Introduction to Security Mechanisms: Computer Security Lectures 2014/15 S2

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.

The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.

Topics covered in this lecture include:

Security goals
Prevention
Means that an attack will fail
For example, by employing controls
Detection
Determine that an attack has occurred or is happening
For example, by monitoring activity
Recovery
Stop an attack and repair damage
For example, by restoring data
Policy
A security policy defines what is, and what is not, allowed
Policy can be a set of rules for a program or for people to follow
Should be designed to mitigate threats
Processes and procedures need to be in place to implement policy and manage controls…
Controls…
A ‘security mechanism’, or ‘control’, is something that enforces a security policy
Can be a method, technical tool, or procedure
Actively mitigates threats
Examples of controls
Antimalware
Firewalls
Authentication: passwords
Access controls: file permissions
Sandboxes and Virtualisation
Encryption
Physical controls: door locks
Defence in depth
Military strategy, applies to security
Multiple lines of defence, so if one control fails there are other controls in place
For example, if your laptop is stolen, and your files are encrypted
Other examples?
Threat: malware
Malware: software that is intentionally malicious
Virus
Worm
Trojan horse
What can we do to prevent malware?
Antimalware (aka antivirus)
Signature-based: detects known malware based on signatures
Anomaly-based (aka heuristics): detects suspicious behaviour
Not very good at detecting zero-day (new) malware
Threat: software vulnerabilities
Software vulnerabilities: security weakness in a program
A program can have a programming or design flaw that allows an attacker to subvert its behaviour
What can we do to defend against software vulnerabilities?
Software updates
Updates are an important part of the process of maintaining computer systems
What difficulties does this introduce?
How should an organisation manage updates?
Stable vs experimental software
Threat: external network access
External attackers are looking for any weaknesses in your servers
Scanning for software they can attack
Most computers have a number of programs installed, which could be attacked
How can we avoid being attacked?
Firewalls
Firewalls can limit who can talk to what
Enforces the network traffic that is allowed
Reduces the attack surface
Threat: local malicious code
Your antimalware / software updates have failed
You have malicious code running on your computer, and it has not been detected
Defences?
Sandboxes and virtualisation
Sandboxes and Virtualisation can restrict what programs can do
Limits damage via isolation
Examples?
Threat: people
Different people in your organisation need access to different resources
If employees have access to everything, there is a greater risk that something will go wrong
Defences?
Authentication
Verify an identity
Factors:
What they know
What they have
Who they are
Where they are
Access controls
Control access to resources
Physical / digital
Requires authentication first
Subjects: users and programs
Objects: files and network resources
File permissions
Encryption
Control access to information by hiding its meaning
Requires a key/password to decrypt (obtain the original information)
Physical security
Often digital security can be subverted without physical security
Examples?
Examples of physical security?
Threat: undetected breach
Something happens (a security incident), and you don’t know about it
Monitoring
Intrusion detection systems (IDS): detect attacks
Typically monitors network traffic
Monitor logs
Monitor changes to files
Respond to incidents
Managing security
Managing security includes:
Planning security goals
Deciding how to manage risk
Applying the appropriate controls
Maintaining them
Monitoring activity
Responding to incidents
Recovering from incidents
Dealing with people

Previous post:

Next post: