Essential Cybersecurity Concepts: Pillars, Protections, and Policies

Posted on Dec 5, 2024 in Other subjects

Basic Pillars of Cybersecurity

Confidentiality

Information can be accessed only by authorized persons. Confidentiality can be threatened if someone intercepts data packets during transmission.

Integrity

Assurance that information has not been deleted, copied, or altered during transmission or storage.

Availability

Measures taken to prevent damage to information and access disruptions caused by strikes, accidents, or oversights.

Authenticity

Verifies that a file is genuine. Integrity confirms it hasn’t been tampered with. Authentication methods include:

  • Something the user knows (e.g., password)
  • Something the user carries (e.g., document)
  • Physical properties or involuntary acts (e.g., fingerprint)

What Cybersecurity Protects

Internet security encompasses more than just online safety; it includes physical security. Computer security protects four elements:

Software

A set of logical systems that run the hardware.

Hardware

All physical systems in the computer system.

Data

A set of logical systems managing software and hardware. Data becomes information when meaning is added.

Consumable Items

Items that wear out with use (e.g., paper, cartridges). The key elements to protect are:

  • Data
  • Software and hardware
  • Consumable items

Types of Cyberattacks

Interruption (vs. Availability)

Data or information from a system is lost, blocked, or unavailable.

Fabrication (vs. Authenticity)

An attacker places an object on the attacked system.

Modification (vs. Integrity)

An attacker manipulates data, compromising its integrity.

Threat Sources

Human Factors

Personnel and former employees pose significant risks.

Hackers, Crackers, Lamers

Individuals attempting unauthorized system access, internally or externally.

Clickers and Geeks

Individuals relying on programs created by hackers.

Paid Intruders

Individuals with privileged knowledge, sometimes receiving payment for their expertise.

Specific Threat Actors:

  • Hackers: Individuals passionate about computer science.
  • Crackers: Individuals who perform reverse engineering.
  • Clickers: Individuals using hacker-created programs.
  • Sniffers: Programs capturing web data (e.g., passwords, source code).

Security Policy: Disclaimer and Procedure

DISCLAIMER: A security policy requires cooperation and awareness among individuals specializing in different computing areas. Each member has responsibilities within the plan.

PROCEDURE: After inventorying and accepting risks, procedures are established to build a security policy. Specialized individuals or groups handle these points, overseen by an official. Key questions include:

Who Uses the Resource?

Identifying individuals involved in the security treaty, defining their rights, responsibilities, and actions.

What is the Use of Each Resource?

Creating “acceptable use policies” that users must learn and follow, specifying allowed and prohibited actions.

What are the User Obligations?

Users are responsible for the systems they use. Rules must be followed regarding password choice, expiration, email privacy, information privacy, and resource usage limits.

Who Approves Resource Use?

Different sectors may have varying resource needs. A competent authority must authorize access. Access distribution can be:

Central Distribution

All requirements are managed by a single core.

Wide or Sectoral Distribution

Requirements are managed by a core for each sector.

The Administrator

Individuals responsible for managing enterprise systems. The security policy must outline the rules administrators must follow.

Security Incidents and Response Strategies

INCIDENTS: Individuals may consciously or unconsciously violate the security policy. Responses vary depending on the violation type. Key considerations include: Was it a local or external user? Was there intent? Was it consummated? Why?

STRATEGIES FOR RESPONSE: Proper action is crucial to improve or worsen the situation. For intentional violations:

  1. Protect and Proceed: Ensure no further harm and restore services quickly. Speed is prioritized over immediate identification.
  2. Pursue and Prosecute: Monitor and identify the individual, collecting evidence and understanding their techniques and system weaknesses.

Common Security Problems

  • Creating multiple access points for users
  • Systems not checked by default
  • Outdated application versions
  • Over-reliance on employees
  • Weak or absent authentication on public servers
  • Private servers with weak or easily deductible authentication (e.g., username/password)

Security Policy Models

Bell-LaPadula

Divides user access to information based on security labels (e.g., U.S. military systems). Focuses on confidentiality, not integrity.

Clark-Wilson

Ranks applications for managing user information. Designed to protect information integrity.