Video Content Lesson 9 Flashcards
Application Issues
Software Development Application Environments Malicious Code Agents Applets Objects
Software Development
Often viewed as art (not as formal as engineering)
Developers are naturally feature-oriented
Large software projects offer high exposure to errors
Developers want software to work (therefore don’t have them test it)
Many developers and testers lack security training
Pressure to deliver often requires cutting corners (less care with security)
Application Environments
2 basic types
1-Local environment (Application (or application partition) runs largely on one platform)
Most code runs on a local machine
Applications may connect to remote resources for additional information or functionality (database or remote validation)
Platform can be volatile since user interface components tend to mature quickly (change a lot and frequently update application)
2-Distributed environment (application components execute on multiple machines; Web application, app server application, database)
Malicious Code
Any program, procedure, or other sequence of instructions that makes unauthorized modifications or triggers unauthorized actions
Common types of malicious code (viruses, worms, Trojan horses, Logic bombs)
Largest vulnerability for Local Environment is introducing malicious code
Scan and evaluate all code coming into your machine
Agents
Distributed Environment (Model)
Agent - Program or process that performs services on behalf of another process (principal)
EX - Web browser is principle asks app server for service (agent)
Generally an agent works on a different environment from the principal
Agents routinely prepare data for transfer from client to server
EX web interface interfaced to database data; application access to e-mail data
Applets
Distributed Environment (Model)
Similar to agents, but generally platform-independent
Applets work on many different client platforms
Java - interpreted, multithreaded language written by Sun Microsystems
Distributed programs run on the client in a limited memory area called a sandbox
Client must have Java Virtual Machine (JVM)
ActiveX - Microsoft’s answer to Java (programs or controls run in distributed mode on the client) (No sandbox therefore potentials for malicious activities; usually limited to MS environment)
Objects
Object-oriented Programming (OOP)
Object is collection of data and collection of functions that operate on that data
Programs are developed as reusable objects
object reuse promotes stability and error reduction
Encapsulation allows for data hiding
Data and private routines are stored as a unit
Only access to data is through predefined methods
Ideal for local and distributed models
Databases and Warehousing
Databases Relational Databases Record Identification Query Language Data Access Methods Data Warehouses Aggregation Inference Polyinstantiation
Databases
collection of data often of different types
Database Management System (DBMS)
Architectures
1-hierarchical (inverted tree)
2-Network (Mesh) (hard coded links)
3-Relational (FOCUS of EXAM)
4-Object-oriented (data and functions reside together)
Relational Databases
Based on Relational Algebra
Data stored logically in collection of tables
Tables are made up of Field (columns)
In a true relational database, there are NO relationships stored in the database
indexes are sorted lists of record pointers that provide relationship clues
Record Identification
Relational databases are (easy to use, easy to program, and easy to understand)
columns are (Fields)
Rows are (Records)
Candidate Key (Field or collection of fields that can uniquely identify a record)
Primary key is (one of the candidate key used to uniquely identify a record, reference tables, fetch data from tables, and enforce referential integrity)
Enforcing Referential Integrity is done by using the primary key of one table in another table (known as the foreign key)
Foreign Key is the primary key from another table
Query Language
All databases requires some sort of query language to extract data
SQL (Structured Query Language) is the most popular
Most vendors have extensions (Oracle - PL/SQL; Microsoft - Transact SQL)
Data Access Methods
Common Data Access Methods
1-ODBC (Open Database Connectivity) (provides SQL database for disparate environments; Database driver lives between the application and the database; Application and database MUST both be ODBC-compliant)
2-JDBC (Java Database Connectivity) (Similar to ODBC, but designed for Java programs
3-XML (eXtensible Markup Language) (convenient, self-describing format for data; easy to store and transmit between systems)
4-OLE DB (Object Linking and Embedding Database) (Microsoft API for accessing data; Interface implemented using the COM (Common Object Model); Interfaces with non-SQL databases and repositories)
Data Warehouses
Repository of Information, generally from multiple databases or data sources Data Mining (searching for data in data warehouses)
Aggregation
Obtaining information of a higher sensitivity by combining information from lower levels of sensitivity
Functions (count(); Min(); Max(); Avg(); Total())
Allowing you to create summary of less secure information which may reveal more secure information
Inference
The ability to deduce information about data at sensitivity level for which a user is not cleared
Time-sensitive information
Polyinstantiation
Allows multiple database objects to exist with the same key (to avoid inference)
(won’t say whether or not a record exists)
Data and Information Storage
Data Handling Data Storage Virtual Memory Information Retrieval Knowledge-based Systems Audit and Assurance Mechanisms
Data Handling
Data Storage locations provide different vulnerabilities for attackers
Some attacks occur as data moves from one location to another
Understand how to secure data access at each location
Data Storage
Primary - memory available to the CPU (RAM or real memory) (Volatile Memory)
Secondary - Nonvolatile memory; Hard disk, magnetic tapes, removable media or mobile data, USB Drives, Memory Sticks/cards)
Virtual Memory
Memory address space that exceeds the physical memory available Done by (offsetting the addresses to physically reside in memory; all other information is stored in secondary storage; often called the swap device (this is often in nonvolatile secondary storage) (must purge this data))
Information Retrieval
1-Random Access (can access memory locations in any order) 2-Sequential Access (can ONLY access memory in order) Magnetic tapes are a popular type of sequential Need to know Device type (how data is accessed; attacker prevention; how data is stored optimization of data retrieval) Volatile Memory (contents are lost when power goes off) (Typically use random access memory (RAM) Nonvolatile memory (secondary storage, maintains value without power; uses Read-only Memory (ROM))
Knowledge-based Systems
1-Expert System (stores a large volume of data in one area of specialty; Simulates the knowledge and decisions of an expert)
2-Neural System (Starts with no knowledge; Learns as it is used)
Audit and Assurance Mechanisms
Information Integrity (processed data reconciliation; for example, check totals)
Information Accuracy (data validation and verification) (server-based validation)
Information Auditing (Sensitive information access auditing)
Certification and accreditation
Information protection management (implementing controls to protect data transfer)
Configuration Management (implements formal procedures to control change)
System Development Controls
Coding Controls Development Life Cycle Design Certification Certification Standards
Coding Controls
Sloppy development provides a fertile breeding ground for malicious code vulnerabilities
Formal systems development procedures can reduce vulnerabilities
Software Configuration Management (SCM) - (Formal management and documentation of each step in the software development life cycle)
1-Making Decisions
2-Documenting the Decisions
3-Ensuring Stakeholders sign off on Decisions
4-Make New Decisions/Implement Previous Decisions
5-Look back to Ensure Decisions have been Followed
Development Life Cycle
1-Conceptual Definition (Original request for action)
2-Functional requirements determination (What is the software to do?; Does the functional requirements solution satisfy the conceptual definition?)
3-Protection Specifications Development (What controls are necessary to protect the functional requirements?
Design
4-Software designers take the functional requirements and the protection specifications and design a system
5-Code Review Walk-through (Software developers write the code that implements the design; Stakeholders review the code, ensuring that it satisfies all previous baselines)
6-System Test Review (Formal Testing Algorithms)
Constant review of previous steps to verify that it does what it is supposed to do
Certification
7-Certify (Comprehensive technical review and evaluation of functionality)
8-Accreditation (Formal acceptance of the Designated Approving Authority (DAA) of the certification)
9-Implementation and maintenance (Post-implementation tasks–Bug Fixes and Enhancements)
Certification Standards
There are two standards for certification and accreditation of computer systems
1-Defense Information Technology Security Certification and Accreditation Process (DITSCAP) - DoD Standard
2-National Information Assurance Certification and Accreditation Process (NIACAP) - US Executive Branch
Both Standards use Four Phases
Phase 1 - Definition (Build Team; Define Scope of Process)
Phase 2 - Verification (Verification of Development and Certification Analysis
Phase 3 - Validation (Further verification of certification analysis, with accreditation recommendations)
Phase 4 - Post-Accreditation (Assures that all changes comply with standards)
Security Development Controls
Isolation Architecture Administration Controls Design Control System Control Modes of Operation Integrity Levels Service Level Agreement
Isolation Architecture
Security Control Architecture
Process Isolation (Each process is confined to its own memory space; No process is going to be able to access memory outside its constrained space)
Hardware Segmentation (Physically isolating different pieces of hardware; Network Isolation)
Internal Architecture Segmentation (CPU segmentation)
Administration Controls
Separation of Privilege (ensures that a single user will not be able to complete a sensitive task; Requires two or more authorized users to complete a task)
Accountability (Monitoring (watching the activities of users and holding them accountable); Log File Analysis; The more accountability is enforced, the more it becomes a preventive control)
Design Control
Layering (Protection Rings; Each Process has a specific level of access granted; a higher privilege is required to operate the inner rings
Distinct Layer (only work on one layer)
Cumulative (able to work at specific layer and next layer of lower privilege)
Abstraction (Black box components) (know how to use it but don’t know what happens inside it)
Data Hiding (feature of Object Oriented Programming) (Hides the details of where the data is stored; Only carefully designed abstracted methods allow access to the data)
System Control
System High (Monolithic security level that only allows handling of data that all users are cleared to access; If this system is a secret system, the only way anything can be accessed on the system is to possess a security clearance of secret or higher) Security Kernel that handles all user requests for access, Reference Monitor Code is inside Security Kernel
Modes of Operation
1-Supervisor Mode (mode or security level at which a process operates that needs direct access to outside resources)
2-User Model (mode at which most end user applications run)
Be careful NOT to go into Supervisor Mode unless absolutely necessary
Integrity Levels
Network/System level of Integrity Operating System level of Integrity Database level of Integrity File level of Integrity Each level has different specific controls that you want to implement/protect
Service Level Agreement
It is becoming more common to offload some of the responsibilities to a third party through an SLA (Service Level Agreement)
Guarantee Availability and a certain percentage of uptime
Throughput/bandwidth
Malicious Code
Overview Players Viruses Virus Types OS Vulnerability Other Malicious Code Antivirus Protection
Overview
Malicious Code is designed to target a specific system or human vulnerability
A Skilled virus developer knows your system intimately
Even amateurs can get code kits to make their own malicious code
Players
Hackers (Originally referred to any person who had a passion for computers) (Media has created a negative connotation) (pure hackers learn and share their knowledge) Crackers (What the media really refers to when they use the term hacker) (A person who attempts to compromise a system for an unauthorized purpose) Phreaks (crackers who compromise telephone company systems to obtain free long distance services) Virus Writers (Generally very talented programmers who write virus code to exploit some vulnerability) Script Kiddies (Amateur cracker who has few true skills; uses various virus generation software to create virus code)
Viruses
Code that modifies files that contain computer instructions to perform some unauthorized action
Over 57,000 virus strains floating around today
Often introduced via e-mail or downloaded programs
Results can be destructive
Damage may not be immediately evident
Virus Types
Boot Sector Infectors (Viruses that infect Master Boot Record (MBR) or boot sector of a computer boot device; Boot scanning catches most of these viruses)
File infectors (viruses that modify or replace an executable file; virus activates when infected file is run)
Companion Virus (File infector that uses the same file name, but different extension with higher priority) (.com; .exe; .bat) (execution order)
Multipartite (virus that uses multiple infection schemes; generally starts with the MBR or boot sector; replicates and expands to possibly affect the entire system; multiple-level infection; Recovery must start from booting with a clean media then scanning the entire system)
Macro (A sequence of destructive instructions embedded in a common document; Word processor; spreadsheet; use of MACROs; keystroke is associated with a sequence of instructions; over 80% of all viruses are macro viruses; nearly all macro viruses attack Microsoft products)
Stealth Viruses (Virus that not only infects files, but also covers its tracks; may modify OS values to hide its existence and to fool antivirus software)
Polymorphic (Virus modifies itself as it travels from system to system; changes signature)
OS Vulnerability
Malicious code is pervasive on all operating systems
Microsoft attracts the most attention
Viruses also exist for Mac OS and UNIX variants
Other Malicious Code
Worm (similar to a virus, except a worm is a standalone program and does not need a host to infect; Typically live in active memory and often send themselves to other machines; uses e-mail; IRC) Trojan Horses (program that appears to do something useful but actually exists for another purpose; generally depends on an unsuspecting victim) Logic Bombs (executes instructions when a specific event occurs) Trap Doors (entry point into code by the developer that bypasses all access controls; allows the developer to get in easily; once discovered anyone can use it)
Antivirus Protection
Scanning
Disinfecting
shielding (active scanning of all files entering your computer)
Most are signature scanning (must update daily)
McAfee VirusScan
Norton AntiVirus
AVG
Methods of Attack
Brute Force Social Engineering DoS-DDoS Spoofing Pseudo Flaw Buffer Overflow TOC-TOU Rootkits
Brute Force
Brute Force or exhaustive attack (attempts to crack passwords by trying every possible combination)
look for failed login attempts
List of commonly used passwords (dictionary attack) (same goal as brute force attack) (Submits passwords from a list of commonly used password strings) (fewer attempts needed to crack password)
Social Engineering
Convincing a user to perform an unauthorized action
Often the easiest way to compromise a system
Most Effective Countermeasures is EDUCATION
Let users know that their actions affect security
Create secure passwords
Keep passwords secure (have policy)
Make sure that end users are aware of what can occur
DoS-DDoS
Denial of Service - Any attack that denies authorized users access to a system
SYN Flood (Normal session starts with a packet with SYN flag set sent to Target Machine (your computer)) (The Target system responds with ACK, then waits for the source ACK) (3-way handshake) (Source machine doesn’t send ACK so Target macine waits) (if Source Machine sends lots of SYN it overloads target machine)
Distributed Denial of service (DDoS) (DoS that doesn’t come from one source)
1-Smurf Attack (Example - Sends an ICMP (ping) packet - Target Address is the victim machine and the source address is the broadcast address of some network; All machines on network respond to the ICMP sending it back to the target machine which overwhelms the target machine)
2-Teardrop attack (send large packet that is broken up into fragments with incorrect packet numbers (addresses) causing older protocols to crash or potentially crashing the whole machine)
3-Ping of Death (Similar to Teardrop attack except it sends packets which exceed maximum size limits causing program to crash)
Teardrop and Ping of Death are attacks that are oriented towards older versions of networking software
Spoofing
Attacker sends the source address of a trusted machine instead of true address Convinces a system to trust incoming packet Allows entry past firewalls or filters Session hijacking (intercepts the credentials of a valid session) (Act as if attacker is valid user)
Pseudo Flaw
Introduce a Fake Vulnerability
Used to entice attackers away from sensitive information
Commonly used on honeypots (problem - honeypots are NOT generally used on a system that does not have important information)
Buffer Overflow
Always a result of sloppy coding
Always preventable
Result of developer failing to validate input
Hidden code (Code that performs unauthorized actions; Logic Bomb; Trap Door)
TOC-TOU
Time of Check/Time of Use (TOC/TOU)
Exploits timing vulnerabilities
Modifies object between the time of check and time of use
2 pass approach (check that object exists and permissions and OK for you to access object THEN Access Object and modify it)
Protection - Secure object from unauthorized access
Rootkits
Freely available software to exploit known vulnerabilities and increase system access
Make sure all software is updated with the latest patch level