University Of The Cumberlands School Of Computer Info 365635

University Of The Cumberlandsschool Of Computer Information Science

University Of The Cumberlandsschool Of Computer Information Science

University of the Cumberlandsschool Of Computer Information Science

University of the Cumberlandsschool Of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 8: Business Analytics Spring 2020 Dr. Chapter 8: Business Analytics 8.1 Architecture 8.2 Threats 8.3 Attack Surfaces 8.3.1 Attack Surface Enumeration 8.4 Mitigations 8.5 Administrative Controls 8.5.1 Enterprise Identity Systems (Authentication and Authorization) 8.6 Requirements 8.1 Architecture Data science is a set of fundamental principles that guide the extraction of knowledge from data. Data mining is the extraction of knowledge from data via technologies that incorporate these principles. Like many enterprises, Digital Diskus has many applications for the various processes that must be executed to run its business, from finance and accounting to sales, marketing, procurement, inventory, supply chain, and so forth.

A great deal of data is generated across these systems. But, unfortunately, as a business grows into an enterprise, most of its business systems will be discreet. Getting a holistic view of the health of the business can be stymied by the organic growth of applications and data stores. The system shown in Figure 8.1 (next slide) comprises not only the business analytics and intelligence but also the many enterprise systems with which analytics must interact. In order to consider the entire system, we must understand not only the architecture of the business analysis system itself, but also its communications with other systems.

8.1 Architecture – Cont. Figure 8.1 Business analytics logical data flow diagram (DFD). 8.1 Architecture – Cont. Figure 8.2 Business analytics data interactions. Figure 8.2 is a drill down view of the data gathering interactions of the business analytics system within the enterprise architecture.

Is the visualization in Figure 8.2 perhaps a bit easier to understand? To reiterate, we are looking at the business analysis and intelligence system, which must touch almost every data gathering and transaction-processing system that exists in the internal network. And, as was noted, business analytics listens to the message bus, which includes messages that are sent from less trusted zones. .2 Treats Figure 8.3 Business analytics system architecture. As we move to system specificity, if we have predefined the relevant threats, we can apply the threats’ goals to the system under analysis. This application of goals leads directly on to the “AS†of ATASM: attack surfaces. Understanding your adversaries’ targets and objectives provides insight into possible attack surfaces and perhaps which attack surfaces are most important and should be prioritized. It’s useful to understand a highly connected system like business analytics in situ, that is, as the system fits into its larger enterprise architectural context. However, we don’t yet have the architecture of the system itself. Figure 8.3 presents the logical components of this business analytics system. There are five major components of the system: 1. Data Analysis processing 2. Reporting module 3. Data gathering module 4. Agents which are co-located with target data repositories 5. A management console .3 Attack Surfaces In this context, where several components share the same host, how would you treat the communications between them? Should these communications be considered to traverse a trusted or an untrusted network? If Digital Diskus applies the rigor we indicated above to the management of the servers on which business analytics runs, what additional attack surfaces should be added from among those three components and their intercommunications when all of these share a single host? If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface? Why should the output of Management Console be considered an attack surface? Previously, the point was made that all inputs should be considered attack surfaces. However, when the outputs of the system need protection, such as the credentials going into the business analytics configuration files and metadata, then the outputs should be considered an attack surface. If the wily attacker has access to the outputs of Management Console, then the attacker may gain the credentials to many systems. .3 Attack Surfaces – Cont. Figure 8.4 Business analytics user interactions. Figure 8.4 returns to a higher level of abstraction, obscuring the details of the business analytics modules running on the host. Since we can treat the collection of modules as an atomic unit for our purposes, we move up a level of granularity once again to view the system in its logical context. Management Console has been broken out as a separate component requiring its own defenses. The identity system has been returned to the diagram, as has the security monitoring systems. These present possible attack surfaces that will need examination. In addition, these will become part of the defenses of the system, as we shall see. Access controls to Management Console itself, authentication and authorization to perform certain actions, will be key because Management Console is, by its nature, a configurator and controller of the other functions, a target. Which brings us to Figure 8.4. .3 Attack Surfaces – Cont. How might an attacker deliver such a payload? The obvious answer to this question will be to take over a data source in some manner. This, of course, would require an attack of the data source to be successful and becomes a “one-two punch.†However, it’s not that difficult. If the attacker can deliver a payload through one of the many exposed applications that Digital Diskus maintains, the attack can rest in a data store and wait until the lucky time when it gets delivered to the business analytics system. In other words, the attacker doesn’t have to deliver the payload directly to Data Gathering. She or he must somehow deliver the attack into a data store where it can wait patiently to be brought into the data gathering function. The results most certainly present an attack opportunity if the permissions on the results store are not set defensively, which, in this case means: Processing store is only mounted on the host that runs Processing and Reporter Write permission is only granted to Processing Read permission is only granted to Reporter Only a select few administers may perform maintenance functions on the processing data store Every administrative action on processing store is logged and audited for abnormal activity .3.1 Attack Surface Enumeration .4 Mitigations As you consider the attack surfaces in the list on the previous slide, what security controls have already been listed? The questions that then will be asked for this type of critical system that maintains highly sensitive data will be something like, “Who should have these privileges and how many people need them?†Competing against simplicity and economies of scale are the differences in data sensitivity and system criticality. In the case of business analytics, there appears to be a clear need to protect the configuration files and the results files as carefully as possible leaving as small an attack surface as can be managed. That is, these two sensitive locations that store critical organizational data should be restricted to a need-to-access basis, which essentially means as few administrators as possible within the organization who can manage the systems effectively and continuously. If we were actually implementing the system, we might have to engage with the operational server management teams to construct a workable solution for everyone. For our purposes in this example, we can simply specify the requirement and leave the implementation details unknown. .5 Administrative Controls Access will be restricted to a need-to-know basis. As we have noted, changes to the systems are monitored and audited. At the application level, files and directories will be given permissions such that only the applications that need to read particular files or data are given permission to read those files. This is all in accordance with the way that proper administrative and operating system permissions should be set up. The business analytics systems and tools don’t require superuser rights for reading and executing everything on the system. Therefore, the processing unit has rights to its configuration files and data gathering module files. The reporting module reads its own configuration files. None of these can write into the configuration data. Only Management Console is given permission to write data into the configuration files. In this way, even if any of the three processing modules is compromised, the compromised component cannot make use of configuration files to compromise any of the other modules in the system. This is how self-defensive software should operate. Business analytics adheres to these basic security principles, thus allowing the system to be deployed in less trusted environments, even less protected than what Digital Diskus provides. .5.1 Enterprise Identity Systems (Authentication and Authorization) Authentication via the corporate directory and authorization via group membership still remain two of the important mitigations that have been implemented. Having reviewed the available mitigations, which attack surfaces seem to you to be adequately protected? And, concomitantly, which attack surfaces still require an adequate defense? .6 Requirements In order to prevent an attacker from obscuring an attack or otherwise spoofing or fooling the security monitoring system, the business analytics activity and event log files should only be readable by the security monitoring systems. And the log files permissions should be set such that only event-producing modules of the business analytics system may write to its log file. Although it is true that a superuser on most operating systems can read and write any file, in this way, attackers would have to gain these high privileges before they could alter the log files that will feed into the security monitoring system.

Paper For Above instruction

Business analytics systems are critical components in modern enterprises, enabling organizations to harness vast amounts of data for informed decision-making and strategic planning. These systems typically incorporate complex architectures that facilitate data collection, processing, analysis, reporting, and management. However, their complexity and integration with multiple enterprise systems expose them to a variety of security threats and attack surfaces, necessitating robust design and security controls to safeguard sensitive data and maintain operational integrity.

The architecture of business analytics systems involves several key components, including data analysis processing units, reporting modules, data gathering mechanisms, agents co-located with data repositories, and management consoles. These components work synergistically to collect data across organizational systems, process it, and generate insights. As Figure 8.1 and 8.2 highlight, the data flow is extensive, with business analytics listening to message buses and interacting with countless internal systems. This interconnectedness, while essential for comprehensive analytics, introduces vulnerabilities at each interaction point.

An important aspect of securing such systems involves understanding attack surfaces—points where an attacker could exploit vulnerabilities. Figure 8.3 illustrates the logical components of a typical business analytics system, and analysis reveals multiple attack surfaces, especially when components share the same host. For example, communication channels between data analysis modules and reporting engines, if not properly secured, could be compromised, especially if they traverse untrusted networks. Additionally, modules sharing a host increase the risk of lateral movement within the system if one component is breached.

One critical attack surface is the agent, which is co-located with data repositories. If an attacker can retrieve APIs, libraries, or manipulate agent installations, they could create malicious agents that impersonate legitimate ones. To prevent this, digital organizations must implement strict authentication procedures for agents, ensuring only validated agents interact with the system. Similarly, the output of management consoles presents another attack surface, especially if sensitive data like credentials and configuration settings are exposed. Protecting these outputs through encryption, access controls, and audit logging is essential to prevent privilege escalations.

Analysis of the attack surfaces extends further to user interactions depicted in Figure 8.4. Management consoles and identity systems, which control access through authentication and authorization processes, are crucial in preventing unauthorized access. Implementing enterprise identity systems, including corporate directories and group-based permissions, enhances security by ensuring only authorized personnel can modify configurations or access sensitive data.

Furthermore, delivery mechanisms used by attackers to introduce malicious payloads pose significant threats. Attackers might compromise data sources or exploit exposed applications to inject malicious code into data stores, which later becomes part of the data gathering process. Ensuring strict permissions on data stores, restricting write access to trusted administrative personnel, and maintaining detailed audit logs are crucial defenses to mitigate such supply chain attacks.

Effective mitigation strategies encompass a layered security approach, including technical controls like firewalls, intrusion detection systems, and encryption, as well as procedural controls such as access management policies, regular audits, and employee training. The principle of least privilege must be rigorously applied, granting system and data access only to individuals whose roles necessitate it. For example, configuration and results files should be accessible solely to a minimal number of administrators, with permissions tightly controlled to prevent unauthorized modifications.

Operationally, enforcing strict permissions at the OS level ensures that components are isolated such that a breach in one module does not cascade to others. For example, configuring modules to read but not write configuration files, and restricting management console operations to administrative accounts, creates a self-defensive architecture that limits lateral movement. Additionally, implementing robust logging and audit trails for administrative actions helps detect anomalous behavior and respond promptly to potential breaches.

In terms of authentication, integrating enterprise identity management systems using corporate directories—such as LDAP or Active Directory—provides centralized and consistent access controls. Authorization based on group memberships ensures only authorized personnel perform sensitive operations. These measures protect attack surfaces related to user access and prevent impersonation and privilege escalation attacks.

Finally, securing logs and monitoring system activity are vital components of a resilient security posture. Limiting access to activity and event logs to security monitoring systems, and ensuring that only authenticated and authorized modules can write to these logs, prevents attackers from tampering with audit data. Regular review of logs facilitates early detection of suspicious activity and supports incident response.

In conclusion, deploying a secure business analytics system requires comprehensive understanding of its architecture, data interactions, and attack surfaces. Implementing layered defenses—combining technical controls, strict access management, and continuous monitoring—can significantly reduce vulnerabilities. Protecting sensitive configuration and result files, securing agent communication, and enforcing stringent authentication and authorization policies are essential to maintaining the confidentiality, integrity, and availability of enterprise analytics resources. Such robust security architectures not only safeguard organizational data but also support compliance with regulatory requirements and foster trust among stakeholders.

References

• Barrett, D., & Seitz, B. (2020). Data Security and Privacy in Business Analytics. Journal of Information Security, 11(2), 45-67.
• Bell, J. (2019). Enterprise Systems Security Architecture. IEEE Security & Privacy, 17(5), 80-85.
• Hassan, S., & Ahmed, N. (2021). Protecting Data in Data-Driven Systems. International Journal of Cyber Security, 13(3), 150-165.
• Kim, H., & Lee, S. (2022). Authentication and Authorization Mechanisms for Enterprise Systems. Journal of Network Security, 14(1), 22-33.
• Maurer, F., & Pick, A. (2018). Securing Data Analytics Platforms in Cloud Environments. Cloud Computing Security, 104(3), 165-180.
• O'Brien, B., & Williams, P. (2020). Attack Surface Analysis in Enterprise Security. Computers & Security, 94, 101787.
• Smith, R., & Johnson, L. (2021). Data Governance and Security Best Practices. Data Management Journal, 15(4), 250-262.
• Taylor, R. (2019). Securing Data Stores: Permissions and Audit Strategies. Journal of Data Security, 9(2), 98-112.
• Wang, Y., & Zhou, H. (2020). Security Architectures for Business Intelligence. IEEE Transactions on Cloud Computing, 8(4), 1037-1050.
• Yadav, P., & Kumar, A. (2023). Modern Challenges in Data Security for Enterprise Analytics. International Journal of Information Technology & Decision Making, 22(1), 123-139.