Cybersecurity First Principles


Cybersecurity First Principles

Cybersecurity First Principles

Cybersecurity First Principles

Be wary of the networks you inherit. Old conventions and previous forms are often accepted without question and, once accepted, they set a boundary around creativity.

Cybersecurity, which has evolved from the phrase, “Computer Security”, is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Cybersecurity first principles thinking, which more often than not is called reasoning from first principles, is a very effective strategy that can be employed from breaking down complicated problems and generating original solutions. This is one of the most efficient approaches to learn how to think for yourself.

In this context, we will be reasoning cybersecurity from first principles to get the basic building blocks of what is needed to build an effective cybersecurity program.

  1. Domain Separation:
    • What is considered a “Domain”?
      • A domain is a very generic term. This can be a region governed by a king; a website, or any area of control.
      • In the Robert Frost poem “Mending Fences”, the last line states that “Good fences make good neighbors”. Domain separation is like this.
      • Inside a computer system, there are also domains. For example, most hardware microprocessors have a supervisor domain (sometimes referred as a supervisor or privileged state) and a user domain. A system wants to make sure that the supervisor state stays separate from the user state.
    • Exploiting no Domain Separation:
      • Malicious attackers are always actively wanting to get into the victims “domain”. This is more often than not going to be a website, a business network, or even a home network. A lot of times, malicious attackers are after the more vulnerable and easy ways in, like a vulnerable router (Internet Gateway) or a WiFi access point. This means that they break into your “domain” as a business or home user. That’s why it is important to ensure domain separation of your vulnerable systems and your secure systems that carry your important personal or business data.
  2. Process Isolation:
    • What is considered a “Process”?
      • A process is a program that is running in a computer. All processes running in a computer system have their own allocated memory space. This address space is an area of memory that only the program can access.
      • In addition to process isolation, it is also possible to have an operating system isolation. Programs such as VMWare or Virtual Box ensure that multiple operating systems run on the same computer. Programs running in each operating system should not be aware of the other processes in the other operating systems.
    • Exploiting no Process Isolation:
      • Process Isolation can be exploited when a “Virus” or “Malware” is installed on a computer. When that program runs, it looks for some vulnerable programs on a system that essentially access the address space of another program, which then lets the “Virus” or “Malware” run commands that it shouldn’t normally be able to do. Once that happens, these “malicious programs” can steal data off of your system, encrypt your workstations, and make your day pretty bad.
  3. Resource Encapsulation:
    • What is “Resource Encapsulation”?
      • A computer has many resources. A resource can be hardware based; memory, disk drives, monitors, keyboard, thumb drive.
      • Encapsulation is an “object oriented programming” concept where all data and functions that are required for use are packaged in a container or grouping.
      • In addition to controlling what operations can be performed on a resource, the system can control which users perform these operations on a resource.
    • Exploiting no Resource Encapsulation:
      • When a malicious user exploits “Resource Encapsulation”, they are taking advantage of having access to resources they shouldn’t normally have access to. This can be file shares, so if some “malware” was downloaded from the internet, now it spread to all the other systems on the network because the file shares were open to all systems, causing the “malware to infect the entire network.
  4. Least Privilege:
    • What is “Least Privilege”?
      • In a computer, a privilege is a right for the user to act on managed computer resources. Minimizing the number of privileges granted to a user improves accountability and limits accidental misuse.
    • Exploiting no Least Privilege:
      • When you send over an e-mail, it could contain a malicious attachment that if you have admin privileges, can exploit the privilege you normally use instead of separating them.
  5. Layering:
    • What is “Layering”?
      • In the context of computer security, a layer is a separate level that must be conquered by an attacker to breach a system. Layering slows down an attacker, and the attacker needs to conquer each layer before moving on to the next.
    • Exploiting no Layering:
      • If there are no layers to slow down an attacker, it becomes much easier to exploit a system, network, etc.
  6. Abstraction:
    • What is “Abstraction”?
      • It’s best to keep it simple, silly. Abstraction is the concept that something complicated can be thought of and represented more simply. In cybersecurity, its best to reduce any clutter that can distract the user or programmer from using a resource correctly.
    • Exploiting no Abstraction:
      • When there is a lot of abstraction, there is a lot of noise. This means that attackers can go undetected on a network if there is too much abstraction, too much clutter. This can also be true with a computer system, and there are too many pieces of software, or apps on a phone. You aren’t sure what the actual culprit is.
  7. Data Hiding:
    • What is “Data Hiding”?
      • Data hiding only allows necessary aspects of a data structure or a record to be observed or accessed. Websites don’t need to load all of a user’s data to show a list of usernames – they only need the username, the rest of the record fields can be hidden.
    • Exploiting no Data Hiding:
      • If an attacker was able to exploit a website’s database, if there is no data hiding properly implemented, then very personal information can be stolen.
  8. Modularity:
    • What is “Modularity”?
      • Modularity is a design technique that can separate the functionality of a program into independent, interchangeable components. Each component is is self-sufficient and and capable of executing a unique part of the desired functions.
    • Exploiting no Modularity:
      • When your network or computer system is reliant on all of the bits and pieces working together with no redundancy, it’s easy for an attacker to exploit that and do minimal work for maximum damage.
  9. Simplicity:
    • What is “Simplicity”?
      • The lack of complexity allows system designers and programmers to identify unwanted access paths. Users can easily translate their general protection goals to appropriate system security configurations.
    • Exploiting no Simplicity:
      • When a system is designed complexly, then it is easy for attackers to go undetected, and more parts makes it harder to secure.
  10. Minimization:
    • What is “Minimization”?
      • Ensuring that  a software or network has the least functionality, least features. Best way is to turn off unnecessary features, block unnecessary ports using a firewall, and reducing the amount of code.
    • Exploiting no Minimization:
      • Attackers will look for every service, port, and feature turned on to attempt to exploit it.