A-Warded LogoA-WardedSign Up Free

9. Topic 9(COLON) Cyber Security

Lesson 9.2: Defending Systems

Official syllabus section covering Lesson 9.2: Defending Systems within Topic 9: Cyber Security: Authentication, authorisation and access control; strong passwords and multi-factor authentication.; Firewalls, anti-malware software, patching and secure configuration..

Lesson 9.2: Defending Systems

Introduction

In today's digital age, safeguarding sensitive information and maintaining system integrity are critical. This lesson delves into essential concepts of cyber security that every individual and organization should understand. Our focus will be on authentication, authorization, access control, strong passwords, multi-factor authentication, and other components that contribute to a secure system. By the end of this lesson, students, you should have a clear understanding of the principles of defending systems and their practical applications in real-world scenarios.

Learning Objectives

  1. Understand the concepts of authentication, authorization, and access control.
  2. Recognize the importance of strong passwords and multi-factor authentication.
  3. Learn about firewalls, anti-malware software, patch management, and secure configurations.
  4. Grasp the significance of backups, redundancy, and disaster recovery in system security.
  5. Develop the ability to recommend appropriate defenses against various threats.
  6. Explain how authentication and access control protect a system.

Authentication, Authorization, and Access Control

Authentication

Authentication is the process of verifying the identity of a user or system. Think of it as confirming that someone is who they say they are. This can be achieved through various means, including:

  • Passwords: A common method where users provide a secret word or phrase.
  • Biometrics: Utilizing unique physical characteristics, such as fingerprints or facial recognition.
  • Tokens: Physical devices or software applications that generate unique codes.

Example of Authentication: When you log into your email account, you enter your username and password. The server checks these credentials against its records. If they match, you are authenticated and allowed access.

Authorization

Authorization determines what an authenticated user is allowed to do. It establishes permissions and access levels within a system. For instance, after logging into a banking application, a bank teller may have access to customer accounts, while a customer only has access to their account details.

Example of Authorization: Consider a company's internal database. An employee in HR may be authorized to view salaries, while employees in other departments are not.

Access Control

Access control is a broader concept that encompasses both authentication and authorization. It specifies how resources are accessed and by whom. There are several models of access control:

  • Discretionary Access Control (DAC): Owners determine who has access to their resources.
  • Mandatory Access Control (MAC): Access rights are regulated by a central authority based on information classifications.
  • Role-Based Access Control (RBAC): Access rights are assigned based on user roles within an organization.

Example of Access Control: Imagine a file within a company. The file might be accessible by all employees (DAC), restricted to certain departments (MAC), or available only to a team of project managers (RBAC).

Worked Example

Let’s put these concepts into practice.

Scenario: A school administration system.

  • Authentication: Students log in using a student ID and password.
  • Authorization: Teachers can view student grades, while students can only view their own grades.
  • Access Control: Only the principal can access sensitive payroll information, while all teachers have access to their class records.

Strong Passwords and Multi-Factor Authentication

Importance of Strong Passwords

A strong password is a crucial line of defense against unauthorized access. Weak passwords can be easily guessed or cracked. A strong password should include:

  • At least 12 characters
  • A mix of uppercase and lowercase letters
  • Numbers and special characters

Example of a Strong Password: Consider the password G@7xTY!94l$2aKz. It is long, includes different character types, and is not easily guessable.

Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to provide two or more verification factors to gain access. This usually involves something you know (like a password), something you have (like a smartphone), or something you are (like a fingerprint).

Example of MFA: When you log into an online bank account, you enter your password and then receive a code via SMS that you also need to enter. This ensures that even if your password is compromised, an additional factor is needed to gain access.

Worked Example

Scenario: Logging into a social media account.

  1. User enters their password.
  2. They receive a unique code on their mobile device.
  3. User inputs the code to verify their identity.

In this scenario, if an attacker knows the user’s password but does not have access to their mobile device, they cannot log in.

Firewalls and Anti-Malware Software

Firewalls

A firewall serves as a barrier between a trusted internal network and untrusted external networks. It monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls can be hardware-based, software-based, or a combination of both.

Anti-Malware Software

Anti-malware software protects against various types of malicious software, or malware, including viruses, worms, trojans, and ransomware. These programs scan, detect, and remove malware from a computer system. Keeping anti-malware software updated is crucial in defending against the latest threats.

Worked Example

Scenario: A company implements a firewall.

  • The firewall is configured to block all incoming traffic from unknown IP addresses.
  • Outgoing traffic is monitored to ensure no sensitive data is sent without authorization.

Meanwhile, anti-malware software runs in the background, scanning for threats and removing any malware that is detected automatically, protecting the company's data integrity.

Patching and Secure Configuration

Patching

Patching involves updating software to fix vulnerabilities or bugs. Software developers release patches to enhance security, improve performance, and fix known issues. It’s imperative that systems are regularly updated.

Secure Configuration

Secure configuration refers to the process of setting a system securely during installation and configuring it properly to minimize attack surfaces. This includes changing default passwords, disabling unnecessary services, and applying security settings.

Worked Example

Scenario: A web server deployment.

  1. The administrator applies the latest security patches before deployment.
  2. Default settings are modified to ensure maximum security, such as changing default administrator passwords and disabling unneeded features (like FTP).

Backups, Redundancy, and Disaster Recovery

Backups

Regular data backups are crucial in case of data loss due to cyber attacks, human error, or hardware failures. Backups should be stored in a separate location and be easy to restore.

Example: A company performs daily backups of their database to an offsite location so that they can restore data quickly if the primary system fails.

Redundancy

Redundancy involves having multiple instances of critical components in a system to ensure reliability and availability. This could include duplicate hard drives (RAID) or backup servers.

Disaster Recovery

Disaster recovery plans outline the processes and procedures for recovering from catastrophic system failures or security breaches. This plan should be tested regularly to ensure efficiency during an actual event.

Worked Example

Scenario: An e-commerce website prepares for potential data loss.

  1. Daily backups of the product database are taken.
  2. Server redundancy is implemented by having a secondary server that can take over in case the primary goes down.
  3. The disaster recovery plan includes steps for quick restoration of services and notifying customers about potential issues.

Conclusion

In conclusion, defending systems against cyber threats requires a thorough understanding of various strategies and technologies. From authentication and access control to firewalls, anti-malware tools, and maintaining backups, each component plays a vital role in maintaining security. By implementing these practices, students can contribute to creating a secure and resilient digital environment.

Study Notes

  • Authentication verifies identity; authorization determines access rights.
  • Strong passwords include numbers, letters, and symbols; aim for at least 12 characters.
  • Multi-factor authentication requires multiple proof of identity to enhance security.
  • Firewalls control traffic between networks; anti-malware software protects against malicious threats.
  • Regular patching and secure configuration minimize vulnerabilities in systems.
  • Backups, redundancy, and disaster recovery are crucial for data integrity and availability.

Practice Quiz

5 questions to test your understanding