security, it is ancient as earth,before humans, there were animals who seek protection from the predators, then, it comes to many things in our life, clothes, vails, houses, also the bed cover that protects you from getting cold in winter.
Information security is hard and valuable, back at the time
of Juluis Ceasar (made the first known cipher) , he begin to think a way to
hide his messages from the messenger that carries it and any one who may read
it en-route, he method was simple begin the alphabet with “D”, and ended it
with “C” (the key to decrypt the information), though the word “cat” will
be “fdx” which doesn't make sense to the one who don't know about the cipher.
After time, computers invented, its security turned to be a great concern,
ciphers applied by cryptographic algorithms, firstly invented, then the
internet came along after several years, which extends these cryptographic
algorithms to protocols more complex.
Here, the term “information security” came to life,
as the use of the computer networks and sharing information became more common
between people, the concerns are great, for example, person A wants to share a
file (photo of A with his mother) with his brother B -that's the data here- the
photo isn't a secret in itself, but when another person Z got it, here the
problem comes, and we call this break of the confidentiality of
the data , also, if B's PC doesn't allow him to access the photo at a given
time period, we call this break of data availability (as the
photo isn't available to B all the time),the last great concern here is about
the change of the content of the data, for instance, if Z get the photo and
altered its content (ex. Turned the mother's face to B's wife), this obviously
a problem, and we call this break of integrity, as the photo at
A's PC must be the same as at B's PC. As a summary, we have three main concepts
“Confidentiality, Availability, and Integrity”
(CIA), these three appears not to be that big problem, but on a
wider range, as huge servers, or cloud data, it is a main issue there.
As the introduction of the internet by
sir Tim Berners-Lee at the early 90s, security concerns begun to arise with
different scopes, as the picture suggests:
 | |
| the internet |
the internet is nothing more than a huge network, and the
network in its simplest form is two computers(we may call them nodes) connected
to each other using a wire, in order to exchange data as their
primary aim of connection.
So let's get some terminology about ciphers
and encryption, ordinary (symmetric) ciphers needs only one key to do both the
encryption and decryption processes(as Juluis Ceasar cipher), on the other
hand, the asymmetric ciphers make use of two kinds of keys (public key and
private key), to do the same two processes, but here the public key Encrypts
and any of the private keys decrypts the data, and the use of the asymmetric
ciphers proved to be a great use in data shared in multiple(more than one node,
it may be hundreds or more) sites or nodes, so that every node has its
private(may called secret sometimes) key
to encrypt the data and any of the other node can decrypt it using the public
key and so on....
for the simple model (two computers only), it is enough to apply simple symmetric cipher that used to store the data on both nodes in an encrypted state, and no need to secure the route(the copper wire between them), 'cause no other nodes shares it except these two nodes. so here the model was easy to secure and protect from the unauthorized users, but let's think a little about the other model (the internet model as I call!), the concerns there are:
1.
data transmitted:
security of data in the wires and network devices.
2.
Data on both nodes: the
transmitter and the receiver nodes.
3.
Apply the CIA (three main security
concepts that stated earlier), as there is a variety of situations that may
make the application of these concepts the core of information security.
Let the matters be like this, a website (server) that a
client (PC) downloads a file(data) from it, the CIA recommend the file to be
confidential(can't be accessed), also integrated (contents are not altered) and
available any time on the site. There are some times that CIA are partially
needed, for instance, a newspaper website that publish a new story, here the
confidentiality isn't a concern, but they much concerned about the integrity
(no altering or changing in the content) and availability to all the users of
their site. Another example, your files on any server(ex. Google Drive),
besides availability, you may be concerned more about its confidentiality and
integrity!. That's how the matters go for the information security concerns.
Challenging security concerns arise rapidly these days about
the security in the cloud, it is just a bit complex, but just imagine that
Company “X” have terabytes of its information stored in a cloud server (a
server that stores X's data and provide it with some service it needs as mail
server to send mails, word processor to let the employees use to write
documents ,.....etc.) , as X's information needs CIA along with its meta data
(the data about usage of the data such as the recipients of the e-mails, how
many files are being processed at a given time, these information matters!) , it
is more complex than the casual model of the internet and its nodes.
That was a shallow scope about what security goes to, I
really think it is always far in the horizon of the scientists that are day
dreaming to make it available as they imagine, not as it actually is. But, the
applied security is somehow different, as we know about ciphers, we must know
about security protocols(a protocol is a group of methods that make use ciphers
,as if they applied together, it will result to apply security concept(s)), for
example ,the SSL protocol at its simplest form, encrypts the data transmitted
between web browser (ex. Mozilla Firefox ) and the server (ex. Facebook.com) by
complicated and hard to break means in order to achieve the CIA at this part of
information exchange.
Attacks are varied, at
any secure location, the attacker uses a vulnerability (a weak
point to enter from) to exploit (apply or get what he wants) the
victim. Apart from information security, let's talk about soccer attacks, in a
brief way the attacker begins to search about weakly defended point (the
vulnerability), then he begins to attack from it in order to score the goal
(exploit the traget!), also for any team, a player from the opposing team is a threat
because he may attack and score a goal.
There is a variety of information security threats in the
real life, its classifications are varied much between researchers, by their
effects, destruction power, ….etc. So let's take a brief view them, to be more
simple, we can imagine the attacker node as a person, and the victim
server(thing he want to exploit) as a building contains some potentially
important information for this attacker.
Imagine that the attacker(threat) wants to get into this
organization, we may ask ourselves what he could do??, some obvious ideas, that
he could break into the building (Unauthorized Access) so that no
one recognizes his existence in the building, as to be as hidden as possible
from the security cameras and employees that may recognize him as an intruder.
Also, he can get in as a contractor (social engineering) that
came from his company -as a cover to let him know some information- to discuss some aspects of that contract with
the CEO. Also, he could get in as a member of the cleaning stuff wearing their
uniform and steal or forge an identity (Identity theft) to break
to a particular department or office (differs from social engineering that
there he deals with people and trick them to let him know what he wants, but
Here he just get an identity to hide himself from other employees!) , also he
could hire an employee (Insider) to get the information in return
of money, usually.
Those were the most common threats (Unauthorized access,
Social Engineering, Identity theft and Insider),still there are some common
threats as Malware (a computer program installed on the victim
node that sends information to the attacker), and Phishing links (it has
many forms, the most common form is a legitimate -as it appears- e-mail message
with some links if accessed it extracts sensitive information from the node).
To achieve protection from those threats, we must use
countermeasures, at a very abstract view, the countermeasures
works against the threat, but imagine a soccer game, and an attacker wants to
score a goal opposite to a great defender (the countermeasure here!), there
still be a chance for this attacker to score a goal, as this chance exists,
even if it is low, attackers (soccer, or cyber ones) won't get bored from
trying to access the system (or exploit the system!).
The countermeasures are typical here (as a conceptual view)
in the earlier building example, it can be a variety of things, monitor the
cameras 24/7, hire skilled security employees, monitor and verify the identity
of the employees every now and then. Consider this as a summary of the types of
countermeasures, some monitors, other verify the identity, other authenticate
and authorize the identity.
The applied countermeasures differs somehow from these
abstractions, for instance,malware countermeasure is an anti-malware
application installed on the victim's node that scans, and remove the harmful
malware programs of exists. Phishing countermeasure is an application installed
on the victim's mailbox to scan messages and notifies the victim if something
suspicious about a message(s).
For any given threat, if it succeeds to break the
countermeasure and gains access, then from
security POV the system is compromised and needs to be gotten back to
its secure state.This what we call Recovery from attacks and disasters(at some
conditions, if the attack was strong enough that it destroyed or compromised a
huge amount of data.), for instance, a malware which causes information
leakage, or the insider that has been promoted and knows more important and
sensitive (that can affect some critical issues at the company as its budgets
or contracts) information than before, those situations are similar conceptually,
as the malware similar to the insider,then the approach to deal with them has
similar steps:
1.
Identify the source of the
problem (malware, insider).
2.
Remove this source, and try
to figure out what happened.
3.
Estimate the loss, and begin
to search where it had gone, in order to get some information about where it
will be used (as if the attacker didn't use it to the moment of your discovery!
).
As the computers spread everywhere, information security
gets different levels, for a huge company (multinational corp.), or
governmental ministries, it is vastly different from a personal computer or a
laptop, all of them needs security but according to its size and extent. But, how it differs??!
It just differs as
from what you need to secure your apartment, from what can be needed to secure
a whole university campus or a ministry building, and also differs in the
weight of loss, in an apartment, the information can be old photos, personal
information, medical information,.....On the other hand, a university may
contain exam papers, some secretly student's grades, also the ministry may
contain some sensitive information that can directly affect the national security
or the political stability (secret information about political parties, a
candidate, …....), if these information gets publicly accessed and published(on
a website, satellite channel), it can be a reason for a revolution!
At the end, Security
is important and widely varied topic, that we covered just a bit of its vast
extents, also, it can't be achieved by 100% accuracy, that is the challenge and
the essence of it at the same time.
So, when you drive a
car, wear your seat belt.
