02

The focus is using preventive measures to enable resilient systems. Defending against specific attacks is only a small part of Cybersecurity.

confidentiality, integrity, and availability

Confidentiality is the goal to ensure that only authorized Cyberspace participants may access certain information, data, or communication.

Confidentiality is a very important goal of Cybersecurity as it is also tightly coupled with data-privacy. Furthermore, data or information stored on storage solutions like the laptop, and the USB Stick should also be considered confidential.

Integrity is the goal to ensure that all kind of unauthorized alterations to information, data, or communication are detectable. Changes include additions, deletions, and ex change of data.

Availability is the goal to ensure that information, data, and communication are always available to Cyberspace participants using them.

Confidentiality the attacker was able to get access to the computer system and the data Availability by encrypting all the data the company has no access to its data anymore

Security features: Structural means for achieving greater Cybersecurity.

dentification is the process to figure out the identity of a cyberspace participant (user, system) by features like address, some kind of fingerprint, or an image. It is similar to the process in the physical world when e.g. a car is identified by its license plate or a witness identifies a person on an image. As the process is often inaccurate the number of false positivies or false negatives can be high and often this features can be easily faked by criminals

Identification is often used to gather basic information of network participants or users. Such an identification is not a proof and preventing access to information by identification is unsecure!

OS type

IPv4 adress

MAC adress

Authentication is the process when a cyberspace participant proofs its identity to another using some secure method.

1. Passwords: Secret strings known only to users, used to prove identity and gain access to systems or data.

2. Asymmetric Cryptography: A method of encryption using two keys—a public key for encrypting data and a private key for decrypting it.

3. Zero-Knowledge Proofs: A way to prove you know a secret (like a password) without revealing the secret itself or any other information.

   
   

   The reliability of the authentication depends on the reliabiliy of the used method. It can be degraded by the participant by publishing secret information or using weak secrets.

Authentication controls access to systems and services in cyberspace, but by itself, it doesn't protect data from unauthorized reading or provide fine-grained access control. The most common method is password authentication, though it's flawed: people often use weak passwords, and passwords can be intercepted or misused if not securely stored or transmitted.

Crypto tokens (like YubiKeys or eIDs) offer a more secure alternative, using asymmetric cryptography where a private key signs a challenge (nonce) for authentication. These tokens prevent password theft but introduce complexity and risk if lost.

Authorization is the process of organizing authenticated or identified Cyberspace partici pants into access groups, roles or lists. Groups, roles, and lists describe the access rights on information, data, systems, or services. Typical access roles or groups are: Administrator, Users, and Database-Manager.

Privilege escalation ist the process to circumvent authorization and gain more access rights than assigned. If authorization is based on identification privilege escalation is often easy

Access Control Lists (ACLs) is a typical authorization method for network applica tions. Different format for ACLs exist.

Accept-List participants allowed to access a system, service, ressource, … Reject-List participants not allowed to access a system. service, ressource, …

Example:

Encryption is the best way of protecting information or data. Encryption is done using a symmetric or assymmetric algorithm.

After encryption only the Cyberspace participant with the correct key is able to decrypt the cyphertext. The security of encryption depends heavily on the selected encryption algorithm and the size of the key.

Most of the assymetric algorithms can be easily broken if Quantum Computers improve and become easily accessible. Symmetric algorithms require an increase in their key size to stay secure

The security of a cryptographic system is measured by the amount of computing power required to break it. In the best case a brute force attack trying all possible values from the key-space is required and in the worst case a bug in the cryptographic system exist to reduce the amount of computing power.

Recommended Symmetric Algorithms

– AES-128

– AES-192

– AES-256

• Recommended Asymmetric Algorithms and Key Sizes

– ECIES (250 bits)

– DLIES (3000 bits)

– RSA (3000 bits)

Cryptographically signing is done by one of the following two ways:

1. HMAC

An HMAC combines a cryptographic hash function like SHA-256 with a secret key. To sign information the HMAC generates a hash of the information. Anynone in posession of the secret key can also compute this HMAC and verify the integrity of the information.

1. Assymmetric Algorithm

In this case a cryptographic hash like SHA-256 is generated from the information and afterwords is encrypted with the private key of the as symmetric cryptographic system. Everyone in possession of the public key is able to decrypt the hash and verify its correctness.

Backup is the process of creating a copy of information. This copy is placed on other devices like external harddisks, tape archives, or USB storage. The copy may also been stored at a remote locations like cloud storage or another company locations

Backup systems can use every storage device which has :

• agood capacity

• along time storage safety

• aminimum robustness level

• is removable from a system

The most commonly used are:

Magnetic tapes and Hard-Disks

The advantages of using hard-disks are

• they are cheap (easy to buy)

• and very fast (>200Mb/s)

Their disadvantages are

• they are fragile (do not drop them)

• they have a low capacity (<25Tb)

Magnetic tapes can be seen as the opposite of hard-disks in backup solutions.

The advantages of magnetic tapes are

• they are very robust (e.g. you can drop them)

• they have a high capacity (>300Tb)

Their disadvantages are

• they are expensive

• they are very slow (<200Mb/s)

Redundancy is a infrastructure measure, providing multiple instances of a service or systems.

cold-spare

e.g. hardware is available and is activated if required

hot-spare

e.g. hardware is running concurrently for fast fail-over

Today hot-spare systems can be easily build by using cloud services.

redundant power supplies

Server systems, switches, and other infrastructure contain at least two power supplies. If one power supply fails the other is taking over instantly.

hard-disk raid systems

A hard-disk raid system combines multiple hard-disks into one. Depending on the selected raid mode this system can provide redundancy for hard disks. This setup supports failing drives while the system is continuing running

Load balancing