computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

a countermeasure is an action, device, procedure, or technique that reduces a

threat A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation for co ...

, a

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

, or an attack by eliminating or preventing it, by minimizing the

harm Harm is a moral and legal concept. Bernard Gert construes harm as any of the following: * pain * death * disability *mortality * loss of abil ity or freedom * loss of pleasure. Joel Feinberg gives an account of harm as setbacks to intere ...

it can cause, or by discovering and reporting it so that corrective action can be taken. The definition is as

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...

RFC 2828RFC 2828 Internet Security Glossary that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by

Committee on National Security Systems The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems. Charter, mission, and leadership The National Security Telecommunications and Infor ...

of United States of America.CNSS Instruction No. 4009
dated 26 April 2010 According to the Glossary b
InfosecToday
the meaning of countermeasure is: :The deployment of a set of security services to protect against a security threat. A synonym is

security control Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the c ...

. In telecommunications, communication countermeasures are defined as security services as part of

OSI Reference model The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of SOstandards development for the purpose of systems interconnection'. In the OSI reference model, the communications ...

by ITU-T X.800 Recommendation. X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned. The following picture explain the relationships between these concepts and terms:

+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+ , An Attack: , , Counter- , , A System Resource: , , i.e., A Threat Action , , measure , , Target of the Attack , , +----------+ , , , , +-----------------+ , , , Attacker , <

, , <

= , , , , i.e., , Passive , , , , , Vulnerability , , , , A Threat , <

=>, , <

> , , , , Agent , or Active , , , , +-------, , , -------+ , , +----------+ Attack , , , , VVV , , , , , , Threat Consequences , + - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+

A resource (both physical or logical) can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the

confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...

integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Inte ...

availability In reliability engineering, the term availability has the following meanings: * The degree to which a system, subsystem or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at a ...

properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

. The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality. A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger enabling the exploitation of a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado). A set of policies concerned with information security management, the

information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core ...

s (ISMS), has been developed to manage, according to risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.

Countermeasures Against Physical Attacks

If a potential malicious actor has physical access to a computer system, they have a greater chance of inflicting harm upon it.

Electronic Destruction Devices

Devices such as a USB Killer may be used to damage or render completely unusable anything with a connection to the

motherboard A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...

of a computer, such as a USB port, video port, Ethernet port, or serial port. Without proper protection, these devices may result in the destruction of ports, adapter cards, storage devices,

RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...

, motherboards, CPUs, or anything physically connected to the device attacked, such as monitors, flash drives, or wired switches. These types of devices can even be used to damage smartphones and cars, as well. This threat can be mitigated by not installing or restricting physical access to easily accessible ports in situations where they are not necessary. A port-closing lock which permanently disables access to a port short of the actual port being disassembled. When it is necessary for a port to be accessible, an

optocoupler An opto-isolator (also called an optocoupler, photocoupler, or optical isolator) is an electronic component that transfers electrical signals between two isolated circuits by using light. Opto-isolators prevent high voltages from affecting the ...

can allow for a port to send and receive data to a computer or device without a direct electrical connection, preventing the computer or device from receiving any dangerous voltage from an external device.

Hard Drives and Storage

In an unsecured scenario, a malicious actor may steal or destroy storage devices such as hard drives or SSDs, resulting in the destruction or theft of valuable data. If the data of a storage device is no longer necessary, data theft is best prevented against by physically destroying or shredding the storage device. If the data of a storage device is in use and must be secured, one can use

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

to encrypt the contents of a storage device, or even encrypt the whole storage device save for the master boot record. The device can then be unlocked with a password,

biometric authentication Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify in ...

, a physical

dongle A dongle is a small piece of computer hardware that connects to a port on another device to provide it with additional functionality, or enable a pass-through to such a device that adds functionality. In computing, the term was initially synonym ...

, a network interchange, a

one-time password A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid seve ...

, or any combination thereof. If this device is a

boot drive In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so so ...

, however, it must be unencrypted in a pre-boot environment so the operating system can be accessed.

Striping In computer data storage, data striping is the technique of segmenting logically sequential data, such as a file, so that consecutive segments are stored on different physical storage devices. Striping is useful when a processing device request ...

, or breaking data into chunks stored upon multiple drives which must be assemble in order to access the data, is a possible solution to physical drive theft, provided that the drives are stored in multiple, individually secured locations, and are enough in number that no one drive can be used to piece together meaningful information. Not to be neglected is the process of adding physical barriers to the storage devices themselves. Locked cases or physically hidden drives, with a limited number of personnel with knowledge and access to the keys or locations, may prove to be a good first line against physical theft.

References

External links

Term in FISMApedia
{{DEFAULTSORT:Countermeasure (Computer) Computer network security

Countermeasures Against Physical Attacks

Electronic Destruction Devices

Hard Drives and Storage

See also

References

External links