Cybersecurity Concepts
What is the Internet?
Before we try to understand how to conduct ourselves in Cyberspace, we need to define the Internet and understand how it works.
ARPANET
During the 1960s, the United States government wanted a robust, fault-tolerant way for computers to communicate with one another. The Advanced Research Projects Agency Network or ARPANET was the earliest "packet-switched" network that used the TCP/IP communication suite. We will discuss this suite in later lessons.
ARPANET was mainly used to connect regional academic institutions and military networks until it was commercialized in the late 1980s. Since then, the Internet has become a vast ecosystem of services ranging from: video and audio communication, cloud storage, robust peer-to-peer communications, and electronic commerce.
The very nature of the Internet is a system of interconnected computers. It does not reside in one country or a single server room, but is distributed around the globe. Many backbone services like the Domain Name Service are designed to be redundant and distributed, ensuring 100% uptime.
Internet as a Content Delivery System
Since its commercialization, research organizations and developers have created ways to deliver content to the public over the Internet. The most common content delivery systems include:
World Wide Web - an subsystem of the Internet that contains documents and resources commonly referred to by their Uniform Resource Locators or URLs
Electronic Mail (E-Mail) - a service designed to deliver messages and content to remote users. Typical implementations use a server to forward messages (e.g. SMTP server), and a server for users to retrieve messages (e.g. IMAP or POP3 server).
Social Media - a more robust system allowing common users to post content with little to no computing or programming experience.
The Dawn of Virtualization
With advancements in processor speed, memory capacity, and storage technology, we needed a better way to efficiently utilize our hardware.
Virtualization is a process where a physical system is divided into smaller logical systems. For example, using a free program called VirtualBox, a user can install a Linux-based operating system, inside a virtual machine, on a Windows-based system. There are a few terms that you should be familiar with:
Term | Definition |
Host | The physical system before divided logically |
Guest | A logical system residing on a host |
Hypervisor | Software that creates, runs, and destroys virtual machines. This software always resides on a host. Examples of hypervisors are: VMware ESX, XenServer, VirtualBox, KVM |
Snapshot | A saved state of a virtual machine. Changes after the creation of a snapshot are called deltas. |
Desktop virtualization allows us to create environments for testing and development. For example, security professionals may want to perform analysis on malicious software without infecting their host system. Therefore, they will create a virtual machine, build a "clean" snapshot, conduct their analysis, and revert back to their "clean" snapshot.
Internet "as a Service"
Since the 2000s, the Internet has moved from primarily delivering content to a place where a user can lease computing resources from companies such as: Google, Amazon, or Dropbox. Services like these are commonly referred to as cloud computing.
Cloud computing services leverage virtualization technologies and automation to provide customers with computing resources without needing to be an Information Technology expert. The following are typical services that cloud service providers offer their customers: Infrastructure As A Service (IAAS), Platform As A Service (PAAS), and Software As A Service.
Term | Definition | Example |
IAAS | Users have direct access to computing resources. These include: operating systems, storage, networking, etc. Users connect to these systems via remote protocols like the Microsoft Remote Desktop Protocol (RDP) or Secured Shell (SSH). IAAS is like putting your computer in a server room, connected to the Internet, and accessible 24 hours a day. | Amazon Elastic Cloud Computing |
PAAS | Users never have direct access to the hardware, but can interact with services like a database via a web console or client software. Allows users to focus on application development and not server administration. | Google AppEngine, Microsoft Azure |
SAAS | User software installed and accessible in the cloud. All hardware, operating systems, configurations, etc. is not seen by the user. Think of this like having a hard drive or Microsoft Office in the cloud. | Microsoft Office 365, Google Apps, Dropbox. |
What is Cyberspace?
Cyberspace is the notional environment in which communication over computer networks occurs [Oxford Dictionary]. The describes the environment in which you interact with technology and collaborate with friends, family, co-workers, and others. Cyberspace is often used interchangeably with the Internet; however, the Internet refers to the global network of computers accessible by everyone. The Internet does not include local area or private networks, whereas Cyberspace refers to the environment as a whole.
During the late 1990s into the 21st century, the Internet became a worldwide phenomenon boasting the instantaneous communication of geographically separated persons. In the years that followed, systems like medical databases and nuclear power plants quickly became "Internet-facing," offering their services to those who needed access. System administrators were more concerned with availability and not security. What became apparent to researchers and malicious actors or "hackers" were the inherent security risks within these systems and the communication protocols they used. The exploitation of vulnerabilities to gain unauthorized access to various government and commercial systems became an underground hobby.
In 2006, the United States Air Force developed and established policy naming "Cyberspace" as the fifth war fighting domain (along with land, sea, air, and space) and implemented the first cyber command structure. Finally, in 2009, the United States Cyber Command (USCYBERCOM) and the 24th Air Force (AFCYBER) were stood up to plan and execute military operations in the new "cyberspace warfighting domain." What makes cyberspace different from the other warfighting domains is that it is completely man-made.
The U.S. military outlines how it defines and conducts cyberspace operations in a document called Joint Publication 3-12: Cyberspace Operations. Here they break up operations into (mainly) two categories: Offensive Cyberspace Operations and Defensive Cyberspace Operations.
In Offensive Cyber Operations (OCO) the goal is to exploit vulnerabilities within a system or network in order to:
Gather information
Deceive or influence the enemy
Deny, Degrade, Disrupt enemy resources
Defensive Cyber Operations (DCO) is the process of leveraging intelligence, technology, and law enforcement to defend and protect information technology assets. They use a cyclical process of PREVENT, DETECT, and RESPOND to cyber threats targeting their infrastructure.
Cybersecurity professionals or "operators" will harden their servers and networks to
PREVENT attacks on their systems. They will use intelligence to create signatures of known malicious activity and leverage technologies like Intrusion Detection Systems to
DETECT malicious activity. Then they will
RESPOND to network attacks and possible breaches by containing the attack and performing an investigation to determine its origin. At times, law enforcement may be consulted to pursue legal action against the malicious actors if possible. Once the response actions are complete, those lessons learned are translated into new intelligence to aid in preventing similar attacks.
What is Information Security and Information Assurance?
For an Information Technology (IT) system, the transmission and storage of data is its sole purpose. Whether this data is server configurations, a public affairs article you are writing, or Personal Identifiable Information (PII), we need to properly secure it.
Information Security
Information Security, commonly referred to as "InfoSec," is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information [Wikipedia]. This term is a global concept that includes all types including physical (e.g. printed) and digital data. Professionals in this field know how to recognize data, categorize/classify it, secure it, and allow access to personnel with the appropriate authorization or clearance.
For example, in the U.S. government, data that would cause "serious damage" to national security if it were publicly available is classified SECRET. Only personnel with a clearance of SECRET or higher can access that data; no exceptions.
Information Assurance
Information Assurance, known as "IA," is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes [Wikipedia]. We use a concept called controls to ensure data confidentiality, integrity, and availability. These controls include:
Physical - using locks, safes, cameras, guards, gates to protect access
Technical - using technology like encryption to ensure confidentiality
Administrative - using processes like background checks to hire trustworthy employees
CIA Triad
The CIA Triad is a conceptual model that addresses three important goals of information assurance: Confidentiality, Integrity, and Availability.
Confidentiality
Confidentiality is the process of keeping data private from unauthorized access. We commonly use the principle of least privilege which implies that access to resources are on a "need to know" or "need to access" basis. For example, if administrator-level access to the company’s web server is not required for Alice to do her job, she should never have those rights.
Once privileges have been assigned to a person, they will have to Authenticate themselves (proving their identity) and receive Authorization (or permission to access) from someone or something to access a resource. For example, Charlie has been given content editor rights to the ACME Corporation's webserver and his privileges allow him to post articles and add pictures to the company website; however, they do not allow him to change the configuration on server and install programs.
In order for Charlie to access the webserver (Linux operating system), he must use his username and password to log in. These credentials are sent to the server and authenticated. If they are valid credentials, he received authorization to system resources based on he privileges.
We may also use technology like encryption to ensure the confidentiality of data while in transit from one system to another. For example, Charlie is entering his credentials from his desk in San Diego, CA to access the webserver in Vancouver, British Colombia, Canada. We may use a technology called Transport Layer Security or TLS (formerly called Secure Sockets Layer or SSL) to secure the communication channel between Charlie's desk and the webserver.
Integrity
Integrity ensures that the data does not change while it is stored or in transit. We use access controls to prevent unauthorized users from modifying (writing) data and cryptographic checksums to verify that the data was not changed.
Availability
Data is useless if authorized users cannot access the data. At times, some information security professionals may hit a common pitfall where they secure their data or systems too well. Therefore, we must understand that our users must have access to the resources they need to do their job and that IT systems have adequate availability.
Together we use all aspects of the CIA Triad to ensure the security and accessibility of our data.
Last updated
