particular way;
• In security, we call the;
 Who: A subject can be;
 people, computer processes (executing programs), network connections,
devices, and similar active entities.
 What: the data item an object,
 How: the kind of access (such as read, write, or execute) an
access mode, and
 Policy: the authorization;
 Who + What + How
 Threats;
Integrity
• When we survey the way some people use the
integrity term, we find several different meanings;
 if we say that we have preserved the integrity of an item, we
may mean that the item is:
―Precise, Accurate, Unmodified,
―modified only in acceptable ways,
―modified only by authorized people,
―modified only by authorized processes,
―Consistent, internally consistent,
―Meaningful, and usable.
 Welke and Mayfield recognize three particular aspects of:
―Integrity authorized Actions,
―Separation and protection of resources, and
―Error detection and correction.
 Integrity can be enforced in much the same way as can
confidentiality:
―by rigorous control of who or what can access which resources in
how ways.
 Threats;
Availability (1)
• Availability applies both to data and to
services (that is, to information and to
information processing), and it is similarly
complex;
 an object or service is thought to be available if the
following are true:
― It is present in a usable form,
― It has capacity enough to meet the service's needs,
― It is making clear progress,
 if in a wait mode,
 it has a bounded waiting time.
 The service is completed in an acceptable period of time.
 Threats;
Availability (2)
• Some criteria to define availability; we say a
data item, service, or system is available if:
 There is a timely response to our request;
 Resources are allocated fairly;
− Some requesters are not favored over others.
 The service or system involved follows a philosophy
of fault tolerance, whereby;
− HW or SW faults lead to graceful cessation (‫ )انقطاع‬of service or
to work-around, rather than, to crashes and abrupt loss (‫خسارة‬
‫ )مفاجئة‬of information.
 The service or system can be used easily and in the
way it was intended to be used; and
 Concurrency is controlled; that is,
− simultaneous access,
− deadlock management, and
− exclusive access are supported as required.
Threats;
Availability and Related Areas;
• We can construct an overall description of
availability by combining these goals;
• As we can see;
 expectations of availability are far-reaching,
 Figure 1-7 depicts some of the properties with which
availability overlaps;

FIGURE 1-7: Availability and Related

Threats
Types of Threats;

FIGURE 1-8: Computer [Network] Vulnerabilities (from

 Threats
Types of Threats
• One way to analyze harm is to consider the
cause or source;
 We call a potential cause of harm a threat,
 Harm can be caused by either nonhuman events or
humans, Examples of
− nonhuman threats include;
 natural disasters like fires or floods; loss of electrical power; failure of
a component such as a communications cable, processor chip, or disk
drive; or attack by a wild boar.
− Human threats can be either benign (nonmalicious) or
malicious;
 Nonmalicious include someone’s accidentally spilling a soft drink on a
laptop, unintentionally deleting text or file, inadvertently sending an
email message to the wrong person, and carelessly typing “12”
instead of “21” or clicking “yes” instead of “no” to overwrite a file.
 Threats
Types of Threats
 Most computer security activity relates to malicious, human-
caused harm:
 A malicious person actually wants to cause harm, and;
 so we often use the term attack for a malicious computer
security event.

FIGURE 1-9: Kinds of Threats

 Threats
Types of Threats
• There are too many ways to interfere with your
use of computer assets;
• Two retrospective lists of known vulnerabilities
are of interest;
 CVE, the Common Vulnerabilities and Exposures list;
 is a dictionary of publicly known information security
vulnerabilities and exposures.
 see (http://cve.mitre.org/).
 CVE’s common identifiers enable data exchange between:
− security products and provide a baseline index point for evaluating
coverage of security tools and services.
 CVSS, the Common Vulnerability Scoring System, to measure
the extent of harm;
 provides a standard measurement system that allows
accurate and consistent scoring of vulnerability impact.
 see (http://nvd.nist.gov/cvss.cfm).
 Threats
Advanced Persistent Threat
• Security experts are becoming increasingly
concerned about a type of threat called advanced
persistent threat;
 the resulting impact of individuals attack is limited to what that
single attacker can organize and manage,
 A collection of attackers-think, for ex, of the cyber equivalent of a
street gang or an organized crime squad;
 might work together to purloin credit card numbers or similar
financial assets to fund other illegal activity,
 Advanced persistent threat attacks come from organized,
well financed, patient assailants;
− Often affiliated with governments or quasi-governmental groups,
 these attackers engage in long term campaigns, Typically;
 the attacks are silent, avoiding any obvious impact that would alert a
victim,
 allowing the attacker to exploit the victim’s access rights over a long
time.
 Threats
Types of Attackers; Computer Crimes
• Computer criminals have access to enormous
amounts of, HW, SW, and data;
 they have the potential to cripple much of effective business
and government throughout the world.
• the purpose of computer security is to prevent these
criminals from doing damage;
• Computer crime;
 is any crime involving a computer or aided by the use
of one.
• this definition is admittedly broad, it allows us to
consider ways to protect;
 ourselves,
 our businesses, and
 our communities against those who use computers maliciously.
Threats
Types of Attackers; Amateurs
• Amateur most embezzlers are not career
criminals;
• Normal people who observe a weakness in
a security system that allows them to
access cash or other valuables;
• In the same sense, most computer
criminals are;
 ordinary computer professionals, or;
 users who, while doing their jobs, discover they
have access to something valuable.
Threats
Types of Attackers; career computer criminal;
• the career computer criminal understands
the targets of computer crime;
• Criminals seldom change fields from;
 arson,
 murder, or
 auto theft to computing.
• more often, criminals begin as computer
professionals who engage in computer
crime;
 attacks have shown that organized crime; and
 professional criminals have discovered just how
lucrative computer crime can be.
Threats
Types of Attackers
• the attackers want to pay the rent;
• Snow [SNO05]; observes that;
 a hacker wants a score, or some kind of
evidence to give them bragging rights,
 Organized crime wants a resource;
− such criminals want to stay under the radar to be able to
extract profit from the system over time.
 These different objectives lead to different
approaches.
• The hacker can use a quick-and-dirty
attack,
• The professional attacker wants a neat,
robust, and undetected method;
 Threats
Types of Attackers; terrorists
• The link between computer security and terrorism is
quite evident; they using computers in 4-ways:
 Computer as targets of attack:
− denial-of-service attacks and web site defacements are popular for
any political organization, because;
 they attract attention to the cause and bring undesired negative
attention to the target of the attack.
 Computer as enabler of attack:
− web sites, web logs, and e-mail lists are:
 effective, fast, and inexpensive ways to get a message to many
people.
 Computer as methods of attack:
− to launch offensive attacks requires use of computers;
− For example: Stuxnet worm.
 Computer as enhance of attack:
− The Internet has proved to be an invaluable means for terrorists to
spread propaganda and recruit agents.
Threats
Types of Attackers

FIGURE 1-10: Attackers

Threats
Types of Attacks
• A security goals (C-I-A triad) can be
threatened by security attacks;
• There are different approaches to
categorize the attacks;
A.Attacks can be divided into three groups related
to a three security goals;

Security Attacks

• Modification
• Snooping • Denial of
release the( • Masquerading Service
)message content • Replaying
• Traffic Analysis • Repudiation
Threats
Types of Attacks
B. Attacks can be categorize into four groups
related to the harm acts;
 Interception,
 Interruption,
 Modification, and
 Fabrication.
• These attacks can be grouped into two broads
categories based on their effects on the
system;
 Passive attacks and
 Active attacks.
Passive and Active Attacks ;
• A passive attack;
 Threaten the confidentiality,
 Does not modify data or harm the system,
 May harm the sender or the receiver,
 It is difficult to detect, but can prevent it by
encryption of the data.
• An active attack;
 Threaten the integrity and availability,
 May change the data or harm the system,
 Easer to detect than to prevent,
 An attacker can launch them in a variety ways.
 Passive and Active Attacks ;
• The following figure depicts these attacks
categories;
Security Attacks

Active Attacks
Passive Attacks:
•Snooping
(release the message
content) Interruption Modification Fabrication
•Traffic Analysis (Masquerade) (denial of
Service-DOS)

Repudiation Replay Attack Alteration

Attacks Attack
Assignments;
• Assignment:
 Write a report on the vulnerability, according to
types.
 Write a report on the computer crimes up to
date in 2020, according to types.
 Threats and Attacks on the:
 Data,
 Hardware, and
 Software.
Harm
• The negative consequence of an
actualized threat is harm;
 we protect ourselves against threats in order to
reduce or eliminate harm,
 There are many examples of computer harm:
 a stolen computer, modified or lost file, revealed private
letter, or denied access to data.
 These events cause harm that we want to avoid.
• The value of many assets can change over
time;
 so the degree of harm and therefore the severity
of a threat can change, too.
 With unlimited time, money, and capability,
 we might try to protect against all kinds of harm.
Harm;
• But because our resources are limited,
we must prioritize our protection;
 safeguarding only against serious threats
and the ones we can control,
 Choosing the threats;
─ we try to mitigate a threats by involving a
process called risk management, and;
─ it includes weighing the seriousness of a threat
against our ability to protect.
• Risk management involves;
 choosing which threats to control, and;
 what resources to devote to protection.
 Harm:
Risk and Common Sense;
• The number and kinds of threats are
practically unlimited because devising an
attack requires;
 an active imagination, determination, persistence,
and time as well as access and resources.
• The nature and number of threats in the
computer world reflect life in general:
 The causes of harm are limitless and largely
unpredictable,
 There are too many possible causes of harm for us
to protect ourselves-or our computers-
completely against all of them;
 In real life we make decisions every day about the best way to
provide our security.
Harm
Risk and Common Sense
• Computer security is similar;
 Because we cannot protect against everything,
 we prioritize: Only so much time, energy, or
money is available for protection;
 so we address some risks and let others slide.
• The risk that remains uncovered by
controls is called residual risk;
Harm
Risk and Common Sense
• A basic model of risk management
involves;
 a user’s calculating the value of all assets,
 determining the amount of harm from all
possible threats,
 computing the costs of protection;
 selecting safeguards (that is, controls or
countermeasures) based on the degree of risk
and on limited resources.
 applying the safeguards to optimize harm
averted.
Harm
Risk and Common Sense
• This approach to risk management is a
logical and sensible approach to
protection, but it has significant
drawbacks;
 In reality, it is difficult to assess the value of
each asset; as we have seen,
 value can change depending on context, timing, and a
host of other characteristics.
 Even harder is determining the impact of all
possible threats;
 The range of possible threats is effectively limitless, and it
is difficult (if not impossible in some situations) to know
the short- and long-term impacts of an action.
Harm
Risk and Common Sense
• Although we should not apply protection
haphazardly;
 we will necessarily protect against threats we
consider most likely or most damaging.
 For this reason, it is essential to understand how we perceive
threats and evaluate their likely occurrence and impact.
 Spending for security is based on the impact and
likelihood of potential harm;
 both of which are nearly impossible to measure precisely.
Harm
Method, Opportunity, and Motive
• A malicious attacker must have three things:
 Method: is the how;
─ skills,
─ knowledge,
─ tools, and
─ other things with which to perpetrate the attack.
 Opportunity: is the when;
─ the time and access to accomplish the attack.
 Motive: is the why of an attack;
─ a reason to want to perform this attack against this system.
• Method, opportunity, and motive are all
necessary for an attack to succeed;
 deny any of these, the attack will fail.
Vulnerabilities
• Computer systems have vulnerabilities;
 weak authentication, lack of access control,
 errors in programs, finite or insufficient resources, and
 inadequate physical protection.
• each of these vulnerabilities can allow harm to
C-I-A triad;
• Security analysts speak of a system’s attack
surface;
 System’s attack surface is the system’s full set of
vulnerabilities-actual and potential,
 Thus, the attack surface includes;
 physical hazards, malicious attacks by outsiders,
 stealth data theft by insiders,
 mistakes, and impersonations.
• Our next step is to find ways to block threats by
neutralizing vulnerabilities;
Controls (1)
• computer crime is certain to continue;
 For this reason, we must look carefully at controls for
preserving C-I-A triad.
• To protect against harm, then, we can;
 neutralize the threat, close the vulnerability, or both.
• The possibility for harm to occur is called risk.
• We can deal with harm in several ways;
 prevent it, by blocking the attack or closing the vulnerability,
 deter it, by making the attack harder but not impossible,
 deflect it, by making another target more attractive,
 mitigate it, by making its impact less severe,
 detect it, either as it happens or some time after the fact,
 recover from its effects.
Controls (3)
• To consider the controls, that attempt to prevent
exploiting a computing system's vulnerabilities;
 we begin by thinking about traditional ways to enhance
physical security;
─ In the Middle Ages, castles and fortresses were built to protect
the people and valuable property inside.
• The fortress might have had one or more security
characteristics, including:
 a strong gate or door, to repel invaders,
 heavy walls to withstand objects thrown or projected against
them,
 a surrounding moat, to control access,
 arrow slits, to let archers shoot at approaching enemies,
 crenellations to allow inhabitants to lean out from the roof and
pour hot or vile liquids on attackers,
 a drawbridge to limit access to authorized people,
 gatekeepers to verify that only authorized people and goods
could enter.
Controls (5)
• The following figure illustrates how we use a
combination of controls to secure our valuable
resources;

FIGURE 1-12: Effects of Controls

Controls (6)
• We can group controls into three largely
independent classes;
 Physical controls; stop or block an attack by using
something tangible, such as;
− walls and fences,
− Locks,
− (human) guards,
− sprinklers and other fire extinguishers.
 Procedural or administrative controls; use a
command or agreement that requires or advises people
how to act; for example;
− laws, regulations
− policies, procedures, guidelines
− copyrights, patents
− contracts, agreements
Controls (7)
 Technical controls; counter threats with technology
(hardware or software), including;
− Passwords, access controls enforced by an OS or application,
Encryption,
− network protocols, firewalls, intrusion detection and prevention
systems, network traffic flow regulators.
• The following figures illustrates the information
assurance model and the Types of
Countermeasures.

Maconachy, Schou, Ragsdale ; (MSR) Model

(Information Assurance Model) Types of Countermeasures
Controls (8)
•None of these classes is necessarily
better than or preferable to the others;
they work in different ways with different
kinds of results, and
it can be effective to use overlapping controls
or defense in depth:
more than one control, or
more than one class of control to achieve protection.
Figure of Security concepts and relationships;