Countermeasure (computer)

Last updated September 15, 2022

In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

A synonym is security control.^[2]^[4] In telecommunications, communication countermeasures are defined as security services as part of OSI Reference model by ITU-T X.800 Recommendation. X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned.

The following picture explain the relationships between these concepts and terms:

      + - - - - - - - - - - - - +  + - - - - +  + - - - - - - - - - - -+       | An Attack:              |  |Counter- |  | A System Resource:   |       | i.e., A Threat Action   |  | measure |  | Target of the Attack |       | +----------+            |  |         |  | +-----------------+  |       | | Attacker |<==================||<=========                 |  |       | |   i.e.,  |   Passive  |  |         |  | |  Vulnerability  |  |       | | A Threat |<=================>||<========>                 |  |       | |  Agent   |  or Active |  |         |  | +-------|||-------+  |       | +----------+   Attack   |  |         |  |         VVV          |       |                         |  |         |  | Threat Consequences  |       + - - - - - - - - - - - - +  + - - - - +  + - - - - - - - - - - -+

A resource (both physical or logical) can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the confidentiality, integrity or availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of information security.

The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality.

A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger enabling the exploitation of a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).^[1]

A set of policies concerned with information security management, the information security management systems (ISMS), has been developed to manage, according to risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.^[4]

Countermeasures Against Physical Attacks

If a potential malicious actor has physical access to a computer system, they have a greater chance of inflicting harm upon it.

Electronic Destruction Devices

Devices such as a USB Killer may be used to damage or render completely unusable anything with a connection to the motherboard of a computer, such as a USB port, video port, Ethernet port, or serial port.^[5] Without proper protection, these devices may result in the destruction of ports, adapter cards, storage devices, RAM, motherboards, CPUs, or anything physically connected to the device attacked, such as monitors, flash drives, or wired switches. These types of devices can even be used to damage smartphones and cars, as well.^[6]

This threat can be mitigated by not installing or restricting physical access to easily accessible ports in situations where they are not necessary. A port-closing lock which permanently disables access to a port short of the actual port being disassembled.^[7] When it is necessary for a port to be accessible, an optocoupler can allow for a port to send and receive data to a computer or device without a direct electrical connection, preventing the computer or device from receiving any dangerous voltage from an external device.^[8]

Hard Drives and Storage

In an unsecured scenario, a malicious actor may steal or destroy storage devices such as hard drives or SSDs, resulting in the destruction or theft of valuable data.

If the data of a storage device is no longer necessary, data theft is best prevented against by physically destroying or shredding the storage device.^[9]

If the data of a storage device is in use and must be secured, one can use encryption to encrypt the contents of a storage device, or even encrypt the whole storage device save for the master boot record. The device can then be unlocked with a password, biometric authentication, a physical dongle, a network interchange, a one-time password, or any combination thereof. If this device is a boot drive, however, it must be unencrypted in a pre-boot environment so the operating system can be accessed. Striping, or breaking data into chunks stored upon multiple drives which must be assemble in order to access the data, is a possible solution to physical drive theft, provided that the drives are stored in multiple, individually secured locations, and are enough in number that no one drive can be used to piece together meaningful information.

Not to be neglected is the process of adding physical barriers to the storage devices themselves. Locked cases or physically hidden drives, with a limited number of personnel with knowledge and access to the keys or locations, may prove to be a good first line against physical theft.

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

Expandable storage is a form of computer storage that is designed to be inserted and removed from a system. Some forms of removable media, such as optical discs, require a reader to be installed in the computer, while others, such as USB flash drives, have all the hardware required to read them built into the device, so only need a driver to be installed in order to communicate with the device.

<span class="mw-page-title-main">USB flash drive</span> Data storage device

A USB flash drive is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than 30 g (1 oz). Since first appearing on the market in late 2000, as with virtually all other computer memory devices, storage capacities have risen while prices have dropped. As of March 2016, flash drives with anywhere from 8 to 256 gigabytes (GB) were frequently sold, while 512 GB and 1 terabyte (TB) units were less frequent. As of 2018, 2 TB flash drives were the largest available in terms of storage capacity. Some allow up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and are thought to physically last between 10 and 100 years under normal circumstances.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">Vulnerability (computing)</span> Exploitable weakness in a computer system

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.

Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers, desktop computers and a growing list of hand-held devices capable of storing digital information, such as USB flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts, confidential, and copyrighted information for the company they work for, they may feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. Information can be sold and bought and then used by criminals and criminal organizations. Alternatively, an employee may choose to deliberately abuse trusted access to information for the purpose of exposing misconduct by the employer. From the perspective of the society, such an act of whistleblowing can be seen as positive and is protected by law in certain situations in some jurisdictions, such as the USA.

An air gap, air wall, air gapping or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. It means a computer or network has no network interface controllers connected to other networks, with a physical or conceptual air gap, analogous to the air gap used in plumbing to maintain water quality.

Physical information security is the intersection, the common ground between physical security and information security. It primarily concerns the protection of tangible information-related assets such as computer systems and storage media against physical, real-world threats such as unauthorized physical access, theft, fire and flood. It typically involves physical controls such as protective barriers and locks, uninterruptible power supplies, and shredders. Information security controls in the physical domain complement those in the logical domain, and procedural or administrative controls.

Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. As both consumers and businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage capacities.

This glossary of computer hardware terms is a list of definitions of terms and concepts related to computer hardware, i.e. the physical and structural components of computers, architectural issues, and peripheral devices.

Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 are technically aligned. This model is widely recognized

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware, software and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.

A USB dead drop is a USB mass storage device installed in a public space. For example, a USB flash drive might be mounted in an outdoor brick wall and fixed in place with fast concrete. Members of the public are implicitly invited to find files, or leave files, on a dead drop by directly plugging their laptop into the wall-mounted USB stick in order to transfer data. The dead drops can therefore be regarded as an anonymous, offline, peer-to-peer file sharing network. However, in practice USB dead drops are often used for social or artistic reasons, rather than for practical ones.

A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA).

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, society or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon.

The following outline is provided as an overview of and topical guide to computer security:

Internet security awareness Knowledge of end users about the cyber security threats and the risks their actions may introduce

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

1 2 RFC 2828 Internet Security Glossary
1 2 CNSS Instruction No. 4009 Archived 27 February 2012 at the Wayback Machine dated 26 April 2010
↑ InfosecToday Glossary
1 2 Wright, Joe; Harmening, Jim (2009). "15". In Vacca, John (ed.). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 257. ISBN 978-0-12-374354-1.
↑ "USB Killer, yours for $50, lets you easily fry almost every device". Ars Technica. Retrieved 26 August 2018.
↑ "This $50 USB Killer Can Destroy Almost Any Smartphone, Computer Or Car Within Seconds". TechFonder. Retrieved 26 August 2018.
↑ "Bench Talk | Protect USB Ports From Nefarious "USB Killers"". www.mouser.com. Retrieved 26 August 2018.
↑ "Optocoupler Tutorial". ElectronicsTutorials.
↑ "Discarded hard drives can be dangerous". ComputerWeekly.com. Retrieved 26 August 2018.

External links

Term in FISMApedia

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[rfc2828-1] 1 2 RFC 2828 Internet Security Glossary

[CNSSI4009-2] 1 2 CNSS Instruction No. 4009 Archived 27 February 2012 at the Wayback Machine dated 26 April 2010

[3] InfosecToday Glossary

[Vacca-4] 1 2 Wright, Joe; Harmening, Jim (2009). "15". In Vacca, John (ed.). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 257. ISBN 978-0-12-374354-1.

[5] "USB Killer, yours for $50, lets you easily fry almost every device". Ars Technica. Retrieved 26 August 2018.

[6] "This $50 USB Killer Can Destroy Almost Any Smartphone, Computer Or Car Within Seconds". TechFonder. Retrieved 26 August 2018.

[7] "Bench Talk | Protect USB Ports From Nefarious "USB Killers"". www.mouser.com. Retrieved 26 August 2018.

[8] "Optocoupler Tutorial". ElectronicsTutorials.

[9] "Discarded hard drives can be dangerous". ComputerWeekly.com. Retrieved 26 August 2018.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]