THM – Principles of Security – Part 2

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing.

Principles of Privileges

The levels of access given to individuals are determined on two primary factors:

  • The individual’s role/function within the organisation
  • The sensitivity of the information being stored on the system

Two key concepts are used to assign and manage the access rights of individuals, two key concepts are used: Privileged Identity Management (PIM) and Privileged Access Management (or PAM for short). PIM is used to translate a user’s role within an organisation into an access role on a system. Whereas PAM is the management of the privileges a system’s access role has, amongst other things.

Users should be given the minimum amount of privileges, and only those that are absolutely necessary for them to perform their duties. Other people should be able to trust what people write to.

PAM incorporates more than assigning access. It also encompasses enforcing security policies such as password management, auditing policies and reducing the attack surface a system faces.

Security Models Continued

The Bell-La Padula Model

The Bell-La Padula Model is used to achieve confidentiality. This model has a few assumptions, such as an organisation’s hierarchical structure it is used in, where everyone’s responsibilities/roles are well-defined.

The model works by granting access to pieces of data (called objects) on a strictly need to know basis. This model uses the rule “no write down, no read up”.

Policies in this model can be replicated to real-life organisations hierarchies (and vice versa)Even though a user may not have access to an object, they will know about its existence — so it’s not confidential in that aspect.
Simple to implement and understand, and has been proven to be successful.The model relies on a large amount of trust within the organisation.

Biba Model

The Biba model is arguably the equivalent of the Bell-La Padula model but for the integrity of the CIA triad.

This model applies the rule to objects (data) and subjects (users) that can be summarised as “no write up, no read down”. This rule means that subjects can create or write content to objects at or below their level but can only read the contents of objects above the subject’s level.

This model is simple to implement.There will be many levels of access and objects. Things can be easily overlooked when applying security controls.
Resolves the limitations of the Bell-La Padula model by addressing both confidentiality and data integrity.Often results in delays within a business. For example, a doctor would not be able to read the notes made by a nurse in a hospital with this model.

Threat Modelling & Incident Response

Threat modelling is the process of reviewing, improving, and testing the security protocols in place in an organisation’s information technology infrastructure and services.

There are frameworks such as STRIDE (Spoofing, identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service and Elevation of privileges) and PASTA (Process for Attack Simulation and Threat Analysis) infosec never tasted so good!. Let’s detail STRIDE below. STRIDE, authored by two Microsoft security researchers in 1999 is still very relevant today. STRIDE includes six main principles, which I have detailed in the table below:

SpoofingThis principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another. Access keys (such as API keys) or signatures via encryption helps remediate this threat.
TamperingBy providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate. For example, shops use seals on food products.
RepudiationThis principle dictates the use of services such as logging of activity for a system or application to track.
Information DisclosureApplications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner is shown.
Denial of ServiceApplications and services use up system resources, these two things should have measures in place so that abuse of the application/service won’t result in bringing the whole system down.
Elevation of PrivilegeThis is the worst-case scenario for an application or service. It means that a user was able to escalate their authorization to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure.

Incidents are classified using a rating of urgency and impact. Urgency will be determined by the type of attack faced, where the impact will be determined by the affected system and what impact that has on business operations.

Incident is responded to by a Computer Security Incident Response Team (CSIRT) which is prearranged group of employees with technical knowledge about the systems and/or current incident. To successfully solve an incident, these steps are often referred to as the six phases of Incident Response that takes place, listed in the table below:

PreparationDo we have the resources and plans in place to deal with the security incident?
IdentificationHas the threat and the threat actor been correctly identified in order for us to respond to?
ContainmentCan the threat/security incident be contained to prevent other systems or users from being impacted?
EradicationRemove the active threat.
Recovery Perform a full review of the impacted systems to return to business as usual operations.
Lessons LearnedWhat can be learnt from the incident? I.e. if it was due to a phishing email, employees should be trained better to detect phishing emails.

Similar Posts