carnegie mellon university ©2006 - 2011 robert t. monroe 70-451 management information systems...
Post on 20-Dec-2015
217 Views
Preview:
TRANSCRIPT
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Information Security:Security Challenges and Technologies
70-451 Management Information Systems
Robert Monroe
November 22, 2011
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Quiz
1. In last Sunday’s class we introduced the acronym CIA to describe three fundamental concerns of information security. Write one of the words represented by the letters C, I, or A: ____________ .
2. ___________ is the art and science of sending secure messages from one party to another party.
3. Name one example of a type of security threat described or discussed in last Sunday’s class: ________.
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Goals For Today
By the end of today's class you should be able to:
– Apply simple risk management techniques and frameworks to uncover the largest information security risks in an organization, and to focus your information security resources appropriately.
– Explain how cryptography techniques can be used to support Confidentiality, Integrity, and Authentication
– Identify and explain the primary types of information security attacks and risks
– Understand some of the basic technologies and techniques used to address these threats
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Information Security Management
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Information Security Is A Management Issue First
• Creating information security policies and prioritizing threats is a business issue and responsibility
• The role of the IT team is to provide a secure IT infrastructure that mitigates the threats identified by the business team
• Many management teams abdicate their responsibility for information security. Why?– Incentive structure (costs for failure, success is invisible)– Ignorance, fear, and loathing of technology/technologists– Lack of understanding of threat (wait for the crisis)
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Information Security Management Is Risk Management
• You can’t afford to completely secure all digital information in your organization
• Recognize this and address the challenge as a standard risk management problem– Identify and prioritize risks– Plan to meet them so as to minimize expected losses– Focus on your primary business
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Identifying and Prioritizing Threats
• Identify and catalog your company’s digital assets– Assign appropriate and explicit levels of importance to them
• Identify threats to those assets– Catastrophic threats – Expensive threats– Non-critical threats
• What would the cost be of having the digital assets– Exposed (stolen)– Destroyed (lost)– Changed
• Prioritize specific threats that need to addressed– Through technical measures– Through personnel and policy measures
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Match Your Response To The Threat
• Determine probability and cost of each threat– Why is this is really hard to do accurately with IT?
• Determine whether you need to mitigate the threat through technical measures, policy measures, or both
• Work with technical or policy teams to implement threat mitigation plan
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Match Your Response To The Threat: Example
Secure the penwith a leash
Secure the cashwith a vault
Two levels of security in a bank branch:
vs.
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Develop Security Policies And Enforce Them
• Set policies defining appropriate usage of IT resources– Make it clear how information is categorized and what the categories mean (e.g.
confidential, company-only, publicly available)– Identify who can access or change what information– Identify who has access to which systems. Why and for how long?– How do you handle sensitive data that has to leave your company?– Identify what employees are allowed to do with their machines
• Can they modify them and install software on them?• Can they surf the web for personal use? Limits to which sites?
• Automate enforcement where it makes sense to do so, put policies in place where automated enforcement might not make sense
• Create policies and procedures for dealing with network/computer attacks– Plan how to handle common problems before they happen so that they don’t run
out of control
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Information Security Management Summary
• Information Security is a management issue first– Your IT security policies and approach should be driven by
business goals and constraints– Fundamentally a matter of risk management
• It is non-trivial to identify, quantify, and prioritize your organization’s information security threats – The basic categories and types of threats are quite common– There are standard ways to mitigate most of these threats
• Match your strategy to threats appropriately
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Cryptography Primer
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Cryptography Helps Secure Information In Transit
• The internet is fundamentally an insecure medium
• Assume your network traffic can be:– Read– Intercepted– Modified– Forged
• Cryptography provides a mechanism for securing information sent over an electronic network – … and so much more!
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Cryptography
Cryptography: a collection of mathematical techniques for protecting information
Encryption: The process of using cryptography to scramble a message
Decryption: The process of using cryptography to unscramble a message
Source: Garfinkel, Simpson, Web Security, Privacy & Commerce, 2nd Edition, O’Reilly, 2001
D#°S3ˆß)2Ãa´,! ÔKhÑü0:ö_£
é¿íu¼...
Agent Jones:The shipmentarrives tonight...
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Cryptography Can Provide:
• Confidentiality• Integrity• Authentication• Non-Repudiation
• Note: Cryptography does not automatically provide availability or an audit trail (though it can strengthen the trust in an audit trail)
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Basic Encryption Techniques
• Substitution: Replace each letter in a message with a different letter/symbol – Trivial example:
• Guvf vf n frpeg zrffntr!• This is a secret message!
• Transposition: Scramble the characters in a message– Trivial example:
• !og a si htraE fo noisavnI• Invasion of Earth is a go!
KeyA: NB: OC: PD: QE: RF: S
G: TH: UI: VJ: WK: XL: YM: Z
KeyReverse the order of the characters in the sentence
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Symmetric Key Encryption
• Both sender and receiver know the algorithm used to encrypt a message and have the secret key necessary to decrypt it
• Message can be intercepted by a third party but it can not be read
• Block cipher vs. Stream cipher• Common symmetric key algorithms:
– DES, Triple-DES, Blowfish,IDEA, RC2, RC4, RC5, Rinjdael
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Alice and Bob
• Alice wants to send a private message to Bob• Secret agent Eve wants to intercept it• Alice and Bob use symmetric key encryption to
keep the message private
Top Secret!
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Symmetric Key Analysis
• Benefits– Encryption and decryption can be very fast– Very strong algorithms available
• Drawback: Key Management is difficult– Both parties must initially exchange keys– Both parties must store keys securely– Unique keys necessary for each pair who want to
communicate privately
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
PKI Example: Alice, Bob, and Eve
• Alice wants to send a private message to Bob but they don’t have a shared secret key
• Secret agent Eve still wants to intercept their message• Alice and Bob use public key encryption to keep the
message private
Top Secret!
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Public Key Infrastructure (PKI)
• Public Key Cryptography:A technique for establishing encrypted communication channels between two parties who have not previously exchanged secret encryption keys
• Public Key Infrastructure:A suite of technology products that implement public key cryptography for non-cryptographers
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Public Key Encryption
• Pulic Key Algorithms solve key exchange problems– Encrypt with recipients public key– Decrypt with recipients private key
• Drawbacks– Public keys are much larger than private keys– More complex to implement– Much slower than private key systems
• Common public key systems:– Diffie-Hellman, DSA/DSS, Eliptic Curves, RSA
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Hybrid Approach
• A hybrid public/private key approach is most commonly used on the web– Generate a private key for this session– Use Public Keys to exchange that private key– All subsequent interactions for that session are encrypted with
private key– Private key is discarded at end of session
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Alice and Bob, Scenario 3
• Bob needs to confirm that a message he received from Alice truly came from Alice
• Secret agent Eve wants to impersonate Alice• Solution: Alice uses a Digital Signature to sign her
messages
Top Secret!
Top SecretMessage
From Alice(trust me)
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Digital Signatures
• Digital Signatures use cryptographic techniques to provide:– Authentication– Integrity– Non-repudiation
• Digital signatures do not, by themselves, provide confidentiality
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Advanced Topic: Steganography
Steganography:The art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message.
Popular recent movie examples: The DaVinci Code and National Treasure
Example:• Load the first image• Apply the Logical And
operation with the number 3 to the image
• Make the image 85 times brighter
• You get the second image.
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Limitations Of Cryptography
• Cryptography ≠ Security
• Cryptography can not protect against:– Theft or exposure of unencrypted documents– Stolen encryption keys– Message traffic analysis– Denial of service attacks– Booby-trapped encryption programs– Malicious counter-parties
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Securing An IT Infrastructure:Principles and Technologies
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Compartmentalize Resources
• Carefully limit connectivity between:– The public internet– Your public-facing servers– Your employees’ computers (desktops/laptops/pda’s)– Key corporate servers (web, db. app servers, etc.)– Other common groups containing key information assets
• Assign appropriate levels of security to machines in each of these different compartments
• Carefully limit and monitor interactions between them
• Keep the most valuable assets “furthest” from public access
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Compartmentalization Technology
• Firewalls– Filter network traffic– Decide what goes in and what goes out of a network– Act as a gatekeeper and buffer between networks
• Such as the public internet and a company’s servers
• Network Address Translation (NAT)– Displays a “reachable” public IP address to outside world– Creates an “unreachable” network address for internal use
• DMZs (DeMilitarized Zones) – A network segment between two firewalls that buffers and limits traffic
between the two network segments
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Compartmentalization Example
The Internet
DMZ
CorporateServers
(Public Net)Corporate
Servers(Private Net)
CorporateClients
`` `
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Secure the Perimeter
• Define clear boundaries of your network(s)• For each of these networks, it should be clear what is
‘inside’ the network and what is ‘outside’ the network• Put strong (fire)walls and gatekeepers at the perimeters
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Securing The Perimter: Physical Security
• A network is not secure without good physical security• Control access to servers and networking equipment
– Physical and procedural barriers– “Need to know/go” basis for access to machines and logins passwords
• Limit the entrance and removal of trusted machines or storage media from the data center (e.g. laptops, USB keys, CD’s, …)
• Beware of backups and old hard drives– Don’t throw them away
without erasing data
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Harden The Platform
• Reduce the “attack surface” – Don’t run unnecessary programs
• Keep up to date with patches and service packs– This is remarkably hard to do in practice!– Patching one problem often causes another
• Build secure applications
vs.
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Strategic Heterogeneity
• Each element of your software and hardware platform have their own unique vulnerabilities
• If you have a standardized platform, once an attacker finds an exploit for one part of the system, he can exploit many other parts of the system also
• A bio-diversity model helps slow an attackers progress by presenting different kinds of defenses
CiscoFirewall
WindowsWeb Server
MainframeDB Server
UnixDB Server
LinuxFirewall
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Counter-Principle: Keep It Simple (KISS)
• Heterogeneity comes at a cost – complexity• Complexity and security don’t mix• Why?
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Use Strong Authentication
• Something that you know – user id and password – This is the most common authentication mechanism
• Something that you have– Smartcards– Keys/tokens – RFID tag , code generator, physical key– Physical access to a specific machine
• Something that you are (biometrics)– Fingerprint– Voiceprint– Facial recognition– Iris/retina print– Etc…
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Strengthening Authentication
• Require 1, 2, or 3 of what you know/have/are– The more you can supply, the stronger the authentication
• Use a common authentication system for as many systems/interactions as possible– Why is this important?– Why is this hard to do in practice?
MyID/EatShrimp
+ + =
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Control Access To Resources
• Access control specifies who has access to which resources
• Access control is different from authentication
• Try to use a consistent model across applications– Common model:
• Users, Permissions, Groups, Roles, Scope– Create “zones” of your network with strong partitions between the zones
• Principle of Least Privileges
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Principle: Constant Vigilance
• Securing IT infrastructure requires 24/7/365 vigilance
• Combination of automated and human actions
• Technology: Intrusion detection– Monitors traffic– Looks for attack patterns– Alerts when potential problems are found
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
Midterm Exam Results
• Overall, most people did well on the exam• 85 points possible• Score range: 50 (58%) to 83 (98%) (out of 85 possible)• Median score: 75 (88%)• Mean score: 72.3 (85%)
90-100 80-89.9 70-79.9 60-69.9 50-59.9 <50
# of Scores 12 19 5 4 1 0
2.5
7.5
12.5
17.5
# of Scores
Carnegie Mellon University ©2006 - 2011 Robert T. Monroe 70-451 Management Information Systems
References
[AD03] Robert Austin and Christopher Darby, The Myth of Secure Computing, Harvard Business Review, June 2003.
top related