ISS Flashcards
(18 cards)
What is ISS?
Generic term to describe all aspects of security regarding data processing/transmitting including:
- Information security: classification of information, access to information, information availability, confidentiality
- Cyber security: focus on data transfer
- Network security: deals with defending unwanted communications
- Physical security: access, theft prevention, destruction, infrastructure
Regulatory frameworks for ANSPs in the context of ISS
- ICAO –> Annex 17 (Security), 19 (Safety)
- EU: European commission/parliament, ENISA (European Network Information Security Agency)
- National authorities / legislation
Security policy
- Defines “security” within an organisational context
- Places constraints on members/employees and adversaries
- Contains aspects of physical security and IT security
- Objectives: business continuity (resilience, recovery plan), fulfillment of legal requirements
Relevant personnel in security management planning
- Security policy management
- IT security management
- Personnel management
- Site/facility management
Relevant personnel in security management implementation
- Physical security e.g. guards
- Administrative security e.g. background checks
- IT security e.g. operators of networks and external interfaces
- All employees e.g. compliance with security policy
What is SRMS?
- Security Risk Management System: all aspects influencing security policy have to be evaluated
- Risk based approach - risikobasierter Ansatz - vom Risiko ausgehend
- Risk assessment: threats/vulnerabilities/residual risks, impact, likelihood
- Impact: administrative, technical, operational
- Likelihood: time or rate of occurences
- Risk treatment: combination of impact and likelihood
What are physical and logical threats in the security context?
- Physical threats: theft, destruction, harm to employees or customers
- Logical threats (data & services): theft, manipulation/modification, interruption
What are physical and logical vulnerabilities in the security context?
- Physical vulnerabilities: unsecured access to premises, infrastructural dependencies
- Logical vulnerabilities: (un-)known software bugs, architectural deficits in software/network/application, weak security policy, external interfaces
Information security frameworks
- Frame of reference based on: business objectives, threat environment, requirements & control
- Help to define a strategy and set a benchmark
- NIST cyber security framework
- ISO framework
Functions of NIST cyber security framework
- Identify
- Protect
- Detect
- Respond
- Recover
- Evaluate in 4 implementation tiers: partial, risk informed, repeatable, adaptive
CIA triangle
- Confidentiality: access to data is only granted to legitimate users
- Integrity: consistent, accurate and thrustworthy data
- Availability: authorized users can access and modify data within an appropriate timeframe
- Further development e.g. Parkerian Hexad model: CIA + possession or control + authenticity + utility
Security threats
- Specifity: random attacks, negligence, hostile intent/directed attack
- Physical attacks: company, infrastructure, employees, air traffic
- Digital/data attacks: service or data disruption/distortion, data manipulation, theft
- Inside or outside threat
- Functionality vs. security
Explain type of attacks
- Port sniffing: network access point has been found, the aggressor tries to provoke reactions by adressing sockets
- Network sniffing: aggressor attempts to gain a thorough understandin of the network structure, devides and services
- Denial of Service (DoS): attack a node so it is not available for legitimate users
- Distributed Denial of Service (DDoS)
- Spoofing: aggressor pretends to be legitimate user
- Man-in-the-middle (MITM): aggressor is inserted into the communication between two legitimate hosts
- Advanced persistent threat (APT): combine targeted attacks using diverse vectors and methods
Explain social engineering techniques
- Social networking: try to befriend an employee in a security critical position (shared hobbies, social media, …)
- Human flaws: try do identify and exploit weaknesses (greed, sex, ego)
- Phishing: try to collect data by addressing a large target audience
- Spear head phishing: target single individuals (requires more background knowledge and high level of effort)
Explain the different types of malware
Method of propagation
- Viruses: piece of code attached to a legitimate program
- Worms: standalone malware program that replicates itself
Underlying goals
- Spyware: targeted attack distributed using worms
- Ransomware: worm with a long propagation phase and makes itself known to the victim
- Back-door access
Identify the different phases of security attack
- Reconnaissance: target selection
- Weaponization: create one or several remote access malware weapons
- Delivery: identify means of transmission
- Exploitation: trigger the malware programs code
- Installation: install payload
- Command and Control: enables intruder to have persistent access to the target network (only if backdoor was installed)
- Actions in objective: take action to achieve the goals
Appreciate how to detect and stop security attacks
- For optimum defense we need awareness and control
- Detection: unsual network traffic, access attempts, unexplained failures of security devices and software, suspicious behaviour
- Defense: prevent attackers from gaining access, happens outside your operational system, heterogenous and multi-layered
Apperciate a holistic (nicht löchrig, sondern “ganze” (whole)) security architecture
- Take into account all threat vectors and threatened platforms: application security, network security, operating systems security
- Application security: application accounts, interfaces, network based services
- Network security: firewalls, active components, network data flow
- Operating systems security: authentication, security patches, active services
- Include organisational units and professionals: SOC, CERT
- Secuirty operations centre (SOC): pro-active analysis of IT systems and security
- Computer emergency response team (CERT): group of specialist dealing with attacks, security issues, …
- System of systems: collection of systems dedicated to their specialised task (security); pooled resources/capabilities and more functionality
