Ch.16 - Protecting Information Assets

Question 1

What is Malicious Software?

Answer 1

- Software that:
• Causes damage
• Escalates security privileges
• Divulges private data
• Modifies or deletes data

Question 2

Malicious Software (malware)

Answer 2

Any program that carries out actions that you do not intend

Question 3

Malicious Code and Activity

Answer 3

• Malicious code attacks all three information security properties:
  o Confidentiality: Disclose your org’s private info
  o Integrity: Modify database records – immediately or over period of time
  o Availability: Erase/overwrite files or inflict considerable damage to storage media

Question 4

Virus

Answer 4

Attaches itself to or copies itself into another program on computer
• Tricks computer into following instructions not intended by original program developer
• Infects host program and may cause that host program to replicate itself to other computers
• User who runs infected program authenticates the virus

Question 5

Trojan Horse

Answer 5

Malware that masquerades as useful program
• Hide programs that collect sensitive information
• Open backdoors into computers
• Actively upload and download files

Question 6

Rootkit

Answer 6

Modifies/replaces one or more existing programs to hide traces of attacks
• Many different types of rootkits
• Conceals its existence once installed
• Is difficult to detect and remove

Question 7

Spyware

Answer 7

Type of malware that specifically threatens confidentiality of info
• Monitors keystrokes
• Scans files on the hard drive
• Snoops other applications
• Installs other spyware programs
• Reads cookies
• Changes default homepage on the web browser

Question 8

Ransomware

Answer 8

Attempts to generate funds directly from computer user
• Attacks a computer and limits the user’s ability to access the computer’s data
• Encrypts important files or even the entire disk and makes them inaccessible
• One of the first ransomware programs was Crypt0L0cker

Question 9

Spam

Answer 9

Mass mailing of identical messages to large number of users
• Consumes computing resources bandwidth and CPU time
• Diverts IT personnel from activities more critical to network security
• Is potential carrier of malicious code
• Compromises intermediate systems to facilitate remailing services
• Opt-out (unsubscribe) features in spam messages can represent new form of reconnaissance attack to acquire legitimate target addresses

Question 10

Worms

Answer 10

Designed to propagate from one host machine to another using host’s own network
communications protocols
• Unlike viruses, do not require host program to survive and replicate
• Term “worm” stems from the fact that worms are programs with segments, working on
different computers, all communicating over a network

Question 11

Logic Bombs

Answer 11

Programs that execute malicious function of some kind when detect certain conditions
• Typically originate with org insiders because people inside org generally have more detailed knowledge of IT infrastructure than outsiders

Question 12

Injection

Answer 12

Insert into computer/program
• Cross-site scripting (XSS)
• SQL injection
• LDAP injection
• XML injection
• Command injection

Question 13

XSS and SQL Injection

Answer 13

Attack public-facing servers

Question 14

Cross-site scripting (XSS)

Answer 14

Programming technique enabling one website, such as a shopping cart, to drive another website
• Shopping cart sends approval msg to different website – Provides access or file to download
o It’s how Digital River, Microsoft online sales, Apple iTunes, eBay, PayPal, and all airline ticket sales operate
• Most cross‐site scripting implementations are poorly executed, use ineffective homegrown programming, or lack cryptographic authentication that is always required

Question 15

SQL injection

Answer 15

One of the most fundamental techniques for integrating different computer programs is
remote data submission – Entire computing world depends on info kept in database
• Data requests sent from untrusted sources can use command-line instructions to read database,
modify data using insert/delete, or change shopping cart price from $195.00 to $1.95 (ex)

Question 16

Logical Access Control Solutions

Answer 16

Biometrics
Tokens
Passwords
Single Sign-On (SSO)

Question 17

Biometrics

Answer 17

▪ Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry
▪ Dynamic: Voice inflections, keyboard strokes, and signature motions

Question 18

Tokens

Answer 18

▪ Synchronous or asynchronous

▪ Smart cards and memory cards

Question 19

Passwords

Answer 19

▪ Stringent password controls for users
▪ Account lockout policies
▪ Auditing logon events

Question 20

Single Sign-On (SSO)

Answer 20

▪ Kerberos process

▪ Secure European System for Applications in a Multi Vendor Environment (SESAME)

Question 21

Authentication Types

Answer 21

Knowledge
Ownership
Characteristics (Biometrics)
Location
Action

Question 22

Knowledge

Answer 22

Something you know
o Password
▪ Weak passwords easily cracked by brute-force or dictionary attack
▪ Password best practices
o Passphrase
▪ Stronger than password

Question 23

Ownership

Answer 23

Something you have
o Synchronous token—Calculates number at both authentication server and device
▪ Time-based synchronization system
▪ Event-based synchronization system
▪ Continuous authentication
o Asynchronous token
▪ USB token
▪ Smart card
▪ Memory cards (magnetic stripe)
o Asynchronous Token Challenge-Response

Question 24

Characteristics (Biometrics)

Answer 24

Something unique to you
o Static (physiological) measures: What you are
o Dynamic (behavioral) measures: What you do
o Concerns Surrounding Biometrics
▪ Accuracy/Acceptability/Reaction time
o Types of Biometrics:
▪ Fingerprint
▪ Palm print
▪ Hand geometry
▪ Retina scan
▪ Iris scan
▪ Facial recognition
▪ Voice pattern
▪ Keystroke dynamics
▪ Signature dynamics

o Privacy Issues:
▪ Biometric technologies don’t just involve collecting data about person
▪ Biometrics collects info intrinsic to people – Every person must submit to an examination, and that examination must be digitally recorded and stored
• Unauthorized access to this data could lead to misuse

Question 25

Location

Answer 25

Somewhere you are
o Strong indicator of authenticity
o Additional information to suggest granting/denying access to resource

Question 26

Action

Answer 26

Something you do/how you do it
o Stores patterns/nuances of how you do something
o Record typing patterns

Question 27

Single Sign-On (SSO)

Answer 27

• Sign on to computer/network once
• Identification/authorization credentials allow user to access all authorized computers/systems
• Reduces human error
• Difficult to put in place

Question 28

SSO Processes

Answer 28

• Kerberos
• Secure European System for Applications in a Multi-Vendor Environment (SESAME)
• Lightweight Directory Access Protocol (LDAP)

Question 29

Kerberos

Answer 29

1) User authenticates to Kerberos workstation software
a. Authentication may be password or biometric method
2) Workstation software authenticates to Kerberos server
3) Shared encryption keys are used
a. A network access ticket is created by Kerberos
4) Kerberos access ticket sent to workstation and signed with workstation’s shared encryption key
a. All network servers receive similar ticket granting workstation access to shared servers
5) User is automatically signed in to all servers

Question 30

Identifying Activities for Systems Availability

Answer 30

• Activities:
o System Access
o System Availability
o System Functions: Manual and Automated
• Eliminate single points of failure (SPOF)
o Part of system that can cause entire system to fail
o If SPOF fails, entire system fails

Question 31

System Access and Availability

Answer 31

• Goal = 99.999% up time
• Failover cluster
• RAID