Countermeasures

Posted on by Cyber Data Scientist
Next: Introduction to Machine Learning and Artificial Intelligence

Objectives & Principals

principals for guarantying a secure system from Cyberattacks:

CIA

  • Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
  • Integrity is the need to ensure that information has not changed accidentally or deliberately and that it is accurate and complete.
  • Availability is the need to ensure that the business purpose of the system can is met and that it is accessible to those who need to use it.
  • Assurance is the need to ensure that previous goals are effective in their application

https://www.giac.org/paper/gsec/501/information-security-process-prevention-detection-response/101197

IAAA

  • Identification is the need to presents an identifier to a system so it can be recognizing as a system entity (e.g., user, process, or device) and distinguish that entity from all others.
  • Authentication is the need to Verify the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system
  • Authorization is the need to grant access privileges to a user, program, or process or the act of giving those privileges
  • Accountability (Non-repudiation) is the need to ensure that the actions of an entity can be traced uniquely to that entity

Privacy

Restricting access to subscriber or Relying Party information by federal law and agency policy

Cyber Security Risk

the impact level of an attack on defender assets. The risk is calculated using the potential impact of a threat (Damage) times the likelihood of that threat occurring.

Countermeasures

To reach our fundamental principals and protect the environment from cyberattacks we need security measures that will be capable of detecting and preventing these attacks, each measure achieves the security goal by dealing with a certain type of vulnerabilities and exploits. Some measures are for organizations, but also a regular user can use them to protect himself from cyber-attacks.

Detection Tools

Malware Analysis

  • Static analysis – by examining the malware source code, we can get information on the attack functions, instructions, and other static parameters.
  • Dynamic analysis – by running the malware code on a sandbox (a virtual machine) we can debug the malware activity on run time and understand it’s malicious activity

Antivirus

a software that detects and removes malware from a host by scanning the host using signatures or different heuristics.

IDS

intrusion detection system a process that monitors the network or host activity for violation of security policies.

Penetration testing

evaluating system security by performing the attacks

Honeypot

a trap for detecting an attack by imitating a regular asset (host, files, user credentials) and bating the attacker to exploit a vulnerability on the asset, exposing the attacker methods and intentions. There are 3 types of honeypots:

  • Pure honeypot – the activity of the hacker is passively monitored
  • High interaction honeypot – imitating the activity of a production system
  • Low interaction honeypot – imitate only activities frequently requested by the attacker

Prevention tools

Security awareness programs 

improving the user (human factor) knowledge and attitude on cyber-attacks so he could deal with attacks and adopt a secure behavior.

Cryptography

a technique for preventing the third party from reading private messages between the sender and receiver using an encryption algorithm the usually uses a key. types of cryptography keys:

  • Symmetric key – sender and receiver share the same key for encryption and decryption of messages. The main challenge is how to exchange the keys. (types: DES, AES)
  • Public key – the receiver shares his public key (publicly) the sender encrypts the message with the public key, the receiver decrypts the message using his private key that only he has and is paired with his public key.

Message authentication code (MAC)

a short piece of code that confirms that the message sent from the real sender (authentication) and wasn’t altered by a third party. The sender encrypts the message with his mac, the receiver decrypts the message and compare the mac to the original one.

Kerberos

an authentication protocol, the user authenticates himself with a Kerberos server and is given a ticket for using the service server.

Firewall

monitor and control the incoming and outgoing network traffic, the firewall filter malicious communications by understanding the protocols and application logic.

Access control

a process that manages the user – system communication and interaction while keeping maintaining the CIA and IAAA principals. Access control achieved by combining three aspects of the user:

  • something the user KNOWS – password, fact about himself
  • something the user HAS – access card,
  • something the user IS – fingerprint, retina scan, voice, signature

Resources:

http://resources.infosecinstitute.com/cyber-threat-analysis/

http://www.tripwire.com/state-of-security/security-data-protection/developing-cyber-intelligence-analyst-skills/

 

Next: Introduction to Machine Learning and Artificial Intelligence