CIA Triad & Advanced Threat Analysis PDF
Document Details
California State University - A
Tags
Summary
This document explains the CIA triad, a model used to guide policies for information security within an organization. The triad consists of three key components: confidentiality, integrity, and availability. It describes how each component safeguards data.
Full Transcript
Understanding the CIA Triad & Advanced Threat Analysis E P O T R CSU-A Introduction to the CIA Triad The CIA Triad is a model designed to guide policies for information security within an organization. The three components are: Confidentiality, Integ...
Understanding the CIA Triad & Advanced Threat Analysis E P O T R CSU-A Introduction to the CIA Triad The CIA Triad is a model designed to guide policies for information security within an organization. The three components are: Confidentiality, Integrity, and Availability. It serves as a foundational concept in the field of Information Security. CSU-A Ensures that sensitive information is accessed 1. only by authorized CONFIDENTIA individuals. Methods include LITY encryption, access controls, and network security measures. Breaches of confidentiality can lead to data theft and loss of CSU-A For example, information confidentiality is more important than integrity or availability in the case of proprietary information of a company. Also, confidentiality is the most important when the information is a record of people’s personal activities, such as in cases involving personal and financial information of the customers of companies like Google, Amazon, Apple, and Walmart. To guarantee confidentiality under the CIA triad, communications channels must be properly monitored and controlled to prevent CSU-A unauthorized access. Further, anything that restricts access to data falls under confidentiality. This comprises two: a. Authentication – it allows the system to verify if a user is who they say they are. These include passwords and other strategies available for establishing identity like biometrics, security tokens, cryptographic keys and etc b. Public – key cryptography is a wide spread infrastructure that enforce both As: by authenticating that you are who you say you are via cryptographic keys, you establish your right to CSU-A Ensures that information is in a format that is true and correct to its original 2. INTEGRITY purposes. Maintains the accuracy and reliability of data. Involves protecting data from being altered or tampered with. Tools used include CSU-A checksums, digital signatures, and audit For example, banks are more concerned about the integrity of financial records, with confidentiality having only second priority. Some bank account holders or depositors leave ATM receipts unchecked and hanging around after withdrawing cash. This shows that confidentiality does not have the highest priority. Instead, the goal of integrity is the most important in information security in the banking system. To guarantee integrity under CSU-A the CIA triad, information must be protected Ensures that data and resources are available to authorized users when 3. needed. AVAILABILITY Involves maintaining hardware, performing regular updates, and implementing disaster recovery plans. Attacks on availability CSU-A include DDoS attacks and system failures. The classic example of a loss of availability to a malicious actor is a denial-of-service attack. In some ways, this is the most brute force act of cyber aggression out there: you're not altering your victim's data or sneaking a peek at information you shouldn't have; you're just overwhelming them with traffic so they can't keep their website up. But DoS attacks are very damaging, and that illustrates why availability CSU-A belongs in the triad A bank ATM offers users access to bank balances and other information. An ATM has tools that cover all three principles of the triad: 1. It provides confidentiality by requiring two-factor authentication (both a physical card and a PIN code) before allowing access to data. 2. The ATM and bank software enforce data integrity by ensuring that any transfers or withdrawals made via the machine are reflected in the accounting for the user's bank account. 3. The machine provides availability because it's in a public place and is accessible 24/7 even when the CSU-A bank branch is closed. A bank ATM offers users access to bank balances and other information. An ATM has tools that cover all three principles of the triad: 1. It provides confidentiality by requiring two-factor authentication (both a physical card and a PIN code) before allowing access to data. 2. The ATM and bank software enforce data integrity by ensuring that any transfers or withdrawals made via the machine are reflected in the accounting for the user's bank account. 3. The machine provides availability because it's in a public place and is accessible 24/7 even when the CSU-A bank branch is closed. THREATS TO CONFIDENTIALITY 1. Unauthorized access- Hacking, Insider Threat, Phishing attack 2. Data Leakage- Accidental Sharing, Poor Disposal practice 3. Eavesdropping- Network Sniffing, Man in the Middle (MitM) Attack. 4. Malware- 5. Weak Encryption- Inadequate Encryption Standards CSU-A THREATS TO 1. Data BreachesINTEGRITY and Tampering- Unauthorized Modification, Insider Threats 2. Malware and Viruses- Ransomware, Trojan Horses. 3. Man-in-the-Middle (MitM) Attacks- Data Interception and Alteration 4. SQL Injection- Database Compromise 5. Configuration Errors- Misconfigured Systems, Improper Access Controls 6. Human Error- Accidental Deletion or THREATS TO AVAILABILITY 1. Distributed Denial of Service (DDoS) Attacks- Overwhelming Traffic, Botnets 2. Hardware Failures 3. Software Failures 4. Natural Disasters 5. Human Error 6. Network Issues: 7. Maintenance and Updates Assess the likelihood of CONFIDEN unauthorized access (e.g., weak passwords, lack of multi-factor TILITY authentication). THREAT Review access controls and audit logs. ANALYSIS Evaluate the use of encryption and data masking techniques. CSU-A 4/22 Check for proper input validation INTEGRITY and error-handling mechanisms. THREAT Review database and file ANALYSIS integrity monitoring systems. Investigate how cryptographic hashing and checksums are used to detect alterations. CSU-A 4/22 Evaluate the resilience of AVAILABILI systems, including backup and TY THREAT recovery processes. Check for redundancy in critical ANALYSIS systems (e.g., network, power, storage). Analyze disaster recovery and incident response plans. CSU-A 4/22 GENERAL STEPS TO 1. Identify ANALYZE Assets: Determine THREATS the systems, data, and resources that need protection. 2. Assess Vulnerabilities: Identify weaknesses that could be exploited by threats for each component of the CIA triad. 3. Evaluate Threats: Consider potential attackers, environmental factors, and internal risks that could compromise confidentiality, integrity, or availability. 4. Prioritize Risks: Rank threats based on the likelihood and potential impact on each aspect of the CIA triad. 5. Implement Controls: Apply appropriate security measures (e.g., encryption, firewalls, monitoring tools) THANK YOU meow CSU-A 22/22 NETWORK AUTHENTICATION SYSTEM E P O T R CSU-A It is a process of verifying the Network identity of a device or user trying to access a network. Authenticat It typically involves ion validating credentials such as usernames, passwords, certificates, or security tokens before granting access CSU-A 4/22 TRANSMITION CONTROL PROTOCOL / INTERNET PROTOCOL (TCP/IP) It was created by the Department of Defense (DoD) to ensure and preserve data integrity, as well as to maintain communication of catastrophic war. TCP/IP provides the foundation for communication between devices on a network, but by itself, it doesn't provide authentication. Network authentication adds a security layer to TCP/IP-based networks, ensuring that only authorized users or devices can access network resources, thus protecting sensitive data and TCP/IP and the DoD Model The DoD model is basically a condensed version of (Open System Interconnection) OSI Model– it’s composed of four instead of seven layers: It defines protocols for node-to- PROCESS/ node application communication APPLICATIO and also controls user-interface specification. N Provides network services and enables user applicationto interact with the network CSU-A 4/22 Defining protocols for the setting HOST-TO- up the level transmission HOST services for applications. It tackles issues such as creating reliable end-to-end communication and ensuring error free delivery pf data CSU-A 4/22 INTERNET It takes care of the addressing of host by giving them an IP address, and it handle the routing packets among multiple networks. CSU-A 4/22 NETWORK Monitors the data exchange ACCESS between the host and the network. Transmitting raw data over physical networks CSU-A 4/22 Applications and services used in IP Networks Is the chameleon of protocols- its specialty is terminal emulation TELNET It allows user on remote client machine, called the telnet client, to access the resources on another machine, the telnet server telnet offers no security or encryption and is being replaced by Secure Shell (SSH) when security across the remote-configuration is needed CSU-A 4/22 Is the protocol that lets you transfer files across an IP networks. FILE Common Uses of FTP: Website Management: Web TRANSFER developers often use FTP to upload files to a web server. PROTOCOL File Sharing: FTP is used in businesses and organizations to (FTP) exchange large files that are too big for email. Data Backup: FTP is also used for backing up files to remote CSU-A 4/22 servers. translates human-readable domain names (like DOMAIN www.example.com) into machine-readable IP NAME addresses (like 192.0.2.1). DNS acts as the SERVICE "phonebook" of the internet, enabling users to access (DNS) websites, services, and resources without needing to remember complex CSU-A 4/22 numerical addresses. SECURE Is need when you need to transfer the file over an encrypted FILE connection TRANSPORT PROTOCOL It uses an SSH session which encrypts the connection (SFTP) CSU-A 4/22 SECURE Is need when you need to transfer the file over an encrypted FILE connection TRANSPORT PROTOCOL It uses an SSH session which encrypts the connection (SFTP) CSU-A 4/22 Comparison to FTP and FTPS: SFTP vs. FTP: While FTP sends data in plain text and is insecure, SFTP encrypts both the command and data streams, providing full confidentiality. SFTP vs. FTPS: FTPS (FTP Secure) adds security to traditional FTP by using SSL/TLS for encryption. However, FTPS still uses multiple ports (which can be tricky with firewalls), while SFTP uses a single port and is generally easier to configure securely.