MODULE-1-BST3B.docx

Chat with Document Quiz & Flashcards

Document Details

TroubleFreeBoron

Uploaded by TroubleFreeBoron

Tags

security threats information systems computer security cybersecurity

Related

Full Transcript

MODULE 1 **Security Threats in Information Systems** **Computer Security Threats** Computer security threats are defined as probable attacks from hackers that let them to gain illicit entrée to a computer. Along with the tremendous progress in Internet technology in the last few decades, the sop...

MODULE 1 **Security Threats in Information Systems** **Computer Security Threats** Computer security threats are defined as probable attacks from hackers that let them to gain illicit entrée to a computer. Along with the tremendous progress in Internet technology in the last few decades, the sophistication of the exploits and thereby the threats to computer systems have also equally increased. The exploitation is done by malicious hackers who find vulnerabilities or weaknesses, which are the pre-existing errors in the security settings in the computer systems. The common types of vulnerabilities are errors in the design or configuration of network infrastructure, protocols, communication media, operating systems, web-based applications and services, databases, etc. Threat is a potential risk that exploits a vulnerability to infringe security and cause probable damage/disruption to the information/service stored/offered in/by computer systems or through communication links. A threat to a computer systems occurs when the confidentiality (preventing exposure to unauthorized parties), integrity (not modified without authorization), and availability (readily available on demand by authorized parties) of information on systems are affected. Thus, a computer system threats in general can include anything deliberate, unintended, or caused by natural calamity that affects in data loss/manipulation or physical destruction of hardware. Accordingly, the threats on computer system are classified as physical threats and nonphysical threats. Physical threats cause impairment to hardware or theft to system or hard disk that holds critical data. Nonphysical threats target the data and software on the computer systems by corrupting the data or by exploiting the errors in the software. The exploits when successful result in security attacks on computer systems. Hence, threats is a possible danger caused by system vulnerability, while attack is the attempt of unauthorized action or a harmful action. The realization of a threat is usually detrimental and is termed an attack. **Defining Threats** Any information security threat can be grouped into one of a few high-level threat categories: - Natural disaster - Infrastructure failure - Internal abuse Accident - External targeted attack - External mass attack It is generally in the nature of a security professional to assume that threats will be malicious attackers, but we also need to account for user errors and accidents that can lead to security breaches. As scary as an organized hacker group is, most security teams spend less time dealing with these threats and much more of their time dealing with manual errors that are part of everyday processes or other employee mistakes that can unintentionally damage the organization just as badly. Each category of threat will have different likelihoods of occurring in general. For example, many organizations deal with mass attacks such as general viruses and phishing campaigns more often than the \"sexier\" and more well-publicized targeted attacks. There are many ways to measure threat. You can use the concept of the Threat Universe that defines the magnitude of threat surface, like the number of users, networks, or systems that can reach a vulnerability. **Security Threats** The terms threat, vulnerability and weakness are often used in cybersecurity. Understanding the difference between these terms is important. It allows organizations to correctly implement, document and assess their cyber security activities and controls. **Defining a Security Threats** - A potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event that could cause harm. - An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss. Cyber threats are sometimes incorrectly confused with vulnerabilities. Looking at the definitions, the keyword is \"potential\". The threat is not a security problem that exists in an implementation or organization. Instead it is something that can violate the security. This can be compared to a vulnerability which is an actual weakness that can be exploited. The threat always exist, regardless of any countermeasures. However, countermeasures can be used to minimize the probability of it being realized. **Types of Security Threats** A threat can be an event or a condition. An event, in this case, also includes natural disasters, fire, and power outage. It is a very general concept. In cybersecurity, it is more common to talk about threats such as viruses, trojan horses, denial of service attacks. Phishing emails is a social engineering threat that can cause, c.g., loss of passwords, credit card numbers and other sensitive data. Threats to information assets can cause loss of confidentiality, integrity or availability of data. This is also known as the CIA triad. The CIA triad, together with three other well known security concepts, is the basis for the STRIDE threat model. When listing possible threats, it is convenient to use an existing classification as a starting point. STRIDE is the most well-known classification, proposed by Microsoft in 1999. The name comes from the initial letters of the different categories, which also makes it easier to remember them. **THREATS** **MEANING/EXAMPLE** **RELATED SECURITY PROPERTY** ------------------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------- Spoofing identity An example is to use someone else\'s password and authenticate as that person. Authentication Tampering with data This includes e.g., modification of data. Either data at rest or data sent over a network. Integrity Repudiation This means that users can deny having performed an action, e.g., sending or receiving data. Non- repudiation Information disclosure This includes a user reading data without granted access, or eavesdropping a communication channel. Confidentiality Denial of service This relates to the availability of a system. Availability Elevation of privilege In these types of threats, a less privileged user gets higher privileges. Normal users obtaining root privileges is the most typical and severe form of this. Authorization **Examples of Security** Threats Recall that a threat is very general. It does not include how to realize it, or even if it is possible in the current system. Here are a few examples. - A malicious user reads the files of other users. - An attacker redirects queries made to a web server to his own web server. - An attacker modifies the database. - A remote attacker runs commands on the server. - **Theft of intellectual property** means violation of intellectual property rights like copyrights, patents etc. - **Identity theft** means to act someone else to obtain person\'s personal information or to access vital information they have like accessing the computer or social media account of a person by login into the account by using their login credentials. - **Theft of equipment** and information is increasing these days due to the mobile nature of devices and increasing information capacity. - **Sabotage** means destroying company\'s website to cause loss of confidence on part of its customer. - Information Extortion means theft of company\'s property or information to receive payment in exchange. For example ransomware may lock victims file making them inaccessible thus forcing victim to make payment in exchange. Only after payment victim\'s files will be unlocked. These are the old generation attacks that continue these days also with advancement every year. Apart from these there are many other threats. **New Generation** - **Threats Technology with Weak Security** - With the advancement in technology, with every passing day a new gadget is being released in the market. But very few are fully secured and follows Information Security principles. Since the market is very competitive Security factor is compromised to make device more up to date. This leads to theft of data/information from the devices. - **Social Media Attacks** - In this cyber criminals identify and infect a cluster of websites that persons of a particular organization visit, to steal information. - **Mobile Malware** - There is a saying when there is a connectivity to Internet there will be danger to Security. Same goes to Mobile phones where gaming applications are designed to lure customer to download the game and unintentionally they will install malware or virus in the device. - **Outdated Security Software** - With new threats emerging everyday, updation in security software is a pre requisite to have a fully secured environment. **Security software applications**. - Advanced malware protection software - Application security software - Firewall software - Endpoint security software - Web security software - Network security software - Email security software - Internet of Things (IoT) security software - **Corporate Data on Personal Devices** - These days every organization follows a rule BYOD. BYOD means \"Bring your own device\" like Laptops, Tablets to the workplace. Clearly BYOD pose a serious threat to security of data but due to productivity issues organizations are arguing to adopt this. - **Social Engineering** - is the art of manipulating people so that they give up their confidential information like bank account details, password etc. These criminals can trick you into giving your private and confidential information or they will gain your trust to get access to your computer to install a malicious software- that will give them control of your computer. For example email or message from your friend, that was probably not sent by your friend. Criminal can access your friends device and then by accessing the contact list he can send infected email and message to all contacts. Since the message/ email is from a known person recipient will definitely check the link or attachment in the message, thus unintentionally infecting the computer. **Security Threats to IoT Devices** Anything that has connection to Internet is prone to threats. As per the saying, \"There are two types of parties one that has been hacked and another that doesn\'t know it has been hacked.\" This statement throws light on the fact that we are always prone to vulnerabilities. It depends upon who is least vulnerable. Unless we don\'t identify these threats over the internet then won\'t be able to take steps to protect our computer system against these threats. Any threat on IoT is backed by a purpose. The purpose may differ depending upon intruder\'s target: - Since IoT enabled devices are used and operated by humans, an intruder may try to gain unauthorized access to the device. - By gaining access to wireless loT devices, the intruder may get hold of confidential information. - IoT devices require low power and less computational capability. Due to this, they cannot afford to have complex protocols. Therefore it becomes an easy target for intruders. **Vulnerability of IoT Devices**: The easiest way to pick threat to IoT device is its vulnerability. Companies that provide IoT based solutions begin with addressing this issue first before commemorating on the underlying software. There are two types of vulnerability: 1\. **Hardware**. A hardware vulnerability is difficult to detect. However, it is more difficult to repair the damage. 2**. Software**. Software vulnerability points towards a poorly written algorithm with a back door. Thus providing access to intruders for spying at such moments. **Easy Exposure of IoT Devices:** This is one of the most essential issues faced by IoT industry. Any device that is not attended or exposed to troublemakers is an open invitation for threats. In majority cases, IoT devices are not prone to third-party exposure they either lay open or accessible to anyone. Which means that an intruder can easily steal the device and connect it with another device containing harmful data. Thus extracting cryptographic secrets, modifying programming and replacing devices with a malicious one. **Threats to IoT:** There are two types of threat to loT human threat and a natural threat. Any threat that occurs due to natural calamities like earthquakes, hurricanes, the flood can cause severe damage to IoT devices. In such cases, a back is created to safeguard data. But any damage to these devices cannot be repaired. On the other hand, we do everything to curb human threats to IoT devices. These threats are malicious attacks. **Human Attacks on IoT Devices:** - **Cyber Reconnaissance**: Here intruder uses cracking techniques and malicious software to conduct espionage on the targeted user to gain access to secret information on the existing systems. - **Brute Force Attack**: Here the intruders make an attempt to guess user\'s password with help of automated software, which makes several attempts unless it gets the right password to grant access. - **Tracking**: User\'s each move is captured using UID of loT device. Tracking a user gives away precise location in time where they wish to live. Hence with the advancement in technologies there arises threats related to it. It is said nothing is perfect in the world of technology nothing is completely secured. So with the growth of IoT, there challenges to curb threats related to IoT in order to achieve its fullest benefits. **Ten Security Tips for IoT Devices** With the increasing technology in today\'s world the use of lot devices is preferred the most. IoT device is also called the double-edged sword. Along with making the lifestyle easy it also brings a threat in terms of security and safety. Hackers all over the world take advantage of this IoT device and threaten you and misuse your system for the wrong purpose. But this does not mean we stop using such a device but the solution is we should take some of the precautions which help users to fall under such threats. 1\. **Get Familiar with the Network and Connected Device** When an IoT device is connected to the internet it makes the network vulnerable and the attackers take advantage of it and jump into your system. If more such devices are connected than it equipped than it becomes more vulnerable and hence your information is accessible all over the wire. To reduce this threat we need to know our network and the device connected on it along with its susceptibility to disclose the information running over it. Cybercriminals use your location, your personal details to use against you. 2\. **IoT Device Access on Your Network** Once the device is connected to your internet understand the device and kind of network it is using. IoT device comes with some security patches which are to be known before using it. Before installing it or purchasing it check the security manner of that device along with a priority. Always go for newer models that have fewer threats and many safety measures. Check the setting of the device before using it. You might want to change the default privacy settings. 3**. Use a Unique and Strong Password for all Device and Account** Make use of a strong and unique password for all your accounts and device. Avoid using the default password like the device name or the company name of the product. If you find difficulty remembering all the passwords of the different devices than take the help of a password manager. Also keep on changing the password periodically. These measures help us even when somebody has accessed any of your accounts as they won\'t be able to use it if your password is changed. Also set the limit on the wrong password attempt and lockout your account for privacy. 4\. **Make use of the Separate Network for Your Smart Device** Utilizing a separate network for your house and office is the best way to stay away from threats. This way you can segment your network. Avoid using the public wifi network. This is not generally a good idea. By this it becomes easy to temper your device and account. Especially no transactions for bank and any other monetary issue is done by the public network. 5\. **Configure Your Device Setting** Before using the device you should never forget to change the default setting of the device because many times device while shipping with the insecure network and security settings which can be dangerous. Weak credential, permission, and many more setting should be changed according to your requirements. 6**. Install Firewalls and Other Security Solution for Vulnerability** It is always recommended to install the extra firewalls which are used to avoid the unauthorized traffic over network and detection systems/intrusion prevention systems (IDS/IPS). You can use a different kind of scanner to avoid threats like the vulnerability scanners to uncover security weaknesses within your network and the port scanner to discover the ports in the network. Check whether this port is necessary or not and then fix it. 7\. **Make Use of Strong Encryption** Whenever you use the WI-FI make sure you use the secure network that is encrypted. Do not use the public wifi at all because your information could be easily found by the attackers. Ensure your own network that you are working on is well updated and not WEP or WPA instead of WPA2. WPA2 is itself vulnerable to reinstallation attacks and install and update the patches for reducing the risk level to the user. Also make sure you add some settings like two-way authentication in the system so that the risk level is reduced and also you add one more layer of safety to your device. 8\. **Disable device features that you don\'t need** Always make a habit of reading the privacy policy of the app before using it. Make sure you know how the app management uses the information you share. Also try to use as much as less feature of the app. For example try to avoid the location permission or voice control permission unless you need it. Also you can enable them when needed so avoid putting them on all the time. Also make sure you disconnect your device proper after the use. 9\. **Keep Universal Plug and Play off (UPnP)** While the universal plug is designed seamlessly for the IoT device but it also helps the hackers outside to access your network vulnerably using UPnP protocol. Many devices have the UPnP protocol enable default so before using the device make sure you disable it unless you want your access to put at risk 10\. **Implement Physical Security** Please avoid losing your phone especially when you have all the apps loaded that control IoT devices. Make sure you have pin, password or another secure method to open it and also make sure you have the ability to wipe it\'s data remotely. One way of doing it is setting up automatic backup or selective backups for any device data. **Most Common Threats to Security and Privacy of loT Devices** Nowadays, the Internet is growing at a very fast rate with the advancement in technologies and techniques. Some years ago, we did not necessarily require an advanced level security system for our networking devices because the internet is not that much advanced in that era. According to a survey in 2017, 51% of big companies didn\'t even think about securing their devices because they felt that their devices might not be attacked by hackers and now approx 96% of companies think that there may be a huge increase in attacks of IoT devices in upcoming years. As technology is becoming advanced, attacks on internet devices are increasing very rapidly and becoming more and more common. Now, security and privacy have become a very important aspect of any IoT device. 1\. **Weak Credentials** Generally, large manufactures ship their products with a username of \"admin\" and with the password \"0000\" or \"1234\" and the consumers of these devices don\'t change them until they were forced to that by security executive. These kinds of acts make a path for hackers to hack consumer\'s privacy and let them control the consumer\'s device. In 2016, the Mirai botnet Attack as a result of using weak credentials. 2\. **Complex Structure of IoT Devices** IoT devices have a very complex structure that makes it difficult to find the fault in devices. Even if a device is hacked the owner of that device will be unaware of that fact. Hackers can force the device to join any malicious botnets or the device may get infected by any virus. We can not directly say that the device was hacked because of its complex structure. A few years ago, a security agency has proved that a smart refrigerator was found sent thousand plus spam mails. The interesting fact was that the owner of that refrigerator even did not know about that. 3\. **Outdated Software and Hardware** It has been seen that loT devices are secured when they are shipped. But the issues come here when these devices do not get regular updates. When a company manufactures its device, it makes the devices secure from all the threats of that time but as we discussed earlier, the Internet and technologies are growing at a very fast rate. So after a year or two, it becomes very easy for hackers to find the weakness of old devices with modern technologies. That\'s why security updates are the most important ones. 4\. **Rapid increase in Ransomware** With the advancement of the internet, hackers are also getting advanced. In the past few years, there is a rapid increase in malicious software or ransomware. This is causing a big challenge for IoT device manufacturers to secure their devices. 5\. **Small Scale Attacks** IoT devices are attacked on a very small scale. Manufacturing companies are trying to secure their devices for large scale attacks but no company is paying to attention small attacks. Hackers do small attacks on IoT devices such as baby monitoring devices or open wireless connections and then forced to join botnets. 6\. **Insecure Data Transfer** It is very difficult to transmit data securely in such a large amount as there are billions of IoT enabled devices. There is always a risk of data leaking or get infected or corrupted. 7\. **Smart Objects** Smart objects are the main building block of any device. These smart objects should able to communicate with another object or device or a sensor in any infrastructure securely. Even while these devices or objects are not aware of each other\'s network status. This is also an important issue. Hackers can hack these devices in open wireless networks. **Cyber Crime - Mobile Security Threats** Mobile devices are now an essential need for every person for day-to-day tasks. As a result, the number of mobile users is rising exponentially. This gives us the direction to think about the data they process and what security mechanisms are being taken by mobile application developers to keep the user\'s data secure. There was a time when the biggest threat to the data was due to spyware which runs silently on the computer background and steals user data. Now even mobile devices are a fruit target for cybercriminals to steal your data without even getting noticed. When it comes to securing mobile data, use an antivirus application that tends to protect your data from getting breached. **Types of Mobile Security Threats** 1\. **Web-Based Threats** These types of threats happen when people visit sites that appear to be fine on the front- end but in reality, automatically download malicious content onto the mobile devices. Also, many mobile applications continue to sync their data in the background which poses a threat. These threats usually go un-noticed by the users. - **Phishing Through Links**: Some legitimate-looking links are sent through messages, emails, or social media platforms. They extract personal information by tricking with several schemes. It is not possible to categorize them as real or fake as they copy the original website. - **Forced Downloads**: When you visit a page through anonymous links, it automatically directs you to the download page. This method is called drive-by downloads. 2\. **Physical Threats** These threats happen when someone physically tries to access your device. When you lose your mobile, or it is stolen there is a possibility for physical threats. Mobile devices carry your transactional data as well as has connected applications to your bank accounts, which is a threat to your privacy breach. - **No Password Protection**: With keeping all measures to secure your data, it is surprising to know that some people find it difficult to use a password on their devices, or they rather use a password that is easy to crack by hackers. This leads to physical threats. - **Encryption**: While using carrier networks they generally provide good encryption while accessing servers. But while accessing some client and enterprise servers they are explicitly managed. They are not end-to-end encrypted which can lead to physical threats. 3\. **Network-Based Threats** Mobile network includes both Cellular and Local network support such as Bluetooth and Wi-Fi. These are used to host network threats. These threats are especially dangerous as the cybercriminals can steal unencrypted data while people use public WiFi networks. **Public WiFi**: While we are using our devices for every task, at public places we are provided with public open WiFi which tends to be legitimate while they are controlled by hackers which results in data leakage. **Network Exploits**: Network exploits are due to the vulnerabilities in the operating system in your mobile devices. Once this software is connected to the network they are capable of installing malware onto the device without being known. 4\. **Application-Based Threats** Websites available for software downloads are home to these threats. They tend to be genuine software but in fact are specially designed to carry malicious activities. **Malware**: Malware is designed to send unwanted messages to recipients and further use your personal and business information by hacking your devices. Spyware: They are the software that are used to collect specific information about an organization or person which later can be used for fraud and identity threats. **Steps to prevent from Mobile Security Threats** - Prefer using communication apps that encrypt data transfers. - Update your device software regularly to ensure protection against spyware threats. - Create unique passwords for different accounts created while using mobile devices. - Delete the non-active apps to limit the threat to data access and privacy. Categories your applications under Blacklist and Whitelist. - Check for apps accessing location and storage. - Do not allow forced downloads from browser. - Check on security that stops sharing of network unnecessary. - Do not add your data to public servers.

Use Quizgecko on...
Browser
Open
Browser
Browser