Lecture 12 - Ch19 - Security (2) PDF
Document Details
Uploaded by EnthralledWalnutTree9021
Ahmad Bisher
Tags
Summary
This lecture covers information security topics like identity theft, types of security threats, technical safeguards, data safeguards, human safeguards, disaster preparedness, and incident response. It also includes discussions on motivations behind cyberattacks and preventive measures.
Full Transcript
Chapter 19 Information Security This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Class Objectives 1. What is identity theft? 2. What types of security threats do organizations face? 3. Technical Safeguards 4. Data Safeguards...
Chapter 19 Information Security This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Class Objectives 1. What is identity theft? 2. What types of security threats do organizations face? 3. Technical Safeguards 4. Data Safeguards 5. Human Safeguards 6. What is disaster preparedness? 7. How should organizations respond to security incidents? This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Got a Bank Account or Credit Card? You’ve Been Hacked! One of the largest breaches ever targeted Equifax. Hackers grabbed data on 143 million consumers. Stolen information included addresses, Social Security numbers, tax IDs, driver’s license numbers, hundreds of credit card numbers, and more. Impacted those beyond U.S. borders, with some 400,000 hit in the U.K. and over 100,000 Canadians. Equifax had two months to patch the vulnerability, but the firm failed at basic maintenance, leaving the door open for an easily preventable intrusion. The site that Equifax set up to answer consumer questions and offer free credit monitoring was riddled with vulnerabilities. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher A Look at the Target Hack Hackers installed malware in Target’s security and payments system. 40 million credit cards stolen and additional personal info on 70 million consumers exposed. Breach was followed by the firm’s largest ever decline in transactions, falling profits, scores of lawsuits, and the CEO’s ouster. Target had software security from FireEye: Source: Light Studio Design/Shutterstock.com Warnings were ignored on several occasions—had the warnings been heeded, the firm could have prevented the data theft. Even worse, the firm’s security software has an option to automatically delete malware as it’s detected but Target’s security team had turned that function off. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher https://youtu.be/uO 12W35DpsQ?si=NYd P4jcW7Bb_ksUu This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher What is identity theft? Understanding threats to your own privacy will help make you more sensitive to the importance of security and privacy In identity theft, vital information such as a person’s name, address, date of birth, social insurance number, and mother’s maiden name are acquired to complete impersonation With this information, the identity thief can take over a victim’s financial accounts; open new bank accounts; transfer bank balances; apply for loans, credit cards, and other services This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Why Is This Happening? Who Is Doing it? And What’s Their Motivation? Account theft and illegal funds transfer Stealing personal or financial data Compromising computing assets for use in other crimes Surreptitiously hijacking hacked hardware for cryptocurrency mining Extortion Intellectual property theft Espionage Cyberwarfare Terrorism Pranksters Protest hacking (hacktivism) Revenge (disgruntled employees) This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Why Is This Happening? Who Is Doing it? And What’s Their Motivation? data harvesters: Cybercriminals who infiltrate systems and collect data for illegal resale. cash-out fraudsters: Criminals who purchase assets from data harvesters to be used for illegal financial gain. They might buy goods using stolen credit cards or create false accounts. botnets: Hordes of surreptitiously infiltrated computers, controlled remotely. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Why Is This Happening? Who Is Doing it? And What’s Their Motivation? Corporate espionage might be performed by insiders, rivals, or even foreign governments. U.S., U.K., Spanish, South Korean, Japanese, and Australian facilities working on projects related to COVID have all been targeted by overseas actors originating in corporate espionage hotspots of China, Iran, North Korea, and Russia. Hackers infiltrated security firm RSA, stealing data keys used in the firm’s commercial authentication devices. GE Aerospace, Boeing, Honeywell, biotech, agriculture, locomotives, semiconductors, and solar panels are among the firms and industries that have been targeted by the Chinese government. Cyberwarfare has also become an increasingly used tool among both spy agencies and military organizations, and the fallout can spread far beyond the borders of the nations in conflict. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Information Security Research has shown each security breach costs Direct Costs: Forensic experts Notifying customers Credit and discounts Intangible costs: Customer churn Customer trust Loss of business This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Security Threats This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Social Engineering Impersonating senior management, investigators, or staff. Using generative AI to create a deepfake that mimics the voice or likeness of an insider, using this to secure access, sensitive information, or cause damage. Identifying a key individual by name or title as a supposed friend or acquaintance. Making claims with confidence and authority. Baiting someone to add, deny, or clarify information that can help an attacker. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher A Sampling of Methods Employed in Social Engineering Using harassment, guilt, or intimidation. Using an attractive individual to charm others into gaining info, favors, or access. Setting off a series of false alarms that cause the victim to disable alarm systems. Answering bogus surveys. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher User and Administrator Threats Bad apples Rogue employees who steal secrets, install malware, or hold a firm hostage. Social engineering Con games that trick employees into revealing information or performing other tasks that compromise a firm. phishing: Cons executed using technology, in order to acquire sensitive information or trick someone into installing malicious software. spear phishing: Phishing attacks that specifically target a given organization or group of users. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Don’t Take the Bait: Recognizing the “Phish Hooks” spoofed: E-mail transmissions and packets that have been altered to forge or disguise their origin or identity. The e-mail message to the right looks like it’s from Bank of America. However, hovering the cursor above the “Click Here to Complete Verification Process” link reveals the URL without clicking through to the site. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Technology Threats (Client and Server Software, Hardware, and Networking) Malware seeks to compromise a computing system without permission. Methods of infection: Viruses: Infect other software or files. Worms: Take advantage of security vulnerability to automatically spread. Trojans: Attempt to sneak in by masquerading as something they’re not. Goals of malware Botnets or zombie networks: Used in click-fraud, sending spam, executing “dictionary” password cracking attempts, and to decipher accounts that use CAPTCHAs: Scrambled character images meant to thwart automated account setup or ticket buying attempts. Malicious adware: Installed without full user consent or knowledge, later serve unwanted advertisements. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Technology Threats (Client and Server Software, Hardware, and Networking) (continued) Goals of malware (continued) Spyware: Monitors user actions, network traffic, or scans for files. Keylogger: Records user keystrokes. Screen capture: Records pixels that appear on a user’s screen to identify proprietary information. Card skimmer: Captures data from a card’s magnetic strip. RAM scraping or storage scanning software: Malicious code that scans for sensitive data. Ransomware: Malware that encrypts user’s files with demands that a user pay to regain control of their data and/or device. Blended threats: Attacks combining multiple malware or hacking exploits. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher The Virus in Your Pocket, The Spy in Your Kitchen Most smartphones have layers of security to block the spread of malware—hackers typically hunt for the weakest victims: “Jail-broken” iPhones Devices with warranty-voiding modifications in which security restrictions are overridden to allow phones to be used off-network As new devices proliferate, the attack surface is only growing—security professionals now need to consider any device with a microphone as part of attack vectors. Smart speakers Baby monitors Watches Ear buds This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Technology Threats (Client and Server Software, Hardware, and Networking) (continued, 2) Compromising poorly designed software SQL injection technique targets sloppy programming practices that do not validate user input. SQL injection and other application weaknesses are particularly problematic because there’s not a commercial software patch or easily deployed piece of security software that can protect a firm. Related programming exploits go by names such as: Cross-site scripting attacks Buffer overflow vulnerabilities HTTP header injection All systems must be designed and tested with security in mind—testing new applications, existing and legacy applications, partner offerings, and SaaS applications. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Push-Button Hacking, Made Worse by Generative AI Push-button hacking are tools designed to easily automate attacks. Generative AI has also become a tool for training would-be hackers. There are workarounds to “trick” an AI into providing responses that circumvent guardrails. Open-source AI tools have been used to create tools specifically designed for cyberattacks—WormGPT, DarkBERT, DarkBART, ChaosGPT. Deliberately searching for sensitive information and vulnerabilities Assisting in malware creation Crafting “persuasive and strategically cunning” phishing scams Subscription via dark Web contacts on dark Web forums and black hat Telegram channels This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Push-Button Hacking, Made Worse by Generative AI (continued) Network threats—the network itself is a source of compromise. Physical threats dumpster diving: Combing through trash to identify valuable assets. shoulder surfing: Gaining compromising information through observation. Eavesdropping, such as efforts to listen into or record conversations, transmissions or keystrokes. Firms might fall victim to various forms of eavesdropping: Efforts to listen into or record conversations, transmissions, or keystrokes. Device hidden inside package might sit inside mailroom or physical inbox. Compromised wireless or other network connections, malware keylogger or screen capture programs. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Why Is This Happening? Who Is Doing it? And What’s Their Motivation? (continued, 2) Ransomware attacks Criminals infiltrate networks and encrypt an organization’s data. Hold data assets hostage and irrecoverable unless the organization forks over a ransom in untraceable crypto to receive the decryption key. Many ransomware hackers are Source: Gorodenkoff/Shutterstock.com moving from locking up data to simply threatening its release unless they receive a crypto- payment. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher “Hacker”: Good or Bad? hacker: A term that may be applied to either 1) someone who breaks into a computer, or 2) to a particularly clever programmer. hack: A term that may be applied to either 1) breaking into a computer system, or 2) to a particularly clever solution. white hat hackers: Someone who uncovers computer weaknesses without exploiting them. Contributes to improving system security. black hat hackers: Computer criminals. red team: When a firm employs a group to act like bad actors in an attempt to uncover weaknesses before they are exploited. blue team: Defensive security professionals responsible for maintaining internal network defenses against cyberattacks and threats. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher What types of security threats do organizations face? Social Pretexting Phishing Engineering Spoofing Intentional destruction of data Destroying system components Network Hackers Virus and worm writers Criminals Terrorists Fires, floods, hurricanes, earthquakes, tsunamis, avalanches, tornados, and other User acts of nature Initial losses of capability and service Plus losses from recovery actions This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Safeguards This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Elements of a Security Program Senior management involvement Must establish a security policy Manage risk balancing costs and benefits Safeguards Protections against security threats Incident response Must plan for prior to incidents This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Taking Action as an Organization (continued) Education, audit, and enforcement Functions of research and development: Understanding emerging threats and updating security techniques. Working on broader governance issues. Employees should: Know a firm’s policies and be regularly trained. Understand the penalties for failing to meet their obligations. Audits include real-time monitoring of usage, announced audits, and surprise spot-checks. Audit processes will often involve the use of a red team: A group that is authorized by an organization to act like an adversary, probing for weaknesses and testing for vulnerabilities. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Security Safeguards as They Relate to the Five Components This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Taking Action as an Organization—Technology’s Role Patches: Software updates that plug existing holes. Lock down hardware: Prevent unapproved software installation. Force file saving to hardened, backed-up, scanned, and monitored servers. Re-image hard drives of end-user PCs. Disable boot capability of removable media. Prevent Wi-Fi use and require VPN encryption for network transmissions. Lock down networks: firewalls: Control network traffic, block unauthorized traffic. intrusion detection systems: Monitor network use for hacking attempts and take preventive action. honeypots: Tempting, bogus targets meant to lure hackers. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher How can technical safeguards protect against security threats? This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Identification and Authentication User names and passwords Identification Authentication Smart cards Personal identification number (PIN) Biometric authentication Fingerprints, facial features, retinal scans Single sign-on for multiple systems This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher User and Administrator Threats (continued, 2) Passwords Most users employ inefficient and insecure password systems. Some sites force users to change passwords regularly, but this often results in insecure compromises (users only make minor tweaks). Building a better password: biometrics: Measure and analyze human body characteristics for identification or authentication. 2FA: Two-factor authentication, a type of security that requires two separate forms of identification order to gain access. multi-factor authentication: When identity is proven by presenting more than one item for proof of credentials. Fingerprint readers, voice-print, and facial recognition add biometrics to multi-factor authentication at the point of purchase. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Technical Safeguards Malware Protection Viruses Worms Spyware Adware Malware safeguards Install antivirus and anti-spyware programs Scan your computer frequently Update malware definitions Open e-mail attachments only from known sources Install software updates promptly Browse only reputable Web sites This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher What are firewalls? Firewall: Computing device that prevents unauthorized network access May be special-purpose computer or program Port numbers can be used to create firewalls A port is a number that is used to specify a service provided. For HTTP it is port 80. Firewalls could be setup to prohibit access to a port Access Control List (ACL) encodes rules stating which IP addresses are allowed or prohibited Packet-filtering firewalls scan outgoing and incoming packets and determine if allowed Orgs may prohibit employees access certain sites This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Encryption Process of transforming clear text into coded, unintelligible text for secure storage or communication Encryption key is a number used to encrypt data Coding and decoding messages are done using encryption algorithm Types of Encryption Symmetric: the same key is used to encode and to decode Asymmetric: different keys are used; one encodes the message, and the other decodes the message This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher AI Can Help the Good Guys, Too! The AI cybersecurity toolkit is vast Cloud-based threat detection across multiple client websites worldwide. AI tools are also used to perform vulnerability audits AI can also create honeypots that lure hackers and let hackers believe they're accessing a target. Several generative AI tools are also emerging that are targeted at cyber-security professionals. Microsoft's Security Copilot is specifically trained and regularly updated on information security issues, techniques, and the latest vulnerabilities. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Security Safeguards as They Relate to the Five Components This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher How can data safeguards protect against security threats? Data safeguards protect databases and other organizational data Data administration Organization-wide function develops data policies enforce data standards Database administration Particular database function procedures for multi-user processing change control to structure protection of database This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Data Safeguards Encryption keys Key escrow Backup copies Store off-premise Check validity Physical security Lock and control access to facility Maintain entry log Third party contracts Safeguards are written into contracts Right to inspect premises and interview personnel This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Security Safeguards as They Relate to the Five Components This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Taking Action as a User Tips for users: Surf smart. Stay vigilant. Stay updated. Stay armed—install a full suite of security software. Be settings smart—secure home networks and encrypt hard drives. Be usage smart—consider fitness apps like Strava running and bike-ride tracker. Be password savvy—regularly update passwords. Use passcodes or 2FA, MFA when available. Be disposal smart. Back up—regularly back up your system. Check with your administrator—many provide free security software tools. This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher How can human safeguards protect against security threats? Involve people and procedure components of information system User access restriction requires authentication and account management Design appropriate security procedures Security considerations for: Employees Non-employee personnel This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Human Safeguards for Employees User accounts considerations Define job tasks and responsibility Separate duties and authorities Grant least possible privileges Document security sensitivity Hiring and screening employees Dissemination Employees need to be made aware of policies and procedures Employee security training This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Human Safeguards for Employees, continued Enforcement of policies Define responsibilities Hold employees accountable Encourage compliance Management attitude is crucial Create policies and procedures for employee termination Protect against malicious actions in unfriendly terminations Remove user accounts and passwords This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Human Safeguards for Non-Employees Temporary personnel and vendors Screen personnel Training and compliance Contract should include specific security provisions Provide accounts and passwords with the least privileges Public users Harden Web site and facility Hardening: Take extraordinary measures to reduce system’s vulnerability Partners and public that receive benefits from the information system Protect these users from internal company security problems This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Account Administration Account management procedures Creation of new user accounts Modification of existing account permissions Removal of unneeded accounts Password management Acknowledgment forms Change passwords frequently Help-desk policies Authentication of users who have lost their password Password should not be e-mailed (just a notification of password change) This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Account Administration, continued System procedures: Normal operation Backup Recovery Procedures of each type should exist for each information system Definition and use of standardized procedures reduces the likelihood of computer crime Each procedure type should be defined for both, system users and operations personnel Different duties and responsibilities Varying needs and goals This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Monitoring & Incident Response This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Security Monitoring Activity log analyses Firewall logs DBMS log-in records Web server logs Security testing In-house and external security professionals Investigation of incidents How did the problem occur? Lessons learned Indication of potential vulnerability and corrective actions This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher What Is Disaster Preparedness? A substantial loss of computing infrastructure caused by acts of nature, crime, or terrorist activity can be disastrous for an organization Best safeguard is appropriate location Backup processing centers in geographically removed site Identify mission-critical systems and resources needed to run those systems Prepare remote backup facilities Hot and cold sites Train and rehearse cutover of operations This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher How should organizations respond to security incidents? Organization must have plan Detail reporting and response Centralized reporting of incidents Allows for application of specialized expertise Speed is of the essence Preparation pays off Identify critical employees and contact numbers Training is vital Practise incidence response! This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher Thank you! This content is protected and may not be shared, uploaded, or distributed © Ahmad Bisher