Designing Secure Systems
eBook - ePub

Designing Secure Systems

  1. 200 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Designing Secure Systems

About this book

Modern systems are an intertwined mesh of human process, physical security, and technology. Attackers are aware of this, commonly leveraging a weakness in one form of security to gain control over an otherwise protected operation. To expose these weaknesses, we need a single unified model that can be used to describe all aspects of the system on equal terms.

Designing Secure Systems takes a theory-based approach to concepts underlying all forms of systems – from padlocks, to phishing, to enterprise software architecture. We discuss how weakness in one part of a system creates vulnerability in another, all the while applying standards and frameworks used in the cybersecurity world. Our goal: to analyze the security of the entire system – including people, processes, and technology –using a single model.

We begin by describing the core concepts of access, authorization, authentication, and exploitation. We then break authorization down into five interrelated components and describe how these aspects apply to physical, human process, and cybersecurity. Lastly, we discuss how to operate a secure system based on the NIST Cybersecurity Framework (CSF) concepts of "identify, protect, detect, respond, and recover."

Other topics covered in this book include the NIST National Vulnerability Database (NVD), MITRE Common Vulnerability Scoring System (CVSS), Microsoft's Security Development Lifecycle (SDL), and the MITRE ATT&CK Framework.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Designing Secure Systems by Michael Melone in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
CRC Press
Year
2021
Print ISBN
9780367700010
eBook ISBN
9781000415148
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

1
INTRODUCTION

What if I told you that all of security was fundamentally the same? Over the years, I’ve come to recognize a consistency that existed beneath everything – a consistency that is shared not only with technology systems but also with human processes and physical security.
I’ve had the opportunity to work with hundreds of customers in a variety of industries across the globe in their darkest hour as a targeted attack incident responder. At the beginning much of it felt like magic – an attacker would break into a network, move from system to system undetected, and steal or destroy at will. Today much of it feels second nature, which enables analysis of all of these systems on an equal plane – as an instantiation of just a few core concepts. In “Designing Secure Systems” I am excited to share those with you.

What Is Security?

Security is all about process. It all begins during design and development of each component and their internal and external interactions. A system deployed without security in mind will undoubtedly end up having security bolted on, which is like realizing you left a suitcase full of money in a room full of thieves. The consequence is that we end up trying to hold off the thieves while building protections rather than simply moving the money to a more secure, controlled location.
The information security market is flooded with tools which enable detection of and response to different threats. Many of these tools are necessary to provide visibility into activity within an organization, but they should not be considered solutions. Expecting a security tool to solve a vulnerability is like expecting a hammer to build a table. A carpenter is significantly more capable because of the hammer, but it is ultimately the carpenter’s design and action that makes the table a reality.
Designing a secure system begins with its blueprints. The doors, windows, and building materials used in constructing a house are synonymous with a system’s means of access and security tolerances. A house without a door is of little use, and one without windows is not one we would want to live in. While we could build our house with reinforced concrete walls, our budget and preferences would cause us to spend the money on a pool instead. As such, we may need to compromise a secure design for usability and to meet our budget.
Security is also dynamic. What was considered a secure solution a decade ago is probably quite vulnerable today. New platform capabilities, new attack techniques, changing business partners, changes to integrated software or systems, mergers and acquisitions, and organizational changes are just some examples of changes which may result in revisiting a system’s security design.
Imagine designing the security for a castle in medieval times. A castle with thick walls, manned towers, and a moat would defend against most of the threats it would likely encounter. Today’s aircraft, missiles, bombs, and tanks would bypass these medieval defenses with ease. That said, it would be a waste of time and money for a king to implement defenses against attacks that would never come to be during the castle’s use.
Like the castle, the defense of any system must change occasionally based on what new threats and attacks are in use. The information security posture of any system needs to be reviewed occasionally to ensure its sufficiency. Major changes in the attack landscape such as the advent of new credential theft attacks, password spray attacks, and cryptographic weaknesses due to rising computer performance should each trigger a review of the current solution to determine its adequacy.
An effective security professional should be able to look over a system and understand the ways an attacker can use or abuse it – the ability to think like a hacker. To succeed, we need to transition from trying to make each piece of the system impenetrable to determining the impact of its loss. In other words, we need to imagine a loss of each part of the system, place ourselves in the attacker’s shoes, and ask, “what can I do with what I have?”
Attackers will make it into your system regardless of how rigid security practices are. It is our goal as security professionals to design a cost-effective and usable defense based on the protected asset’s value and operational impact. We must plan for an attack, ensuring that loss of a single component does not directly lead to loss of our most valued assets.

What Is a System?

A system is a set of individual components which work together to provide a capability. These components may be software, hardware, people, organizational processes, or anything else involved in a process from start to finish.
The principles behind system security have been used for hundreds of years in designing building defense, organizational processes and procedures, and in military intelligence. In cybersecurity, we adapt these concepts to the design of interconnected computers. While the platform we analyze may have changed, the principles we use to analyze these systems remain the same.
Despite its technology focus, cybersecurity follows the same set of vulnerabilities as any other system. Many of the vulnerabilities that result in compromises come from:
  • Intersection of human and technology processes.
  • Focus on what we believe a certain capability should do rather than what it can do.
  • Misplaced trust in the security of components within a system.
  • Excessive access or authorization granted for simplicity or to reduce complexity.
  • Lack of security training for individuals involved in design or development of the system or its components.
As security professionals, we should assess a system both from an outsider perspective and from an assume breach mentality. When assessing a system from the outside, we look for potentially risky capabilities exposed to an untrusted source. From the assume breach perspective, we model the security of the system as if the exterior defenses failed and the attacker already has control over a part of the system.

Example: If Physical Security Was Like Technology Security

Imagine you have a large fence with barbed wire surrounding something you wish to protect. The gate to this fence is locked with a padlock. In this example, the components which make up the security perimeter are:
  • The fence
  • The barbed wire
  • The padlock
For us to trust the security of the protected items, we must trust that the fence is durable, the barbed wire is installed correctly, and the padlock is reasonably resistant to attack.
Now, let’s say you took a class on lockpicking and found that you could open the padlock rather easily without a key. At this point you’re faced with three choices:
  • Open and upgrade or fix the vulnerabilities in the locking mechanism to make it more difficult to pick.
  • Accept that your protected asset will not be as protected as you would like.
  • Buy a better lock.
Most people would choose the third option (unless perhaps you are a lock manufacturer or The Lockpicking Lawyer). This choice reflects the difference between component security and system security.
In the system security world, we must trust that individual components in the system are resilient to attack. That trust comes from our perceived reputation of the manufacturer, a needs analysis based on documentation, or sometimes certification from a third-party professional body.
Let’s go back to before you picked the lock. At this moment, you may have assessed the available options of how you could get to the secured asset. You could have also:
  • Used a ladder and some durable material to cover the barbed wire and climbed over the fence.
  • Used a vehicle or some wire cutters to destroy the fence.
  • Dug a tunnel beneath the fence.
  • Used a helicopter to fast rope in from above.
Each of the possible forms of entry represents a vulnerability. One of the main jobs of a defensive security professional is to determine the value of the secured asset, the likelihood of exploitation of a known vulnerability, and the cost to secure against further attacks. The goal is to balance the cost and overhead of security measures used to protect the secured item with the value and impact of its loss.
This example demonstrates some of the challenges involved in the technology security world. Add to this the ability to access the lock from anywhere in the world and it is easy to see the challenges that manifest. Despite the difference in implementation that exists between lock design and a technology system, the underlying security design shares a number of parallels.

A Look Ahead

This book is divided into two major sections. The first section covers the concepts involved in secure system design:
  • Access – the ability to interface with a system or component
  • Authorization – the ability to perform the action you wish to perform with a component
  • Authentication – the process of identifying an individual or system for the purpose of assessing authorization
  • Vulnerability – weaknesses inherent to the system or component design which allow an attacker to circumvent intended security controls
  • Impact – capabilities available to an attacker once they’ve attained authorization
These chapters will introduce you to the set of unified concepts which underlie all systems. We will cover each concept in-depth, with examples of each from physical, human process, and technology systems.
The second half of this book gets into the operationalization of these concepts using the NIST Cybersecurity Framework as a guide. These chapters will show you how to weaponize your new knowledge to:
  • Identify sensitive information and systems
  • Protect your information and systems from attack
  • Detect suspicious or malicious activity within the system
  • Respond to an attack, including some of the nuances involved in responding to human operated attacks
  • Recover your system and restore trust in its operation
Along the way we will use a number of security standards as a means of reference, each time attempting to map the concepts to all types of systems (physical, human process, and technology). We will analyze the security of visitor check-in processes using concepts typically reserved for the technology world, perform a forensic analysis of the attack performed in the movie Oceans 11, and dig into the challenges involved with responding to human-operated attacks.

PART 1
SECURE
SYSTEM
CONCEPTS

2
ACCESS

Access is the ability to communicate or interact with a system or its components. Access comes in a variety of forms, such as:
  • Physical: the ability to touch part of the system
  • Visual: the ability to see part of the system
  • Networked: the ability to route a connection to part of the system
  • Radio Frequency: the ability to listen or transmit RF signals to or from part of the system
  • Acoustic: the ability to hear or speak to part of the system
Access is the most basic aspect of the system, ultimately defining its capabilities and providing the potential for vulnerability. Each available form of access should supply a necessary capability to its users to justify its existence.
That said, all systems must provide some form of access. A system that provides no access may have no vulnerabilities, but also provides no value.

Capability

Each means of access defines what actions you can perform with the system. For example, an ATM enables you to withdraw money, deposit money, and sometimes transfer money between accounts. Most people wouldn’t expect to be able to use an ATM to open up a new account at a bank, or to close an existing one.
A means of access provides a specific capability defined by its intended purpose. For example:
  • A website provides web content for its users
  • Front desk security at a building registers guests who visit a building
  • A lock core in a padlock enables a user to unlock the padlock
This concept holds true as long as we can trust ...

Table of contents

  1. Cover
  2. Half Title
  3. Title
  4. Copyright
  5. Dedication
  6. Contents
  7. Acknowledgments
  8. Chapter 1 Introduction
  9. Part 1 Secure System Concepts
  10. Part 2 Designing and Operating a Secure System
  11. Chapter 12 Closing
  12. Index
  13. About the Author