THM JRPentester Intro To Pentesting > Principles of Security
Principles of Security
Introduction
It outlines some Fundamentals of InfoSec.
The measuers, frameworks and protocols that we will discuss, all play small part in “Defence in Depth”
Defence in Depth is the use of multiple varied layers of security to protect Organisation's system.
The CIA Traid
InfoSec model used in the making of Security Policies.
This model has an old background dating from 1998/
Reason for its old background is InfoSec is not just about CyberSecurity, it also applies to scenarios like filing record storage etc.
It consist upon three sections, Confidentiality, Integrity and Availability (CIA), it is Industry Standard model right now, it helps to understand the value of data it applies to and the attention that the data need from the bussiness
Unlike traditional models where you have individual sections, It is continous cycle.
Confidentiality
This element is the protection of data from unauthorized access and misuse.
Integrity
Information has to be kept accurate and consistent unless authorized changes are made.
Access control and rigorous authentication can help prevent authorized users from making unauthorized changes.
Hash verifications and digital signatures can help ensure that transactions are authentic and that files have not been modified or corrupted.
Availability
In order for data to be useful, it must be available and accessible by the user.
The main concern in the CIA triad is that the information should be available when authorised users need to access it.
Availability is key benchmark for organisations, if system is unavailable then organisation may face bad raputation or financial loss.
Availability is achieved through a combination of many elements, including:
• Having reliable and well-tested hardware for their information technology servers (i.e. reputable servers)
• Having redundant technology and services in the case of failure of the primary
• Implementing well-versed security protocols to protect technology and services from attack
Principles of Privileges
It is vital to define every person's level of access.
The levels of access given to individuals are determined on two primary factors:
• The individual's role/function within the organisation
• The sensitivity of the information being stored on the system
Two key concepts are used to assign and manage the access rights of individuals
• Privileged Identity Management (PIM)
• Privileged Access Management (PAM)
Principle of least privileges is essential.
PAM also encompasses enforcing security policies such as password management, auditing policies and reducing the attack surface a system faces.
Security Models Continued
According to a security model, any system or piece of technology storing information is called an information system,
Let's explore some popular and effective security models used to achieve the three elements of the CIA triad.
The Bell-La Padula Model
The Bell-La Padula Model is used to achieve confidentiality. This model has a few assumptions, such as an organisation's hierarchical structure it is used in, where everyone's responsibilities/roles are well-defined.
The model works by granting access to pieces of data (called objects) on a strictly need to know basis. This model uses the rule "no write down, no read up".
| Advantages | Disadvantages |
|---|---|
| Policies in this model can be replicated to real-life organisations hierarchies (and vice versa) | Even though a user may not have access to an object, they will know about its existence -- so it's not confidential in that aspect. |
| Simple to implement and understand, and has been proven to be successful. | The model relies on a large amount of trust within the organisation. |
The Bell LaPadula Model is popular within organisations such as governmental and military. This is because members of the organisations are presumed to have already gone through a process called vetting. Vetting is a screening process where applicant's backgrounds are examined to establish the risk they pose to the organisation. Therefore, applicants who are successfully vetted are assumed to be trustworthy - which is where this model fits in.
Biba Model
The Biba model is arguably the equivalent of the Bell-La Padula model but for the integrity of the CIA triad.
This model applies the rule to objects (data) and subjects (users) that can be summarised as "no write up, no read down". This rule means that subjects can create or write content to objects at or below their level but can only read the contents of objects above the subject's level.
Let's compare some advantages and disadvantages of this model in the table below:
| Advantages | Disadvantages |
|---|---|
| This model is simple to implement. | There will be many levels of access and objects. Things can be easily overlooked when applying security controls. |
| Resolves the limitations of the Bell-La Padula model by addressing both confidentiality and data integrity. | Often results in delays within a business. For example, a doctor would not be able to read the notes made by a nurse in a hospital with this model. |
The Biba model is used in organisations or situations where integrity is more important than confidentiality. For example, in software development, developers may only have access to the code that is necessary for their job. They may not need access to critical pieces of information such as databases, etc.
Threat modelling
&
Incident Response
it is the process of reviewing, improving, and testing the security protocols in an organisation's IT infrastructure and services.
A critical stage of the threat modelling process is identifying likely threats that an application or system may face, the vulnerabilities a system or application may be vulnerable to.
The threat modelling process is very similar to a risk assessment made in workplaces for employees and customers. The principles all return to:
• Preparation
• Identification
• Mitigations
• Review
It is, however, a complex process that needs constant review and discussion with a dedicated team. An effective threat model includes:
• Threat intelligence
• Asset identification
• Mitigation capabilities
• Risk assessment
To help with this, there are frameworks such as STRIDE (Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service and Elevation of privileges) and PASTA (Process for Attack Simulation and Threat Analysis) infosec never tasted so good!
STRIDE, authored by two Microsoft security researchers in 1999 is still very relevant today.
STRIDE includes six main principles, which I have detailed in the table below:
| Principle | Description |
|---|---|
| Spoofing | This principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another. Access keys (such as API keys) or signatures via encryption helps remediate this threat. |
| Tampering | By providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate. For example, shops use seals on food products. |
| Repudiation | This principle dictates the use of services such as logging of activity for a system or application to track. |
| Information Disclosure | Applications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner is shown. |
| Denial of Service | Applications and services use up system resources, these two things should have measures in place so that abuse of the application/service won't result in bringing the whole system down. |
| Elevation of Privilege | This is the worst-case scenario for an application or service. It means that a user was able to escalate their authorization to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure. |
A breach of security is known as an incident.
Actions taken to resolve and remediate the threat are known as Incident Response (IR) and are a whole career path in cybersecurity.
An incident is responded to by a Computer Security Incident Response Team (CSIRT)
Six phases of Incident Response that takes place, listed in the table below:
| Action | Description |
|---|---|
| Preparation | Do we have the resources and plans in place to deal with the security incident? |
| Identification | Has the threat and the threat actor been correctly identified in order for us to respond to? |
| Containment | Can the threat/security incident be contained to prevent other systems or users from being impacted? |
| Eradication | Remove the active threat. |
| Recovery | Perform a full review of the impacted systems to return to business as usual operations. |
| Lessons Learned | What can be learnt from the incident? I.e. if it was due to a phishing email, employees should be trained better to detect phishing emails. |
Comments
Post a Comment