Introduction to Cyber Security

OSI Security Architecture

The OSI Security Architecture is widely acknowledged on a global scale and offers a standardized framework for implementing security measures within organizations. It emphasizes three primary aspects: security threats, security controls, and security services, which are essential for safeguarding data and communication processes. This article delves into the OSI Security Architecture.

What is the OSI Model?

The OSI model serves as a universal framework for computer networking. Adopting a “divide and conquer” strategy, it breaks down the communication system into seven conceptual layers, each building upon the layer below it. The seven layers of the OSI model are:

• Physical Layer
• Data Link Layer
• Network Layer
• Transport Layer
• Session Layer
• Presentation Layer
• Application Layer

What is OSI Security?

OSI (Open Systems Interconnection) security encompasses a suite of protocols, standards, and methodologies designed to ensure the protection of data and communications within a network environment built on the OSI model. Established by the International Organization for Standardization (ISO), this model provides a conceptual structure for comprehending the interplay of networking protocols within a layered system.

Classification of OSI Security Architecture

The OSI Security Architecture defines a structured approach to embedding security at each layer of the model. It specifies security services and mechanisms that can operate across the seven layers to secure data transmitted within a network. These measures aim to ensure data confidentiality, integrity, and availability. The architecture is globally accepted, streamlining the implementation of security frameworks in organizations. Key elements of the OSI Security Architecture include:

1. Security Threats
2. Security Controls
3. Security Services

Key Components of OSI Security Architecture

1. Security Threats

Security threats are attempts to gain unauthorized access, disrupt operations, or compromise system security. They are categorized as:

a) Passive Threats: These involve monitoring communications or data without interfering with their flow. Passive threats include:

• Listening in (Eavesdropping): An unauthorized party intercepts communications between participants, such as reading unencrypted data streams.
• Analysis of Traffic: Observing data patterns and metadata to deduce system information, even without reading the content.

b) Active Threats: These disrupt or alter data flow, often leading to system damage. Examples include:

• Impersonation (Masquerading): Pretending to be a legitimate user to gain access.
• Replay: Capturing and reusing legitimate transmissions to deceive the system.
• Alteration of Data: Modifying messages so that the recipient receives incorrect or harmful content.
• Overloading Systems (DoS): Flooding a system with traffic to render it unavailable.
•  

2. Security Controls

Security controls are strategies and mechanisms designed to detect, mitigate, or prevent security threats. These include:

• Encryption: Transforming data into a format that only authorized parties can decode.
• Electronic Signatures: Using cryptography to verify the authenticity and integrity of digital documents or messages.
• Padding of Data Streams: Adding random or additional data to obscure true data content.
• Controlled Routing: Directing data through secure paths, especially when security vulnerabilities are suspected.

3. Security Services

Security services are dedicated measures for managing and mitigating security risks. The primary categories include:

• Identity Verification (Authentication): Ensuring users or devices are who they claim to be.
• Resource Access Management: Policies to control who can access specific system resources.
• Protecting Information (Confidentiality): Ensuring data is not disclosed to unauthorized entities.
• Maintaining Data Integrity: Verifying that data remains unaltered during transit or storage.
• Accountability (Non-repudiation): Creating a reliable record of actions or transmissions to prevent denial by involved parties.

Advantages of OSI Security Architecture

• Enhanced Safety: Offers robust protection against potential risks and threats.
• Streamlined Task Management: Assists managers in developing comprehensive security frameworks.
• Compliance with Standards: Aligns with globally recognized security standards.
• Interoperability: Facilitates compatibility between diverse hardware and software.
• Scalability: Supports network growth and the integration of new technologies.
• Adaptability: Enables independent evolution of individual layers to accommodate advancements.

Active and Passive attacks in Information Security

In cybersecurity, various types of threats target computer security, network security, and information security. These threats are broadly categorized into active and passive attacks. Understanding these threats is crucial for protecting personal data and ensuring system safety.

What is a Cyber Attack?

A cyber attack is an attempt by hackers to infiltrate computer systems or networks with malicious intent, such as stealing data, causing financial losses, or disrupting operations. Cyber attacks target individuals, organizations, or government entities. Common types of cyber attacks include:

• Malware: Harmful software such as viruses, ransomware, or trojans.
• Phishing: Deceptive emails designed to trick users into revealing sensitive information.
• Denial of Service (DoS): Overwhelming systems with traffic to make them inaccessible.
• Man-in-the-Middle (MitM): Intercepting communications between two parties.

Active Attacks

Active attacks involve unauthorized actions that alter systems or data, directly interfering with targets to cause harm or gain unauthorized access.

Types of Active Attacks:

1. Masquerade Attack

In a masquerade attack, the attacker pretends to be someone else to gain unauthorized access to systems or sensitive information. Common forms include:

• Username and Password Masquerade: Using stolen credentials to access accounts.
• IP Address Spoofing: Forging an IP address to appear as a trusted source.
• Fake Websites: Creating counterfeit websites resembling legitimate ones to deceive users into providing personal information.
• Email Spoofing: Sending emails that appear to be from a trusted sender, tricking recipients into sharing sensitive data.

2. Message Modification: This involves altering messages during transmission to disrupt communication. For instance, changing a request from “Grant access to file A for Alice” to “Grant access to file A for Bob.” Such attacks compromise the integrity of the information.

3. Repudiation: Attackers perform actions like unauthorized transactions or message alterations and later deny their involvement. Types of repudiation attacks include:

• Message Repudiation: Sending a message and later denying it.
• Transaction Repudiation: Performing unauthorized transactions and disavowing them.
• Data Repudiation: Altering or deleting data and denying responsibility.

4. Replay AttackReplay attacks involve intercepting and reusing legitimate data to gain unauthorized access or effects. For example, an attacker might capture login credentials during a session and reuse them later.

5. Denial of Service (DoS) Attack: A DoS attack floods a system or network with excessive requests, consuming resources and rendering the service unavailable to legitimate users.

• Flood Attacks: Overloading the target with a massive volume of requests.
• Amplification Attacks: Leveraging intermediary systems to increase the attack’s scale.

Prevention Methods:

• Use firewalls and intrusion detection systems.
• Limit connection requests to manageable levels.
• Distribute traffic with load balancers and segmentation.

Passive Attacks

Passive attacks focus on observing or monitoring data transmission without altering or destroying the data. These attacks aim to collect sensitive information covertly.

Types of Passive Attacks:

1. Release of Message Content: Attackers monitor communication, such as emails or file transfers, to access sensitive information. For example, they might intercept encrypted messages during transmission.

2. Traffic Analysis: Even if data is encrypted, attackers analyze the metadata, such as frequency, size, or source/destination of messages, to infer patterns or relationships. Encrypting both the data and metadata can mitigate these attacks.

Types of Security Mechanism

A security mechanism refers to a method or technology designed to safeguard data and systems against unauthorized access, cyber-attacks, and other potential threats. By implementing security mechanisms, organizations ensure data integrity, confidentiality, and availability, thereby securing sensitive information and fostering trust in digital operations.

What is Network Security?

Network Security focuses on protecting computer networks and their infrastructure from threats. Networks are essential for sharing resources, such as printers and scanners, or exchanging data. Security mechanisms are processes designed to recover from specific threats across different protocol layers, ensuring the network remains secure.

Types of Security Mechanisms

1. Encipherment: Encipherment involves transforming data into an unreadable format to maintain confidentiality. This is achieved through mathematical algorithms or calculations that obscure the original data. Popular techniques include Cryptography and Encipherment itself. The strength of encryption depends on the algorithm used.

Example:

• Before encryption: “UserPassword123”
• After encryption: “W2@45**6$%Hj1z

2. Access Control: Access Control restricts unauthorized access to data during transmission. Techniques include setting up passwords, implementing firewalls, or applying PIN codes to protect the data.

Example:

• A secure login page that requires a username and password to access sensitive information.

3. Notarization: Notarization involves using a trusted third party during communication. The third party acts as a mediator between the sender and receiver, reducing potential disputes and maintaining a log of requests for future reference.

Example:

• A financial transaction where a trusted payment gateway logs transaction details for both parties.

4. Authentication Exchange: Authentication Exchange ensures the identity of the communicating parties. This is commonly achieved through a two-way handshake at the TCP/IP layer to verify the authenticity of the sender and receiver.

Example:

• A system where both parties share a unique session key during initial connection to confirm identity.

5. Authentication Exchange: Authentication Exchange ensures the identity of the communicating parties. This is commonly achieved through a two-way handshake at the TCP/IP layer to verify the authenticity of the sender and receiver.

Example:

• A system where both parties share a unique session key during initial connection to confirm identity.

6. Digital Signature: A Digital Signature is an electronic signature attached to data by the sender. It verifies the sender’s identity without compromising confidentiality. The receiver uses electronic verification to ensure authenticity.

Example:

• A digitally signed email where the recipient can validate the sender’s identity through a unique digital certificate.