This article is the fourth in our ongoing series on cybersecurity, authored by Linux Professional Institute (LPI) Member Simo Bertulli. In this installment, we go deeper into the realm of device and storage security, shedding light on fundamental principles and emerging challenges faced in our ever-evolving digital landscape.
As this digital landscape evolves rapidly, it becomes crucial to understand the fundamentals of device and storage security. This area of robust security knowledge is addressed in the LPI Security Essentials certificate. Designed as a gateway to the intricate world of IT security, it provides a foundational understanding crucial for anyone stepping into this domain. From the Internet of Things (IoT) to Bluetooth connectivity and USB device threats, this certificate offers essential insights into safeguarding our increasingly connected world. Join us as we explore these vital security aspects, underlining the importance of comprehensive cybersecurity training in the era of ubiquitous digital technology.
Information technology has dominated the global scene since the mid-2000s, starting with the advent of more affordable internet connectivity and user-friendly technologies, and soon followed by the smartphone era. This revolution in mobile technology brought new devices with numerous capabilities to users. Here I note a simple but profound reflection, often overlooked: Technology has arrived without adequate educational support, leaving many theoretical and practical knowledge gaps for users.
Nowadays, almost every device is network-connected, and many don’t even function without a constant internet connection (much to the dismay of the staunchest privacy advocates)… We are thus in the era of the Internet of Things (IoT).
But what is the IoT? Simply put, it’s the collection of all those « smart » devices (which, in more than 90 percent of cases, run on a Linux kernel).
Objects in the IoT have sensors that collect data about the surrounding environment. This data is then processed by embedded devices and used to make decisions or send information to other devices. IoT finds practical applications in home automation, healthcare, industry, agriculture (crop monitoring), transportation, and much more.
The key to the IoT is connectivity. Objects communicate with each other through wireless or wired networks, enabling real-time data transmission and reception.
Given the amount of sensitive data exchanged in and through the IoT, as well as the real-life actions that the devices perform or contribute to, security is a crucial concern: Robust security measures must be implemented to protect data and prevent unauthorized access.
Besides this, our fully interconnected and always online world employs other means of connectivity, notably Bluetooth. Good old Bluetooth pioneered the magic of wireless connectivity before Wi-Fi! Bluetooth is widely found, from classic earphones to smart speakers.
The convenience of wireless connection brings unique security challenges. Starting from common vulnerabilities, such as unsafe pairing and interception of Bluetooth connections (leading to attacks such as BlueJacking and BlueSnarfing/BlueBugging), it’s necessary to understand how to mitigate these risks. Bluetooth security is crucial in a world where file sharing and connecting to external devices are commonplace.
Taking a step back, we must not forget the old and reliable USB interface, which stands for Universal Serial Bus. Starting from the most classic USB stick, we need to understand the various types of devices that use these interfaces, explore the different connections, and emphasize the importance of security in a world where the convenience of plug-and-play can hide subtle risks. Overlooked threats can be very dangerous.
Malware and virus attacks carried through USB devices are among the most common threats created by devices and storage. An infected USB device can transmit viruses when connected to a computer, compromising system security. Some attacks target the firmware of USB devices, infecting them with malware that is difficult to detect and remove, as they operate at a lower level than the operating system.
Some malware exploits the autorun functionality of operating systems to automatically execute when an infected USB device is connected. This can facilitate the spread of malware.
Attackers might leave « rogue » USB devices in public places (like parking lots or offices) containing malware or designed to steal information when someone connects them to their computer.
In a « USB sniffing » attack, a malicious device records and analyzes data traffic between the computer and the connected USB device, potentially capturing sensitive information.
USB devices can be physically lost or stolen, leading to potential data thefts if they contain sensitive information without adequate security protections.
Understanding good practices and associated security risks for these devices, now a part of our daily lives, is crucial both for IT professionals and for those new to the world of computing.
Another fundamental topic, the cornerstone of computer security, is Trusted Computing. As a philosophy guiding the design and implementation of computer systems, it aims to ensure the security and reliability of operations performed on various hardware or software platforms.
Trusted Computing is based on a set of technologies and standards aimed at creating a secure and reliable operating environment. The idea behind Trusted Computing is to build verification of operating systems and applications directly into hardware or firmware, so that an attacker can’t bypass this security. Some of the key elements of Trusted Computing follow.
Many of the standards associated with Trusted Computing are open and are developed by standards organizations, including the Trusted Computing Group (TCG), which promotes the adoption of security technologies in a broader context.
Attestation is a process through which a system can demonstrate its integrity and secure status to users. For example, a system might provide a digitally signed « statement » about its configuration and its state to demonstrate that it has not been compromised. « Remote attestation » is a form of attestation where a system proves its secure status to a remote party. This is particularly useful when two systems need to interact and verify each other’s integrity before beginning an interaction or data exchange.
Trusted Computing often makes use of hardware defined as secure, which offers encryption and secure storage of cryptographic keys. This helps to protect sensitive information and ensure the security of operations.
Trusted Computing platforms seek to create a trustworthy and secure environment for conducting critical operations. This can also involve access control and identity management.
Data integrity and information confidentiality are fundamental goals of Trusted Computing. This implies an assurance that data has not been altered in an unauthorized manner, and that access to information is limited to authorized parties.
We must rely not just on the « best practices » defined by the concepts listed in the definitions of Trusted Computing, as important as they are, but also keep in mind the impact of training, starting from all the principles that LPI’s Security Essentials Certificate delivers.
<< Read the previous part of this series | Read the next part of this series >>
If you want to learn more about cybersecurity and how to protect your data and reputation, take a look at Linux Professional Institute Security Essentials.