Basics of information security. Part 1: Types of Threats

Virtual server security can only be considered directly as “information security” . Many have heard this phrase, but not everyone understands what it is?

Information Security is the process of ensuring the availability, integrity and confidentiality of information .
')
By “accessibility” is meant accordingly the provision of access to information. "Integrity" - is to ensure the accuracy and completeness of information. “Confidentiality” means providing access to information only to authorized users.

Based on your goals and the tasks to be performed on the virtual server, you will need different measures and degrees of protection applicable to each of these three points.

For example, if you use a virtual server, only as a means for surfing the Internet, then the necessary means to ensure security will first of all be the use of anti-virus protection tools, as well as the observance of elementary safety rules when working on the Internet.

In another case, if you have a site or a game server on your server, then the necessary protection measures will be completely different.

Knowledge of the possible threats, as well as the vulnerabilities of protection that these threats usually exploit, is necessary in order to choose the most optimal means of ensuring security, for this we consider the main points.

By “Threat” is meant the potential possibility to violate information security in one way or another. An attempt to implement a threat is called an “attack” , and the one who implements this attempt is called an “attacker” . Most often, the threat is a consequence of the presence of vulnerabilities in the protection of information systems.

Consider the most common threats to which modern information systems are subject.

Information security threats that cause the most damage

Consider the following classification of types of threats according to various criteria:

1. Threat directly to information security:
   
   • Availability
   • Integrity
   • Confidentiality
2. Components to which the threats are aimed:
   
   
   • Data
   • Programs
   • Equipment
   • Supporting infrastructure
3. According to the method of implementation:
   
   
   • Accidental or intentional
   • Natural or man-made
4. The location of the source of the threat are:
   
   
   • Internal
   • External

As mentioned at the beginning, the concept of “threat” in different situations is often interpreted differently. And the necessary security measures will be different. For example, for a clearly open organization of threats to confidentiality may simply not exist - all information is considered publicly available, but in most cases illegal access is a serious danger.

Applicable to virtual servers, the threats that you as a server administrator need to take into account this is a threat to the availability, confidentiality and integrity of data. For the possibility of threats aimed at confidentiality and integrity of data that are not related to the hardware or infrastructure component, you are directly and independently responsible. Including how to apply the necessary measures of protection, it is your immediate task.

Threats aimed at the vulnerabilities of the programs you use, often you as a user will not be able to influence, except how not to use these programs. It is allowed to use these programs only if the implementation of threats using the vulnerabilities of these programs is either not advisable from the point of view of an intruder or does not have significant losses for you as a user.

Providing the necessary security measures against threats aimed at equipment, infrastructure or threats of man-made and natural nature is directly dealt with by the hosting company you have chosen and in which you rent your servers. In this case, it is necessary to take the most careful approach to the selection; a properly selected hosting company at the proper level will ensure you the reliability of the hardware and infrastructure component.

As the administrator of the virtual server, these types of threats need to be taken into account only in cases in which even a short-term loss of access or a partial or complete interruption in the server’s performance due to the hosting company’s risk can lead to incomparable problems or losses. This happens quite rarely, but for objective reasons, no hosting company can provide Uptime 100%.

Threats directly to information security

The main threats to accessibility include

1. Internal information system failure;
2. Failure of supporting infrastructure.

The main sources of internal failures are:

• Violation (accidental or intentional) of the established rules of operation
• System exit from normal operation due to random or deliberate user actions (exceeding the estimated number of requests, excessive amount of information processed, etc.)
• Errors during (re) system configuration
• Malicious software
• Software and hardware failures
• Data destruction
• Destruction or damage to equipment

In relation to the supporting infrastructure, it is recommended to consider the following threats:

• Disruption of work (accidental or deliberate) of communication systems, power supply, water and / or heat supply, air conditioning;
• Destruction or damage to the premises;
• The inability or unwillingness of service personnel and / or users to fulfill their duties (civil unrest, transport accidents, terrorist act or its threat, strike, etc.).

The main threats to integrity

Can be divided into threats of static integrity and threats of dynamic integrity.

It is also worth dividing into threats to the integrity of service information and meaningful data. Service information refers to passwords for access, data transmission routes in the local network, and similar information. Most often and in almost all cases, the attacker is conscious or not, an employee of the organization who is familiar with the mode of operation and protection measures.

In order to violate static integrity, an attacker may:

• Enter incorrect data
• To change the data

Threats to dynamic integrity are reordering, theft, duplication of data, or the addition of additional messages.

Major privacy threats

Confidential information can be divided into subject and service. Service information (for example, user passwords) does not relate to a specific subject area, it plays a technical role in the information system, but its disclosure is especially dangerous because it is fraught with unauthorized access to all information, including subject information.

Even if the information is stored in a computer or intended for computer use, threats to its confidentiality may be non-computer and non-technical in general.

Unpleasant threats that are difficult to defend against include abuse of authority. On many types of systems, a privileged user (for example, a system administrator) is able to read any (unencrypted) file, access mail of any user, etc. Another example is damage in service. Usually, the service engineer gets unlimited access to the equipment and has the ability to work around the software protection mechanisms.

For clarity, these types of threats are also schematically presented below in Figure 1.

Fig. 1. Classification of types of information security threats

In order to apply the best protection measures, it is necessary to assess not only information security threats, but also possible damage; for this, an acceptance characteristic is used, thus the possible damage is defined as acceptable or unacceptable. For this, it is useful to establish your own criteria for the admissibility of damage in monetary or other form.

Everyone who starts to organize information security should answer three basic questions:

1. What to protect?
2. From whom to protect, what types of threats are prevalent: external or internal?
3. How to protect, by what methods and means?

Taking all of the above into account, you can more fully assess the relevance, opportunity and criticality of threats. Evaluating all the necessary information and weighing all the pros and cons. You will be able to choose the most effective and optimal methods and means of protection.

The main methods and means of protection, as well as the minimum and necessary security measures applied on virtual servers, depending on the main goals of their use and the types of threats, will be discussed in the following articles under the heading “Fundamentals of Information Security”.