SAFEGUARD INFORMATION

Security Controls

• Why Security Controls Matter

  • Information is stored in many places at once, increasing risk.

  • Organizations must implement security controls to protect data before, during, and after an event.

  • Security controls = Safeguards to reduce security risks.

• Three Types of Security Controls

  1. Technical Controls – Technology-based protections.

     • Examples: Encryption, authentication systems.

  2. Operational Controls – Day-to-day security actions performed by people.

     • Examples: Security awareness training, incident response.

  3. Managerial Controls – Policies that guide security operations.

     • Examples: Policies, standards, procedures.

• Information Privacy & Security Controls

  • Information privacy = Protecting data from unauthorized access & distribution.

  • People & organizations should control when, how, and to what extent their information is shared.

  • Security controls help regulate access to personal and sensitive data.

• Example: Travel App & Access Control

  • You book a flight and enter name, email, credit card info.

  • Who should have access?

    • ✅ Customer support agent (only when assisting).

    • ❌ Marketing team (no need for payment details).

  • Solution: Implement security controls using the Principle of Least Privilege (PoLP).

• Principle of Least Privilege (PoLP)

  • Limit access based on user role & need.

  • Ensures people only access the data they need for their job.

• Data Owners vs. Data Custodians

  • Data Owner – Decides who can access, edit, or delete data.

    • Example: Intellectual property may have multiple owners.

  • Data Custodian – Manages, stores, and protects data.

    • Example: People, organizations, or systems acting as custodians.

• Security Controls & Data Classification

  • Since data is an asset, it must be classified and handled properly.

  • More security controls exist to enforce privacy and protect assets (upcoming discussion).

PII, Cryptography, and Caesar’s Cipher

• Personally Identifiable Information (PII)

  • PII = Data that identifies an individual (e.g., name, financial info, medical records, fingerprints, emails, photos).

  • Protecting PII is challenging due to the open nature of the internet.

• Cryptography: Protecting Information Online

  • Cryptography = Transforming information to prevent unauthorized access.

  • Two-step process:

    1. Encryption – Converts plaintext (readable data) into ciphertext (scrambled data).

    2. Decryption – Converts ciphertext back into plaintext.

  • Example: Sending an encrypted email to a friend.

• Caesar’s Cipher: An Early Encryption Method

  • Named after Julius Caesar, who used it to protect military messages.

  • How it works:

    • Shifts each letter forward in the alphabet by a fixed number (e.g., shift of 3: A → D, B → E).

    • Example: "hello" → "khoor" (shift of 3).

• The Role of Cryptographic Keys

  • Key = Unlocks the encrypted message.

  • In Caesar’s cipher, the key tells the number of shifts used for encryption.

• Flaws of Caesar’s Cipher

  1. Brute Force Attacks – Only 26 possible shifts in the English alphabet, making it easy to crack.

  2. Single Key Vulnerability – If the key is stolen or lost, the message is no longer secure.

  3. Key Management – Keys should never be stored publicly or shared with the encrypted message.

• Modern Cryptography

  • Due to Caesar’s cipher limitations, more advanced algorithms are used today.

  • Next focus: How modern encryption algorithms keep information private.

Public Key Infrastructure (PKI)

• Why PKI Exists

  • Encryption is critical to protect online data.

  • Managing encryption keys manually would be impossible, so we use Public Key Infrastructure (PKI).

  • PKI = Encryption framework that secures online information exchange.

• Two-Step Process of PKI

  1. Encryption & Key Exchange

     • Uses Asymmetric Encryption, Symmetric Encryption, or both.

  2. Establishing Trust

     • Uses Digital Certificates to verify identities.

• Asymmetric vs. Symmetric Encryption

  1. Asymmetric Encryption (More Secure, Slower)

     • Uses two keys (public & private).

     • Public key = Used to encrypt data (anyone can have it).

     • Private key = Used to decrypt data (only owner has it).

     • Example: Securely setting up a connection in a messaging app.

  2. Symmetric Encryption (Faster, Less Secure)

     • Uses one secret key for both encryption & decryption.

     • Faster, but risky if the key is stolen.

     • Example: Once a secure chat connection is established, symmetric encryption takes over for speed.

• PKI Uses Both Encryption Methods

  • When security is the priority → Asymmetric encryption is used.

  • When speed is the priority → Symmetric encryption takes over.

• The Trust Problem & Digital Certificates

  • Computers cannot naturally determine trust like humans do.

  • Solution: Digital Certificates

    • A digital certificate is a file that verifies the identity of a public key holder.

    • Issued by a trusted Certificate Authority (CA).

    • Used by users, companies, and networks to confirm authenticity.

• How Digital Certificates Are Created

  1. A business registers its domain with a hosting company.

  2. The hosting company sends information to a trusted Certificate Authority (CA).

  3. The CA verifies the company’s identity (e.g., name, location, public key).

  4. The CA encrypts the data with its private key and creates a digital certificate.

  5. The digital certificate acts as an online ID badge to grant or restrict access.

• Why PKI is a Strong Security Control

  • Solves the trust issue in online communications.

  • Combines asymmetric & symmetric encryption with digital certificates.

  • Ensures secure exchanges between trusted sources online.

Hash Functions & Data Integrity

• Encryption Keys Are Vulnerable

  • Encryption keys can be lost or stolen, putting sensitive data at risk.

  • Solution: Hash functions help secure data without needing decryption keys.

• What is a Hash Function?

  • One-way algorithm that produces a unique hash value (digest).

  • Unlike encryption, hash values cannot be decrypted.

  • Used to verify data integrity by ensuring files remain unchanged.

• Example: Detecting File Tampering

  1. A company stores an internal application on a shared drive.

  2. The application passes through a hash function, creating a hash value (e.g., using MD5 or SHA-256).

  3. An attacker modifies the application and replaces the original version.

  4. The altered file produces a different hash value, signaling a security issue.

  • Even changing a single line of code alters the hash completely.

• Key Use: Ensuring Data Integrity

  • Hashing verifies data accuracy & consistency (integrity).

  • Supports non-repudiation – Ensures authenticity cannot be denied.

• Practical Use of Hash Functions

  • Linux Command Line Example:

    • Use sha256 to generate a hash value for a file:

      bash
      
      sha256sum newfile.txt 

    • This command outputs a unique hash for the file.

  • VirusTotal Database Example:

    • Analysts upload a file hash to VirusTotal to check if it matches known malware.

• Why Hashing Matters

  • Hash functions help quickly detect unauthorized changes to files.

  • A small change in input = completely different hash value.

  • Essential security control for verifying data authenticity.

Access Controls & Authentication

• Protecting Data Requires More Than Just Encryption & Hashing

  • Access controls manage who or what can access information.

  • These controls help maintain Confidentiality, Integrity, and Availability (CIA triad).

• Three Key Functions of Access Control (AAA Framework)

  1. Authentication – Identifies who you are.

  2. Authorization – Determines what you can do (covered next).

  3. Accounting – Tracks what you did (logs and audits).

• Authentication: The First Step in Access Control

  • Authentication systems ask: "Who are you?"

  • Organizations verify identity based on three authentication factors:

    1. Knowledge – Something the user knows.

       • Example: Passwords, security questions.

    2. Ownership – Something the user has.

       • Example: One-time passcodes (OTP) via text or email.

    3. Characteristic – Something the user is.

       • Example: Biometrics (fingerprint, facial recognition).

  • How Authentication Works

    • The credentials must match the stored information for access to be granted.

    • Mismatch = Access denied.

• Single Sign-On (SSO): Convenience & Risk

  • SSO (Single Sign-On) allows users to log in once and access multiple resources.

  • Analogy: Instead of reintroducing yourself every time you meet a friend, SSO verifies identity once for easier access.

  • Risk:

    • If SSO relies on a single authentication factor, it becomes a security vulnerability.

    • If hacked, a single stolen password can expose multiple systems.

• Multi-Factor Authentication (MFA): Adding Security Layers

  • MFA requires two or more authentication factors to verify identity.

  • Example: Combining knowledge (password) & ownership (OTP code).

  • Stronger than single-factor authentication, making impersonation more difficult.

• SSO + MFA = Security & Convenience

  • SSO speeds up authentication but MFA strengthens security.

  • When combined, they provide both fast access & enhanced protection.

  • Next Step: Authorization – Learning how authenticated users are granted the right level of access.

Authorization & Access Control

• Authentication vs. Authorization

  • Authentication asks: Who are you? (e.g., logging in with a password).

  • Authorization asks: What can you do? (e.g., determining what files you can access).

• Key Security Principles

  • Principle of Least Privilege (PoLP) – Users should only get the minimum access needed for their job.

  • Separation of Duties (SoD) – No single person should have too much control to prevent misuse.

    • Example:

      • A customer service rep shouldn’t be able to rate their own performance.

      • A security developer shouldn’t both create and test a system, as they might overlook weaknesses.

    • Applies to people, networks, databases, and processes.

• Authorization in Network Security

  • HTTP Basic Auth

    • Sends usernames & passwords openly over the network (very insecure).

    • Example: Older websites using HTTP instead of HTTPS.

    • Most sites now use HTTPS (encrypts data).

  • OAuth: Modern & Secure Authorization

    • Allows users to log in to services using accounts from platforms like Google or Facebook.

    • Example: Instead of making a new password, you sign up for a website using "Sign in with Google".

    • OAuth uses API tokens instead of passwords for added security.

• How API Tokens Work

  • An API token is a small encrypted block of data that holds:

    • Your identity

    • Your access permissions

  • OAuth sends and verifies these tokens between your device and a server.

• OAuth & Security Benefits

  • Protects passwords – Your Google password stays safe even if another site is hacked.

  • Works with Multi-Factor Authentication (MFA) – Keeps security layers in place.

• Big Picture: Why Authorization Matters

  • Limits the risk of unauthorized access.

  • Ensures users only get the access they truly need.

Accounting & Session Security

• What is Accounting in Security?

  • The final function in the Authentication, Authorization, and Accounting (AAA) framework.

  • Tracks & monitors system access logs to record:

    • Who accessed the system.

    • When they accessed it.

    • What resources they used.

  • Helps security teams spot trends, detect intrusions, and investigate incidents.

• Why Access Logs Matter

  • Security analysts use logs to:

    • Identify failed login attempts that may indicate hacking attempts.

    • Detect unauthorized access (e.g., hackers infiltrating a system).

    • Investigate security incidents like data breaches.

  • Logs are often the first thing analysts review when responding to an incident.

• How Access Logs Work

  • Every time a user logs in, they start a session—a sequence of network interactions tied to that user.

  • A session records all user interactions from login to logout, helping analysts reconstruct activity.

• Key Components of a Session

  1. Session ID

     • A unique token assigned to each session that tracks a user’s actions.

     • Attached to a user until they close the browser or session times out.

  2. Session Cookies

     • A small token exchanged between a server & user’s device.

     • Used to validate a session and determine its duration.

     • Prevents exposure of sensitive information (like usernames & passwords).

• Security Risk: Session Hijacking

  • What is it?

    • An attacker steals a user’s session ID and impersonates them.

    • The hacker can act as the user, accessing their sensitive information.

  • Potential damage:

    • Stealing money or private data.

    • Using a stolen single sign-on (SSO) credential to access multiple systems.

  • Example:

    • A hacker steals your session cookie and logs into your banking site without needing your password.

• Why Accounting & Monitoring Logs is Critical

  • Unusual activity in logs (e.g., logins from unexpected locations) can signal a security breach.

  • Helps detect compromised accounts before major damage occurs.

  • Example: If a hacker gains access to a system, logs help trace their actions and determine how they got in.

  • Ultimately, monitoring access logs ensures better security & faster response to threats.