CSC 477E

Security Controls
 Security Controls
• Security controls are safeguards or
countermeasures to avoid, detect,
counteract, or minimize security risks to
physical property, information, computer
systems, or other assets.
• Controls help to reduce the risk of
damage or loss by stopping, deterring, or
slowing down an attack against an asset.
 Classification of Controls
• Preventive Controls
• Before the event, preventive
controls are intended to prevent an
incident from occurring e.g. by
locking out unauthorized intruders
 Detective Controls

• During the event, detective

controls are intended to identify
and characterize an incident in
progress e.g. by sounding the
intruder alarm and alerting the
security guards or police;
 Corrective Controls

• After the event, corrective

controls are intended to limit the
extent of any damage caused by
the incident e.g. by recovering
the organization to normal
working status as efficiently as
possible.
 Controls according to nature
• Physical controls e.g. fences, doors, locks and fire
extinguishers;
• Procedural controls e.g. incident response
processes, management oversight, security
awareness and training;
• Technical controls e.g. user authentication (login)
and logical access controls, antivirus software,
firewalls;
• Legal and regulatory or compliance controls e.g.
privacy laws, policies and clauses.
 Controls
• 1. Segmentation
• It limits the potential for harm in a network in
two important ways:
• Segmentation reduces the number of threats,
and
• It limits the amount of damage a single
vulnerability can allow.
• Assume your network implements electronic
commerce for users of the Internet. The
fundamental parts of your network may be
• A web server, to handle users' HTTP sessions
• Application code, to present your goods and
services for purchase
• A database of goods, and perhaps an
accompanying inventory to the count of stock on
hand and being requested from suppliers
• A database of orders taken
• If all these activities were to run on one machine,
your network would be in trouble: Any
compromise or failure of that machine would
destroy your entire commerce capability.
• A more secure design uses multiple segments
 2. Redundancy
• Redundancy is a key architectural control:
allowing a function to be performed on more
than one node, to avoid "putting all the eggs in
one basket." For example, the design of Figure 7-
20 has only one web server; lose it and all
connectivity is lost. A better design would have
two servers, using what is called failover mode. In
failover mode the servers communicate with
each other periodically, each determining if the
other is still active. If one fails, the other takes
over processing for both of them.
 3. Encryption
• Encryption is probably the most important
and versatile tool for a network security
expert.
• In network applications, encryption can be
applied either between two hosts (called link
encryption) or between two applications
(called end-to-end encryption)
 4. Content Integrity
• Content integrity comes as a bonus with cryptography. No one
can change encrypted data in a meaningful way without
breaking the encryption. This does not say, however, that
encrypted data cannot be modified. Changing even one bit of
an encrypted data stream will affect the result after
decryption, often in a way that seriously alters the resulting
plaintext. We need to consider three potential threats:
• malicious modification that changes content in a meaningful
way
• malicious or nonmalicious modification that changes content
in a way that is not necessarily meaningful
• nonmalicious modification that changes content in a way that
will not be detected
• Encryption addresses the first of these threats very effectively.
To address the others, we can use other controls.
 5. Strong authentication
• Networked environments need
authentication, too. In the network case,
however, authentication may be more difficult
to achieve securely because of the possibility
of eavesdropping and wiretapping, which are
less common in nonnetworked environments.
• Also, both ends of a communication may need
to be authenticated to each other: Before you
send your password across a network, you
want to know that you are really
communicating with the remote host you
expect.
 6. Access Control
• Authentication deals with the who of security
policy enforcement; access controls enforce
the what and how.
 7. Firewall
• A firewall is designed to do the screening that
is less appropriate for a router to do. A
router's primary function is addressing,
whereas a firewall's primary function is
filtering.
• Firewalls can also do auditing. Even more
important, firewalls can examine an entire
packet's contents, including the data portion,
whereas a router is concerned only with
source and destination MAC and IP addresses
 8. IDS
• An intrusion detection system is a device that
is placed inside a protected network to
monitor what occurs within the network. If an
attacker is able to pass through the router and
pass through the firewall, an intrusion
detection system offers the opportunity to
detect the attack at the beginning, in progress,
or after it has occurred. Intrusion detection
systems activate an alarm, which can take
defensive action.
 9. Honeypots
• How do you catch a mouse? You set a trap with
bait (food the mouse finds attractive) and catch
the mouse after it is lured into the trap. You can
catch a computer attacker the same way.
• Honeypots are a computer system open to
attackers. A honeypot has no special features. It is
just a computer system or a network segment,
loaded with servers and devices and data.
• It may be protected with a firewall, although you
want the attackers to have some access. There
may be some monitoring capability, done
carefully so that the monitoring is not evident to
the attacker.
 Reasons for putting up Honeypots:
• To watch what attackers do, in order to learn
about new attacks (so that you can strengthen
your defenses against these new attacks)
• To lure an attacker to a place in which you
may be able to learn enough to identify and
stop the attacker
• To provide an attractive but diversionary
playground, hoping that the attacker will leave
your real system alone