420 likes | 576 Views
Information Security: Security Challenges and Technologies. 70-451 Management Information Systems Robert Monroe November 22, 2011. Quiz.
E N D
Information Security:Security Challenges and Technologies 70-451 Management Information Systems Robert Monroe November 22, 2011
Quiz • In last Sunday’s class we introduced the acronym CIA to describe three fundamental concerns of information security. Write one of the words represented by the letters C, I, or A: ____________ . • ___________ is the art and science of sending secure messages from one party to another party. • Name one example of a type of security threat described or discussed in last Sunday’s class: ________.
Goals For Today By the end of today's class you should be able to: • Apply simple risk management techniques and frameworks to uncover the largest information security risks in an organization, and to focus your information security resources appropriately. • Explain how cryptography techniques can be used to support Confidentiality, Integrity, and Authentication • Identify and explain the primary types of information security attacks and risks • Understand some of the basic technologies and techniques used to address these threats
Information Security Is A Management Issue First • Creating information security policies and prioritizing threats is a business issue and responsibility • The role of the IT team is to provide a secure IT infrastructure that mitigates the threats identified by the business team • Many management teams abdicate their responsibility for information security. Why? • Incentive structure (costs for failure, success is invisible) • Ignorance, fear, and loathing of technology/technologists • Lack of understanding of threat (wait for the crisis)
Information Security Management Is Risk Management • You can’t afford to completely secure all digital information in your organization • Recognize this and address the challenge as a standard risk management problem • Identify and prioritize risks • Plan to meet them so as to minimize expected losses • Focus on your primary business
Identifying and Prioritizing Threats • Identify and catalog your company’s digital assets • Assign appropriate and explicit levels of importance to them • Identify threats to those assets • Catastrophic threats • Expensive threats • Non-critical threats • What would the cost be of having the digital assets • Exposed (stolen) • Destroyed (lost) • Changed • Prioritize specific threats that need to addressed • Through technical measures • Through personnel and policy measures
Match Your Response To The Threat • Determine probability and cost of each threat • Why is this is really hard to do accurately with IT? • Determine whether you need to mitigate the threat through technical measures, policy measures, or both • Work with technical or policy teams to implement threat mitigation plan
Match Your Response To The Threat: Example Two levels of security in a bank branch: vs. Secure the penwith a leash Secure the cashwith a vault
Develop Security Policies And Enforce Them • Set policies defining appropriate usage of IT resources • Make it clear how information is categorized and what the categories mean (e.g. confidential, company-only, publicly available) • Identify who can access or change what information • Identify who has access to which systems. Why and for how long? • How do you handle sensitive data that has to leave your company? • Identify what employees are allowed to do with their machines • Can they modify them and install software on them? • Can they surf the web for personal use? Limits to which sites? • Automate enforcement where it makes sense to do so, put policies in place where automated enforcement might not make sense • Create policies and procedures for dealing with network/computer attacks • Plan how to handle common problems before they happen so that they don’t run out of control
Information Security Management Summary • Information Security is a management issue first • Your IT security policies and approach should be driven by business goals and constraints • Fundamentally a matter of risk management • It is non-trivial to identify, quantify, and prioritize your organization’s information security threats • The basic categories and types of threats are quite common • There are standard ways to mitigate most of these threats • Match your strategy to threats appropriately
Cryptography Helps Secure Information In Transit • The internet is fundamentally an insecure medium • Assume your network traffic can be: • Read • Intercepted • Modified • Forged • Cryptography provides a mechanism for securing information sent over an electronic network • … and so much more!
Cryptography Cryptography: a collection of mathematical techniques for protecting information Encryption: The process of using cryptography to scramble a message Decryption: The process of using cryptography to unscramble a message Agent Jones: The shipment arrives tonight... D#°S3ˆß)2Ãa´,! ÔKhÑü0:ö_£é¿íu¼... Source: Garfinkel, Simpson, Web Security, Privacy & Commerce, 2nd Edition, O’Reilly, 2001
Cryptography Can Provide: • Confidentiality • Integrity • Authentication • Non-Repudiation • Note: Cryptography does not automatically provide availability or an audit trail (though it can strengthen the trust in an audit trail)
Basic Encryption Techniques • Substitution: Replace each letter in a message with a different letter/symbol • Trivial example: • Guvf vf n frpeg zrffntr! • This is a secret message! • Transposition: Scramble the characters in a message • Trivial example: • !og a si htraE fo noisavnI • Invasion of Earth is a go! Key A: N B: O C: P D: Q E: R F: S G: T H: U I: V J: W K: X L: Y M: Z Key Reverse the order of the characters in the sentence
Symmetric Key Encryption • Both sender and receiver know the algorithm used to encrypt a message and have the secret key necessary to decrypt it • Message can be intercepted by a third party but it can not be read • Block cipher vs. Stream cipher • Common symmetric key algorithms: • DES, Triple-DES, Blowfish,IDEA, RC2, RC4, RC5, Rinjdael
Alice and Bob Top Secret! • Alice wants to send a private message to Bob • Secret agent Eve wants to intercept it • Alice and Bob use symmetric key encryption to keep the message private
Symmetric Key Analysis • Benefits • Encryption and decryption can be very fast • Very strong algorithms available • Drawback: Key Management is difficult • Both parties must initially exchange keys • Both parties must store keys securely • Unique keys necessary for each pair who want to communicate privately
PKI Example: Alice, Bob, and Eve Top Secret! • Alice wants to send a private message to Bob but they don’t have a shared secret key • Secret agent Eve still wants to intercept their message • Alice and Bob use public key encryption to keep the message private
Public Key Infrastructure (PKI) • Public Key Cryptography: A technique for establishing encrypted communication channels between two parties who have not previously exchanged secret encryption keys • Public Key Infrastructure: A suite of technology products that implement public key cryptography for non-cryptographers
Public Key Encryption • Pulic Key Algorithms solve key exchange problems • Encrypt with recipients public key • Decrypt with recipients private key • Drawbacks • Public keys are much larger than private keys • More complex to implement • Much slower than private key systems • Common public key systems: • Diffie-Hellman, DSA/DSS, Eliptic Curves, RSA
Hybrid Approach • A hybrid public/private key approach is most commonly used on the web • Generate a private key for this session • Use Public Keys to exchange that private key • All subsequent interactions for that session are encrypted with private key • Private key is discarded at end of session
Alice and Bob, Scenario 3 Top Secret! • Bob needs to confirm that a message he received from Alice truly came from Alice • Secret agent Eve wants to impersonate Alice • Solution: Alice uses a Digital Signature to sign her messages Top Secret Message From Alice (trust me)
Digital Signatures • Digital Signatures use cryptographic techniques to provide: • Authentication • Integrity • Non-repudiation • Digital signatures do not, by themselves, provide confidentiality
Steganography: The art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. Popular recent movie examples: The DaVinci Code and National Treasure Example: Load the first image Apply the Logical And operation with the number 3 to the image Make the image 85 times brighter You get the second image. Advanced Topic: Steganography
Limitations Of Cryptography • Cryptography ≠ Security • Cryptography can not protect against: • Theft or exposure of unencrypted documents • Stolen encryption keys • Message traffic analysis • Denial of service attacks • Booby-trapped encryption programs • Malicious counter-parties
Principle: Compartmentalize Resources • Carefully limit connectivity between: • The public internet • Your public-facing servers • Your employees’ computers (desktops/laptops/pda’s) • Key corporate servers (web, db. app servers, etc.) • Other common groups containing key information assets • Assign appropriate levels of security to machines in each of these different compartments • Carefully limit and monitor interactions between them • Keep the most valuable assets “furthest” from public access
Compartmentalization Technology • Firewalls • Filter network traffic • Decide what goes in and what goes out of a network • Act as a gatekeeper and buffer between networks • Such as the public internet and a company’s servers • Network Address Translation (NAT) • Displays a “reachable” public IP address to outside world • Creates an “unreachable” network address for internal use • DMZs (DeMilitarized Zones) • A network segment between two firewalls that buffers and limits traffic between the two network segments
Principle: Secure the Perimeter • Define clear boundaries of your network(s) • For each of these networks, it should be clear what is ‘inside’ the network and what is ‘outside’ the network • Put strong (fire)walls and gatekeepers at the perimeters
Securing The Perimter: Physical Security • A network is not secure without good physical security • Control access to servers and networking equipment • Physical and procedural barriers • “Need to know/go” basis for access to machines and logins passwords • Limit the entrance and removal of trusted machines or storage media from the data center (e.g. laptops, USB keys, CD’s, …) • Beware of backups and old hard drives • Don’t throw them awaywithout erasing data
Principle: Harden The Platform • Reduce the “attack surface” • Don’t run unnecessary programs • Keep up to date with patches and service packs • This is remarkably hard to do in practice! • Patching one problem often causes another • Build secure applications vs.
Principle: Strategic Heterogeneity • Each element of your software and hardware platform have their own unique vulnerabilities • If you have a standardized platform, once an attacker finds an exploit for one part of the system, he can exploit many other parts of the system also • A bio-diversity model helps slow an attackers progress by presenting different kinds of defenses
Counter-Principle: Keep It Simple (KISS) • Heterogeneity comes at a cost – complexity • Complexity and security don’t mix • Why?
Principle: Use Strong Authentication • Something that you know – user id and password • This is the most common authentication mechanism • Something that you have • Smartcards • Keys/tokens – RFID tag , code generator, physical key • Physical access to a specific machine • Something that you are (biometrics) • Fingerprint • Voiceprint • Facial recognition • Iris/retina print • Etc…
Strengthening Authentication • Require 1, 2, or 3 of what you know/have/are • The more you can supply, the stronger the authentication • Use a common authentication system for as many systems/interactions as possible • Why is this important? • Why is this hard to do in practice? MyID/EatShrimp + + =
Principle: Control Access To Resources • Access control specifies who has access to which resources • Access control is different from authentication • Try to use a consistent model across applications • Common model: • Users, Permissions, Groups, Roles, Scope • Create “zones” of your network with strong partitions between the zones • Principle of Least Privileges
Principle: Constant Vigilance • Securing IT infrastructure requires 24/7/365 vigilance • Combination of automated and human actions • Technology: Intrusion detection • Monitors traffic • Looks for attack patterns • Alerts when potential problems are found
Midterm Exam Results • Overall, most people did well on the exam • 85 points possible • Score range: 50 (58%) to 83 (98%) (out of 85 possible) • Median score: 75 (88%) • Mean score: 72.3 (85%)
References [AD03] Robert Austin and Christopher Darby, The Myth of Secure Computing, Harvard Business Review, June 2003.