Security Concepts and Controls: Module 1 Overview for IT Security

Confidentiality

Preventing unauthorized access to information. Examples: Encryption, access controls, data masking, steganography.

Integrity

Ensuring information is accurate, complete, and trustworthy, and has not been tampered with. Examples: Hashing, digital signatures, version control, change management, checksums.

Availability

Ensuring authorized users have timely and uninterrupted access to information and resources. Examples: Redundancy (RAID, clustering), backups, fault tolerance, disaster recovery (DR), business continuity (BC), load balancing.

Non-Repudiation

Guarantees that the sender of information cannot later deny having sent it, and the receiver cannot deny having received it. Mechanism: Digital signatures, logging.

Authentication

Verifying the identity of a user, process, or device. Methods: Something you know (password, PIN), something you have (token, smart card), something you are (biometrics), somewhere you are (geolocation), something you do (keystroke dynamics). Protocols: Kerberos, LDAP, RADIUS, TACACS+.

Authorization

Granting or denying access to resources based on authenticated identity and defined permissions. Models: Role-Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Attribute-Based Access Control (ABAC).

Accounting (Auditing)

Tracking and logging user activities and resource usage. Purpose: Incident response, forensics, compliance.

Zero Trust

A security model based on the principle of 'never trust, always verify.' All users, devices, and applications, whether inside or outside the network perimeter, must be authenticated and authorized. Key Concepts: Micro-segmentation, least privilege, continuous monitoring.

Honeypots/Honeynets

Decoy systems designed to attract and trap attackers to study their methods.

Honeytokens

Fictitious data designed to lure attackers.

Fake Telemetry

Misleading data to confuse attackers.

Managerial/Administrative Controls

Policies, procedures, guidelines (e.g., security awareness training, incident response plans, risk assessments).

Operational Controls

Controls implemented by people to manage and monitor security (e.g., vulnerability management, penetration testing, log monitoring).

Technical/Logical Controls

Security mechanisms implemented through hardware or software (e.g., firewalls, IDS/IPS, encryption, access control lists).

Preventive Controls

Stop attacks before they happen (e.g., strong passwords, firewalls, encryption).

Detective Controls

Identify attacks that are occurring or have occurred (e.g., IDS/IPS, SIEM, security audits, log analysis).

Corrective Controls

Remediate the effects of an attack (e.g., incident response, patching, data recovery).

Deterrent Controls

Discourage potential attackers (e.g., security cameras, warning signs, strong penalties).

Compensating Controls

Alternative controls used when a primary control is not feasible or effective (e.g., a manual review process if automated scanning is unavailable).

Physical Controls

Controls protecting physical assets (e.g., fences, guards, locks, biometrics, surveillance).

Change Management

To ensure that changes to IT systems and services are implemented in a controlled and coordinated manner, minimizing risks to security and availability.

Request for Change (RFC)

Formal submission of a proposed change.

Impact Assessment

Evaluating potential effects of the change (security, availability, performance).

Approval

Review and authorization by relevant stakeholders (Change Advisory Board - CAB).

Implementation

Executing the change.

Testing

Verifying the change works as expected and hasn't introduced new vulnerabilities.

Documentation

Updating all relevant records (configurations, procedures, baselines).

Rollback Plan

A plan to revert the system to its previous state if the change causes issues.

Security Implications

Improper change management can lead to misconfigurations, open ports, unpatched systems, and security breaches.

Purpose of Cryptography

To protect the CIA triad.

Symmetric Encryption

Uses a single, shared secret key for both encryption and decryption (e.g., AES, DES, 3DES, Blowfish, Twofish).

Pros of Symmetric Encryption

Fast, efficient.

Cons of Symmetric Encryption

Key exchange is a challenge.

Asymmetric Encryption (Public Key Cryptography)

Uses a pair of mathematically linked keys: a public key (shared with anyone) and a private key (kept secret by the owner) (e.g., RSA, ECC, Diffie-Hellman).

Pros of Asymmetric Encryption

Secure key exchange, digital signatures, non-repudiation.

Cons of Asymmetric Encryption

Slower than symmetric encryption.

Hashing

One-way function that takes input data and produces a fixed-size string of characters (hash value or message digest). Used for integrity verification.

Properties of Hashing

Fixed output size, unique output for unique input, computationally infeasible to reverse.

Algorithms for Hashing

MD5, SHA-1, SHA-256, SHA-512.

Salting

A technique used in password storage to prevent common password attacks like rainbow table attacks.

Benefit of Salting

Since each password has a unique salt, two users with the same password will have different hash values, defeating rainbow table attacks and making brute-force attacks significantly more difficult and time-consuming.

Digital Signatures

Uses asymmetric cryptography to verify the authenticity and integrity of a message or document. Provides non-repudiation.

Certificates (X.509)

Digital documents that bind a public key to an identity. Issued by Certificate Authorities (CAs).

Public Key Infrastructure (PKI)

A system for managing digital certificates and public-key encryption. Includes CAs, Registration Authorities (RAs), Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP).

Key Management

Secure generation, distribution, storage, rotation, and revocation of cryptographic keys.

Hardware Security Module (HSM)

Physical device that safeguards and manages digital keys.

Trusted Platform Module (TPM)

A secure cryptoprocessor on a motherboard that stores cryptographic keys and offers security functions.

Secure Enclave

A dedicated, secure processor or area within a CPU that can protect sensitive data and operations from the main operating system.

Obfuscation

Making something difficult to understand or interpret (e.g., steganography, tokenization, data masking).