






































Studia grazie alle numerose risorse presenti su Docsity
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Prepara i tuoi esami
Studia grazie alle numerose risorse presenti su Docsity
Prepara i tuoi esami con i documenti condivisi da studenti come te su Docsity
Trova i documenti specifici per gli esami della tua università
Preparati con lezioni e prove svolte basate sui programmi universitari!
Rispondi a reali domande d’esame e scopri la tua preparazione
Riassumi i tuoi documenti, fagli domande, convertili in quiz e mappe concettuali
Studia con prove svolte, tesine e consigli utili
Togliti ogni dubbio leggendo le risposte alle domande fatte da altri studenti come te
Esplora i documenti più scaricati per gli argomenti di studio più popolari
Ottieni i punti per scaricare
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Appunti di digital security management
Tipologia: Appunti
1 / 46
Questa pagina non è visibile nell’anteprima
Non perderti parti importanti!







































Digital Security Management addresses management and technical aspects of security in organizations, emphasizing the need for good security management practices. Speaking about security we can distinguish METHODS (sequence of steps that bring us to develop something in a structured way, they are necessary because sometimes systems are so complex, like information systems, that if we don’t follow a method, we get lost) and TECHNIQUES (specific ways of handling a thing, like cryptography). Nowadays methods and techniques for security are more and more relevant, also because the 90% of intrusion into computers and networks (technological connections) remain undiscovered. A research performed by department of defence underlined attacks are successful in 80% of cases and in only 6% of cases, intrusion has been detected (not prevented). The attacks can be more or less dangerous according with different point of view (company vs individual). The general problem is that systems are inherently weak and for this reason it is necessary to set up SECURITY POLICIES, TECHNICAL MECHANISMS and ORGANIZATIONAL MEASURES (they are decided at a strategic level (password should be changed every 3 months, login through SPID, …)) to face the problem. Usually, the companies don’t report about attacks in order to not lose reputability. It is important to have trusted resources (people, assets, data…). According to ANTHONY’s PYRAMID, in a company everything can be structured in three groups: OPERATIONAL RESOURCES, TACTICAL RESOURCES, STRATEGIC ACTIVITIES (they elaborate the strategy of the company, as business analysis, data analytics, security policies…). Data and information are the most valuable assets in a company. The difference between DATA and INFORMATION is that the first has also a physical connotation (a sequence of bit stored in a database…), the latter is something that has a meaning, a context, a semantic. In order to prevent attack is necessary share data, information or resources between different organizational units and cooperate between, but always preserving existing legacy systems and databases, protecting the autonomy and motivating interoperability. Nowadays, the Enterprise Information Systems are evolving towards global distributed solutions (Federated Information Systems), so there are continuously new needs and new security problems. From an ARCHITECTURAL point of view, it is possible to find applications (software) on various nodes and it is called distributed computing. DOMAIN is a set of resources with the same security requirements and therefore protected via a homogeneous set of policies/mechanisms. The data are unitary but distributed on various nodes (distributed database). In a system it is possible to find some VULNERABILITIES that can’t be avoided, they exist and they can be only faced through policies and mechanisms. Internet is the most dangerous environment. The server can access internet through clients (browser). The router is a telecommunication switcher that allows that traffic of internet. The web server can be under attack with deniable causes, but it is not a critical aspect.
The demilitarized area doesn’t host critical resources and a FIREWALL is a machine/software that filters the requests to enter the information system. EXTRANET regards providers and customers and the connection can happen through the credentials. The high security area host critical data. There are 3 typologies of THREATS:
techniques based on MATHEMATICAL TECHNIQUES ( Symmetric crypto , Asymmetric crypto , Digest , Algorithms of key exchange ). SECURITY FUNCTIONS obtained by cryptography are: Data secrecy , Data authenticity , Agent authentication. Cryptography consists in making the data unrecognizable through algorithm. Cryptography is used to create virtual communication channel rather than protecting data storage, in fact is very seldom to find encrypted data in database, while the transmission lines usually encrypted using cryptography. The major issues in data transmission refer to protection of Communication Channel, protection of Client Identity (who asks for a service), protection of Server Identity (machine/agent that provides the service) and protection of Identity of Message Author (no repudiation). The interceptor works on the transmission line, while the Replayer can work on the transmission line and on the server. The False Sender intermediates the communication, sending false message requests and receives a message reply, that usually contains data. The False Server provides false message replies. In both these cases we can use authentication techniques based on cryptography. To PREVENT THE ATTACKS is possible to set Secure Communication Channels (virtual private networks (VPN) that is a sort of tunnel created by cryptography that works on top of physical network), to design Suspicious Clients and Server (continuous request of credentials during the communication), to ensure that Communication is Fresh (ensuring that the client is active to avoid message replay; in fact the attacker, without trying to find clear data, uses encrypted packets and re- inserts them into a conversation, so to avoid this threats it is possible to continuously change the encryption algorithm or key). Cryptography is a Mechanism to implement policies, it is a mechanism to ciphering data using keys. Cryptography can be used on Authentication Phase; we need mechanisms for password authentication on centralized systems (authentication server) or mechanisms for key distribution (authentication service). Access Control means who can perform actions on system resources (people, databases, …), these resources should be available only for authorized agents. In order to ENCRYPT (make available) information it is necessary the coding of information so that it becomes understandable only for those agents who have one or more KEY(S), that is the secret element of cryptography. The cryptography uses known and public algorithms, only the secrecy of key guarantees confidentiality and integrity, so keys must be kept secret, selected within a huge number of combinations and changed very often. Attacker performs crypto analysis in order to discover the keys to encrypt the message. The algorithms can be divided in two main classes:
algorithms that are a combination of transpositions and substitutions that originate standard transmission algorithms (Data Encryption Standard system (DES)). Converts data “in clear” in form resulting non understandable (“ciphered data”) and vice versa, the 2 transformations are called enciphering (E) and deciphering (D). Transformation requires knowledge of one secret key K. Substitution and transposition, taken singularly, are simple algorithms, for this reason we can use DES, it is developed by IBM and used by National Security Agency for non-classified information. It is implemented in hardware that make it very fast and efficient. It is a sequence of substitutions and transpositions, it encrypts blocks of text, grouping them in 64 bits, under a key. The key in the different algorithms are becoming longer and longer, because from the length of the key depends the level of security of encryption and decryption. ADVANTAGES: very performant in terms of speed. DISADVANTAGES: communicating parties need to meet virtually on the network to exchange the key before to start the communication, problem to keep the key secret, once the key is compromised, all the subsequent messages are compromised. The symmetric algorithms are implementable on hardware, because usually they are a set of chips that should work each other.
directed to the protected network are compliant with the Organization Security Policy and cannot provoke damages to internal systems. Firewall is positioned within the gateway (router) connecting a network to external entities. In general, it has various components (hardware and software), it can also be one hardware component hosting various software processes; but the preferred solution is composed of many different elements creating multiple defence lines. There are laws for Firewalls:
o TUNNELING : the secure channel is established between 2 gateways (typically 2 routers that represent the entrance to a network). It is more suitable for enterprises that create an internal network that must be secure. In both the cases these are two VPN techniques.
Since data are the most valuable assets in a system, there are specific techniques for them. Data require protection from improper access (unauthorized agents), protection from inference (even if I am authorized to read I can’t modify data items). The integrity must be granted, such as protection from improper changes, operational data integrity (concurrency manager, locking, back up and recovery), semantic integrity (integrity of constraints). Accountability (each user should be accountable and responsible for what he performs in the systems) and auditing (related to detection) must be guaranteed. The users must be authenticated to access to data, allowing a secure identification and a management of sensitive data. In some environment, military and government…, multilevel protection systems are required. Confinement is the property to limit the resources that can be affected by an attack, avoiding long information transfer along authorized channels, memory channels and convert channels (whose existence is not clear or known, usually they are created by attackers). Controls on data can be of three types:
a lower one, MAC introduces different sensitivity level, tagging users and data with protection labels (Unclassified, Confidential, Secret, Top Secret), they are called SENSITIVITY of Data and CLEARANCE of Users. These levels are in a hierarchical relation from Unclassified to Top Secret. The MAC introduces also the CATEGORIES concept (e.g. Nuclear, NATO, Intelligence; Production, Personnel, Engineering). This system doesn’t allow sophisticated attacks by certain users (Trojan Horses). There are different types of access controls for Databases: ACCESS BASED ON NAME OF ATTRIBUTES, ACCESS BASED ON TYPE OF ACCESS THE USER HAS IN DATABASE (read, write, update, delete…), ACCESS BASED ON THE CONTENTS. SECURITY MODELS The premise is that every user that access a system should be authenticated. The term DBMS (Data Base Management System) refers to a software devoted to manage data in a database (Horacle…). DISCRETIONARY ACCESS CONTROL (DAC): the user has a discretionary power to manage the resource, he can grant and revoke privileges on the data he owns. The access can be dependent on name/content/type of access. The context-dependent access is a combination of Operating System Policies. The discretionary model are based on:
MULTILEVEL ACCESS CONTROL (MAC): it is usually used when there are data that are very sensitive. It uses a mechanism of protection and management of multi-level data (in combination with Operating System, and labels. Trusted Computing Base (TCB) groups all the mechanisms that implement MAC security policies.
✓ checklist templates for audits and audits. It is important to make sure, therefore, first of all the presence and adequacy of all the components that contribute to the completeness of the model.
▪ the checklists and evidence collected in the field; ▪ audit reports and related remediation plans. The plans proposed for the return from any detected non-conformities and the verification of their effective adoption through specific follow-up sessions, to be provided for each control, will take on particular relevance. In fact, what use would it be to carry out checks, detect discoveries, report remedies and then leave everything as before, without checking whether a return path from the detected criticalities has been put in place? (Infatti, a cosa servirebbe fare controlli, rilevare scoperte, segnalare rimedi e poi lasciare tutto come prima, senza verificare se è stato messo in atto un percorso di ritorno dalle criticità rilevate?) Furthermore, the world of controls cannot be based only on periodic checks of the functions in charge, but must be integrated by a constant "flow of information" to the Privacy Officer (and the DPO) that offers visibility to all those business, organizational and technological innovations, or linked to suppliers or to the methods of processing personal data (new treatments, new types of data processed or of interested parties, change of retention criteria, etc.) which may require updating of registers, information, appointments, procedures or other documentation, as well as a possible revision of the risk analysis or the launch of DPIA or the by design approach to new initiatives. This flow must solicited to the operational functions (the only ones aware of what happens daily within them), analysed to draw the appropriate consequences, periodically reported. The set of these steps therefore constitutes the "checklist" with which the professional in charge of ensuring compliance with data protection within one's organization and achieving GDPR corporate compliance must be provided. A Digital Signature document respects all the 5 properties, the GDPR and compliances. Chamber of commerce (camera di commercio) is an authority that check and provide privacy certificates.
To ensure that the certificate cannot be altered, it is protected with the digital signature of the Certification Authority (CA) that issued it, he is a body created to carry out organizational (identify individuals who require a certificate) and technical (creation of certificates) tasks, but he can have also some accessory functions as the distribution of certificates or their revocation. It is possible to have an infrastructure supporting asymmetric keys, "public key infrastructure" or PKI (Public-Key Infrastructure). The PKI provides the following basic functions to user communities: Issuance of public key certificates, after carrying out the necessary technical and procedural checks; Revocation of public key certificates (e.g. theft of the private key associated with the public key); Distribution of public key certificates and information about revoked certificates. Optionally, PKI can also provide support for the validation of a digital signature through identification functions of the time at which the signature was affixed ("time stamp"), of the role covered by the individual who signed it ("role certification") and why the signature was made ("signature policy"). When a public key is received through a certificate, the integrity and validity of the signature must be checked: the digest calculated on the certificate (i.e. on the public key and the data associated with it) is compared with the digest extracted from the digital signature affixed by the CA that has issued the certificate, if this comparison is successful, the certificate is certainly intact but it remains to be seen if the CA that issued it is a trusted CA, a solution to this problem can be a list of public keys from trusted Cas, that is maintained or the creation of
certification hierarchies, in which a CA issues certificates not only for users but also for other subordinate CAs that have the task of certifying different sets of users. There is no a universal PKI yet, but the competition is between various standards: X.509v (ISO), X.509v3 (ISO + IETF), PKCS (RSA, partially compatible with X.509v3). The public keys and certificates are used to exchange of e-mail messages (PEM, PGP, S / MIME), Proprietary applications (for remote control, to make safety modules), For hardware equipment (router, network hardware), For e-commerce applications, To create secure Web sites and Signed software components. Agents must be authenticated before allowing them to open a communication channel or access information, a person can be identified using one or more of the following characteristics: information that he knows (e.g. password) (SOMETHING YOU KNOW), an object he possesses (e.g. a magnetic card) (SOMETHING YOU HAVE), one of his physical characteristics (e.g. fingerprint, retina, DNA) (SOMETHING YOU ARE). The Password can be of vary types: OTP (One-Time Password) it works with the encryption of a key generated at the same time when the token is switched on, practically it works with the synchronization between the token that user has and the number generator of the institution (bank), Challenge-response systems (the password is never transmitted but only used to make a calculation that indirectly demonstrates its knowledge), answer =f(challenge, password), the answer is function of the result of the challenge and the password that has an encryption role. The application used for the security of the communication are SSL stands for "Secure Sockets Layer", a standard technology that ensures the security of an Internet connection and protects sensitive data exchanged between two systems by preventing cybercriminals from reading and modifying the transferred information, encryption algorithms can be used to encrypt data in transit, preventing it from being read by hackers while in transit over a digital connection) and TLS ((Transport Layer Security) is an updated and more secure version of SSL). A Trusted third-party authentication works with a password that is used not to directly access the applications but to obtain a sort of pass (ticket) generated by a central authentication system and accepted by the applications as proof of the agent's identity (Kerberos). Regarding the SECURITY IN THE WEB, we can consider a web browser that communicates with a web server, the server is usually in demilitarized area. There can be an attack to the web server, but usually on it there are not critical data; attack to the web server, like Trojan Horses and so on; attack to communication channel. For every type of attack protection policies and mechanism exist.
devices, hardware, software (e.g. cryptographic devices, Access Control Lists, view for the database). A policy can be implemented by multiple mechanisms. o WEB BROWSER: the main types of attacks on it are: Privacy Infringement (on cookies that are stored in the https section), Execution of Fraudulent Active Components, as VBA macro (software), Mischievous scripts, applets and ActiveX controls, Spy Component / Back Doors (bug in the system), Trojan horse, Execution through malicious code plug-in (e.g. artifact PDF documents; they are usually components that update the system, if they are out of control, they are very dangerous). o WEB SERVER: The policies for the protection are: ❖ Minimum privileges to processes activated by the server (need-to-know): Minimum privileges to the processes activated by the main process of the WEB server. The main process, which is owned by the system administrator and is listening on port 80 (web port of a connection), is unfortunately activated by the current Operating System with maximum privileges (root in Unix, administrator in NT), this situation that cannot be remedied, unless an organizational measure. The system administrator is responsible for activating the child processes inherent in the services offered by the WEB server (e.g. connection with data sources), these services must be activated by associating them with a virtual user to whom minimal privileges are assigned, thus preventing processes with possible bugs from attacking the entire system. ❖ Server file system protection: Users connected to the web server must be granted minimum privileges (read for html pages, execute for scripts or applications), while WEB administrators are also granted modification privileges on html pages and configuration files (write). A good practice involves prevent users from viewing and browsing the folders containing html pages, scripts and applications, in fact not knowing the version and the information of the scripts present on the server, prevents the exploitation of their possible BUGs for fraudulent purposes). ❖ Confinement of individual services (define an area of grouping resources that create a given service): The adoption of a server to be dedicated exclusively to WEB servers is recommended, moving any other service or application to other computers. If this is not possible and different services use the same file system, it is good practice to adopt a security policy aimed at managing the accounts of each service separately, limiting themselves to providing individual users with only the strictly necessary privileges. For WEB servers it is advisable to keep the directories containing the html pages and the scripts respectively (execution rights limited to this directory). ❖ Scripts activated with minimal privilege: activated with the strict privileges necessary to perform their function. ❖ Auditing the server to a level of fine granularity: All possible forms of auditing must be activated, and the various LOG files must be constantly monitored. All updates and patches that are needed must be applied to the server
There can be attacks also to ACCESS THE RESOURCES OF THE OPERATING SYSTEM, as hardware, network connections or shared resources. COOKIES: Text files that web servers generate and store in a specific directory within each web browser. They are used to store session variables, user information, sites visited. Their most frequent use is to support iterated entry of data in the input forms (which would be lost when moving from one page to another). It is possible to disable them, but the pages that use them would not work properly. There are cookie managers that filter the content by making available only some of the information contained on the web servers. Processes are exposed and connected to the web, in fact they receive the http request (port<1024, usually port 80) and it runs in a superuser way. In a physical separated area, the user operates using http, under the condition of min privileges. It is a good practice to have two separated physical area in the web server, one used by administrator and the other used by simple users. In the left the typical structure of a cookie, it contains information about name, browser used.