Ch.16 - Protecting Information Assets Flashcards
What is Malicious Software?
- Software that: • Causes damage • Escalates security privileges • Divulges private data • Modifies or deletes data
Malicious Software (malware)
Any program that carries out actions that you do not intend
Malicious Code and Activity
- Malicious code attacks all three information security properties:
o Confidentiality: Disclose your org’s private info
o Integrity: Modify database records – immediately or over period of time
o Availability: Erase/overwrite files or inflict considerable damage to storage media
Virus
Attaches itself to or copies itself into another program on computer
• Tricks computer into following instructions not intended by original program developer
• Infects host program and may cause that host program to replicate itself to other computers
• User who runs infected program authenticates the virus
Trojan Horse
Malware that masquerades as useful program
• Hide programs that collect sensitive information
• Open backdoors into computers
• Actively upload and download files
Rootkit
Modifies/replaces one or more existing programs to hide traces of attacks
• Many different types of rootkits
• Conceals its existence once installed
• Is difficult to detect and remove
Spyware
Type of malware that specifically threatens confidentiality of info
• Monitors keystrokes
• Scans files on the hard drive
• Snoops other applications
• Installs other spyware programs
• Reads cookies
• Changes default homepage on the web browser
Ransomware
Attempts to generate funds directly from computer user
• Attacks a computer and limits the user’s ability to access the computer’s data
• Encrypts important files or even the entire disk and makes them inaccessible
• One of the first ransomware programs was Crypt0L0cker
Spam
Mass mailing of identical messages to large number of users
• Consumes computing resources bandwidth and CPU time
• Diverts IT personnel from activities more critical to network security
• Is potential carrier of malicious code
• Compromises intermediate systems to facilitate remailing services
• Opt-out (unsubscribe) features in spam messages can represent new form of reconnaissance attack to acquire legitimate target addresses
Worms
Designed to propagate from one host machine to another using host’s own network
communications protocols
• Unlike viruses, do not require host program to survive and replicate
• Term “worm” stems from the fact that worms are programs with segments, working on
different computers, all communicating over a network
Logic Bombs
Programs that execute malicious function of some kind when detect certain conditions
• Typically originate with org insiders because people inside org generally have more detailed knowledge of IT infrastructure than outsiders
Injection
Insert into computer/program • Cross-site scripting (XSS) • SQL injection • LDAP injection • XML injection • Command injection
XSS and SQL Injection
Attack public-facing servers
Cross-site scripting (XSS)
Programming technique enabling one website, such as a shopping cart, to drive another website
• Shopping cart sends approval msg to different website – Provides access or file to download
o It’s how Digital River, Microsoft online sales, Apple iTunes, eBay, PayPal, and all airline ticket sales operate
• Most cross‐site scripting implementations are poorly executed, use ineffective homegrown programming, or lack cryptographic authentication that is always required
SQL injection
One of the most fundamental techniques for integrating different computer programs is
remote data submission – Entire computing world depends on info kept in database
• Data requests sent from untrusted sources can use command-line instructions to read database,
modify data using insert/delete, or change shopping cart price from $195.00 to $1.95 (ex)
Logical Access Control Solutions
Biometrics
Tokens
Passwords
Single Sign-On (SSO)
Biometrics
▪ Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry
▪ Dynamic: Voice inflections, keyboard strokes, and signature motions
Tokens
▪ Synchronous or asynchronous
▪ Smart cards and memory cards
Passwords
▪ Stringent password controls for users
▪ Account lockout policies
▪ Auditing logon events
Single Sign-On (SSO)
▪ Kerberos process
▪ Secure European System for Applications in a Multi Vendor Environment (SESAME)
Authentication Types
Knowledge Ownership Characteristics (Biometrics) Location Action
Knowledge
Something you know o Password ▪ Weak passwords easily cracked by brute-force or dictionary attack ▪ Password best practices o Passphrase ▪ Stronger than password
Ownership
Something you have o Synchronous token—Calculates number at both authentication server and device ▪ Time-based synchronization system ▪ Event-based synchronization system ▪ Continuous authentication o Asynchronous token ▪ USB token ▪ Smart card ▪ Memory cards (magnetic stripe) o Asynchronous Token Challenge-Response
Characteristics (Biometrics)
Something unique to you o Static (physiological) measures: What you are o Dynamic (behavioral) measures: What you do o Concerns Surrounding Biometrics ▪ Accuracy/Acceptability/Reaction time o Types of Biometrics: ▪ Fingerprint ▪ Palm print ▪ Hand geometry ▪ Retina scan ▪ Iris scan ▪ Facial recognition ▪ Voice pattern ▪ Keystroke dynamics ▪ Signature dynamics
o Privacy Issues:
▪ Biometric technologies don’t just involve collecting data about person
▪ Biometrics collects info intrinsic to people – Every person must submit to an examination, and that examination must be digitally recorded and stored
• Unauthorized access to this data could lead to misuse
Location
Somewhere you are
o Strong indicator of authenticity
o Additional information to suggest granting/denying access to resource
Action
Something you do/how you do it
o Stores patterns/nuances of how you do something
o Record typing patterns
Single Sign-On (SSO)
- Sign on to computer/network once
- Identification/authorization credentials allow user to access all authorized computers/systems
- Reduces human error
- Difficult to put in place
SSO Processes
- Kerberos
- Secure European System for Applications in a Multi-Vendor Environment (SESAME)
- Lightweight Directory Access Protocol (LDAP)
Kerberos
1) User authenticates to Kerberos workstation software
a. Authentication may be password or biometric method
2) Workstation software authenticates to Kerberos server
3) Shared encryption keys are used
a. A network access ticket is created by Kerberos
4) Kerberos access ticket sent to workstation and signed with workstation’s shared encryption key
a. All network servers receive similar ticket granting workstation access to shared servers
5) User is automatically signed in to all servers
Identifying Activities for Systems Availability
• Activities:
o System Access
o System Availability
o System Functions: Manual and Automated
• Eliminate single points of failure (SPOF)
o Part of system that can cause entire system to fail
o If SPOF fails, entire system fails
System Access and Availability
- Goal = 99.999% up time
- Failover cluster
- RAID