Fundamental Security Concepts

Ever kept an electronic journal to jot down your innermost thoughts and secrets? Let's connect this to the CIANA Pentagon:

C- Confidentiality- To maintain its privacy, you'll encrypt it and store it on a platform with strong access controls.

I-Integrity- you can apply cryptographic hash functions to ensure that the content remains unchanged and unaltered.

A- Availability- you consider creating regular backups. having a soft copy stored in the cloud or another secure location.

N-Non-repudiation- you digitally sign each entry, so you cannot later refute it. The digital signature serves as a unique seal that verifies your authorship.

A-Authentication- To access the electronic diary, a strong authentication mechanism is in place where only you, with the right credentials, can unlock and modify the content

In this post, we will explore several fundamental security concepts such as the CIA Triad, which later extended to CIANA Pentagon, the triple A's, and others.

JUMP ON THIS RIDE!!!

CIA TRIAD

The CIA Triad is fundamental to IT security. Everything we do in cybersecurity focuses on achieving CIA. Let's discuss the CIA in detail.

Confidentiality: the principle that ensures information can be accessed by only those with authorization. Let's discuss some security measures to ensure confidentiality

Encryption: It converts plain text into ciphertext, securing information from unauthorized access by rendering it unreadable to outsiders.

Access control: it restricts access to confidential information, allowing only authorized individuals to view it. This can involve password restrictions, two-factor authentication, and role-based access control.

Integrity: the principle that ensures information is reliable and accurate and that modification cannot occur without detection. Let's discuss some security measures to ensure integrity

Hashing: this is the process of converting data into a fixed-length string of characters that cannot be changed back to its original form. Integrity is ensured by verifying the received data's hash value against the hash value of the original data, allowing detection of any alterations or modification.

Digital Signatures: are used to validate the authenticity of electronic documents and ensure they have not been altered. Cryptographic procedures are used to generate digital signatures, which can be used to validate the signer’s identity.

Digital certificates: are electronic papers that are used to validate the identification of individuals, companies, or devices as well as to enable secure internet communication.

Availability: the principle that information is accessible to authorized users at all times. Let's discuss some security measures to ensure availability

Redundancy: refers to the process of duplicating important components or systems to guarantee their availability in the event of a malfunction.

Patching: is the process of updating software to fix vulnerabilities and ensure system stability by reducing the risk of exploitation and downtime.

Backups: are copies of important information or system configurations that can be used to restore the original information or configurations in the event of a breakdown or loss. In the event of an interruption, they guarantee that critical data and systems can be quickly restored.

TO READ UP ON MORE SECURITY MEASURES- CIA TRIAD

Non-repudiation

Before diving into what Non-repudiation is, ever heard of the CIANA pentagon?

CIANA pentagon is an extension of the CIA Triad, its stands for Confidentiality, Integrity, Availability, Non-Repudiation and Authentication.

Non-repudiation: is a principle that proves that an event or action took place and cannot be denied by those involved. Non-repudiation is essential for authenticating by proving the source of the message, preserving integrity, and establishing accountability in digital processes. Digital signature is used to ensure Non-repudiation

Scenario: A digital signature uses asymmetric cryptography, which consists of two keys: a public key and a private key. The sender(Gabriel) uses his private key to generate a unique digital signature for the communication. The recipient(Lola) verifies the signature using Gabriel's public key. The private key is only known to Gabriel and the public key is openly distributed so Lola can authenticate that the message was truly signed by Gabriel. Because the private key is necessary to generate the signature and only Gabriel has it, he cannot deny sending the message, ensuring non-repudiation.

AAA Framework/The Triple A's

This framework begins with identification, which is who you assert to be, the most frequent example is your username.

Authentication: A security measure that verifies users and entities are who they say they are. Password is an example

Authorization: refers to the rights and privileges given to users or entities upon their authentication. Permissions and privileges are granted based on roles, policies, or attributes.

Accounting: a security measure that guarantees accurate tracking and recording of every user action throughout their operations

Gap Analysis

Gap analysis is a method used to evaluate the variance between an organization's current performance and its desired objectives. In simpler terms, it assesses the difference between our current security status and our desired security goals. Before beginning a gap analysis, it is important to have clear goals in mind. Standards like NIST or ISO/IEC 27001 help to set a baseline for achieving the intended results. A gap analysis is an effective technique for organizations looking to improve their security posture. The following are steps involved in conducting a gap analysis

Define Goals and Objectives

Identify Current Security State

Compare the current state to the desired state to identify any gaps

Develop a detailed action plan to bridge the gap

Carry out the action plan by executing the suggested solutions.

Regularly track and assess progress to close the gaps.

Zero Trust

The Zero Trust concept is "never trust, always verify." This means all devices, users, systems, or transactions in the company's network are not automatically trusted. Rather, it demands constant identification and security posture verification, irrespective of their location, origin, or point of network entrance. The control plane and Data plane are needed for a zero-trust architecture

Control Plane: This is the framework and factors in charge of creating, overseeing, and implementing the policies governing user and system access in an organization. it manages the actions taking place in the data plane. The key elements/technologies of the control plane are

Adaptive identity: refers to verifying a user's identity and implementing security measures according to the authentication they have provided. An example of factors used is the user's device and location.

Threat scope reduction: refers to limiting users' access to only what's needed to get their job done to strengthen the overall security against cyber threats by reducing the attack surface of the network and improving resilience against malicious acts.

Policy-driven access control: involves creating, overseeing, and implementing user access policies per their roles and responsibilities. It is adaptive identity + established policies

Policy Administrator: Communicate with policy enforcement point on whether to allow or deny access

Policy Engine: compares the access request against its established policies.

Data Plane: This component of network devices executes the actual security processes, such as packet forwarding and filtering. Examples include switches and routers.

Implicit Trust Zones: These are network areas where trust is automatically assumed, based on predetermined security policies.

Subject/System: These are anything that interact with the network, like users, devices, or applications.

Policy Enforcement Point: This is the technology in charge of enforcing access controls and security policies. As data packets move over the network, it intercepts them, examines them based on predetermined policies, and decides whether to allow, deny or modify them.

Physical security

Physical security refers to controls in place to secure physical assets, resources, and personnel from illegal access, theft, damage, or harm. Let us go over some examples of these controls

Bollards: Short post or object for directing or preventing vehicle access.

Access control vestibule: Electronically controlled double door system that only permits one door to open at a time

Fencing: physical barriers that define limits and restrict entry to a particular area.

Video surveillance: deploying recording devices and cameras to observe and record visual data in real-time.

Security guard: Persons with the necessary training who are in charge of patrolling, keeping an eye on, and ensuring security in a specific area.

Access badge: Personalized identity cards or badges provided to authorized persons to allow regulated access.

Lighting: lighting to improve visibility and deter criminal activity.

Sensors: devices that are capable of sensing and responding to environmental variations or external triggers, there are 4 categories of sensors

Infrared: detect infrared radiation generated by objects, which allows them to detect temperature changes or movement(but in a smaller area). They are widely used in motion detectors.

Pressure: detects force changes, it is activated whenever the sensor implanted in the floor or a mat detects a certain minimum weight.

Microwave: emit microwave signals and analyze the reflections to detect motion in a larger area

Ultrasonic: measures ultrasonic wave reflections to detect motion and collision, it is commonly used in parking areas and robotic application

Deception and disruption technology

Cyber strategies such as deception and disruption are used to counter advanced threats. These strategies involve using deceptive components (SUCH AS THE ONES WE WILL BE DISCUSSING BELOW) to expose threat actors. Deception entails deploying decoy assets to entice attackers and makes it simpler to spot intrusions and regulate normal behavior.

Honeypot: a server that is created to mimic a real server but contains fake data instead of actual data. it is used to entice attackers to reveal and analyze their strategies.

Honeynet: it is a collection of honeypots

Honeyfile: it is a file that is made to appear to be a genuine file on a server, but the information it contains is false. The data can be monitored for access and can contain triggers to notify DLP solutions, acting as a trap for intruders. A common example is a password.txt file that the bad guys will believe is real, opening this file will trigger an alert.

Honeytoken: it is fake data added to Honeynet to detect and alert on unauthorized access

END!!!