Wednesday, December 11, 2019

IT Security for Confidentiality and Availability- MyAssignmenthelp

Question: Discuss about theIT Securityfor Confidentiality, Integrity and Availability. Answer: Introduction to CIA CIA is referred as Confidentiality, Integrity and Availability and before this, the classical definition of Information security is, It is an architecture which protects confidentiality, provide integrity and availability of the information [1]. Confidentiality confidentiality refers to securing persons information by only allowing a person who has access to view, edit or download information. The information remains secret to everyone else other than the person who has authorization control. Malwares, worms, virus, insecure networks, and poor administrative tools are some of the examples of threats if the information is not secured [2]. Integrity this includes correctness, completeness, trustworthy and also prevents from unauthorized access to the information. Integrity can be categorized into two types which are: Preventive mechanisms preventing authorized users to access and try to modify the information [1]. Detective mechanisms this detects unauthorized access to information when preventive mechanism fails temporarily. Availability the information that is available can be accessed or viewed by anyone who is present online and this process is authorized and encrypted [3]. When information is not available, having authentication process and encryption methods which are sophisticated means nothing. Attacks that happen against availability is known as denial of service (DoS) attacks. Types of Control of CIA Control to information security, it can be categorized into two, which are: Functionality which is preventive, corrective, deterrent, detective, compensation and recovery Plane of application which includes physical, administrative and or technical Preventive controls this tries to control or prevent security violations and adds strong access control system. This can be physical, administrative or even technical. For example, doors, security procedure and requirements of authentication are the three examples of physical, administrative and technical controls [1]. Detective controls this control system is designed to detect security violations and then, alert the defenders about the violation occurred. This control system works if the preventive mechanism fails and this control system includes cryptographic checksums, contains logs, checks for file integrity etc [1]. Corrective controls this system will correct when there is security violation. Corrective controls can be of wide range and they might be technical or they may be administrative. Deterrent controls it is the ability of the control system that will send a message to the attacker to not to attack and even after a warning message, if the attacker tries to penetrate into the system, deterrent controls are strong enough to defend the own system. Recovery controls this control mechanism is equal to corrective control to some extend but, this is used when the situation is serious in security violations and when the information that has been attacked should be recovered. This includes backing up of data, disaster recovery, business continuity management and mechanisms etc. Since in MIT, there are many departments and each department head can have access to the information of each person which is private or secret. So at first, there has to mandatory access control mechanism that has to be installed in the institute for each department. This helps to create permission on the information that has been stored in the system and these permissions can be set by system administrators. Since the administrator has control over all the information, hence, the administrator should not be awarded with this functionality because considering human errors, there is a change of deleting the information and moreover, the information can be set out to public which is not intended by the person where the information of the person is more private. This approach is directly proportional to cost because this not only provides high security to the information but also increases cost to be implemented and this security process is often seen in government activities or in mili tary systems etc. Rather than using mandatory access control which is more of cost burden to MIT, adapting role-based access control mechanism will be of better use. This is because, instead of providing permission to individual user, permissions are provided and assigned to roles. This layer is more flexible for the sake of administration for access control. Considering an example, since a department head has access to all the students personal information, using role -based access system on administrators of departments, an access control permission can be added in such a way that the department administrators doesnt have read or write permission for information of their department students and, this will be a role and this role based access system will be applied to each department head. If the authentication process is done through Internet then, that means the information or the data are present on either cloud or maintained in data-centers with servers installed. In this process, first, there has to be internet connection to the user and secondly, there has to be two sided authentication mechanism that should be incorporated in the system that is client side validation of the user and server side authentication and validation of the user. This will ensure that the user who is trying to access the information is authenticated. Risks Associated with Access Control Move the data to cloud cloud architecture is more secure compared to physical architecture and also service providers ensure backup recovery of data. SLA management when cloud computing is considered, it is necessary to know the services which are been provided by the cloud service providers and also should read the terms and conditions that are associated with the services. Cost When the whole data are moved on cloud, even though cloud is secure, there lies a threat because of data breaches. Hence, the data that are present at multiple physical locations should be destroyed and the data should be stored at single location and the location has to be secured. Since data stored on the cloud comes, as the data are been used, which is pay as per usage process, keeping an eye on service will definitely reduce the cost issue. Example of Planning at unexpected Event Suppose the information of a particular organization is deleted intentionally by a department administrator and on this unexpected event, disaster recovery plan can be stimulated as the points below: First, the IT head of the institute should take over the problem and pass an alert to all the departments and users who have access to the information about the disaster. And then, move to the backup data that are stored with secure authentication process of the IT head. And this process includes: Connections of network line to disaster recovery center [4]. Configuration of the disaster recovery center Providing requirements so that the center is not halted. Recovery strategy since the data are present at disaster recovery center, making sure that the network lines are perfectly working and also making sure that the there are no configuration or technical issues that exist with the center and moreover, this phase should be tested on regular basis [4]. Identifying the cause with the data being restored, next step is identification of cause of security violation which resulted in data deletion and how this can be handled at departmental level. Difference Between NIDS and HIDS HIDS (Host based intrusion detection system): It is installed on a particular host [5] It can monitor system objects and also can remember attributes for example file-system objects It creates a checksum which is optional. Maintains a database to store attributes and objects [5]. Reports issues such as malware detection etc. through logs or e mails. Capable of detecting any unauthorized users activity who tries to modify the file. Cons of HIDS: It can be attacked and suppose host, which was attacked gets down so does the HIDS. Installation on each local machine Needs host resources. Network based Intrusion detection system (NIDS): It monitors traffic of the network. Tries to find patters which are abnormal or suspicious Has port-scan detection [5] It is collaborated with other systems such as firewall It helps in detecting attacks from outside and also by trusted networks. Has the ability to control complete network segment [5] Defect of a single host doesnt affect NIDS. Has flexibility with multiple operating system and also devices and it can protect from bandwidth overheads and DoS attacks [6]. Cons of NIDS: Bandwidth can be overloaded sometimes. Differences Between Signature Based Detection and Anomaly Based Detection Signature Based detection: Signature based detection involves searching for a series of packets or bytes which forms a sequence in network traffic [7]. It is easy to develop and also detect signatures. Events generated can communicate and find out the cause and then alert the same. Pattern matching is quick and less time consuming Freedom to remove all signatures if the communication is in between DNS, ICMP and SMTP. Works well with fixed behavioral patterns [8]. Cons of Signature based detection: Only detects known attacks. Since it is on regular expressions and on string matching, it is prone to false positives. Anomaly Based Detection Has the ability to monitor each protocol and decode the process for understanding the goal and the payload. It is a two-step process within which the first being training of a system with the given data for establishing some sort of notion and secondly, usage of profile which has been established over real data for flag deviations. Can detect novel attacks. Cons of Anomaly based detection: May miss attacks which are known. May also miss novel attacks if the dimensions arent captured. Example directory traversal on the server which is targeted that compiles with the network protocol gets unnoticed because it doesnt trigger any payload or out-of-protocol or any bandwidth limitation flags. Case Study 1 Allowing and believing the contractor without any assistance of IT administrators will result in theft of data. This is a theft done by the insider, since the contractor is a service provider who maintains the server. Also password being too short and weak, it is very easy to find password. Key Breaches: Providing server address to the contractor Low security Providing access to storage network access to network storage should be monitored under IT security department head and without any concern, providing details is not safe. Weak password - password should be strong so that it is hard to detect the pattern. Case Study - 2 Students data that are stored in the database was exported by some intruder and, since the data re s of utmost priority, Don was asked to investigate about this and find the cause of it. Don doesnt know much about security and also not sure of the functionality of the system, it is over the line for Don. Since the incident happened within a specified network or institute, every machine will be having local and also network ports, by using HIDS, we can monitor the files and objects that are been touched and also detect the unauthorized user, who exported the data and by using NIDS, we can have over whole network and find out the intruder who has exported the data. Firewalls, strong authentication, encryption of stored data, server side validation of authenticated user, user activities monitoring system or role- based monitoring system should be incorporated within the system, so that it captures the activities of each personnel and this helps in finding the intruder more easily. Bibliography [1] "Fundamental Security Concepts," pp. 1-32. [2] Kinamik, "The CIA triad:," Have you thought about Integrity?, pp. 1-14. [3] D. T. Bourgeois, "Chapter 6: Information Systems Security," [Online]. Available: https://bus206.pressbooks.com/chapter/chapter-6-information-systems-security/.[4] S. Institute, "Disaster Recovery Plan Strategies and Processes," pp. 1-14, February 2002. [5] R. Wallner, "Intrusion Detection Systems," 2007. [6] V. Saxena, "Description of the Difference Between HIDs NIDs," [Online]. Available: https://www.techwalla.com/12783133/find-love-or-a-date-with-one-of-these-top-dating-apps.[7] J. Foster, "Learn the strengths and weaknesses of signature and anomaly detection, and how the two detection methods complement each other," [Online]. Available: https://searchsecurity.techtarget.com/tip/IDS-Signature-versus-anomaly-detection.[8] A. Brox, "Signature-Based or Anomaly-Based Intrusion Detection: The Practice and Pitfalls," 1 May 2002. [Online]. Available: https://www. scmagazine.com/signature-based-or-anomaly-based-intrusion-detection-the-practice-and-pitfalls/article/548733/.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.