Security Controls

·

11 min read

Security Controls

Security Controls pertain to the physical, technical and administrative mechanisms that act as safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity and availability of the system and its information. The implementation of controls should reduce risk, hopefully to an acceptable level.

Intrusion Detection

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices.

Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.

In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.

**Types of IDPS Technologies **

Network-Based, which monitors network traffic for particular network segments or devices and analyzes the network and application protocol activity to identify suspicious activity

Wireless, which monitors wireless network traffic and analyzes it to identify suspicious activity involving the wireless networking protocols themselves

Network Behavior Analysis (NBA), which examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations (e.g., a client system providing network services to other systems)

Host-Based, which monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

**Implementing the following recommendations should facilitate more efficient and effective intrusion detection and prevention system use for Federal departments and agencies. **

– Organizations should ensure that all IDPS components are secured appropriately.
– Organizations should consider using multiple types of IDPS technologies to achieve more comprehensive and accurate detection and prevention of malicious activity. – When evaluating IDPS products, organizations should consider using a combination of several sources of data on the products’ characteristics and capabilities.

HONEYPOT

A honeypot is an information system resource whose value lies in the unauthorized or illicit use of that resource A honeynet is simply a network of honeypots Information gathering and Early warning is the primary benefit to most organizations. Honeypots and honeynets are popular tools in the area of network security and network forensics. Honeypot systems have no production value, so any activity going to or from a honeypot is likely a probe, attack or compromise.

HONEYPOT AND HONEYNET TYPES

– Low-InteracTIon (LI)

Low-interaction honeypots detect attackers using software emulation of the characteristics of a particular operating system and network services on the host operating system. The advantage of this approach is better control of attacker activities, since the attacker is limited to software running on a host operating system.

– High-InteracTIon (HI)

This type of honeypot aims to give the attacker access to a real operating system, where nothing is emulated or restricted.

– Server Honeypots

The research honeypot is designed to gain information about the blackhat community and it does not add any direct value to the organization, which has to protect its information. The main aim here is to get maximum information about the blackhats by giving them full access to penetrate the security system and infiltrate it.

– Client Honeypot

This is used within an organization’s environment to protect the organization and help mitigate risk. An example of the production honeypot is a honeypot which captures, collects, and analyzes malware for anti-virus systems, intrusion detection system signatures, etc.

Honeynet extends the concept of a single honeypot to a highly controlled network of honeypots. A honeynet is composed of four core elements:

Data control— monitors and logs all of the activities of an attacker within the honeynet Data capture— controls and contains the activity of an attacker Data collection— stores all captured data in one central location Data analysis— the ability of the honeynet to analyze the data being collected from it

The deployment and usage of honeypots bring many benefits, e.g., the possibility of discovering new forms of attacks. In addition, low-interaction honeypots are easy to deploy, undemanding resource-wise, and simple to use. On the other hand, a number of issues need to be addressed during the deployment and usage. The most frequent problems are:

Inaccurate results—in some cases, the data obtained from the honeypots lead to poor results, due to a limited amount of data

Discovery and fingerprinting—the attackers can detect the honeypots

Risk of takeover—the honeypot may be used to attack against the real (non-honeypot) systems.

Padded Cell Systems- Honey pots that have been padded so that they cannot be easily compromised are padded cells. The padded cell can also be described as a “hardened honey pot”.

As well as delivering tempting data to attackers, padded cells work in tandem with a traditional intrusion detection system. Paddock cells are simulated environments that can present fake data to keep intruders interested.

What are Honeypots in Network Security?

Honeypots, also called virtual traps, are a way to lure attackers into a trap. The use of a honeypot can be applied to virtually any computing resource, including software, networks, and file servers. An example of a honeypot is a time-wasting deception technique that helps you determine how attackers behave.

Variously referred to as honey pots, honey nets, or padded cell systems, honeypots and honeynets are among the most powerful passive security tools available. These systems are designed in such a way as to deceive potential attackers and encourage them to try attacking themselves instead of critical systems.

What is the key difference between honeypots and padded cell systems? What makes a padded cell system different and a cell system differ from a honeypot? Padded cells are honey pots that have been protected against intrusion in such a way that it is difficult to compromise. The padded cell can also be described as a "hardened honey pot". As well as delivering tempting data to attackers, padded cells work in tandem with a traditional intrusion detection system.

What does it protect and defend?

With a honeypot, a network can enhance its security by further protecting itself against hackers. Honeypots are used along with firewalls and other security solutions.

Using a honeypot helps IT security teams detect attacks that firewalls fail to stop by providing increased visibility.

The advantages and disadvantages of using the honey pot or padded cell approach are:

Advantages:

• Attackers can be diverted to targets that they cannot damage. • Administrators have time to decide how to respond to an attacker. • Honey pots may be effective at catching insiders who are snooping around a network.

Disadvantages:

• The legal implications of using such devices are not well defined. • Honey pots and padded cells have not yet been shown to be a generally useful security Technologies.

Trap and Trace Systems

Use a combination of techniques to detect an intrusion and trace it back to its source. A trap usually consists of honeypot or padded cell and alarm Legal drawbacks to trap and trace

– Enticement: process of attracting attention to system by placing tantalizing bits of information in key locations

– Entrapment: action of luring an individual into committing a crime to get a conviction

“Enticement is legal and ethical, entrapment is not”

The trap features a Honeypot or a padded cell along with an alarm to notify the security professionals that the cybercriminal has compromised the security and has made his entry onto the network system.

While the trace feature works similar to the caller ID feature where the ID of the caller is traced and located, similarly it is traced and validated whether the criminal is an outsider or an insider.

While the intruders are distracted, or trapped, by what they perceive to be successful intrusions, the system notifies the administrator of their presence. The trace feature is an extension to the honey pot or padded cell approach.

Similar in concept to caller ID, the trace is a process by which the organization attempts to determine the identity of someone discovered in unauthorized areas of the network or systems.

If this individual turns out to be someone inside the organization, the administrators are completely within their power to track the individual down and turn them over to internal or external authorities. If the individual is outside the security perimeter of the organization, then numerous legal issues arise.

It includes a companion product, ManTrap, which is the honey pot application and thus presents a virtual network running from a single server. ManHunt is an intrusion detection system with the capability of initiating a trackback function that can trace a detected intruder as far as the administrator wishes.

Although administrators usually trace an intruder back to their organization's information security boundary, it is possible, with this technology, for them to coordinate with an ISP that has similar technology and thus hand off a trace to an upstream neighbor.

On the surface, trap and trace systems seem like an ideal solution. Security is no longer limited to defense.

Now the security administrators can go on the offense. They can track down the perpetrators and turn them over to the appropriate authorities. Under the guise of justice, some less scrupulous administrators may even be tempted to back-hack, or hack into a hacker's system to find out as much as possible about the hacker.

Vigilante justice would be a more appropriate term for these activities, which are in fact deemed unethical by most codes of professional conduct.

In tracking the hacker, administrators may end up wandering through other organizations' systems, especially when the wily hacker may have used IP spoofing, compromised systems, or a myriad of other techniques to throw trackers off the trail.

The result is that the administrator becomes a hacker himself, and therefore defeats the purpose of catching hackers.

Biometric Access

Physical access control systems are being used increasingly more by a diverse range of large and small organizations. One of the primary drivers for this growth is to improve security. They include physical mechanisms deployed to prevent, monitor, or detect direct contact with systems or areas within a facility.

Convenience is still important though so, for this reason, biometric access control is particularly on the rise. Depending on the technology you choose, you can achieve high levels of security while still offering convenience to users.

One of the benefits of a biometric access control system is that it’s far more difficult for someone to gain entry using someone else’s ID. A key or access card can be passed on or stolen, and information such as passwords and PINs can be shared, seen or overheard. But it’s much harder to use someone else’s fingerprint or iris to gain access. Biometric access control solutions have, traditionally, been used to increase security levels by creating a layer of verification.

So, for example, someone uses their card to identify themselves and then presents their fingerprint to prove that they are who they claim to be. As biometric access control devices improve and become more convenient, however, they’re being used increasingly more in low-risk environments.

The options for access control biometrics now range from face recognition to vein recognition, with DNA recognition on the horizon. When it comes to choosing a biometric technology, it really depends on balancing the security you need with the convenience you want.

**Cryptography **

Cryptography is the art and science of secret writing. It is the foundation of online identity, privacy, and security. Only careful and well-executed application of cryptography will allow keeping private information hidden from prying eyes and ears.

Our modern world relies on electronic means for creating, storing, and transferring information. The security of this digital life owes much to cryptography. Cryptography intersects our daily lives in more ways people commonly realize.

Practical Everyday Applications of Cryptography

Our mobile phones, computers, online services, and nearly all personal online communications rely on different cryptographic algorithms and methods for the protection of the privacy and integrity of the identities and data involved.

Over the course of an ordinary day, we use many, sometimes rather advanced, cryptographic devices - there are smartcards in our wallets, laptops on our desks, mobile phones in our pockets, vehicle information systems in our cars, electronic locks on our doors, and so on.

Algorithms - Transforming Data

Cryptographic algorithms are the basic tools of this trade. An algorithm is a method or a technique that is applied to data. When an algorithm is used to encrypt (hide) the data, the readable information (often referred to as "plaintext") is transformed to an unreadable (encrypted) form.

When an encrypted data (or "ciphertext") is returned to its readable form the process is called decryption.

Some algorithms are bi-directional (or symmetric) which means that the same algorithm (and key) are used for both encryption and decryption. In contrast, a one-directional algorithm works in only one way (ie. the operation cannot be reversed).

An example of a one-directional cryptographic algorithm is a hash algorithm that produces a hash - a digital "fingerprint" of the processed data. The hash reliably identifies the original data and no two data sets produce the same hash, yet this digital fingerprint cannot be turned back into the original data.

There are three main categories of these algorithms:

  • Public key cryptography algorithms

  • Data integrity protection algorithms

  • Symmetric cipher algorithms.

Roughly these three categories of algorithms cater for three different basic needs:

  • Reliable authentication (of users and other entities)

  • Data integrity protection

  • Protection of data privacy.

The guiding principles of providing access to resources based on the role of an individual (be it a user or a process) or of segregation of duties provide a starting point for a well-designed access control implementation. These principles need to be applied to practice in all aspects of enterprise access.

So far the user-level access control has been in the spotlight of IAM, but in recent times the focus has been shifting towards the so far unaddressed issues of trusted access.

**Conclusion **

Security controls exist to reduce or mitigate the risk to those assets. They include any type of policy, procedure, technique, method, solution, plan, action, or device designed to help accomplish that goal. Recognizable examples include firewalls, surveillance systems, and antivirus software.

Written By: Fortune Igili-Andrew