00:00:00
Welcome back to our Cybersecurity Architecture Series.
00:00:03
In the last video, I talked about five security principles you should always follow and one you should never follow.
00:00:10
In today's video, we're going to talk about the CIA.
00:00:13
No, not the spy guy: Confidentiality, Integrity and Availability.
00:00:17
So let's get started with the first of these, Confidentiality.
00:00:21
So, confidentiality, we basically accomplish with two main types of technologies:
00:00:26
One is access control, which consists of authentication and authorization.
00:00:37
So authentication is answering the question, "Who are you?" In authorization, "Are you allowed to do this or not?"
00:00:43
And let's take an example of how this might work.
00:00:47
So let's say we've got a guy here who is an authorized user and he is going to try to come into access something down here.
00:00:56
Could be some IoT device, could be a database, could be a server.
00:01:00
He's going to access those things.
00:01:01
He comes in and we're going to check him to see if he is, in fact, who he claims to be.
00:01:06
We're going to do the authentication step.
00:01:08
And in doing that, we might use a technology like multifactor authentication--
00:01:12
some way where he proves who he is by something he knows, something he has, something he is --and use them in combination.
00:01:20
And if he's able to do that, then we allow him in.
00:01:23
And another thing we might add to this is a role-based access control where I look and say,
00:01:29
just because I know who you are doesn't necessarily mean I know what you're allowed to do.
00:01:33
So I need to check now your privileges and see if they match what it is that you're asking for.
00:01:39
If we pass both of these checks-- you're who you claim to be and you have the privileges --then I'm going to allow you through.
00:01:46
So that's the positive case.
00:01:49
In the negative case, here we have an unauthorized user who comes in and they try to authenticate to the system.
00:01:55
And let's say, for instance, they're not able to; they don't have the right credentials.
00:01:59
So we block them.
00:02:00
Or, they come into the system and they're able to authenticate,
00:02:04
but they don't have the privileges and therefore they're not allowed access any further.
00:02:10
So that's how we're basically controlling confidentiality.
00:02:13
Only the authorized user can see this, and we're using access control capabilities in order to enforce that.
00:02:20
Now, what's another piece that we can do here?
00:02:22
Encryption is the other component that is involved in ensuring confidentiality.
00:02:28
Let's take an example here.
00:02:30
Here we have a guy who is going to send a message to an authorized user.
00:02:35
And we want to make sure that the person that is not authorized cannot read the message.
00:02:40
How do we do that?
00:02:41
Well, he takes his message and he encrypts it.
00:02:43
So he encrypts it with a key and a cryptographic key we've shown here to look like an actual house key,
00:02:49
but really, it's a string of bits and he's going to encrypt his message with that.
00:02:55
The message then is going to go in an encrypted envelope, if you think of it that way, it's obscured.
00:03:01
Somebody who is observing from the outside won't be able to read what it is, it looks scrambled. And then the message comes over here.
00:03:08
This guy, who uses the very same key, because we call this symmetric encryption, because we're using the same key on both sides.
00:03:17
In other words, it's a pre-shared key.
00:03:18
Both of them have that knowledge in advance.
00:03:20
How they get there is a whole other matter.
00:03:22
But to keep this example simple we'll assume that they both know the key.
00:03:27
He knows the key, so he's able to decrypt the message and therefore he can read it.
00:03:31
So we get success.
00:03:33
Now, this other guy here, however, does not have the key and therefore all he gets is an encrypted message, which he can't read.
00:03:41
So these are two main things then that we're doing.
00:03:44
We're using access control and encryption as ways to ensure confidentiality.
00:03:51
Okay, we just covered Confidentiality.
00:03:54
Now we're going to move on to cover Integrity.
00:03:58
Integrity is the quality that says a message is true to itself.
00:04:03
A transaction is true to itself.
00:04:05
If it gets modified, then we can detect it.
00:04:08
And if it's detected, then we can know not to trust that and we can take the appropriate countermeasures.
00:04:14
So let's take a look at a couple of examples of this.
00:04:17
Let's say we've got a good guy here and he goes on to a system and he logs in.
00:04:22
Well, we log a record in the syslog to indicate that that occurred.
00:04:26
Then he goes and does some transaction, and then maybe he logs off.
00:04:30
So we're logging those activities as they occur.
00:04:33
Now, let's say there's another guy here who-- the bad guy --he comes in and logs in and then he makes a copy of the database and exfiltrate it.
00:04:44
Then he says, "You know, I don't want anybody to see that.
00:04:47
So what I'm going to do is go back here, elevate my privileged level to superuser,
00:04:51
and I'm going to delete these log records so nobody sees what happened."
00:04:57
Well, that's a big problem.
00:04:59
What we need are technologies that allow us to know that this syslog is no longer trustworthy, that someone has tampered with it.
00:05:06
And those technologies are these things right here.
00:05:08
They are cryptographic functions-- digital signatures and message authentication codes that are used as ways to to tell if,
00:05:17
when I compare one set of records to another, that there's been a change.
00:05:21
So this is the way we can detect that and then take the appropriate countermeasures.
00:05:28
Another example.
00:05:29
Let's take a look at a blockchain, which is a distributed ledger that everyone would have access to.
00:05:36
And as a result, we can all verify whether the results and the information in it is true or not.
00:05:42
Here's this same good guy, and he has appended to the blockchain a few different records and done things like this.
00:05:51
And in fact, in this middle record, let's say he's putting a transaction where he says, "I want to order 100 widgets." And there we see that.
00:05:59
Now what we want is for this thing to be immutable, for it to be unchangeable.
00:06:02
You can add new entries, but you can't change the ones that are on and you can't delete ones that are on there.
00:06:08
Let's say a bad guy wants to violate that.
00:06:10
So his intention is to come along and say, "Let's have some fun here and make this 400-- no more fun --400,000 widgets" and really mess with this guy.
00:06:20
That's what he wants to do.
00:06:23
He may also want to come along and say, "You know what?
00:06:25
I'm just really like to just get rid of that one entirely." So those are the things that we are going to not allow to happen.
00:06:32
And how do we keep those from not happening?
00:06:35
Again, we're going to use these kinds of technologies, these cryptographic technologies that allow us
00:06:40
to see that a record in either of these cases, if someone attempts to modify that, we can see that attempt and we can block it.
00:06:49
Okay, now we've covered Confidentiality and Integrity.
00:06:53
Let's do the last part of the triangle, Availability.
00:06:57
Availability means that the system should be available, the resources should be available to authorized users--that they can get access when they need it.
00:07:06
Well, let's take an example of what this would look like.
00:07:09
Let's say we've got an authorized user here and he comes in and hits a web server, looks up his transaction balance and gets the results back.
00:07:18
That's what we want to see occur.
00:07:20
Well, there's always going to be somebody who's going to try to mess with this.
00:07:23
And so we've got a bad guy and he's going to come in here and send a transaction and another and another and another.
00:07:31
And he's just going to be flooding this system with all of these transaction requests, faster than the system can respond to them.
00:07:38
And if it can't keep up, we end up with what's known as a "denial of service" because
00:07:44
it now can't service other legitimate users for all the illegitimate traffic that's come in.
00:07:50
So that's a basic denial of service case.
00:07:52
How about a more complex case where we amplify the effect of one user and therefore have an even more devastating attack?
00:08:01
Well, in this case, let's say this guy takes over control of his system.
00:08:07
So this user is unsuspecting--Ignorance is bliss, he's happy as can be.
00:08:11
Has no idea that this guy is controlling his system remotely.
00:08:15
And he takes over a bunch of these systems, in fact.
00:08:19
Now, all of these are under his control,
00:08:21
and at any point he can send the command to marshal all of these systems and have them do the same thing.
00:08:28
All of them now are going to start flooding this web server with traffic.
00:08:33
And this thing then goes down even faster because of the the multiplier-- the force multiplier --that's been added in this case.
00:08:42
And that's something we call a "distributed denial of service" attack.
00:08:46
So it's been distributed across a number of different attackers.
00:08:50
Now, in this case, unsuspecting.
00:08:52
We call this thing a botnet because they're sitting out there under his control.
00:08:57
Now, there's a lot of different variations on this.
00:08:59
I just gave you the simple ones where it's just overwhelming amounts of traffic.
00:09:04
In some cases we use other techniques.
00:09:06
Like one of the original of these was called a SYN flood.
00:09:10
And in a SYN flood, what occurs is we have-- in a normal TCP session setup, we have what's known as a three-way handshake.
00:09:21
What occurs is you have someone who sends a SYN message.
00:09:26
They get back from the server an acknowledgment (ACK).
00:09:30
And then they're supposed to respond with a SYNACK.
00:09:33
That's the three-way handshake. In between these two, the server is going to reserve some resources for that session.
00:09:43
So it's sort of like knocking on your door, and then you go to the door, and you wait for someone to be there-- to come in to the door.
00:09:50
If someone knocks on the door, you open the door and then you wait,
00:09:53
and you wait forever, then there's eventually going to be no more doors and all of these things get used up.
00:10:00
That's what happens in a SYN flood case.
00:10:03
Someone in this case, the bad guy, sends the SYN.
00:10:07
And so he sends a SYN down here, and when that comes in, this guy is going to reserve a resource for him to come in and use--a session.
00:10:17
Then he sends back the acknowledgment and then this guy just goes quiet, just goes dark, doesn't answer.
00:10:24
In fact, what he does is he starts another one, another SYN message.
00:10:28
He gets an acknowledgment back, this guy holds a resource for him.
00:10:32
And again, no answer.
00:10:34
He does it again.
00:10:35
Starts another-- ring, the doorbell --we reserve resources and send the acknowledgment.
00:10:40
And again, he doesn't respond.
00:10:42
Now what happens?
00:10:44
We're out of resources.
00:10:46
Nobody else, legitimate or otherwise, can get into this system.
00:10:50
So obviously, the way we would have to guard against something like this
00:10:53
is maybe put in a timeout that says, I'm only going to hold this for so long.
00:10:56
I'm only going to stand at the front door so long waiting for you to come in.
00:10:59
And after that, you know, I'm closing the door and letting somebody else try to come in.
00:11:04
So that's an example of a SYN flood.
00:11:05
There's a lot of other examples of denial of service attacks, where we do a reflection attacks,
00:11:12
where we send information to someone else and then spoof the source address so that it comes back to where our intended target is.
00:11:20
There are, in addition to reflection attacks, there are other types of force multipliers that we can do in these cases.
00:11:26
But what we're trying to do is guard against these cases.
00:11:29
We need to make sure that the system is up and available to the authorized users when they need it.
00:11:35
So, if I'm working on an IT project, one of the things I want to be able to do is make sure that I've covered all the bases.
00:11:43
And in covering all those bases, this is the checklist you should use.
00:11:47
Have I met the confidentiality requirements of the project?
00:11:52
Is the sensitive data only available to those who are authorized to see it?
00:11:57
Is this system true to itself?
00:12:00
Do I have integrity checking so that if someone modifies it or tampers with it, I can be aware of that and know to adjust my trust level?
00:12:08
And do I have the system available all the time that it's supposed to be available?
00:12:14
This is the CIA triad.
00:12:16
If I've covered all of these three bases, then it's job done.
00:12:21
Thanks for watching.
00:12:23
Before you leave, don't forget to hit subscribe.
00:12:25
That way you won't miss the next installment of the Cybersecurity Architecture series.
