Security Fundamentals
Presented to you by the
and jaysa :)
Security Basics
Why do we care?
- Hospitals suffering from ransomware attacks (DNI)
- Financial security
- Equifax breach, First American Financial
- Personal information
- Job security!
- According to the Bureau of Labor Statistics, 33% predicted increase in jobs from 2022 to 2032 (most hover at 3%)
Basic Principles
- Security is economics: resource allocation
- Least privilege: minimum needed to perform action
- Defense in depth: layers and layers
- Complete mediation: continuous authentication
- Accounting for human factors: errors
Most important: know your threat model
Understand what is at risk and what you can do to minimize risk
Security Goals and Implementation
- Confidentiality
- Ensure only those with approved access can read data
- Integrity
- Ensure data has not been tampered with
- Authentication
- Prove the author/source of data
- Availability
- Ensure the uptime of a service
Confidentiality
Ensure only those with approved access can read data
Plaintext: - Vulnerable data - What you want to hide from the attacker
Ciphertext: - Secured data that is indistinguishable from garble - What you want the attacker to see
Key: - Secret necessary for converting plaintext into ciphertext and vice-versa
Encryption: plaintext + key → ciphertext Decryption: ciphertext + key → plaintext
Symmetric cryptography:
Same key for encrypting and decrypting data
Asymmetric cryptography (AKA public key cryptography):
Comes in public-private key pairs where public key is for encryption and private key is for decryption - Public key: can be distributed to everyone - Private key: must be kept secret - Anyone can encrypt data with public key but only the person possessing private key can decrypt data