Info Assurance Notes.pdf
Document Details
Tags
Full Transcript
S-ITCS318 Professor: Evangeline Pamintuan Table of Contents Module 01: Introduction to Cybersecurity What is Cybersecurity? Protecting Your Personal Data Your Data Identity Theft...
S-ITCS318 Professor: Evangeline Pamintuan Table of Contents Module 01: Introduction to Cybersecurity What is Cybersecurity? Protecting Your Personal Data Your Data Identity Theft Who Else Wants My Data Organizational Data The Cube Is this Real? Consequences of a Security Breach Cyber Attackers Module 02: Attacks, Concepts and Techniques Analyzing a Cyber Attacks Symptoms of Malware Security Vulnerability and Exploits The Cybersecurity Landscape Module 01: Introduction to Cybersecurity What is Cybersecurity? Cybersecurity s the ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. Three Levels of Protection Personal S-ITCS318 1 On a personal level, you need to safeguard your identity, your data, and your computing devices. Organizational At an organizational level, it is everyone’s responsibility to protect the organization’s reputation, data and customers. Government As more digital information is being gathered and shared, its protection becomes even more vital at the government level, where national security, economic stability and the safety and wellbeing of citizens are at stake. Protecting Your Personal Data Personal data is any information that can be used to identify you, and it can exist both offline and online. Offline Identity is the real-life persona that you present on a daily basis at home, at school or at work. Online identity It’s who you are and how you present yourself to others online. Your Data how hackers can get their hands on your personal data Medical Records Every time you visit the doctor, personal information regarding your physical and mental health and wellbeing is added to your electronic health records (EHRs). Since the majority of these records are saved online, you need to be aware of the medical information that you share. Educational Records S-ITCS318 2 Educational records contain information about your academic qualifications and achievements. However, these records may also include your contact information, attendance records, disciplinary reports, health and immunization records as well as any special education records including individualized education programs (IEPs). Employment and financial records Employment data can be valuable to hackers if they can gather information on your past employment, or even your current performance reviews. Your financial records may include information about your income and expenditure. Your tax records may include paychecks, credit card statements, your credit rating and your bank account details. All of this data, if not safeguarded properly, can compromise your privacy and enable cybercriminals to use your information for their own gain. Identity Theft Medical Theft Banking Who Else Wants My Data Your Internet Service Provider (ISP) Your ISP tracks your online activity and, in some countries, they can sell this data to advertisers for a profit. In certain circumstances, ISPs may be legally required to share your information with government surveillance agencies or authorities. Advertisers monitor and track your online activities such as shopping habits and personal preferences and send targeted ads your way. Search Engines and Social Media Platforms S-ITCS318 3 These platforms gather information about your gender, geolocation, phone number and political and religious ideologies based on your search histories and online identity. This information is then sold to advertisers for a profit. Websites you visit Websites use cookies to track your activities in order to provide a more personalized experience. But this leaves a data trail that is linked to your online identity that can often end up in the hands of advertisers. Organizational Data Types of Organizational Data Traditional Data is typically generated and maintained by all organizations, big and small. Transactional data such as details relating to buying and selling, production activities and basic organizational operations such as any information used to make employment decisions. Intellectual property such as patents, trademarks and new product plans, which allows an organization to gain economic advantage over its competitors. This information is often considered a trade secret and losing it could prove disastrous for the future of a company. Financial Data such as income statements, balance sheets and cash flow statements, which provide insight into the health of a company. Internet of Things (IoT) is a large network of physical objects, such as sensors, software and other equipment. The Cube S-ITCS318 4 McCumber Cube model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them. This security model has three dimensions: 1. The foundational principles for protecting information systems. 2. The protection of information in each of its possible states. 3. The security measures used to protect data. The Foundational Principles for Protecting Information Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication. Integrity ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum. Availability means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. The Protection of Information in Each State Processing refers to data that is being used to perform an operation such as updating a database record (data in process). Storage S-ITCS318 5 refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest). Transmission refers to data traveling between information systems (data in transit). The Security Measures Used to Protect Data Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems. Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents. Policy and procedure refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines. Is this Real? in August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers. Data Security Breaches The implications of a data security breach are severe, but they are becoming all too common. The Persirai botnet Equifax inc. Consequences of a Security Breach Reputational damage S-ITCS318 6 an have a negative long-term impact on an organization’s reputation that has taken years to build. Customers, particularly those who have been adversely affected by the breach, will need to be notified and may seek compensation and/or turn to a reliable and secure competitor. Employees may also choose to leave in light of a scandal. Vandalism A hacker or hacking group may vandalize an organization’s website by posting untrue information. They might even just make a few minor edits to your organization’s phone number or address, which can be trickier to detect. Theft A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can make this information public or exploit it to steal an individual’s money and/or identity. Loss of Revenue The financial impact of a security breach can be devastating. For example, hackers can take down an organization’s website, preventing it from doing business online. Damaged Intellectual Property A security breach could also have a devastating impact on the competitiveness of an organization, particularly if hackers are able to get their hands on confidential documents, trade secrets and intellectual property. Cyber Attackers Types of Attacks Amateurs The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks. S-ITCS318 7 Hackers This group of attackers break into computer systems or networks to gain access. White hat attackers break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. Gray hat attackers may set out to find vulnerabilities in a system but they will only report their findings to the owners of a system if doing so coincides with their agenda. Black hat attackers take advantage of any vulnerability for illegal personal, financial or political gain. Organized Hackers These attackers include organizations of cyber criminals, hacktivists, terrorists and state-sponsored hackers. They are usually highly sophisticated and organized, and may even provide cybercrime as a service to other criminals. Hacktivists make political statements to create awareness about issues that are important to them. State-sponsored attackers gather intelligence or commit sabotage on behalf of their government. They are usually highly trained and well-funded and their attacks are focused on specific goals that are beneficial to their government. Module 02: Attacks, Concepts and Techniques Analyzing a Cyber Attacks S-ITCS318 8 Types of Malware Malware is any code that can be used to steal data, bypass access controls, or cause harm to or compromise a system. Spyware Designed to track and spy on you, spyware monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data, including sensitive personal information such as your online banking details. Adware is often installed with some versions of software and is designed to automatically deliver advertisements to a user, most often on a web browser. Backdoor is used to gain unauthorized access by bypassing the normal authentication procedures to access a system. Ransomware is designed to hold a computer system or the data it contains captive until a payment is made. Scareware is a type of malware that uses 'scare’ tactics to trick you into taking a specific action. Scareware mainly consists of operating system style windows that pop up to warn you that your system is at risk and needs to run a specific program for it to return to normal operation. Rootkit is designed to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. Virus S-ITCS318 9 is a type of computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its own code. Trojan horse carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Worms is a type of malware that replicates itself in order to spread from one computer to another. Unlike a virus, which requires a host program to run, worms can run by themselves. Symptoms of Malware an increase in CPU usage which slows down your device your computer freezing or crashing often a decrease in your web browsing speed unexplainable problems with your network connections modified or deleted files the presence of unknown files, programs or desktop icons unknown processes running S-ITCS318 10 Symptoms of Malware Social Engineering is the manipulation of people into performing actions or divulging confidential information. common types of social engineering attacks: Pretexting This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. Tailgating This is when an attacker quickly follows an authorized person into a secure, physical location. Something for something (quid pro quo) S-ITCS318 11 This is when an attacker requests personal information from a person in exchange for something, like a free gift. Denial of Service attacks are a type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack results in some sort of interruption of network service to users, devices or applications. Two main types of DoS attacks Overwhelming quantity of traffic Maliciously formatted packets packet - is a collection of data that flows between a source and a receiver computer or application over a network, such as the internet. Distributed DoS attack is similar to a DoS attack but originates from multiple, coordinated sources. For example: An attacker builds a network (botnet) of infected hosts called zombies, which are controlled by handler systems. The zombie computers will constantly scan and infect more hosts, creating more and more zombies. When ready, the hacker will instruct the handler systems to make the botnet of zombies carry out a DDoS attack. Botnet bot computer - is typically infected by visiting an unsafe website or opening an infected email attachment or infected media file. Botnet is a group of bots, connected through the Internet, that can be controlled by a malicious individual or group. It can have tens of thousands, or even hundreds of thousands, of bots that are typically controlled through a command and control server. S-ITCS318 12 On-Path Attacks intercept or modify communications between two devices, such as a web browser and a web server, either to collect information from or to impersonate one of the devices. Man-in-the-middle (MITM) attack happens when a cybercriminal takes control of a device without the user’s knowledge. Man-in-the-mobile (MITMO) a variation of man in the middle, MitMo is a type of attack used to take control over a user’s mobile device. SEO is about improving an organization’s website so that it gains greater visibility in search engine results. SEO Poisoning increase traffic to malicious sites that may host malware or attempt social engineering Wi-Fi Password Cracking You’re enjoying your lunch in the canteen when a colleague approaches you. They seem distressed. S-ITCS318 13 They explain that they can’t seem to connect to the public Wi-Fi on their phone and ask if you have the private Wi-Fi password to hand so that they can check that their phone is working. How would you respond? Select the correct answer, then Submit. Password Attacks Password spraying This technique attempts to gain access to a system by ‘spraying’ a few commonly used passwords across a large number of accounts. Dictionary Attacks A hacker systematically tries every word in a dictionary or a list of commonly used words as a password in an attempt to break into a password-protected account. Brute-force attacks The simplest and most commonly used way of gaining access to a password-protected site, brute-force attacks see an attacker using all possible combinations of letters, numbers and symbols in the password space until they get it right. Rainbow attacks S-ITCS318 14 passwords in a computer system are not stored as plain text, but as hashed values (numerical values that uniquely identify data). A rainbow table is a large dictionary of precomputed hashes and the passwords from which they were calculated. Traffic interception Plain text or unencrypted passwords can be easily read by other humans and machines by intercepting communications. Advanced Persistent Threats (APTs) a multi-phase, long term, stealthy and advanced operation against a specific target. For these reasons, an individual attacker often lacks the skill set, resources or persistence to perform APTs. Its main purpose is to deploy customized malware on one or more of the target’s systems and remain there undetected. S-ITCS318 15 Security Vulnerability and Exploits Hardware Vulnerabilities are most often the result of hardware design Meltdown and Spectre Google security researchers discovered Meltdown and Spectre, two hardware vulnerabilities that affect almost all central processing units (CPUs) released since 1995 within desktops, laptops, servers, smartphones, smart devices and cloud services. Attackers exploiting these vulnerabilities can read all memory from a given system (Meltdown), as well as data handled by other applications (Spectre). The Meltdown and Spectre vulnerability exploitations are referred to as side-channel attacks (information is gained from the implementation of a S-ITCS318 16 computer system). Hardware vulnerabilities are specific to device models and are not generally exploited through random compromising attempts. Software Vulnerabilities are usually introduced by errors in the operating system or application code. SYNful Knock allowed attackers to gain control of enterprise grade routers, such as the legacy Cisco ISR routers, from which they could monitor all network communication and infect other network devices. Categorizing Software Vulnerabilities Butter overflow Buffers are memory areas allocated to an application. A vulnerability occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. Non-validated input Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way. Race conditions This vulnerability describes a situation where the output of an event depends on ordered or timed outputs. A race condition becomes a source of vulnerability when the required ordered or timed events do not occur in the correct order or at the proper time. Weaknesses in security practices Systems and sensitive data can be protected through techniques such as authentication, authorization and encryption. Developers should stick to using security techniques and libraries that have already been created, S-ITCS318 17 tested and verified and should not attempt to create their own security algorithms. These will only likely introduce new vulnerabilities. Access control problems Access control is the process of controlling who does what and ranges from managing physical access to equipment to dictating who has access to a resource, such as a file, and what they can do with it, such as read or change the file. Many security vulnerabilities are created by the improper use of access controls. Software Updates The goal of software updates is to stay current and avoid exploitation of vulnerabilities. Microsoft, Apple and other operating system producers release patches and updates almost every day and applications such as web browsers, mobile apps and web servers are often updated by the companies or organizations responsible for them. Google’s Project Zero is a great example of this practice. After discovering a number of vulnerabilities in various software used by end users, Google formed a permanent team dedicated to finding software vulnerabilities. S-ITCS318 18 The Cybersecurity Landscape Cryptocurrency is digital money that can be used to buy goods and services, using strong encryption techniques to secure these online transactions. Banks, governments and even companies like Microsoft and AT&T are very aware of its importance and are jumping on the cryptocurrency bandwagon! Cryptojacking is an emerging threat that hides on a user’s computer, mobile phone, tablet, laptop or server, using that machine’s resources to 'mine’ cryptocurrencies without the user's consent or knowledge. S-ITCS318 19