Security Principles

As I sit here and try to think of ways to format/organize this, I think the best way is to just formalize my outline style notes into coherent sentences - here we go!

As a core layer of network security, you have to start with security principles. What exactly is that? It comes down to data and there are technically two types - data in motion and data at rest and in reality, you have to protect both. How do we do that? Let’s start with a few terms and design guidelines that are key foundations when learning network security.

Whenever you talk about security, you talk about the CIA triad (and I don’t mean the government agency). Confidentiality, Integrity, and Availability. Confidentiality is the ability to hide data from unauthorized individuals, Integrity is the ability to make sure that the data has not been tampered with and Availability is the ability to have the data available at a required level.

From a security design perspective, you’ll hear about things like the Principle of Least Privilege, which is giving users just enough access to do their job - no more, no less. Also, Defense in Depth focuses on multiple mechanisms and technologies to protect the environment. Separation of Duties is requiring more than one person to complete a particular operation. For example, I’ve been at places where network engineers do just routing and switching whereas security engineers handle the firewalls, the idea is not give one team all the keys to the castle. Security terms wouldn’t be complete without giving a shoutout to the IT audit teams, that’s where accounting and auditing come in, which is keeping a record of network activities, such as who’s logging into what and what they’re doing. Lastly, there are assets (anything valuable), threats (what we protect against), vulnerability (exploitable weakness), risk (potential for compromising an asset), countermeasure (a method of reducing risk), and risk management (used to identify, assess, prioritize and monitor risk).

In order to secure assets, you have to classify them. Classifying helps to distinguish them in regards to what’s more important/less important. Once you classify your assets, that’ll help secure them better. I know what you’re thinking, how do we classify them? A few common ways are value, replacement cost, age, usefulness, etc. There are two main classification categories - Government and Public. In the government space, you have unclassified, sensitive but unclassified (SBU), confidential, secret, and top secret. On the public side, you have public, sensitive, private, and confidential.

Vulnerability also has categories such as physical access to equipment for unauthorized individuals, human factors, hardware and software vulnerabilities, incorrect designs, misconfigurations, and weaknesses in protocols. Let’s not forget about countermeasures, they have categories too such as physical (enforcing physical security), technical (hardware/software), and administrative (policies, procedures, and guidelines).

Security Threats

So what is all this stuff trying to prevent? THREATS! What is a threat? It is anything that can harm our systems and generally is either a person (attacker) or software. There are a few attacker types - hackers, criminals, terrorists, disgruntled employees, competitors, and foreign governments. A couple of common attacks that are popular nowadays are Reconnaissance (network discovery), Social Engineering (tricking people), Privilege Escalation (getting more access), Code Execution (activating malicious code), Backdoor (software installed to allow remote access in the future), Covert Channels (hidden communication channel), Trust Exploitation (utilizing an existing policy to obtain more access), Man in the Middle aka “MiTM” (when an attacker puts himself into a session), Denial of Service “DoS” (making a device/system unusable), Distributed DoS “DDoS” (a DoS performed by multiple attackers, e.g. botnet), Password Guessing/Cracking such as Dictionary Attack (password guessing with a dictionary) and Brute Force Attack (trying all possible combinations of a password).

Summary

Overall we talked about a lot of fundamentals and some great terminology when it comes to network security. We touched on terms like CIA triad all the way to types of attacks and everything inbetween. Is there something I missed? Leave a comment below! Next up, we’ll talk about Intrusion Prevention Fundamentals. Til next time, keep studying!