INTRODUCTION TO CYBERSECURITY THE NEED FOR CYBERSECURITY According to CyberEdge’s annual Cyberthreat Defense Report (CDR), there is an (almost) exponential rise in the number of companies that have been attacked at least once during the past 8 years. Orange Restricted QUESTION What can a company lose as a result of a cyberattack ? Orange Restricted QUESTION What can a company lose as a result of a cyberattack ? - Financial Loss - Reputation - Business Opportunities / Customers Orange Restricted WHAT IS CYBERSECURITY ? - Use of Tools ( Firewalls / IPS / Antivirus ) Policies and Procedures (UAP…) User Training Physical Security (Cable Locks / Access Cards) - Patch Management - Encryption - Strong Password - Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. Logical or physical access without permission Source : CISA Orange Restricted IMPORTANCE OF INFORMATION - Data is the raw facts and statistics, whereas Information is Data that is accurate and timely; specific and organized for a purpose; presented within a context that gives it meaning and relevance; and can lead to an increase in understanding and decrease in uncertainty. - Used in decision-making process ( Competitive Edge….) Orange Restricted INFORMATION ASSURANCE - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. - These measures include : Providing for restoration of information systems by incorporating protection, detection and reaction capabilities. - Information Assurance is important to organizations because it ensures that user data is protected both while in transit and at rest. Orange Restricted THE CIA TRIAD Confidentiality : Confidentiality revolves around the principle of ‘least privilege.’ This principle states that access to information, assets, etc. should be granted only on a need-to-know basis so that information that is only available to some should not be accessible by everyone. Integrity : Integrity makes sure that the information is not tampered with whenever it travels from source to destination or even stored at rest. Information stored in underlying systems, databases, etc. must be protected through access controls and there should be an accepted procedure to change the stored/transit data. Availability : The availability concept is to make sure that the services of an organization are available. Source : InfoSec Institute Orange Restricted AUTHENTICATION AND NON-REPUDIABILITY Authentication : The process of proving the claimed identity of an individual user, machine, software component or any other entity. Typical authentication mechanisms include conventional password schemes, biometrics devices, cryptographic methods, and onetime passwords (usually implemented with token based cards). Non-Repudiability : Non-repudiation means a user cannot deny (repudiate) having performed a transaction. It combines authentication and integrity: non-repudiation authenticates the identity of a user who performs a transaction and ensures the integrity of that transaction. Orange Restricted ENSURING CONFIDENTIALITY OF INFORMATION - Encryption In simple terms, Encryption is a way to render data unreadable to an unauthorized party Bob Alice MITM - Even if a Man In The Middle (MITM) is successful in intercepting the data , it will be unreadable without the key. Orange Restricted SYMMETRIC ENCRYPTION (SECRET KEY CRYPTOGRAPHY) Key Plaintext (“Some_Data”) Encryption Algorithm Ciphertext (“xH87Juk!md”) Plaintext data is cleartext data that is to be encrypted. A Key is a mathematical value entered into the algorithm to produce Ciphertext, or encrypted data. Key Ciphertext (“xH87Juk!md”) Decryption Algorithm Orange Restricted Plaintext (“Some_Data”) ASYMMETRIC ENCRYPTION Limitation of Symmetric Encryption : Key Distribution Key Distribution : How does Bob send the key to Alice in a secure way ? Solution : Public Key Cryptography (Asymmetric Encryption) Bob Unencrypted Message Encryption Algorithm Alice Encrypted Message Alice’s Public Key Encryption Algorithm Alice’s Private Key Orange Restricted Unencrypted Message ENSURING CONFIDENTIALITY OF INFORMATION - Access Control Lists (ACLs) An access control list (ACL) is made up of rules that either allow or deny access to a computing environment. This enables administrators to ensure that, unless the proper credentials are presented by the device, it cannot gain access. Filesystem ACLs: These work as filters, managing access to directories or files. A filesystem ACL gives the operating system instructions as to the users that are allowed to access the system, as well as the privileges they are entitled to once they are inside. Networking ACLs: Networking ACLs manage access to a network. To do this, they provide instructions to switches and routers as to the kinds of traffic that are allowed to interface with the network. They also dictate what each user or device can do once they are inside. Orange Restricted ENSURING INTEGRITY OF INFORMATION Hashing - Hashing is a method used to convert any form of data (File or Message) into a unique string of text (Hash Value). - The purpose of hashing is to verify that a file or a piece of data hasn’t been altered. In other words, it is used to verify that data has maintained its integrity. Hash values are irreversible : Original message (Plain Text) cannot be recovered. (One-way) Even a small change should make a change in the entire hash value. Also known as the avalanche effect. The most widely used hashing functions are MD5, SHA1 and SHA-256. - Orange Restricted ENSURING AVAILABILITY OF INFORMATION Availability Redundancy - Backup - Load Balancing Network and Security Devices - Firewalls - Failover mechanism Orange Restricted ENSURING AUTHENTICATION AND NON-REPUDATION Authentication : Username / Passwords Hashing Non-Repudiation : Digital Signatures Orange Restricted PILLARS OF CYBERSECURITY - Policies / Procedures - Incident Management Process - Training and Awareness People Technology Orange Restricted - Antivirus - Firewalls - IDP / IPS - Firewalls TECHNOLOGY At its most basic, a firewall is a network security device/software that filters incoming and outgoing traffic based on certain conditions (Rules) that are set by IT administrators. The Rules that are set are based on IP, port number and protocol. - Next Generation Firewalls Provide additional services : 1) Secure Sockets Layer (SSL) Inspection 2) Web Filtering 3) Antivirus 4) Sandboxing Orange Restricted TECHNOLOGY - Intrusion Detection Systems An intrusion detection system (IDS) is a software application or hardware appliance that monitors traffic moving on networks and through systems to search for suspicious activity and known threats. The purpose of Intrusion Detection Systems is to inform IT personnel that an intrusion may be taking place. Alerting information will generally include : - The source address of the intrusion - The target/victim’s address - The type of attack that is suspected Orange Restricted TECHNOLOGY - Intrusion Prevention Systems An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur. There are several techniques that intrusion prevention systems use to identify threats: Signature-based: This method matches the activity to signatures of well-known threats. One drawback to this method is that it can only stop previously identified attacks and won’t be able to recognize new ones. Anomaly-based: This method monitors for abnormal behavior by comparing random samples of network activity against a baseline standard. It is more robust than signature-based monitoring, but it can sometimes produce false positives. Some newer and more advanced intrusion prevention systems use artificial intelligence and machine learning technology to support anomaly-based monitoring. Orange Restricted PROCESS - Policies An IT Security Policy identifies the rules for all individuals accessing and using an organization's IT assets and resources. • Acceptable use of information and IT resources Protecting personal, private, sensitive, or confidential information from unauthorized use or disclosure • Unacceptable use Installing, downloading, or running software that has not been approved following appropriate security, legal, and/or IT review in accordance with organizational policies; Orange Restricted PROCESS - Procedures Procedures define how the policies should be enacted in the organization. They are characterized by their very detailed, step-by-step approach toward implementing security standards and guidelines that support the policies. • Each user is allocated an individual username and password. Logon passwords must not be written down or disclosed to another individual. The owner of a particular username will be held responsible for all actions performed using this username. Orange Restricted PROCESS - Incident Management • Incident management is the management of activities to detect, analyze, respond to, and correct an organization’s security situation. • Even though all the operational measures taken by an organization decreases the probability of an incident occurring, the risk still exists. Orange Restricted PEOPLE - Training and Awareness • Security training and awareness helps employees understand the security risks associated with their actions and to identify cyber attacks they may encounter via email or the web. Orange Restricted THANK YOU QUESTIONS ? Orange Restricted
