Edward Hall
Topics in Technology
and Management

• Home
• Project Management
  
• Quality
  
• IT Management
  
• IT Security
  
• Optical Fiber
  
• Resume
  

CyberSecurity.

What is Cybersecurity?

Cybersecurity is an odd term. In modern sense cyber is taking to mean "relating to computers, information technology and the internet" (Put "definition of cyber" into your favourite search engine if you want something more formal).

Security, in regards to information systems, is anything that impacts on confidentiality, integrity or availability of the systems or the information and data they contain.

In common usage, often cybersecurity is taking to mean computer security as relating to online systems - that is, systems connected to the internet. While this definition is useful to help with the understanding of issues relating to the internet, there are many examples of systems not connected to the internet that have cybersecurity issues. Probably a notable example was the Stuxnex virus which was specifically aimed at nuclear production facilities that had machines not connected to the internet - transfer via USB keys were required to achieve a successful attack. The fact that these systems were not connected to the internet did not stop this from being a cyber-attack.

Hackers and Coloured Hats.

A hacker is a person who likes exploring how things work, and often how they can be altered to work differently.

Not all hackers are necessarily bad. Some hackers are hired by computer system owners to test their security using the same methods that criminal hackers would use. These hackers who only undertake hacking attempts with the appropriate networks owners permission are sometimes called White hats (no idea where this comes from, maybe the Lone Ranger or other good cowboys on TV typically had white hats).

Criminal hackers are sometimes called 'crackers' - a combination or criminal and hacker. These guys are considered black hats. The other hat colour is grey - somewhere on the border between black and white.

Hacker methods.

There are lots of options available to a hacker planning to attack a particular organisation or their computer networks. An example of a ordered approach is described below.

Reconnaissance and footprinting is where the hacker tries to learn as much about the victim as possible. They might try and identify the technologies used in the company through the staffs LinkedIn profiles or through the skills being asked for in job adverts. They might look up the public DNS records to identify the IP addresses where the company connects to the internet. In some cases, dumpser diving through the rubbish might be undertaking. Identifying email addresses as these are often usernames.

Next is scanning and enumeration. Trying to identify equipment, what ports might be open to the internet, and what methods can be identified to gain access. as well as internet facing systems, attack might be tried through wireless methods as well.

Gaining access is exactly what it sounds like. Maybe through a direct attack using various automated tools, or maybe through a more indirect attack such as phishing or watering hole attacks. A phising attack is where a email is sent to staff in the organisation trying to deliver a virus or deliver a link to be clicked on. This link may look like a normal log on page for the company, but really be a bogus website trying to collect valid usernames and passwords. A watering hole attack is where you put your attack software on another website that you know staff from the organisation under attack will visit - then wait for them to arrive so you can get your virus or bogus links available for them to click on.

Once access is gained, its often about escalating privilege to obtain more access to the network, and about putting in place measures to maintain access in the event that your initial access method is cut of. Final stages are often about covering your tracks and putting in place permanent backdoors if required.

At this stage the network is owned, and you get to carry out your purpose - whether that be gaining information from the network (like stealing credit card data) or undertaking deliberate damage.

Defense in Depth.

A common theory across many management areas is the principle that relying on a number of safeguards is better than relying on just one. The thinking here is that individual safeguards can fail, but the probability of multiple safeguards failing at the same time is much lower. In safety management, an example model for this is the 'swiss cheese' model where multiple layers of defense is used, even though any one of the layers could be imperfect, like holes in Swiss cheese (Google Safety Swiss Cheese model for a more detailed description). The same principle applies in cybersecurity thinking - multiple layers of protection adds to a much safer network than just single protective measures. A practical example is a email containing a virus in the attachment can have a number of protections: if the email system blocks unsafe attachments, the email spam filter restricts emails from foreign senders, the user is trained not to open unexpected attachments, the user has restricted permissions on the computer blocking the running of many virus's. If any one of these measures fails to protect the system, there is still a number of other counter measures that could be effective in stopping the malicious software from having any effect. That is, multiple layers of protection, which can also be called 'defense in depth'.

Stay tuned.....more to come.

Returned to IT Security Page.

Copyright 2015 Edward Hall. All rights reserved.
Last revised 22 June 2015.

Website Copyright 2015 Edward Hall