Security Policy: Documentation that describes senior management's directives toward the role that security plays within the organization. It provides a framework within which an organization establishes needed levels of information security to achieve the desired confidentiality, availability and integrity goals. A policy is a statement of information values, protection responsibilities, and organization commitment managing risks.
Interception: Interception happens when an unauthorized party gets access to the information by eavesdropping into the communication channel. Wiretapping is a good example of an interception.
1. Interruption: An asset of the system gets destroyed or becomes unavailable. This attack targets the source or the communication channel and prevents information from reaching its intended target (e.g. cut the wire, overload the link so that the information gets dropped because of congestion). Attacks in this category attempt to perform a kind of denial-of-service (DOS).
Interception: An unauthorized party gets access to the information by eavesdropping into the communication channel (e.g. wiretapping).
Fabrication: Fabrication occurs when an attacker inserts forged objects into the system without a senders' knowledge or involvement. Fabrication can be categorized as:
Replaying - When a previously intercepted entity is inserted, this process is called replaying. For example, replaying an authentication message. Masquerading - When the attacker pretends to be the legitimate source and inserts his/her desired information, the attack is called masquerading. For example, adding new records to a file or database.
Modification: The information is not only intercepted, but modified by an unauthorized party while in transit from the source to the destination. By tampering with the information, it is actively altered (e.g. modifying message content).
Fabrication: An attacker inserts counterfeit objects into the system without having the sender doing anything. When a previously intercepted object is inserted, this processes is called replaying. When the attacker pretends to be the legitimate source and inserts his desired information, the attack is called masquerading (e.g. replay an authentication message, add records to a file).
Confidentiality: Confidentiality is defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality covers the protection of transmitted data against its release to unauthorized parties. It is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.
In addition to the protection of the content itself, the information flow should also be resistant against traffic analysis. Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. Traffic analysis is used to gather other information than the transmitted values themselves from the data flow. For example, the following information can be collected using a simple traffic analysis:
* The source of the communication * The destination of the communication * The timing of the data * The frequency of particular messages * The type of data/communication
Integrity: When data has integrity, it means that the data has not been altered or destroyed in an unauthorized manner or by unauthorized users; it is a security principle that protects information from being modified or otherwise corrupted, either maliciously or accidentally. This property ensures that a single message reaches the receiver just as it left the sender. Integrity means that no messages are lost, duplicated, or re-ordered, and it makes sure that messages cannot be replayed. Because this property also contains information about whether or not data has been destroyed en route to the destination system, it plays a very important role in verifying that all data is received successfully.
Availability: High availability refers to a system or component that is continuously operational for a desirably long time. Availability can be measured relative to "100% operational" or "never failing." A widely held but difficult-to-achieve standard of availability for a system or product is known as "five 9s" (99.999 percent) availability. Availability characterizes a system whose resources are always available for use. This property makes sure that attacks cannot prevent resources from being used for their intended purpose.
The four classes of attacks listed above violate different security properties of the computer system. A security property describes a desired feature of a system with regards to a certain type of attack.
Wikipedia: Confidentiality
Confidentiality has also been defined by the International Organization for Standardization (ISO) in ISO-17799 [1] as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.
Internet Security, by Christopher Kruegel (chris[at]auto.tuwien.ac.at) / Feb 2005
Confidentiality: This property covers the protection of transmitted data against its release to non-authorized parties. In addition to the protection of the content itself, the information flow should also be resistant against traffic analysis. Traffic analysis is used to gather other information than the transmitted values themselves from the data flow (e.g. timing data, frequency of messages).
Wikipedia: Traffic Analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication.
Internet Security, by Christopher Kruegel (chris[at]auto.tuwien.ac.at) / Feb 2005
Integrity: Integrity protects transmitted information against modifications. This property assures that a single message reaches the receiver as it has left the sender, but integrity also extends to a stream of messages. It means that no messages are lost, duplicated or reordered and it makes sure that messages cannot be replayed. As destruction is also covered under this property, all data must arrive at the receiver. Integrity is not only important as a security property, but also as a property for network protocols. Message integrity must also be ensured in case of random faults, not only in case of malicious modifications.
Understanding Information Security: Taxonomy
A security principle that keeps information from being modified or otherwise corrupted either maliciously or accidentally.
SearchDataCenter.com "high availability"
In information technology, high availability refers to a system or component that is continuously operational for a desirably long length of time. Availability can be measured relative to "100% operational" or "never failing." A widely-held but difficult-to-achieve standard of availability for a system or product is known as "five 9s" (99.999 percent) availability.
The Industrial Communication Technology Handbook By Richard Zurawski
Availability characterizes a system whose resources are always ready to be used. Whenever information needs to be transmitted, the communication channel is available and the receiver can cope with the incoming data. This property makes sure that attacks cannot prevent resources from being used for their intended purpose.
Nonrepudiation: Nonrepudation is the concept of ensuring that a contract, especially one agreed to via the Internet, cannot later be denied by one of the parties involved. This property describes the mechanism that prevents either sender or receiver from denying a transmitted message. Nonrepudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send or receive the message, respectively. In other words, nonrepudiation of origin proves that data was sent, and nonrepudiation of delivery proves it was received.
Security Mechanisms: The security properties discussed previously are the core qualities of any information system. Various security mechanisms can be used to enforce the security properties. A smart security professional has to anticipate the various attacks and apply various countermeasures to safeguard the security properties of the information system. The various measures that can be initiated to counter the attacks on the security properties are as follows: * Attack prevention * Attack avoidance * Attack detection
Attack Prevention: Hackers and individuals with malicious intent commonly target corporate networks and services that constitute the corporate information system. By overwhelming these critical applications and networks with bogus service requests, denial-of-service attacks (DoS), and distributed denial of service (DDoS) attacks can severely disrupt the business, resulting in lost communications, failed business transactions, reduced business productivity, and lower profitability.
Attack prevention is defined as a series of security mechanisms implemented to prevent or defend against various kinds of attacks before they can actually reach and affect the target system.
Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information.
The Industrial Communication Technology Handbook by Richard Zurawski (2005)
Authentication: Authentication is concerned with making sure that the information is authentic. A system implementing the authentication property ensures the recipient that the data is from the source that it claims to be. The system must make sure that no third party can masquerade successfully as another source.
Network Dictionary by Javvin (2007)
Non-Repudiation: Non-repudation is the concept of ensuring that a contract, especially one agreed to via the Internet, cannot later be denied by one of the parties involved. In regard to digital security, non-repudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send or receive the message, respectively. In other words, non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.
Intrusion Detection and Correlation: Challenges and Solutions by Christopher Kruegel, Fredrik Valeur, Giovanni Vigna (2005)
This property describes the mechanism that prevents either sender or receiver from denying a transmitted message.
The Industrial Communication Technology Handbook by Richard Zurawski (2005)
Different security mechanisms can be used to enforce the security properties defined in a given security policy. Depending on the anticipated attacks, different means have to be applied to satisfy the desired properties. We divide these measures against attacks into three different classes: attack prevention, attack avoidance, and attack detection.
Attack prevention is a class of security mechanisms that contain ways of preventing or defending against certain attacks before they can actually reach and affect the target.
Access Control: Access control is the ability to permit or deny the use of an object (a passive entity, such as a sytem or file) by a subject (an active entity, such as an individual or process).
Access control includes authentication, authorization, and audit. It also includes additional measures such as physical devices, including but not limited to biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humands and automated systems (for all newbies reading this book, just do a simple Google or Wikipedia search for detailed information on these access control mechanisms). Authorization can also be implemented using role-based access control, access control lists, or a policy language such as XACML.
Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability, where identification and authentication determine who can log on to a system, authorization determines what an authenticated user can do, and accountability identifies what a user did.
A firewall is an important access control system that is implemented at the network layer. The concept behind a firewall is to separate the trusted network (internal network) from the untrusted network (an external network or Internet). The firewall prevents the attack from the outside world from reaching the machines in the inside network by preventing connection attempts from unauthorized entities located outside. Firewalls also perform the additional role of preventing the internal users from using certain services. All these are based on certain rules and criteria.
Attack Avoidance: The expansion of the connectivity of computers makes ways of protecting data and messages from tampering or reading important. Attack avoidance is the technique in which the information is modified in a way that makes it unusable for the attacker. This is performed under the assumption that the attacker can access the subject information. The sender pre-processes the information before it is sent through the unsecure communication channel and the same is post-processed at the receiver end.
An important element in this category is access control, a mechanism that can be applied at different levels, such as the operating system, the network, or the application layer.
Wikipedia: Access Control
The process of limiting access to the resources of an AIS to authorized users, programs, processes, or other systems.
In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems.
CISSP For Dummies (2002)
Access control is the ability to permit or deny the use of an object (a passive entity such as a system or file) by a subject (an active entity such as individual or process).
WikiVisual: Access Control
Authorization may be implemented using role based access control, access control lists or a policy language such as XACML. [..] Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where identification and authentication determine who can log on to a system, authorization determines what an authenticated user can do, and accountability identifies what a user did.
Proceedings of the 2nd National Conference on Emerging Trends in Information by Amol C. Goje, Shivanand S. Gornale, Pravin L. Yannawar
The expansion of the connectivity of computers makes necessary to protect data and messages from tampering or reading.
The Industrial Communication Technology Handbook by Richard Zurawski (2005)
Attack Avoidance: Security mechanisms in this category assume that an intruder may access the desired resource but the information is modified in a way that makes it unusable for the attacker. The information is preprocessed at the sender before it is transmitted over the communication channel and postprocessed at the receiver.
Cryptography is one of the technologies used in the parlance of attack avoidance.
Cryptography is the discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification, or prevent its unauthorized use. Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis.
The cryptographic algorithms can be categorized into three areas based on the number of keys that are employed for the encryption and decryption. They are:
* Secret key cryptography (SKC) - Uses a single key for both encryption and decryption. Most modern day encryption technologies do not solely use secret key cryptography due to its susceptibility to attack. it is typically used in conjunction with public key cryptograph.
* Public key cryptography (PKC) - Uses one key for encryption and another for decryption. For example, Secure Sockets Layer (SSL) is a system commonly used by e-commerce Web sites.
* Hash functions - Use a mathematical transformation to irreversibly "encrypt" information. For example, Message Digest Algorithm 5 (MD5).
While the information is transported over the communication channel, it resists attacks by being nearly useless for an intruder. One notable exception are attacks against the availability of the information as an attacker could still interrupt the message. During the processing step at the receiver, modifications or errors taht might have previously occurred can be detected (usually because the information cannot be correctly reconstructed). When no modification has taken place, the information at the receiver is identical to the one at the sender before the preprocessing step.
WikiVisual: Cryptography
Cryptography (or cryptology; ..) is the study of message secrecy. [..] The noted cryptographer Ron Rivest has observed that "cryptography is about communication in the presence of adversaries."
OECD About Cryptography Policy (1997)
Cryptography is a discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, establish its authenticity, prevent its undetected modification, prevent its repudiation, and/or prevent its unauthorised use.
http://www.hkcert.org/english/salert/glossary.html#Cryptography (now 404) HK Cert Glossary
Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis.
2nd National Conference on Emerging Trends in Information by Amol C. Goje, Shivanand S. Gornale, Pravin L. Yannawar (2007), page 55
* Secret key cryptography (SKC) - Uses a single key for both encryption and decryption.
* Public key cryptography (PKC) - Uses one key for encryption and another for decryption.
* Hash functions - Use a mathematical transformation to irreversibly "encrypt" information.
Attack Detection: The methods of attack detection assume that the attacker has bypassed the installed security measures and can access the desired target/information. When such incidents occur, attack detection reports that something went wrong and, in some cases, identifies the type of attack that occurred. However, on the other hand, attack detection is not effective in providing confidentiality of information. When the security system specifies that interception of information has a serious impact on the information system, attack detection is not an applicable mechanism. In the next level of attack detection, counter measures are initiated to recover from the impact of the attack. The most important member of the attack detection class is the intrusion detection system (IDS).
Intrusion Detection: Intrusion detection encompasses a range of security techniques designed to detect (and report on) malicious system and network activity or to record evidence of intrusion. Because this book is focused on intrusion detection, the remaining sections of this book are dedicated to a more detailed view into the inner workings of IDS.
Attack detection assumes that an attacker can obtain access to his desired targets and is successful in violating a given security policy. [..] When undesired actions occur, attack detection has the task of reporting that something went wrong and then to react in an appropriate way. [..] On the other hand, detection is not effective in providing confidentiality of information. When the security policy specifies that interception of information has a serious security impact, then attack detection is not an applicable mechanism. The most important members of the attack detection class, which have received an increasing amount of attention in the last few years, are intrusion detection systems (IDSs).
