Security, security issues, and concerns with respect to security status or lack thereof have been with us since day one. It is “a fact of life” inherent to all social beings and the collective societies and social protocols they forge in establishing their civilization. In these regards humans, bees, ants etc all have much in common, where humans differ is in their capacity for conceptualization and virtualisation of thought and self.
Among the most powerful and pervasive products of these processes are the concepts of knowledge, information, and the accessibility, transmission, and passing-on of said knowledge and information to contemporaries and succeeding generations alike. The label we humans have given to this is Information Technology (IT) and its most obvious manifestation in our world today is The Internet.
The benefits and freedoms delivered by these technologies and the technologies are as with everything else in the universe, susceptible to damage, degradation, or destruction from a host of very diverse threats. The securing our information technologies is attainable by way of protection of information assets via technology, processes, and training.
It is these threats, risks, vulnerabilities, impacts and counter-measures involved with Information Technology security that we are investigating.
Concepts
- Entity - That which exists or is perceived to exist
- Attack - The direct or indirect; real or perceived, consequences and effects of action(s) perpetrated by one or more entities with the intent to intrude, compromise, degrade, control, or adversely affect; either directly or indirectly, the assets, prerogatives, freedoms and rights of one or more other entities; generally with deliberate malicious intent, manner or purpose
- Security - The state of being safe, protected, and free from worry about possible loss by the assurance that something of value will not be taken away, degraded, or threatened in any manner by attack from without or subversion from within
- Security Measures - The precautions taken to defend, maintain or improve the safety and sanctity of an entity(s) (somebody or something) from attack, danger, or crime be they potential or real
- Security Goals - The predefined targeted levels of protection, precautions, or defensive strategies deemed to be "adequate` and/or "appropriate` for specific 'real world` scenarios. Thus, security goals will vary considerably from one entity to the next but all will have a commonality of providing acceptable, predefined level(s) of security assurance in conjunction with an element of acceptable exposure(s) usually weighted by economic factors such as cost effectiveness.
- Security Policy - A set(s) of organisation-level rules governing acceptable usage of such criteria as, Information Technology Resources, Acceptable Security Practices, Acceptable Operational Procedures, Best Practices Guidelines etc
- Threat - Any entity possessed with the deliberate intent to cause hazard, harm, degradation or unsolicited action to the disadvantage, peril or jeopardy of another entity or asset
- Vulnerability - That which is potentially susceptible to attack by a threat(s)
- Exploit - That which can be taken advantage of by a threat in an unsolicited, unfair or selfish manner; to the advantage or intent of said threat, and/or disadvantage or detriment of that being exploited
- Malicious - Motivated by or resulting from a malevolent desire to cause harm, degradation or pain to others
- Vindictive - Motivated by the malicious desire or intent to harm or degrade a specific target; often as a result of a desire for revenge for some “perceived” wrong or unfairness allegedly perpetrated by the target
- Risk - The chance or statistical probability that a threat will eventuate as well as the jeopardy that such a scenario will impart upon the entity deemed at risk.
- Impact - The amount or type of potential losses that may be incurred should a given threat eventuate
- Zero-Day Vulnerabilities - No patch(s) are available at the time the vulnerabilities are first publicly disclosed
- Auditing - The process of recording; usually to a log file, information regarding network and resource access including which computer(s) and/or user(s) are issuing said access requests. Typically audited criteria include System/Network Resources, Security Events, Unauthorised Access and Communications
Attack Source Categories
Outside - Resources and assets external to an organisation come under attack. The effects and consequences of which are felt by the organisation and other parties. This type of collateral damage can be resultant from malicious intent by the attacker or as a side effect unforeseen by the attacker.
Outside In - A more classical form of attack whereby an external attacker desires to intrude into the targeted system/network by penetrating said system or network defenses in order to execute ill intent.
Inside - The attacker is internal to the target system or network. A very common example of this is authentic users of a system/network attempting inappropriate access of resources, services, or data to which they are not explicitly entitled.
Inside Out - The attacker is inside the target and either instigates a remote malware download and then does its damage or the attacker wishes to propagate from its current host system to other external systems.
Proxy - The attacker focuses on surreptitiously enslaving; usually very large numbers, of unprotected innocent 3RD party machines and then; when ready, will launch an attack from all enslaved machines simultaneously. The intended result is to over-whelm the target by sheer volume. Malicious “botnets” are an example of this attack source category that has gained much notoriety of late.
Diffuse Perimeter - A relatively new category related to the morphing of the “security perimeter” as a result in the recent massive expansion of wireless ad hoc public access networks. Secure resources are now traveling out into an ever more insecure environment where they will encounter wireless networks in places where once there were no freely publicly accessible networks. Now there are many. Airports and transit centers along with the hospitality industry are primary locations from which nefarious activities are launched upon the unsuspecting.
Typical Threats and Vulnerabilities
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
- Spoofing
- Man in the Middle Attacks - including SSL injection attacks
- TCP/IP Session Hijacking
- Social Engineering
- Vulnerability Scanning, Sniffing and Eavesdropping
- Password Attacks
- Malicious Code Attacks
- Common Exploits of Wireless Networks
- Phishing, Pharming and Scamming
- Identity Theft
- Data Trading
- Perimeter Related Issues
- Insider Attacks
Until next time when we begin to get down to the nitty-gritty of security enjoy!
