Category: Big Data Analytics (BDA)

Encryption

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze encryption, the encryption types, the impact of the encryption, and the use of encryption when streaming data in the network.

Cryptography and Encryption

The cryptography comprises a set of algorithms and system-design principles, some well-developed and some are just emerging for protecting data in the era of Big Data and Cloud Computing.  Cryptography is a field of knowledge whose products are encryption technology.  Encryption technology is an inhibitor to compromising privacy with well-designed protocols.  However, it is not the “silver bullet” to cut through the complexity of the existing issues of privacy and security (PCAST, May 2014).

The encryption technology involves the use of a key. Only with the key can encrypted data be used. At every stage of the life of the key, it is potentially open to misuse that can ultimately compromise the data which the key was intended to protect. If the user with access to private keys can be forced into sharing them, no system based on encryption is secure.

The keys were distributed physically, on paper or computer media, protected by registered mail, armed guards until the1970s.  However, the intervention of the “public-key cryptography” changed everything.  The public-key cryptography allows individuals to broadcast their personal key publicly.  However, this public key is only an encryption key, useful for turning plaintext into cryptotext which is meaningless to others.   The private key is used to transform cryptotext to plaintext and is kept secret by the recipient (PCAST, May 2014).  

The message typically is in the form of plaintext represented by the letter P when encryption functions are described.  The sender of the message uses a cryptographic algorithm to encrypt the plaintext message and generate a ciphertext or cryptotext represented by the letter C.  The message is transmitted, and the recipient uses a predetermined algorithm to decrypt the ciphertext message and retrieve the plaintext version.   All cryptographic algorithms rely on keys to maintain their security.  A key is just a number and usually substantial binary number.  Every algorithm has a specific “keyspace,” which is the range of values which are valid for use as a key for a specific algorithm and is defined by its “bit size.”  Thus, 128-bit key can have a value from 0 to 2128.  It is essential and critical to protecting the security of the secret keys because of the security of the cryptography relies on the ability to keep and maintain the keys used privately (Abernathy & McMillan, 2016; Maiwald, 2001; Stewart, Chapple, & Gibson, 2015).  Figure 1 illustrates the basic encryption operation (Maiwald, 2001). 

Figure 1.  Basic Encryption Operation (Maiwald, 2001).

The modern cryptosystems utilize computationally sophisticated algorithm and long cryptographic keys to meet the cryptographic four goals mentioned below.  There are three types of an algorithm which are commonly used:  symmetric encryption algorithm, asymmetric encryption algorithm, and hashing algorithms (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Stewart et al., 2015; Woo & Lam, 1992).

Four Goals for Encryption

The cryptography provides an additional level of security to the data during processing, storage, and communications.  A series of increasingly sophisticated algorithms have been designed to ensure the confidentiality integrity, authentication, and non-repudiation.  At the same time, hackers also have devoted time to undermine this additional security layer of the encryption.  There are four fundamental goals for organizations to use the cryptographic systems; the confidentiality, the integrity, the authentication, and non-repudiation.   However, not all of the cryptosystems are intended to achieve all four goals (Abernathy & McMillan, 2016; Stewart et al., 2015). 

The confidentiality ensures that the data remains private while at rest, such as when stored on a disk, or in or transit such as during transmission between two or more parties.  The confidentiality is the most common reason for using the cryptosystems. There are two types of cryptosystems which enforce confidentiality; symmetric key and asymmetric key algorithms.  The symmetric key cryptosystems use a shared secret key available to all users of the cryptosystem.  The asymmetric key algorithm uses special combinations of public and private key for each user of the system (Abernathy & McMillan, 2016; Stewart et al., 2015). 

When implementing a cryptographic system to provide confidentiality, the data types must be considered, whether the data is at rest or in motion.  The data at rest is the data that is stored in a storage area waiting to be accessed.  For instance, the data at rest include data stored on hard drives, backup tapes, cloud storage services, USB devices and other storage media.  The data in motion or data “on the wire” is the data that is being transmitted across the network between systems the data in motion might be traveling on a corporate network, a wireless network, or public Internet.  Both types of the data post different types of confidentiality risks against which cryptographic system can protect.  For instance, the data in motion may be susceptible to eavesdropping attacks, while data at rest is more susceptible to the theft of physical devices (Abernathy & McMillan, 2016; Stewart et al., 2015).

The integrity ensures that the data is not modified without authorization.  If the integrity techniques are in place, the recipient of a message can ensure that the message received is identical to the message sent.  The integrity provides protection against all forms of modification such intentional modification by a third party attempting to insert false information, and unintentional modification by faults in the transmission process.  The message integrity is enforced through the use of encrypted message digests, known as digital signatures created upon transmission of a message.  The integrity can also be enforced by both public and secret key cryptosystems (Abernathy & McMillan, 2016; Stewart et al., 2015).

The authentication is a primary function of the cryptosystems and verifies the claimed identity of system users.  Secret code can be used for the authentication.  The nonrepudiation assures the recipient that the message was originated by the sender and not someone masquerading as the sender.  Moreover, the nonrepudiation also prevents the sender to deny sending the message or repudiating the message. The secret key or symmetric key cryptosystems do not provide this guarantee of non-repudiation.  The non-repudiation is offered only by the public key or asymmetric cryptosystem (Abernathy & McMillan, 2016; Stewart et al., 2015).

Symmetric Cryptosystem

The symmetric key algorithms rely on a “shared secret” encryption key which is distributed to all users who participate in the communication.  The key is used by all members to both encrypt and decrypt messages.  The sender encrypts with the shared key, and the receiver decrypts with the same shared key. The symmetric encryption is difficult to break because of the long and large-size key. The symmetric encryption is primarily used for bulk encryption and to meet the confidentiality goal. The symmetric key cryptography can also be called “secret key cryptography and private key cryptography.”  There are several common symmetric cryptosystems such as the Data Encryption Standard (DES), Triple DES (3DES), International Data Encryption Algorithm (IDEA), Blowfish, Skipjack, and the Advanced Encryption Standard (AES).  The advantage of the symmetric cryptosystem is that it operates at high speed and it is faster than the asymmetric (1,000 to 10,000 faster) (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Maiwald, 2001; Stewart et al., 2015).  

The symmetric cryptosystem has limitations.  The first limitation is the key distribution. The members must implement a secure method of exchanging the shared secret key before establishing the communication with the symmetric key protocol.  If the secure electronic channel does not exist, an offline key distribution method must be used.  The second limitation represents the nonsupport to the non-repudiation, due to sharing the same key which makes it difficult to know the source of the message. The third limitation represents the inability of the scalable algorithm.  The last limitation of the symmetric cryptosystem is the frequent regeneration of the key (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Stewart et al., 2015). 

Asymmetric Cryptosystem

The asymmetric key algorithm, also known as “public key algorithm, provides a solution to the limitation of the symmetric key encryption.  This system uses two keys; a public key which is shared with all users, and a private key which is secret and known only to the user.  If the public key encrypts the message, the private key can decrypt the message, and the same applies if the private key encrypts the message, the public key decrypts the message.   The asymmetric key cryptosystem provides support to the digital signature technology.  The advantages of the asymmetric key algorithm include the generation of only one public-private key for new users, and the removal of the users easily.  Moreover, the key generation is required only when the private key of the user is compromised. The asymmetric key algorithm provides integrity, authentication, and non-repudiation.  The key distribution is a simple process in the asymmetric key algorithm.  The asymmetric key algorithm does not require a pre-existing relationship to provide a secure mechanism for data exchange (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Maiwald, 2001; Stewart et al., 2015).

The limitation of the asymmetric key cryptosystem is the slow speed of operation.  Thus, many applications which require the secure transmission of the large volume of data employs the public key cryptographic system to establish a connection and then exchange a symmetric secret key.  The remainder of the session then utilizes the symmetric cryptographic approach. Figure 2 illustrates a comparison of symmetric and asymmetric cryptographic systems (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Stewart et al., 2015).

Figure 2.  Comparison of Symmetric and Asymmetric Cryptographic Systems. Adapted from (Abernathy & McMillan, 2016; Stewart et al., 2015).

The Hashing Algorithm

The hashing algorithm produces message digests which are summaries of the content of the message.  It is challenging to derive a message from an ideal hash function, and two messages will unlikely produce the same hash value.  There are some of the more common hashing algorithm in use today including the Message Digest 2 (MD2), Message Digest 5 (MD5), Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2), and Hashed Message Authentication Code (HMAC).  Unlike symmetric and asymmetric algorithms, the hashing algorithm is publicly known.  The hash functions are performed in one direction and using in reverse is not required.  The hashing algorithm ensures the integrity of the data as it creates a number which is sent along with the data.  When the data gets to the destination, this number can be used to determine whether even a single bit has changed in the data by calculating the hash value from the data which was received. The hashing algorithm also helps in protecting against undetected corruption (Abernathy & McMillan, 2016; Connolly & Begg, 2015; Stewart et al., 2015).

Attacks Against Encryption

The encryption systems can be attacked in three ways, through weaknesses in the algorithm, through brute-force against the key, or through a weakness in the surrounding system. When the algorithm is attacked through the weakness in the way that the algorithm changes plaintext into ciphertext so that the plaintext may be recovered without knowing the key.  The algorithm that has weaknesses of this type are rarely considered reliable enough for use.  The brute-force attacks are attempts to use every possible key on the ciphertext to find the plaintext.  On the average, 50% of the keys must be tried before finding the correct key.  The strength of the algorithm is then only defined by the number of keys that must be attempted.  Thus, the longer the key, the more significant the total number of keys and the larger the number of keys which must be tried until the correct key is found. The brute-force attacks will always succeed eventually if enough time and resources are used.  Thus, the algorithms should be measured by the length of time the information is expected to be protected even in the fact of a brute-force attack.  The algorithm is considered computationally secure if the cost of acquiring the key through brute-force is more than the value of the information being protected. The last encryption attack through weaknesses in the surrounding system can involve keeping the key in a file that has a password, but the password is weak and can be guessed easily (Maiwald, 2001).

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Connolly, T., & Begg, C. (2015). Database Systems: A Practical Approach to Design, Implementation, and Management (6th Edition ed.): Pearson.

Maiwald, E. (2001). Network security: a beginner’s guide: McGraw-Hill Professional.

PCAST. (May 2014). Big Data and Privacy: A Technological Perspective.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Woo, T. Y., & Lam, S. S. (1992). Authentication for distributed systems. Computer, 25(1), 39-52.

Business Impact Analysis (BIA)

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the Business Impact Analysis (BIA) in providing useful information for the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP).  The discussion begins with a brief overview of BCP and DRP, followed by the discussion and analysis of the BIA.

Business Continuity Plan (BCP)

The Business Continuity Planning (BCP) involves the assessment of the risk to the organizational processes and the development of policies, plans, and process to minimize the impact of those risks if it occurs.   Organizations must implement BCP to maintain the continuous operation of the business if any disaster occurs.  The BCP emphasize on the keeping and maintaining the business operations with the reduction or restricted infrastructure capabilities or resources.  The BCP can be used to manage and restore the environment. If the continuity of the business is broken, then the business processes have seized, and the organization is in the disaster mode, which should follow the Disaster Recovery Planning (DRP).  The top priority of the BCP and DRP is always people.  The main concern is to get people out of the harm; and the organization can address the IT recovery and restorations issues (Abernathy & McMillan, 2016; Stewart, Chapple, & Gibson, 2015). The BCP process involves four main steps to provide a quick, calm, and efficient response in the event of an emergency and to enhance the ability of the organization to recover from a disruptive event in a timely fashion.  These four steps include (1) the Project Scope and Planning, (2) Business Impact Assessment, (3) Continuity Planning, and (4) Documentation and Approval (Stewart et al., 2015). 

However, as indicated in (Abernathy & McMillan, 2016), the steps of the Special Publications (SP) 800-34 Revision 1 (R1) from the NIST include seven steps.  The first step involves the development of the contingency planning policy. The second step involves the implementation of the Business Impact Analysis.  The Preventive Controls should be identified representing the third step.  The development of Recovery Strategies is the fourth step. The fifth step involves the development of the BCP.  The six-step involves the testing, training, and exercise. The last step is to maintain the plan. Figure 1 summarizes these seven steps identified by the NIST. 

Figure 1.  A Summary of the Business Continuity Steps (Abernathy & McMillan, 2016).

Disaster Recovery Plan (DRP)

In case of the disaster event occur, the organization must have in place a strategy and plan to recover from such a disaster.  Organizations and businesses are exposed to various types of disasters.  However, these types of disaster are categorized to be either disaster caused by nature or disaster caused by a human.  The disasters which are nature related include the earthquakes, floods, storms, hurricanes, volcanos, and fires.  The human-made disasters include fires caused intentionally, acts of terrorism, explosions, and power outages.  Other disasters can be caused by hardware and software failures, strikes and picketing, theft and vandalism.  Thus, the organization must be prepared and ready to recover from any disaster.  Moreover, the organization must document the Disaster Recovery Plan and provide training to the personnel (Stewart et al., 2015).

Business Impact Analysis (BIA)

As defined in (Abernathy & McMillan, 2016), the BIA is a functional analysis which occurs as an element and component of the Business Continuity and Disaster Recovery.  In (Srinivasan, 2016), BIA is described as a type of risk assessment exercise which attempt to assess and evaluate qualitative and quantitative impacts on the business due to a disruptive event. The qualitative impacts are an operational impact, such as the ability to deliver, while the quantitative impacts are related to financial loss and described in numeric monetary value (Srinivasan, 2016; Stewart et al., 2015).

Organizations should perform a detailed and thorough BIA to assist business units and operations understand the impact of a disaster.  The BIA should list the critical and required business functions, their resources dependencies, and their level of criticality to the overall organization.  The development of the BCP is based on the BIA, which assists the organization to understand the impact of a disruptive event on the organization.  This analysis of the BIA is a management level analysis which identifies the impact of losing the resources of the organization.  The BIA involves four main steps. The first step involves the identification of the critical processes and resources, followed by the identification of the outage impacts, and estimate downtime. The third step involves the identification of the resource requirements, followed by the last step of the identification of the recovery priorities.  The BIA relies on any vulnerability analysis and risk management which are completed and performed by the BCP committee or a separate task force team (Abernathy & McMillan, 2016). 

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Srinivasan, M. (2016). CISSP in 21 Days: Packt Publishing Ltd.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

The Ethics of Leaking Sensitive Information and How to Prevent it.

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the ethics of leaking sensitive information, and methods to prevent such activities.  The discussion addresses the methods to prosecute people who do leak sensitive information.  Moreover, the discussion address methods to detect these crimes and collect evidence to assist in identifying who leaked the information and in the prosecution of those suspected of committing cybercrime.

Sensitive Data and Data Classification

Sensitive data include any information which is not supposed to be revealed to the public.  It can include confidential information, proprietary, protected, or any other types of data which organizations need to protect due to its value to the organization, or to comply with the existing laws and regulation.  Data is classified from Class zero to Class 3.  Class zero represents the unclassified public information.  Class 1 represents sensitive and confidential information that can cause damage.  Class 2 represents private and secret information which can cause serious damage.  Class 3 represents top secrete which can cause exceptionally grave damage.  Figure 1 illustrates this Data Classification from government and non-government perspective, adapted from (Stewart, Chapple, & Gibson, 2015).

Figure 1.  Data Classification (Stewart et al., 2015).

Examples of attacks on sensitive information are Sony Attacks which took place in 2014.  As cited in (Stewart et al., 2015), the founder of Mandiant stated that “the scope of this attack differ from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public.  The bottom line is that this was an unparalleled and well-planned crime, carried out by an organized group.”  The attackers obtained over 100 TB of data, including full-length versions of unreleased movies, salary information, and internal emails.  Some of this data was more valuable to the organization than other data. Thus, security measures must be implemented to mitigate such attacks to obtain any data in Class 1 through Class 3. 

The organization must implement various security measures to protect sensitive and confidential data.  For instance, emails must be encrypted.  The encryption converts cleartext data into scrambled ciphertext and makes it more difficult to read.  Sensitive and confidential data must be managed to prevent data breaches.  A data breach is an event in which an unauthorized user can view or access sensitive or confidential data.   Sensitive and confidential data must be marked as though to be distinguished from other data such as public data (Abernathy & McMillan, 2016; CSA, 2011; Stewart et al., 2015).

Organizations must handle sensitive and confidential data with care.  Secure transportation of media through the lifetime of the sensitive data must be implemented.  Example of mishandling sensitive information is Ministry of Defense in the United Kingdom which released in 2011 mistakenly classified information on nuclear submarines and sensitive information in response to Freedom of Information requests.  They then redacted the classified data by using image-editing software to black it out. However, the damage happened, and the sensitive data was not handled properly.  Another example of mishandling sensitive data is the incident by Science Applications International Corporation (SAIC) in 2011 which was a government contractor, who lost control of backup tapes which include personally identifiable information (PII) and protected health information (PHI) for 4.9 million patients.  SAIC personnel did not implement HIPAA because this information falls under HIPAA (CSA, 2011; Stewart et al., 2015). 

Ethics, Data Leaks, and Criminal Act Investigation

Data leaks is a criminal activity which requires investigation.  For the criminal investigation, law enforcement personnel conduct such investigation to investigate the alleged violation of criminal law. The criminal investigations may result in charging suspects with a crime and the prosecution of those charges in criminal court.  Most criminal cases must meet the “beyond a reasonable doubt” standard of evidence.  The prosecution must demonstrate that the defendant committed the crime by presenting the fact of which there are no other logical conclusions.  Thus, criminal investigations must follow very strict evidence collection and preservation processes. Moreover, with respect to healthcare and the application of HIPAA, the regulatory investigation can be conducted by government agencies to investigate the violation of regulations such as HIPAA (CSA, 2011; Stewart et al., 2015). 

The prosecuting attorney must provide sufficient evidence to prove the guilt of the person who conducted such act before it is allowed in the court.   The evidence is required before the case is allowed in the court.  There are three basic types of evidence for the case to be allowed in the court.  These three types are called “admissible evidence” to enter the court. The evidence must be relevant to determining a fact.  The evidence must be material to the case.  The evidence must be competent; meaning must be obtained legally.  Evidence can be real evidence, documentary evidence, and testimonial evidence (Stewart et al., 2015). 

Forensic Procedures and Evidence Collection

The International Organization on Computer Evidence (IOCE) outlines six principles to guide digital evidence technicians as they perform media analysis, network analysis, and software analysis in the pursuit of forensically recovered evidence.  The first principle indicates that all of the general forensic and procedural principles must be applied when dealing with digital evidence.  The second principle indicates that actions taken should not change that evidence upon seizing the digital evidence.  The third principle indicates that person should be trained for the purpose when it is required for a person to access original digital evidence.  The fourth principle indicates that all activities relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review.  The fifth principle indicates that an individual is responsible for all actions taken concerning digital evidence while the digital evidence is in their possession.  The last principle indicates that any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles (Stewart et al., 2015).

The various forensic analysis is conducted when sensitive data is leaked.  Media analysis involves the identification and extraction f information from storage media including magnetic media, optical media, and memory such as RAM, solid-state storage.  Network analysis involves activities which took place over the network during a security incident.  Network forensic analysis often depends on either prior knowledge that an incident is underway or the use of pre-existing security controls which log network activity, including intrusion detection and prevention system logs, network flow data captured by a flow monitoring system, logs from firewalls.   Software forensic analysis includes forensic reviews of applications or the activity which takes place within a running application.  In some cases, when malicious insiders are suspected, the forensic analysis can include a review of software code, looking for the back door, logic bombs, or other security vulnerabilities.   The hardware and embedded devices analysis include the review of the contents of hardware and embedded devices such as personal computers, smartphones, tablets, embedded computers in cars, and other devices (Stewart et al., 2015).

In summary, data can be leaked from insiders as well as from outsiders who can have illegal access to sensitive and confidential information. These acts are criminal acts, and they require evidence to be allowed in the court.  Various evidence is required.  The various forensic analysis must be conducted to review and analyze the cause of such a leak.  Organizations must pay attention not only to an outsider but also to insiders.   

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

CSA. (2011). Security guidance for critical areas of focus in cloud computing v2. 1. Cloud Security Alliance, v3.0, 1-76.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Performance and Security Relationship

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the relationship between performance and security and the impact of security implementation on the performance. The discussion also discusses and analyzes the balance between security and performance to provide good operational result in both categories.  The discussion begins with the characteristics of the distributed environment including a database to have a good understanding of the complexity of the distributed environment, the influential factors on the distributed system.  The discussion discusses and analyzes the security challenges in the distributed system and the negative correlation between security and performance in the distributed system.

Distributed Environment Challenges

The distributed system involves components located at networked computers communicating and coordinating their actions only by passing messages.  The distributed system includes concurrency of components, lack of a global clock and independent failures of components.   The challenges of the distributed system arise from the heterogeneity of the system components, openness to allow components to be added or replaced, security, scalability, failure handling, concurrency of components, transparency and providing quality of service (Coulouris, Dollimore, & Kindberg, 2005).  

Example of distributed systems includes the Web Search whose task is to index the entire content of the world wide web, containing a wide range of information types and styles including web pages, multimedia sources and scanned books.  Massively multiplayer online games (MMOGs) is another example of the distributed system.  Users interact through the Internet with a persistent virtual world using MMOGs.  The financial trading market is another example of the distributed system using real-time access to a wide range of information sources such as current share prices and trends, economic and political development (Coulouris et al., 2005).

Influential Factors in Distributed Systems

The distributed system is going through significant changes due to some trends.  The first influential trend in the distributed system involves the emergence of pervasive networking technology.  The emergence of ubiquitous computing coupled with the desire to support user mobility in a distributed system is another factor that is impacting the distributed system.  The increasing demand for multi-media services is another influential trend in the distributed system.  The last influential trend is the view of the distributed systems as a utility.  All these trends have a significant impact on the distributed system.  

 Security Challenge in Distributed System

Security is among some challenges in the distributed system.  Many of the information resources which are stored in a distributed system have a high value to their users. The security of such information is critically important.  Information Security involves confidentiality to protect against disclosure to unauthorized users, integrity to protect against alteration or corruption, and availability to protect against interferences with the means of accessing the resources. The security must comply with the CIA Triad for Confidentiality, Integrity, and Availability (Abernathy & McMillan, 2016; Coulouris et al., 2005; Stewart, Chapple, & Gibson, 2015).  The security risks are associated with allowing access to resources in an intranet within the organization.  Although the firewalls can be used to form barriers between department around the intranet, restricting access to the authorized users only, the proper use of the resource by users within the intranet and on the Internet cannot be ensured and guaranteed. 

In the distributed system, users send requests to access data managed by the server which involves sending information in messages over a network.  Examples include a user can send the credit card information in electronic commerce or bank, or a doctor can request access to patient’s information.  The challenge is to send sensitive information in a message over a network in a secure manner.  Moreover, the challenge is to ensure the recipient is the right user.  Such challenges can be met by using different security techniques such as encryption techniques. However, there are two security challenges which have not been resolved yet; The Denial of Service (DoS) and the Security of Mobile Code.  The DoS occurs when the service is disrupted, and users cannot access their data.  Currently, the DoS attacks are encountered by attempting to catch and punish the perpetrators after the event, which is a reactive solution and not proactive. The security of mobile code is another open challenge. Example of the mobile code is an image is sent which might be a source of DoS or access to a local resource (Coulouris et al., 2005). 

Negative Correlation between Security and Performance

The performance challenges of the Distribute System emerge from the more complex algorithm required for the distributed environment than for the centralized system.  The complexity of the algorithm emerges from the requirement of replicated database systems, fully interconnected network, network delays represented by the simplistic queuing models, and so forth.   Security is one of the most important issues in the distributed system. Security requires layers of security measure to protect the system from intruders.  These layers of protection have a negative impact on the performance of the distributed environment. Moreover, data and information in transit or storage become vulnerable to attacks.  There are four types of storage systems Server Attached Redundant Array of Independent Disk (RAID), centralized RAID, Network Attached Storage (NAS), and Storage Area Network (SAN).  NAS and SAN have different performance because they have different techniques for transferring the data.  NAS uses TCP/IP protocol to transfer the data across multiple devices, while SAN uses SCSI setup on fiber channels.  Thus, NAS can be implemented on any physical network supporting TCP/IP such as Ethernet, FDDI, or ATM.  However, SAN can be implemented only fiber channel.  SAN has better performance than NAS because TCP has higher overhead and SCSI faster than the TCP/IP network (Firdhous, 2012).

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Coulouris, G. F., Dollimore, J., & Kindberg, T. (2005). Distributed systems: concepts and design: Pearson education.

Firdhous, M. (2012). Implementation of security in distributed systems-a comparative study. arXiv preprint arXiv:1211.2032.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Intrusion Detection and Prevention Systems

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the type of devices and methods which are required to be implemented and employed in an enterprise, and the reasons for such devices and methods.  The discussion also addresses the location of these devices within the network to provide intrusion detection.

 Intrusion Detection System (IDS)

The IDS is a system which is responsible for detecting unauthorized access or attacks against systems and networks.  IDS can verify, itemize and characterize threats from outside and inside the network.  Most IDSs are programmed to react certain ways in a specific situation.  Event notification and alerts are critical to the IDS.  They inform administrators and security professional when and where attacks are detected (Abernathy & McMillan, 2016).

The most common method to classify IDS is based on its information source: network-based (NIDS) or host-based (HIDS). The NIDS is the most common IDS to monitor the network traffic on a local network segment.  The network interface card must be operating in a promiscuous mode to monitor the traffic on the network segment.  The NIDS can only monitor the network traffic.  It cannot monitor the internal activity which occurs within a system, such as an attack against a system which is carried out by logging on to the local terminal of the system.  The NIDS is affected by a switched network because the NIDS only monitors a single network segment (Abernathy & McMillan, 2016).

The HIDS monitors traffic on a single system.  The primary role of the HIDS is to protect the system on which it is installed.  The HIDS uses information from the operating system audit trails and system logs.  The detection capabilities of the HIDS are limited by how complete the audit logs and system logs are (Abernathy & McMillan, 2016).

The implementation of IDS is divided into four categories.  The first category is the “signature-based” which analyzes traffic and compares it to attack or state patterns, and reside within the IDS database. The signature-based IDS is also referred to as a misuse-detection system.  This type of IDS is popular despite the fact that it can only recognize attacks as compared with its database and is only as effective as the signatures provided.  The signature-based IDS requires frequent updates.  The signature-based IDS has two types: the pattern-matching, and stateful matching. The pattern-matching signature-based IDS compares traffic to a database of attack patterns.  It carries out specific steps when it detects traffic which matches an attack pattern.  The stateful-matching signature-based IDS records the initial operating system states.  Any changes to the system state which violate the defined rules result in an alert or notification being sent (Abernathy & McMillan, 2016).

The anomaly-based IDS is another type of IDS, which analyzes the traffic and compares it to normal traffic to determine whether said traffic is a threat.  This type of IDS is also referred to as behavior-based or profile-based system.  The limitation of this type of IDS is that any traffic outside of expected norms is reported, resulting in more false positives than signature-based IDS.  There are three types of anomaly-based IDS.  The statistical anomaly-based, protocol anomaly-based, and traffic anomaly-based.  The statistical anomaly-based IDS samples the live environment to record activities.  The more accurate a profile will be built, the longer the IDS is in operation.  However, the development of a profile which will not have a large number of false positive can be difficult and time-consuming.  The threshold for activity deviation is important in this IDS.  When the threshold is too low, the result is a false positive. However, when the threshold is too high, the result is false negatives.  The protocol anomaly-based IDS knows the protocols which it will monitor.  A profile of normal usage is built and compared to activity. The last type of the anomaly-based is the traffic anomaly-based IDS which tracks traffic pattern changes.  Using this types allows all future traffic patterns to be compared to the sample (Abernathy & McMillan, 2016). 

The rule-based and heuristic-based IDS is another type of IDS which is described to be an expert system using a knowledge base, inference engine, and rule-based programming.  The knowledge is configured as rules.  The traffic and the data are analyzed, and the rules are applied to the analyzed traffic.  The inference engine uses its intelligent software to learn, and if the characteristics of an attack are discovered and met, alerts or notification trigger.  This IDS type is also referred to as IF/THEN or expert system. The last type of IDS is application-based which analyzes transaction log files for a single application.  This type of IDS is provided as part of the application or can be purchased as an add-on.

Additional tools can be employed to complement IDS such as vulnerability analysis system, honeypots, and padded cells. The honeypots are systems which are configured with reduced security to entice attackers so that administrators can learn about attack techniques.  Padded cells are special hosts to which an attacker is transferred during an attack.

IDS monitors the system behavior and alert on potentially malicious network traffic.  It can be set inline, attached to a spanning port of a switch, or make use of a hub in place of a switch.  The underlying concept is to allow access to all packets that are required to be monitored by the IDS.  Tuning IDS is important because of a balancing act between these four event categories: true positive, false positive, true negative and false negative. Table 1 shows the relationship between these points, adapted from (Robel, 2015). 

Table 1.  Relationship of Event Categories (Robel, 2015).

  The ideal IDS tuning maximize instances of events categorized in the cells with a shaded background. True positive occur when the system alerts on intrusion attempts or other malicious activity, while false negative is of a null situation but are important nonetheless.  The false negative is comprised of the system failing to alert on malicious traffic, while false positive is alerting on benign activity.  There are few methods to connect IDS to capture and monitor traffic.  IDS needs to collect network traffic for analysis. Three main methods can be applied to IDS:  IDS using hub or switch spanning port, IDS using network tap, and IDS connected inline.  Figure 1 illustrates the IDS on the edge of a network or zone (Robel, 2015).

Figure 1.  IDS on the Edge of a Network or Zone. Adapted from (Robel, 2015)

Intrusion Prevention System (IPS)

The IPS is responsible for preventing attacks. When an attack begins, the IPS takes action to prevent and contain the attack.  The IPS can either be network-based IPS or host-based IPS.  IPS can also be signature-based or anomaly-based, or rate-based metric which analyzes the volume of traffic and the type of traffic.  IPS is more costly than the IDS because of the added security of preventing attacks versus detecting attacks.  Moreover, running IPS is more of an overall performance load than running IDS (Abernathy & McMillan, 2016).

A firewall is commonly used to provide a layer of security. However, the firewall has a limitation, as most firewalls can only block based on IP addresses or port.  In contrast, Network Intrusion Prevention System (NIPS) can use signatures designed to detect and defend from specific attacks such as DoS.  This feature is advantages for sites hosting web servers.  IPS have also been known to block buffer overflow type attacks and can be configured to report on network scans which typically signal a potential attack.  The advanced usage of IPS may not drop malicious packets but rather redirect specific attacks to a honeypot (Robel, 2015).

The IPS is connected inline.  This inline requirement enables IPS to drop selected packets, and defend against an attack before it takes hold of the internal network.  IPS connected inline to capture the traffic is illustrated in Figure 2, adapted from (Robel, 2015).

Figure 2. IPS on the border of a network or zone (Robel, 2015).

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Robel, D. (2015). SANS Institute InfoSec Reading Room.

Cyber Warfare and Cyber Terrorism

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the cyber warfare and cyber terrorism.  The discussion addresses the damages that could be to the government, companies, and ourselves in United Stated if we get attacked by a foreign government using cyber warfare or cyber terrorism.  The discussion also discusses whether the United States is prepared for such a scenario.

Cyber Warfare and Cyber Terrorism

The term cyberterrorism was coined in 1996 by combining the terms cyberspace and terrorism.  The term, since then, has become widely accepted after being embraced by the United States Armed Forces.  In 1998, a report was generated by the Center for Strategic and International Studies entitled Cybercrime, Cyberterrorism, Cyberwarfare, Averting an Electronic Waterloo.  In this report, the probabilities of these activities affecting a nation were discussed, followed by a discussion of the potential outcomes of such attacks and methods to limit the likelihood of such events (Janczewski, 2007).  

The term cyberterrorism is defined in (Janczewski, 2007) as “means premeditated, politically motivated attacks by subnational groups or clandestine agents, or individuals against information and computer systems, computer programs, and data that result in violence against non-combatant targets.”

Cyber attacks are usually observed after physical attacks.  The increased wave of cyberattacks was observed after the downing of an American plane near the cost of China, cyber attacks from both countries began against facilities of the other side is a good example.  Another example includes the cyber attacks throughout the Israeli/Palestinian conflict, and the Balkans War and the collapse of Yugoslavia.  Moreover, cyber attacks are aimed at targets representing high publicity value.  Favorite targets by attackers are top IT and transportation industry companies such as Microsoft, Boeing, and Ford. The increases in cyber attacks have clear political/terrorist foundations.  The available statistics indicate that any of the previously mentioned conflicts result in a steady increase in cyber attacks.  For instance, attacks by Chinese hackers and the Israeli/Palestinian conflict show a pattern of phased escalation (Janczewski, 2007).

Building protections against cyber attacks requires understanding the reasons for such attacks, to reduce and eliminate the attacks.  The most probable reasons for cyber attacks include a fear factor, spectacular factor, and vulnerability factor.  The fear factor is the most common denominator of the majority of terrorist attacks because the attacker desires to create fear in individuals, groups or societies.  The spectacular factor reflects the attacks that aim at either creating huge direct losses and/or resulting in a lot of negative publicity.  Example include the Amazon.com site which was closed for some time due to a Denial of Service (DoS) attack in 1999.   As a result, Amazon incurred losses due to suspended trading, but the publicity the attack created was widespread.  The vulnerability factor includes the cyber activities which do not always end up with huge financial losses.  Some of the most effective ways to demonstrate the vulnerability of organization are to cause a denial of service to the commercial server or something as simple as the defacement of web pages of organizations, very often referred to as computer graffiti (Janczewski, 2007). 

Cyber attacks consist of virus and worms attacks which can be delivered through email attachments, web browser scripts, and vulnerability exploits engines.  They can also include Denial of Service (DoS) attacks designed to prevent the use of public systems by legitimate users by overloading the normal mechanisms inherent in establishing and maintaining computer-to-computer connections.  Cyber attacks can also include web defacements of informational sites which service governmental and commercial interests to spread disinformation, propaganda, and/or disrupt information flows.  Unauthorized intrusions into systems are another form of Cyberattacks which leads to the theft of confidential and/or proprietary information, modification and/or corruption of data, and the inappropriate usage of a system for launching attacks on other systems (Janczewski, 2007). 

Cyber Terrorist Attacks are used to cause disruptions.  They come into forms; one against data and another control system.  Theft and corruption of data lead to services being sabotaged, and this is the most common form of Internet and computer attack.  The control system attacks are used to disable or manipulate physical infrastructure such railroads, electrical networks, water supplies and so forth. Example include the incident in Australia in March 2000 which happened by an employee who could not secure full-time employment used the Internet to release one million liters of raw sewage into the river and coastal waters in Queensland.

Potential Impact and Defenses and Fortifications

The cyber attacks and cyber terrorism have negative impact and consequence on the nation.  These consequences may include loss of life, significant damage to property, serious adverse U.S. foreign policy consequences, or serious economic impact on the United States (DoD, 2015). The preparation of a program of activities aimed at setting up effective defenses against potential threats plays a key role in mitigating the impact of such attacks.  These fortifications include physical defenses, system defenses, personnel defenses, and organizational defenses.   The physical defenses are required to control physical access to facilities. The system defenses are also required to limit the capabilities of unauthorized changes to data in storage or transit.  The personnel defenses are required to limit the changes of inappropriate staff behavior.  The organizational defenses are required to create and implement an information security plan.  Table 1 summarizes these defenses (Janczewski, 2007).

Table 1.  Summary of Required Defenses.

In summary, the cyber attacks and cyber terrorism have a negative impact on the nation.  The government and organizations must prepare the appropriate defenses to mitigate and alleviate such negative impact.  These defenses include physical, system, personnel and organizational.

References

DoD. (2015). The DOD Cyber Strategy. Retrieved from https://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf.

Janczewski, L. (2007). Cyber warfare and cyber terrorism: IGI Global.

Steganography

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze steganography. The discussion also addresses the methods to detect information and possible threats that utilize this method of steganography.

Steganography

It is a method that uses the cryptographic technique to embed secret messages within another message.  The algorithm of steganographic method work by making alterations to the least significant bits of the many bits which make up image files. The changes are minor which does not impact the viewed image.  This method allows communicating parties to hide messages in plain sight. For instance, they might embed a secret message within an illustration on an innocent web page (Abernathy & McMillan, 2016; Stewart, Chapple, & Gibson, 2015). 

The steganographic method is often used to embed secret messages within images or WAV files because these files are often so large that the secret message would be easily missed by even the most observant inspector. This method is used for illegal or questionable activities such as espionage and child pornography. It can also be used for legitimate reasons such adding watermarks to documents to protect intellectual property.  The hidden information is known only to the creator of the file.  If another user later creates an unauthorized copy of the content, the watermark can be used to detect the copy and trace the offending copy back to the source.  The steganographic method is a simple technology to use with free tools openly available on the Internet, such as iSteg tool which requires you specify a text file containing your secret message and an image file that you wish to use to hide the message (Stewart et al., 2015).

Methods for Steganography Detection

Although the message is hidden within an image or WAV files, it can be detected with a comparison between the original file which was used and the file that is suspected with the hidden message.  The hashing algorithm such as MD5, a hash can be created for both files. If the hashes are the same, the file doe does not have a hidden message. However, if the hashes are different, it indicates that the second file has been modified.  The Forensic Analysis technique can retrieve the message.  With respect to the egress monitoring, the organization can periodically capture hashes of internal files which rarely change. For instance, graphics files such as JPEG and GIF files stay the same and do not get changes.  If security experts suspect a malicious insider is embedding additional data within these files and emailing them outside the organization, they can compare the original hashes with the hashes of the files the malicious insider sent out.  If the hashes are different, it indicates the files are different and may contain hidden messages (Stewart et al., 2015).   

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Physical Security Consideration

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the Physical Security consideration when developing and creating an environmental design for a data center, and the reasons for such consideration.  The discussion also analyzes various control access to the data center and the types of access.  The discussion begins with a brief overview of Physical Threats and Physical Security, followed by the Seven Safeguards for Sensitive Computer and Equipment. The discussion also discussed the Internal Security, and the Environmental Physical Security measures.

Physical Threats and Physical Security

The purpose of the physical security is to protect against physical threats (Stewart, Chapple, & Gibson, 2015).  The physical threats include can be either natural-based threats or human-based threats.  In both cases, they must be considered during the design of the data center.  Natural-based threats include flooding, earthquakes, landslides, or volcanoes.  The human-based threats include theft, vandalism, or intentional fire.  Table 1 summarizes a brief list of these physical threats which should be considered during the design of a data center.  Thus, the physical and environmental security should be considered in two domains of security.  The first domain reflects the engineering aspect of the security as well as the management of the security.  The second domain reflects the foundational concepts, investigation and incident management as well as the disaster recovery (Abernathy & McMillan, 2016; Stewart et al., 2015). 

Table 1.  Physical Threats to Data Center Design Consideration.

Thus, the physical security should be the first in a line of defense which should be considered from the selection of the site and the design (Abernathy & McMillan, 2016).  A realistic assessment of the historical natural disaster events of an area should be performed, and cost/benefit analysis must be implemented to determine the most occurring threats and which threats can be addressed and which should be accepted (Abernathy & McMillan, 2016). Moreover, some of these threats are human-based threats such as the explosion and fire whether intentional or accidental, vandalism, and theft.  

All physical security should be based on the “Layered Defense Model” (Abernathy & McMillan, 2016).  The underlying concept of this model is the use of multiple approaches which support each other.  Thus, there is no single point of failure or total dependency on a single physical security concept.  If one tier of defense such as perimeter security fails, another layer will serve as the backup. 

The physical security can be enhanced by applying the following concepts.  The first concept is the Crime Prevention Through Environmental Design (CPTED) which is applied in any building.  This concept addresses the main design of the data center starting from the entrance, landscaping, and interior design.  The purpose of this concept is to create behavioral effects and minimize the crime. There are three main strategies to apply the CPTED during the design of the data center.  The first strategy is the “Natural Access Control,” which applies to the entrance of the building, such as doors, light, fences, and landscaping.  The underlying concept of this first strategy is to minimize the entry points and tight the control over those entry points to develop a “Security Zone” in the building.  The second strategy of the CPTED is “Natural Surveillance,” to maximize the visibility of the data center, and decrease crime.  The third strategy involves the “Natural Territorial Reinforcement” to extend the sense of ownership to the employees by creating a feeling of community in the area.  This strategy is implemented by using walls, fences, landscaping and light design.

The implementation of the strategies of the CPTED and achieving their goals are not always possible, and a security plan must discuss and address these strategies to close any gaps.  Thus, the Physical Security Plan is the second concept in this layered defense model.  The Physical Security Plan should address techniques for issues such as criminal activity deterrents, intruders delay, intruder detection, situation assessment, and intrusion response and disruption. Additional physical security issues include visibility, surrounding area and external entities, accessibility, a construction such as walls, and doors.  The data center should not have any internal compartment such as drop ceiling or partitions as they can be used to gain access and increase the risks.  Separate heating, ventilation and air conditioning (HVAC) for these rooms are highly recommended (Abernathy & McMillan, 2016).

Seven Safeguards for Sensitive Computers and Equipment

With respect to the computers and equipment rooms, the physical access should be controlled to those which contain sensitive servers and critical network gear, by locking these rooms all the time and secured. The design of these rooms which contains sensitive servers and critical networks should consider the following seven safeguards.  The first safeguard is to locate computer and equipment room in the center of the building.  The second safeguard is to make a single access door or point of entry to these computer and equipment rooms. The third safeguard is to avoid the top floor or basement of the building.  The fourth safeguard involves the installation and the frequent test of the fire detection and suppressions systems.  The fifth safeguard involves the installation of raised flooring.  The sixth safeguard is to install separate power supplies for these computer and equipment rooms. The last safeguard involves the use of only solid doors (Abernathy & McMillan, 2016).

Internal Security

While the perimeter security is important, the security within the building is as important, as prescribed in the “Concentric Circle” model.  These security measures affect the interior of the data center, such as doors, door lock types.  There are different types of doors such as vault doors, bullet-resistant door.  With respect to the door lock types, there are various types such as electric locks or cipher locks, and proximity authentication devices which contain Electronic Access Control (EAC). Various types of locks can also be used for protecting cabinets and securing devices such as warded locks, tumbler locks, and combination locks.  Moreover, biometrics can be used to provide the highest level of physical access control and is regarded to be the most expensive to deploy in the data center.  The glass entries are also considered in many facilities and data center in windows, glass doors, and glass walls.  Various types of glass should be considered such as standard glass for a residential area, tempered glass with extra strength, acrylic glass, laminated glass.   With respect to the visitors, there must be a control technique for protection.  Additional physical security measures include the equipment rooms and work areas.  Additional physical security measures should include a restricted work area, media storage facilities, and evidence storage (Abernathy & McMillan, 2016).

Environmental Physical Security

Physical security measures should include environmental security measures to address the availability principle of the CIA triad.  These measures include fire protection, fire detection, fire suppression.  The power supply should be considered in the environmental, physical security measures, including types of outages such as surge, brownout, fault, blackout, and sags.  The environmental, physical security measures should also include preventive measures such as the prevention of static electricity.  HVAC should be considered as part of the environmental, physical security measures as the excessive heating can cause a problem, or humidity can cause corrosion problem with the connections.   The water leakage and flooding should be considered as well (Abernathy & McMillan, 2016). 

In summary, security professionals must consider various techniques for protecting the data center starting from the selecting of the building to the interior security to the environment security.  They consider the CPTED strategies, and the seven safeguards.  The natural access control is a discussion in this discussion, and the security professional must consider these natural control access. 

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Stewart, J., Chapple, M., & Gibson, D. (2015). ISC Official Study Guide.  CISSP Security Professional Official Study Guide (7th ed.): Wiley.

Biometric Access Control

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze the biometric access control to secure a highly sensitive area of the organization operating environment.  The discussion begins with a brief overview of the Access Control, followed by Biometric Technology, and the Implementation of Biometric System.

Access Control

The Access Control technique whether for the physical asset or logical assets such as sensitive data is to limit and control the access to the authorized users only to access network, system or device.  The Access Control technique involves access type to the network, system or device.  The Access Control is provided to those authorized users through physical and logical controls.  The physical access is to limit access to the physical components such as network, system, or device.  Locks are the most popular physical Access Control technique to prevent access to the data centers including the network devices such as routers, switches and wires, and systems.   Other physical Access Control techniques include guards and biometrics, which should be considered as part of the security measures, based on the assets values, and the need to protect such assets.  The logical Access Control, on the other hand, limits and control the access of the authorized users using software or hardware components.  Examples of the logical Access Control include authentication and encryption.  The implementation of the physical and logical Access Control requires a good comprehension of the requirements, the administration methods of the Access Control, and the assets which will be protected.  Protecting a physical data center is different protecting the data stored in the data center (Abernathy & McMillan, 2016).

Biometric Technology

Biometric technology is physiological or behavioral characteristics.  The physiological characteristics include any unique physical attribute of the user, including iris, retina, and fingerprints.  The behavioral characteristics measure the actions of the user in a situation, including voice patterns, and data entry characteristics.  Biometric technologies as security measures started to be embedded into the operating system such as Apple’s Touch ID technology.  Understanding both physiological and behavioral characteristics must have a priority to ensure the adoption of these technologies for more secure access control.

The physiological characteristics of the Biometric technology employ a biometric scanning device to measure certain information about a physiological characteristic.  The physiological biometric systems include fingerprint, finger scan, hand geometry, hand topography, palm or hand scans, facial scans, retina scans, iris scans, and vascular scans.

The behavioral characteristics of the Biometric technology employ a biometric scanning device to measure the action of the person.  The biometric behavior system includes signature dynamics, keystroke dynamics, and voice pattern or print. 

The security professional must have a good understanding of the following biometric related technology so that they would not struggle during the implementation of such a technology.  These terms include enrollment time, feature extraction, accuracy, throughput rate, acceptability, false rejection rate (FRR), false acceptance rate (FAR), crossover error rate (CER).  Table 1 summarizes each of these terms with a brief description.

Table 1.  Biometric Technology Related Terms.

When using Biometric technology, security professionals often refer to a Zephyr Chart which illustrates the comparative strengths and weaknesses of the biometric system. However, other methods should also be considered to measure the effectiveness of each biometric system, and its level of user acceptance.   Table 2 summarizes popular biometric methods.  The first popular biometric methods ranked by the effectiveness of the most effective method first.  The second popular methods ranked by user acceptance.  As shown in the table, an iris scan is on the top list as an effective method, while voice pattern is at the top of user acceptance method. 

Table 2.  Summary of the Popular Biometric Methods.

Implementation of Biometric System

In accordance to (CSA, 2011), security control must be strategically positioned and conform to acceptable quality standards consistent with prevalent norms and best practices.  Thus, entry points must be secured using Access Control system such as proximity cards/biometric access.  When dealing with Cloud environment, the traditional authentication method for user username and password should not be sufficient.  Organizations and Cloud users must employ strong authentication techniques such as smartcard/PKI, Biometrics, RSA token, and so forth (Sukhai, 2004).  The implementation of Biometric technology provides a more secure layer to access either the physical location where systems, network, and devices are located or to the data which stored in these data centers.  With respect to the user, the user can view it as a convenient method as these biometric methods are part of the bodies which can last as long as the user is authorized to access these facilities and these data.  Since the iris scan seems to be the most effective biometric method, the researcher will employ such a method during the implementation of the Biometric technology.  The iris scan method scans the colored portion of the eye, including all rifts, coronas, and furrows.  It has a higher accuracy than any other biometric scan.

In summary, this discussion discussed and analyzed Biometric Access Control which can be implemented to secure a highly sensitive area of the organization.  The discussion analyzed the Access Control techniques, Biometric Methods, and the Implementation of Biometric Method. The analysis indicates that iris scan is the most effective methods, while voice pattern is ranked at the top of the user acceptance.

References

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

CSA. (2011). Security guidance for critical areas of focus in cloud computing v2. 1. Cloud Security Alliance, v3.0, 1-76.

Sukhai, N. B. (2004). Access control & biometrics. Paper presented at the Proceedings of the 1st annual conference on Information security curriculum development.

Security Measures for Virtual and Cloud Environment

Dr. Aly, O.
Computer Science

Introduction

The purpose of this discussion is to discuss and analyze security measures for virtual and cloud environments. It also discusses and analyzes the current security models and the possibility for additional enhancements to increase the protection for these virtual and cloud environments. 

Virtualization

Virtualization is a core technology in Cloud Computing technology.  The purpose of Virtualization in Cloud Computing is to virtualize the resources to Cloud Computing Service Models such as Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS) (Gupta, Srivastava, & Chauhan, 2016).   Virtualization allows creating many instances of Virtual Machines (VMs) in a single physical operating system.  The utilization of these VMS provides flexibility, agility, and scalability to the Cloud Computing resources.  The VM is provided to the client to access resources at a remote location using the virtualization computing technique.  Key features of Virtualization include the resource utilization using isolation among hardware, operating systems, and software.  Another key feature of Virtualization is the multi-tenancy for simultaneous access of the VMs residing in a single physical machine. After the VM is created, it can be copied and migrated.  These features of the Virtualization are double-edged as they provide flexibility, scalability, and agility, while they cause security challenges and concerns.  The security concerns are one of the biggest obstacles to the widespread adoption of the Cloud Computing (Ali, Khan, & Vasilakos, 2015). 

The hardware Virtualization using the physical machine is implemented using hypervisor.  The hypervisor has two types:  Type 1 and Type 2. Type 1 of the hypervisor is called “Bare Metal Hypervisor” as illustrated in Figure 1.  Type 2 of the hypervisor is called “Hosted Hypervisor” as illustrated in Figure 2.   The “Bare Metal Hypervisor” provides a layer between the physical system and the VMs, while the “Hosted Hypervisor” is deployed on the Operating System.

Figure 1.  Hypervisor Type 1: Bare Metal Hypervisor. Adapted from (Gupta et al., 2016).

Figure 2: Hypervisor Type 2: Hosted Hypervisor. Adapted from (Gupta et al., 2016).

Virtualization has many security flaws to intruders.  The traditional security measures that control physical systems are found inadequate or ineffective when dealing with the virtualized data center, hybrid and private Cloud environment (Gupta et al., 2016).  Moreover, the default configuration of the hypervisor does not always include security measures that can protect the virtual and cloud environment.

One of the roles of the hypervisor is to control the management between the VMs and the physical resources.  In Type 1 Hypervisor “Bare Metal Hypervisor,” the single point of failure increases the security breaches for the whole virtualized physical environment on the physical system.  In Type 2 Hypervisor “Hosted Hypervisor,” the configuration exposes more threats than the “Bare Metal Hypervisor.”  The VMs, which are hosted in the physical system, communicate with each other which can cause the loopholes to the intruders. 

Virtualization is exposed to various types of threats and vulnerabilities.  These vulnerabilities in Virtualization Security include VM Escape, VM Hoping, VM Theft, VM Sprawl, Insecure VM Migration, Sniffing and Spoofing.  Figure 3 illustrates the vulnerabilities of the Virtualization. 

Figure 3.  Vulnerabilities of Virtualization. Adapted from (Gupta et al., 2016).

As indicated in (Gupta et al., 2016), Hypervisor should be inbuilt with the firewall security and disable access console (USB, NIC) to prevent unauthorized access.   The access to the Role Based Access Control (RBAC) is effective to control Hyper jacking of VMs.  The role and responsibilities should be defined to the users of the VMs to check the access authorization. 

Security Principles, Security Mode. Security Models and Security Implementation

As indicated in (Abernathy & McMillan, 2016), the primary goal of all security measures is to provide protection and ensure that the measure is successful.  Three major principles of security include confidentiality, integrity, and availability (CIA).  These Security Principles are known as CIA triad.  The confidentiality is provided if the data cannot be read either through access control and encryption for data as it exists on the hard drive or through encryption as the data is in transit.   Confidentiality is the opposite of “disclosure” (Abernathy & McMillan, 2016).  The Integrity is provided if the data is not changed in any way by unauthorized users.  The integrity principle is provided through the hashing algorithm or a checksum.  The availability principles provide the time the resources or data is available. The availability is measured as a percentage of “up” time with 99.9% of uptime representing more availability than 99% uptime.   The availability principle ensures the availability and access of the data whenever it is needed.  The availability principle is described as a prime goal of security.  Most of the attacks result in a violation of one of these security principles of confidentiality, integrity, or availability.  Thus, the defense-in-depth technique is recommended as an additional layer of security.  For instance, even if the firewall is configured for protection, access control list should still be applied to resources to help prevent access to sensitive data in case the firewall gets breached.  Thus, the defense-in-depth technique is highly recommended.

Security has four major Security Modes which are typically used by the Mandatory Access Control (MAC).  These four security modes include Dedicated Security Mode, System High-Security Mode, Compartmented Security Mode, and Multi-Level Security Mode.  The MAC operates in different security modes at different times based on variables such as sensitivity of data, the clearance level of the user, and the actions users are authorized to take.  In all the four security modes, a non-disclosure agreement (NDA) must be signed, and the access to certain information is based on each mode.

Security Models provide a mapping technique for the security policymakers to the rules which a computer system must follow.  Various types of the Security Models provide various approaches to implement such a mapping technique (Abernathy & McMillan, 2016). 

  • State Machine Model,
  • Multi-Level Lattice Models, 
  • Matrix-Based Models,
  • Non-Interface Models, and
  • Information Flow Models.

Moreover, there are formal Security Models which are incorporating security concepts and principles to guide the security design of systems. These formal Security Models include the following seven Models (Abernathy & McMillan, 2016).  The detail for each model is beyond the scope of this discussion.

  • Bell-LaPadula Model.
  • Biba Model.
  • Clark-Wilson Integrity Model.
  • Lipner Model.
  • Brewer-Nash Model.
  • Graham-Denning Model.
  • Harrison-Ruzzo-Ullman Model.

With respect to the Security Implementation, there are standards which must be followed when implementing security measures for protection.  These standards include ISO/IEC27001 and 27002 and PCI-DSS.   The ISO/IEC27001 is the most popular standards, which is used by the organization to obtain certification for information security.  These standard guides ensure that the information security management system (ISMS) of the organization is properly built, administered, maintained and progressed.  The ISO/IEC 27002 standard provides a code of practice for information security management. This standard includes security measures such as access control, cryptography, compliance.  The PCI-DSS v3.1 is specific for payment card industry. 

Security Models in Cloud Computing

As Service Model is one of the main models in Cloud Computing.  These services are offered through a Service Provider known as a Cloud Service Provider to the cloud users.  Security and privacy are the main challenges and concern when using Cloud Computing environment.  Although there is a demand to leverage the resources of the Cloud Computing to provide services to clients, there is also need and the requirement for the Cloud servers and resources not to learn any sensitive information about the data being managed, stored, or queried (Chaturvedi & Zarger, 2015).   Effort should be exerted to improve the control of users to their data in the public environment.  Cloud Computing Security Models include Multi-Tenancy Model, Cloud Cube Security Model, the Mapping Model of Cloud, Security and Compliance, and the Cloud Risk Accumulation Model of CSA (Chaturvedi & Zarger, 2015).

The Multi-Tenancy Model is described to be the major functional characteristic of Cloud Computing allowing multiple applications to provide cloud services to the clients.  The user’s tenants are separated by virtual partitions, and each partition holds clients tenant’s data, customized settings and configuration settings.  Virtualization in a physical machine allows users to share computing resources such as memory, processor I/O and storage to different users’ applications and amends the utilization of Cloud resources.  SaaS is a good example of Multi-Tenant Model which provides scalability to serve a large number of clients based on Web service.  This model of Multi-Tenancy is described by the security experts to be vulnerable and expose confidentiality which is regarded to be one of the Security Principles to risk between the tenants.  Side channel attack is a significant risk in the Multi-Tenancy Model.  This kind of attack is based on information obtained from bandwidth monitoring.   Another risk of the Multi-Tenancy Model is the assignment of resources to the clients with unknown identity and intentions.  Another security risk associated with Multi-Tenancy involves data storage of multiple tenants in the same database tablespaces or backup tapes. 

The Cloud Cube Security Model is characterized by four main elements; Internal/External, Proprietary/Open, Parameterized/De-parameterized, and Insourced/Outsourced.  The Mapping Model of Cloud, Security, and Compliance Model is another Model to provide a better method to analyze the gaps between cloud architecture and compliance framework and the corresponding security control strategies provided by the Cloud Service Provider, or third parties.  The Cloud Risk Accumulation Model of CSA is the last Security Models of Cloud Computing.  The three Cloud Models of IaaS, PaaS, and SaaS have various security requirements due to the layer dependencies.

Security Implementation: Virtual Private Cloud (VPC)

The VPC Deployment Model is a model that provides more security than the Public Deployment Model.  In this Model, the user can apply Access Control at the instance level as well as at the network level.  Policies are configured and assigned to groups based on the access role.   The VPC as a Deployment Model of the Cloud Computing did solve problems such as the loss of authentication, loss of confidentiality, loss of availability, loss, and corruption of data (Abdul, Jena, Prasad, & Balraju, 2014).  The VPC is logically isolated from other virtual networks in the cloud.  As indicated in (Abdul et al., 2014), VPC is regarded as the most prominent approach to Trusted Computing technology.  However, organizations must implement the security measures based on the requirements of the business.  For instance, organizations and users have control to select the IP address range, create a subnet, route tables, network gateway and security as illustrated in Figure 4.

Figure 4.  Virtual Private Cloud Security Implementation.

In summary, security measures must be implemented to protect the cloud environment.  Virtualization imposes threats to the Cloud environment.  The hypervisor is a major component of Virtualization.  It is recommended that the Hypervisor should be inbuilt with the firewall security and disable access console (USB, NIC) to prevent unauthorized access.   The access to the Role Based Access Control (RBAC) should be effective to control Hyper jacking of VMs.  The role and responsibilities should be defined to the users of the VMs to check the access authorization.  Virtual Private Cloud as a trusted deployment model of the Cloud Computing provides a more secure cloud environment than the Public Cloud. The Security Implementation must follow certain standards.  The organization must comply with these standards to protect organizations and users.

References

Abdul, A. M., Jena, S., Prasad, S. D., & Balraju, M. (2014). Trusted Environment In Virtual Cloud. International Journal of Advanced Research in Computer Science, 5(4).

Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.

Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information Sciences, 305, 357-383. doi:10.1016/j.ins.2015.01.025

Chaturvedi, D. A., & Zarger, S. A. (2015). A review of security models in cloud computing and an Innovative approach. International Journal of Computer Trends and Technology (IJCTT), 30(2), 87-92.

Gupta, M., Srivastava, D. K., & Chauhan, D. S. (2016). Security Challenges of Virtualization in Cloud Computing. Paper presented at the Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, Udaipur, India.