Information Security - I

aigle-levant · August 15, 2024

Here’s my revision notes for Information Security…

Information security

“Information security is a well-informed sense of assurance that the information risks and controls are in the balance.”

  • James Anderson

Applications

  • Crytographic techniques
  • Antivirus mechanisms
  • Secure Socket Layer -> application level security
  • Digital signatures -> authentication
  • Biometric and retina scanning

Concepts

Attack

An attack is an act causing damage to the physical or logical resources of a company. They’re classified into :

  • Intentional : Hacker trying to break into info. system
  • Unintentional : Damage due to natural disasters
  • Passive : Reading sensitive data from system
  • Active : Doing harm to the system
  • Direct : Using one’s own PC for attacking
  • Indirect : Attacking by other means
Damage

Harm or loss caused to a system by attackers. Its severity is measured by how much trouble is caused by the attacker.

Exploit

A technique used to compromise a security system.

It starts as a security violation over time followed by an attack focused on any vulnerability in the software or networking components.

A vulnerability is a fault in system, process or security mechanism.

An exploit can also mean gaining resources which one shouldn’t possess either at all or in such a short time. Game exploits such as cheats are an example.

A zero-day exploit is a malware that attackers use to target newly-launched software. It’s called ‘zero-day’ exploit as the developer has zero days to fix it as the attackers can already use it to access systems.

Threat

Threats are objects presenting danger to an asset or resource. They’re either intentional or un-intentional.

Whereas an asset is something the organisation values and wishes to protect.

Threat agent

The specific instance or person who causes a threat.

Access

It’s the ability of a person or object to modify and affect something in the system.

Legal objects consist of authorised users from the organisation. While illegal objects are hackers who try to break into a system.

Subjects and objects

Someone who performs an attack is called a subject.

Someone who is a victim to an attack is called an object.

A computer may be both a subject and an object.

Security posture

Set of all security measures and counter-measures followed by an organisation. It includes policies, training, etc.

Countermeasures

Counter-attack performed over an attack. This can be a policy or security mechanism reducing risk.

Risk

It is the probability of damage or compromise happening to the system. Every action contains a certain level of risk, so organisations try to minimise it.

Policy

It is a set of high-level rules dictating what to do and what not to do.

Cryptography

It’s the art of hiding the original message using a certain cipher.

Information

Information is a piece of data that has a perceived value. Its characteristics[or features] help us decide its value.

This works like a dating website where you’d look for the person with certain features you’ll find desirable.

The features that are desirable are shown by this diagram called the CIA triangle [no, not that CIA association].

alt text

CIA stands for :

Confidentiality

It means information is accessible only by authorised members of an organisation. If this is violated by a third party, it’s termed as a security breach.

In other words, confidentiality = privacy.

This information’s classified into 2 types :

  • Critical : Requires more security to be enforced; usually includes important documents and transactions.
  • Non-critical : Has leeway on security enforcement; may be mitigated using backups and such.

A salami theft is when a hacker uses social engineering for their own benefit.

alt text

This hacker acquires small bits of data from employees of an organisation every now and then [usually dropped accidentally] and reconstruct the entire data using this information.

Integrity

Integrity is when information is true in the sense it is accurate, complete, secure and real.

We can check a file’s integrity by monitoring the file’s attributes and hash value using a hashing algorithm.

Hash value is a numeric value of certain length that represents the data in the file. Every file has an unique hash value.

This is because integrity can be compromised [that is, file can be corrupted and such] if the hash value is changed.

Worms and viruses may threaten a file’s integrity.

Worms are malicious programs that can replicate itself independently [and often very quickly] using the victim’s internet or LAN connection.

A virus, on the other hand, is attached to an executable file. It is only activated if the victim triggers it. So, it can’t exist independently.

Availability

This confirms that a suitable authority has the access to the information in the required format.

Information system

We’ve learned about information. Now let’s take a look at the system that will be responsible for protecting it.

Information system is a set of components that collect, modify, store and distribute information. This is done to aid decision-making and feedback.

Software

Software is a set of instructions used to operate computers and execute specific tasks. It includes the applications, OS, etc.

An organisation’s crucial information is stored in the software.

Hardware

Database

Databases store data in them. Security measures are implemented at every level there.

People

People inside the organisation are powerful [or maybe weak] as they provide security to organisation information assets.

Procedures

Procedures are a set of designed instructions to perform a specific action for organisational activities.

They fall apart if the organisation doesn’t provide knowledge on importance of these procedures to employees.

Networks

Committee on National Security Systems [CNSS] Security Model

“Information security is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information.”

  • CNSS

alt text

CNSS model provides a way to evaluate information systems security.

Since it was designed by John McCumber in 1991, it’s also known as McCumber Cube. This cube has 27 criteria which the security solution of an organisation must be able to address.

alt text

alt text

alt text

alt text

alt text

alt text