What is the hunter’s dilemma?
You don’t have to outrun the bear; just another hunter
Describe the three security properties of information
- Confidentiality - Keeping information secret; avoiding disclosure vulnerabilities
- Integrity - Protecting information from improper changes; Avoiding forgery, subversion, and masquerade attacks
- Availability - Keeping systems available and in operation; Avoiding denial of service attacks
Four-point scale that indicates the potential impact for each property:
- Not applicable
- Low impact
- Moderate impact
- High impact
Amawig’s website provides publicity to company products and describes the company in general. Everything it provides is public information. The website is not the only one that provides access to Amawig products. In fact, a potential customer needs to go to a distributor or retailer to buy products in any case. To assess the 3 security properties
- Confidentiality: Not applicable, since all information is public.
- Integrity: Low, since a site outage will not prevent customer sales.
- Availability: Also low, since a site outage doesn’t prevent customer sales
Not all websites pose such a small risk. Let us reconsider the risks after Amawig expands its business. As part of a new product introduction, Amawig has decided to offer the product directly to customers via a new website and not sell it through distributors. The new sales site represents the only way to purchase that product. Aftersix months, the new product represents a small, but significant, source of revenue. We need to reassess the three security properties
- Confidentiality: Moderate, since the website handles some electronic payment information from customers.
- Integrity: Moderate, since the website handles some electronic payment information from customers, it specifies product prices, and it directs product shipments.
- Availability: Moderate, since an interruption would visibly affect sales, but would not cause long-term damage to the company
Risk assessment three major parts:
- Identify risks: assets, threat agents, attacks
- Prioritize risks: estimate relative impacts
- Establish requirements: identify security goals to address the highest-priority risks
Risk assessment detailed steps
- Identifying risks
Step 1: Identify assets
Step 2: Identify threat agents and attacks - Prioritizing risks
Step 3: Estimate the likelihood of attacks
Step 4: Estimate the impact of attacks
Step 5: Calculate their relative significance - Establish requirements
Step 6: Write requirements to address the highest-priority risks
What is continuous improvement?
- a basic principle
- we identify our basic goals
- we measure our success
- we adjust our work to better achieve our goals
What are the four things to assess when looking at boundaries?
- Can a threat agent breach a wall?
- How do we control doorways?
- How can a threat agent pass through a doorway?
- How much do we trust those inside the boundary?
Explain the concept of Least Privilege
- Restrict what people may do to an asset
- Provide the minimum privileges required
Explain Defense in Depth
We improve security by providing layers of defense;
Attackers must breach a series of defenses to reach our most valuable assets
Profiling a Threat Agent
- Goals
- Typical mode of operation
- level of motivation
- capabilities and logistical constraints
- references: reputable sources for the information
Typical goals of threat agents
- news coverage
- financial gain
- ideological victory
- regime change
typical mode of operation
- how targets are selected
- how operations are organized
- preference for broadly targeted attacks, or specific targets
- individual versus multiple coordinated attacks
- remote attacks, on-site attacks, insider attacks, social engineering
level of motivation of threat agents
- Unmotivated
- Scant motivation - will exploit minor vulnerabilities
- Stealth motivation - applies effort, but avoids social stigma
- Low motivation - causes harm and limited damage to assets
- Moderate motivation - cause significant damage to assets or some injury to persons, but to critical injury
- High motivation - will cause significant disruptions and/or critical injuries to people to achieve objectives
types of attacks
- physical theft
- denial of service
- subversion
- masquerade
- disclosure
- forgery
Writing a requirement
- Number each requirement
- Use the word shall
- Each requirement should be testable
- Each statement identifies the risks it addresses
- Phrase the requirement in a positive and specific form
Describe the six general types of attacks on information. Which are passive attacks and which are active?
- Physical theft — is active and involves the asset being physically taken
- Denial of service — is active and temporarily or permanently cuts computing services
- Subversion — is active and involves a program that gives the threat agent control of system
- Masquerade — is passive and involves the threat agent pretending to be a user of the system
- Disclosure — is passive and involves disclosure of secret information
- Forgery — is passive and involves a false message being sent to a computer
