Please enable JavaScript.
Coggle requires JavaScript to display documents.
Enterprise Security and Privacy - Coggle Diagram
Enterprise Security and Privacy
Enterprise Security
Security Mechanism that deals with confidentiality, integrity, authentication, authorisation and non-repudiation
Authenticity
The property of being genuine an being able to be verified and trusted; confident in the validity of a transmission, or a message, or its originator
Accountability
One's responsibility for information security and assurance
Non-repudiation
A state when an originator cannot deny or dispute ownership
Comprised of the strategies and techniques that companies undertake to reduce the risk of unauthorized access to data, IT systems and information
Enterprise and Security are
borderless
Enterprise is defined by
data
security by
relationships
Pitfalls
Outdated Security Approaches
Constraints in approaches
Scope
Budget
Conflicts
Static security architectures
continuous monitoring and updating of the security architecture is required
Risk
For security to be successful, risk must be understood
Risk = Threat x Vulnerability x Impact
Threat
Threat = Motivation x Capability(Opportunity)
A potential for violation
of security;
that could breach security
and probably cause harm
Attack
An assault on system security
that derives from an intelligent threat;
that is a deliberate attempt
Types
Passive
Eavesdropping: Release of message contents
Analysis: Traffic analysis
Active
Impersonation: Masquerade
Replay: Replay a message later than intended
Intercept & Modify: Modification of messages
DoS
Example
Packet Injection
Possible to add packets to an established connection
The attacker can modify the sequence numbers and keep the connection synchronized while injecting packets
If the MITM attack is a "proxy attack" it is even easier to inject
Command Injection
Useful in scenarios where a one-time authentication is used
In such scenarios, sniffing the password is useless but hijacking an already authenticated session
Injection of commands to the server
Emulation of fake replies to the client
Malicious code injection
Insertion of malicious code into web pages or mail (JavaScript, trojans, virus).
Modification on the fly of binary files during the download phase( virus backdoor)
MITM Key exchange
Eavesdropping of the public key exchanged by server and client
DoS
Attacker sends an overwhelming number of packets at your machine; creates congestion
The congestion may occur in the path before your machine
Messages from legitimate users are crowded out
Usually involves a large number of machines, hence Distributed Denial of Service (DDoS) attack
Data Protection
Protect Data at rest
Protect data in motion
Modelling
Threat & Attack Modelling
Threat modelling is the use of
abstractions
to aid in thinking about risks
A threat model helps in
analysing security problems, design mitigation strategies, and evaluate solutions
Steps
Identify attackers, threats, assets, vulnerabilities and other components
Rank the threats
Choose mitigation strategies
Build solutions based on the strategies
Examples
STRIDE
Each threat reflects a required security property
Spoofing
Tampering
Repudiation
Information disclosure
Denial of Service
Elevation of privilege
PASTA
Process for Attack Simulation and Threat Analysis
Provides businesses a strategic process for mitigating cyber risks by looking first at cyber threat mitigation as a business problem
Define Business Objectives
Define Technical Scope
Application Decomposition
Threat Analysis
Vulnerability Analysis
Attack Modelling
Risk and Impact Analysis
Attacker Modelling
Basic Components
Choose which attacker to profile
Attacker motivation and capabilities
Attacker goals
Tactics, Techniques and Procedures (TTP)
It is hard to predict how another person will attack
Cyber Kill chain
Developed by Lockheed Martin
Model for identification and prevention of cyber intrusions activity
Network, malware, and perimeter oriented
MITRE ATT&CK