Integrity and Availability Threats and Mitigation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hi everybody. Continuing with the CIA triad,
00:00
let's look at integrity.
00:00
When we talk about threats to integrity,
00:00
we are concerned about whether a data has been modified.
00:00
There are a couple of ways that can happen.
00:00
One way is through corruption,
00:00
which is accidental or unintentional modification.
00:00
Maybe it happens because
00:00
there is interference on the line
00:00
or something happens as data
00:00
traverses great lengths, for example.
00:00
Another way is through
00:00
malicious modification. That's intentional.
00:00
For example, an attacker inserts
00:00
malware into a file that gets downloaded,
00:00
or somebody captures a package in transit,
00:00
and makes modifications to it.
00:00
Or maybe they alter communication
00:00
and change a session header or a source ID.
00:00
All of that is threat against integrity.
00:00
Corruption is easier to
00:00
detect than malicious modification.
00:00
When we're just looking to protect against corruption,
00:00
we use hashes or hashing.
00:00
Another word for a hash is a message digest,
00:00
and another word is a checksum.
00:00
Those three words might be used together.
00:00
They're all good methods to use
00:00
for unintentional modification,
00:00
but with malicious modification,
00:00
we have to be more robust with our security controls.
00:00
That's because if an attacker can modify the data,
00:00
they may be able to modify the security controls.
00:00
For this, we have a MAC or a message authentication code,
00:00
or a digital signature.
00:00
We'll cover all of these things in
00:00
more detail in the cryptography chapter.
00:00
If we want to protect the integrity of
00:00
log files and audit records,
00:00
we can use write-once media
00:00
to make sure they can't be modified.
00:00
Baseline images can be put on write-once media also,
00:00
and hashes can be used with images as well.
00:00
Then the last of the security principles
00:00
in the CIA triad is availability.
00:00
This means having timely access to resources.
00:00
The most common attack against
00:00
availability is a denial of service attack.
00:00
A denial of service DoS attack has
00:00
to do with overwhelming the servers that it is so
00:00
busy responding to my illegitimate requests
00:00
that it can't respond to a legitimate request.
00:00
It could also be
00:00
someone on [inaudible] server in the server room,
00:00
but the ones we're going to look at
00:00
have to do with the resource overload.
00:00
Now, if a single system can cause a resource overload,
00:00
what about if an attacker took over 10
00:00
or 100 or 10,000 systems?
00:00
That's what happens in a distributed
00:00
denial-of-service or DDoS attack.
00:00
The attacker gets malicious software
00:00
on the systems without
00:00
zombies or botnets which launch downstream attacks,
00:00
lots of attacks look like that.
00:00
Another type of issue with availability is just failure.
00:00
Failure of devices or resources.
00:00
It can be caused by natural disaster
00:00
like a fire or a hurricane that causes
00:00
power outages or even something
00:00
like an employee strike can affect availability.
00:00
They can also have something like a ransomware attack,
00:00
which means your data is not available.
00:00
There are all sorts of ways that availability can suffer.
00:00
The answer to keeping availability alive is redundancy.
00:00
Along with that, go with the ideas
00:00
of resiliency and fault tolerance.
00:00
The idea there is to withstand an attack and
00:00
keep going on even if you have been attacked.
00:00
We also list backups here,
00:00
but when you think about availability,
00:00
you have to be really comprehensive,
00:00
and backups only work for data.
00:00
We'll talk about other solutions for
00:00
availability of hardware and software later.
Up Next