Info Assurance Notes.pdf

Full Transcript

S-ITCS318
Professor: Evangeline Pamintuan

Table of Contents
Module 01: Introduction to Cybersecurity
What is Cybersecurity?
Protecting Your Personal Data
Your Data
Identity Theft
Who Else Wants My Data
Organizational Data
The Cube
Is this Real?
Consequences of a Security Breach
Cyber Attackers
Module 02: Attacks, Concepts and Techniques
Analyzing a Cyber Attacks
Symptoms of Malware
Security Vulnerability and Exploits
The Cybersecurity Landscape

Module 01: Introduction to Cybersecurity
What is Cybersecurity?
Cybersecurity

s the ongoing effort to protect individuals, organizations and governments
from digital attacks by protecting networked systems and data from
unauthorized use or harm.

Three Levels of Protection

Personal

S-ITCS318 1
 On a personal level, you need to safeguard your identity, your data, and
your computing devices.

Organizational

At an organizational level, it is everyone’s responsibility to protect the
organization’s reputation, data and customers.

Government

As more digital information is being gathered and shared, its protection
becomes even more vital at the government level, where national security,
economic stability and the safety and wellbeing of citizens are at stake.

Protecting Your Personal Data
Personal data

is any information that can be used to identify you, and it can exist
both offline and online.

Offline Identity

is the real-life persona that you present on a daily basis at home, at school or
at work.

Online identity

It’s who you are and how you present yourself to others online.

Your Data
how hackers can get their hands on your personal data

Medical Records

Every time you visit the doctor, personal information regarding your
physical and mental health and wellbeing is added to your electronic
health records (EHRs). Since the majority of these records are saved
online, you need to be aware of the medical information that you share.

Educational Records

S-ITCS318 2
 Educational records contain information about your academic
qualifications and achievements. However, these records may also include
your contact information, attendance records, disciplinary reports, health
and immunization records as well as any special education records
including individualized education programs (IEPs).

Employment and financial records

Employment data can be valuable to hackers if they can gather information
on your past employment, or even your current performance reviews. Your
financial records may include information about your income and
expenditure.

Your tax records may include paychecks, credit card statements, your
credit rating and your bank account details. All of this data, if not
safeguarded properly, can compromise your privacy and enable
cybercriminals to use your information for their own gain.

Identity Theft
Medical Theft

Banking

Who Else Wants My Data
Your Internet Service Provider (ISP)

Your ISP tracks your online activity and, in some countries, they can sell
this data to advertisers for a profit.

In certain circumstances, ISPs may be legally required to share your
information with government surveillance agencies or authorities.

Advertisers

monitor and track your online activities such as shopping habits and
personal preferences and send targeted ads your way.

Search Engines and Social Media Platforms

S-ITCS318 3
 These platforms gather information about your gender, geolocation, phone
number and political and religious ideologies based on your search
histories and online identity. This information is then sold to advertisers for
a profit.

Websites you visit

Websites use cookies to track your activities in order to provide a more
personalized experience. But this leaves a data trail that is linked to your
online identity that can often end up in the hands of advertisers.

Organizational Data
Types of Organizational Data

Traditional Data

is typically generated and maintained by all organizations, big and small.

Transactional data

such as details relating to buying and selling, production activities and
basic organizational operations such as any information used to make
employment decisions.

Intellectual property

such as patents, trademarks and new product plans, which allows an
organization to gain economic advantage over its competitors. This
information is often considered a trade secret and losing it could prove
disastrous for the future of a company.

Financial Data

such as income statements, balance sheets and cash flow statements,
which provide insight into the health of a company.

Internet of Things (IoT)

is a large network of physical objects, such as sensors, software and other
equipment.

The Cube

S-ITCS318 4
 McCumber Cube

model framework created by John McCumber in 1991 to help organizations
establish and evaluate information security initiatives by considering all of the
related factors that impact them.

This security model has three dimensions:

1. The foundational principles for protecting information systems.

2. The protection of information in each of its possible states.

3. The security measures used to protect data.

The Foundational Principles for Protecting Information

Confidentiality

is a set of rules that prevents sensitive information from being disclosed to
unauthorized people, resources and processes. Methods to ensure
confidentiality include data encryption, identity proofing and two factor
authentication.

Integrity

ensures that system information or processes are protected from
intentional or accidental modification. One way to ensure integrity is to use
a hash function or checksum.

Availability

means that authorized users are able to access systems and data when
and where needed and those that do not meet established conditions, are
not.

The Protection of Information in Each State

Processing

refers to data that is being used to perform an operation such as updating
a database record (data in process).

Storage

S-ITCS318 5
 refers to data stored in memory or on a permanent storage device such as
a hard drive, solid-state drive or USB drive (data at rest).

Transmission

refers to data traveling between information systems (data in transit).

The Security Measures Used to Protect Data

Awareness, training and education

are the measures put in place by an organization to ensure that users are
knowledgeable about potential security threats and the actions they can
take to protect information systems.

Technology

refers to the software- and hardware-based solutions designed to protect
information systems such as firewalls, which continuously monitor your
network in search of possible malicious incidents.

Policy and procedure

refers to the administrative controls that provide a foundation for how an
organization implements information assurance, such as incident response
plans and best practice guidelines.

Is this Real?
in August 2020, elite gaming brand Razer experienced a data breach which
exposed the personal information of approximately 100,000 customers.

Data Security Breaches

The implications of a data security breach are severe, but they are becoming
all too common.

The Persirai botnet

Equifax inc.

Consequences of a Security Breach
Reputational damage

S-ITCS318 6
 an have a negative long-term impact on an organization’s reputation that
has taken years to build. Customers, particularly those who have been
adversely affected by the breach, will need to be notified and may seek
compensation and/or turn to a reliable and secure competitor. Employees
may also choose to leave in light of a scandal.

Vandalism

A hacker or hacking group may vandalize an organization’s website by
posting untrue information. They might even just make a few minor edits to
your organization’s phone number or address, which can be trickier to
detect.

Theft

A data breach often involves an incident where sensitive personal data has
been stolen. Cybercriminals can make this information public or exploit it
to steal an individual’s money and/or identity.

Loss of Revenue

The financial impact of a security breach can be devastating. For example,
hackers can take down an organization’s website, preventing it from doing
business online.

Damaged Intellectual Property

A security breach could also have a devastating impact on the
competitiveness of an organization, particularly if hackers are able to get
their hands on confidential documents, trade secrets and intellectual
property.

Cyber Attackers
Types of Attacks

Amateurs

The term 'script kiddies' emerged in the 1990s and refers to amateur or
inexperienced hackers who use existing tools or instructions found on the
Internet to launch attacks.

S-ITCS318 7
 Hackers

This group of attackers break into computer systems or networks to gain
access.

White hat attackers

break into networks or computer systems to identify any weaknesses
so that the security of a system or network can be improved.

Gray hat attackers

may set out to find vulnerabilities in a system but they will only report
their findings to the owners of a system if doing so coincides with their
agenda.

Black hat attackers

take advantage of any vulnerability for illegal personal, financial or
political gain.

Organized Hackers

These attackers include organizations of cyber criminals, hacktivists,
terrorists and state-sponsored hackers. They are usually highly
sophisticated and organized, and may even provide cybercrime as a
service to other criminals.

Hacktivists

make political statements to create awareness about issues that are
important to them.

State-sponsored attackers

gather intelligence or commit sabotage on behalf of their government.
They are usually highly trained and well-funded and their attacks are
focused on specific goals that are beneficial to their government.

Module 02: Attacks, Concepts and Techniques
Analyzing a Cyber Attacks

S-ITCS318 8
 Types of Malware

Malware

is any code that can be used to steal data, bypass access controls, or
cause harm to or compromise a system.

Spyware

Designed to track and spy on you, spyware monitors your online
activity and can log every key you press on your keyboard, as well as
capture almost any of your data, including sensitive personal
information such as your online banking details.

Adware

is often installed with some versions of software and is designed to
automatically deliver advertisements to a user, most often on a web
browser.

Backdoor

is used to gain unauthorized access by bypassing the normal
authentication procedures to access a system.

Ransomware

is designed to hold a computer system or the data it contains captive
until a payment is made.

Scareware

is a type of malware that uses 'scare’ tactics to trick you into taking a
specific action. Scareware mainly consists of operating system style
windows that pop up to warn you that your system is at risk and needs
to run a specific program for it to return to normal operation.

Rootkit

is designed to modify the operating system to create a backdoor,
which attackers can then use to access your computer remotely.

Virus

S-ITCS318 9
 is a type of computer program that, when executed, replicates and
attaches itself to other executable files, such as a document, by
inserting its own code.

Trojan horse

carries out malicious operations by masking its true intent. It might
appear legitimate but is, in fact, very dangerous.

Worms

is a type of malware that replicates itself in order to spread from one
computer to another. Unlike a virus, which requires a host program to
run, worms can run by themselves.

Symptoms of Malware
an increase in CPU usage which slows down your device

your computer freezing or crashing often

a decrease in your web browsing speed

unexplainable problems with your network connections

modified or deleted files

the presence of unknown files, programs or desktop icons

unknown processes running

S-ITCS318 10
 Symptoms of Malware
Social Engineering

is the manipulation of people into performing actions or divulging confidential
information.

common types of social engineering attacks:

Pretexting

This is when an attacker calls an individual and lies to them in an
attempt to gain access to privileged data.

Tailgating

This is when an attacker quickly follows an authorized person into
a secure, physical location.

Something for something (quid pro quo)

S-ITCS318 11
 This is when an attacker requests personal information from a
person in exchange for something, like a free gift.

Denial of Service

attacks are a type of network attack that is relatively simple to carry out, even
by an unskilled attacker. A DoS attack results in some sort of interruption of
network service to users, devices or applications.

Two main types of DoS attacks

Overwhelming quantity of traffic

Maliciously formatted packets

packet - is a collection of data that flows between a source and a
receiver computer or application over a network, such as the internet.

Distributed DoS

attack is similar to a DoS attack but originates from multiple, coordinated
sources. For example:

An attacker builds a network (botnet) of infected hosts called zombies,
which are controlled by handler systems.

The zombie computers will constantly scan and infect more hosts,
creating more and more zombies.

When ready, the hacker will instruct the handler systems to make the
botnet of zombies carry out a DDoS attack.

Botnet

bot computer - is typically infected by visiting an unsafe website or opening
an infected email attachment or infected media file.

Botnet is a group of bots, connected through the Internet, that can be
controlled by a malicious individual or group. It can have tens of thousands, or
even hundreds of thousands, of bots that are typically controlled through a
command and control server.

S-ITCS318 12
 On-Path Attacks

intercept or modify communications between two devices, such as a web
browser and a web server, either to collect information from or to impersonate
one of the devices.

Man-in-the-middle (MITM)

attack happens when a cybercriminal takes control of a device without
the user’s knowledge.

Man-in-the-mobile (MITMO)

a variation of man in the middle, MitMo is a type of attack used to take
control over a user’s mobile device.

SEO

is about improving an organization’s website so that it gains greater visibility in
search engine results.

SEO Poisoning

increase traffic to malicious sites that may host malware or attempt social
engineering

Wi-Fi Password Cracking
You’re enjoying your lunch in the canteen when a colleague approaches you.
They seem distressed.

S-ITCS318 13
 They explain that they can’t seem to connect to the public Wi-Fi on their phone
and ask if you have the private Wi-Fi password to hand so that they can check
that their phone is working.
How would you respond?

Select the correct answer, then Submit.

Password Attacks

Password spraying

This technique attempts to gain access to a system by ‘spraying’ a few
commonly used passwords across a large number of accounts.

Dictionary Attacks

A hacker systematically tries every word in a dictionary or a list of
commonly used words as a password in an attempt to break into a
password-protected account.

Brute-force attacks

The simplest and most commonly used way of gaining access to a
password-protected site, brute-force attacks see an attacker using all
possible combinations of letters, numbers and symbols in the password
space until they get it right.

Rainbow attacks

S-ITCS318 14
 passwords in a computer system are not stored as plain text, but as
hashed values (numerical values that uniquely identify data). A rainbow
table is a large dictionary of precomputed hashes and the passwords from
which they were calculated.

Traffic interception

Plain text or unencrypted passwords can be easily read by other humans
and machines by intercepting communications.

Advanced Persistent Threats (APTs)

a multi-phase, long term, stealthy and advanced operation against a specific
target. For these reasons, an individual attacker often lacks the skill set,
resources or persistence to perform APTs.

Its main purpose is to deploy customized malware on one or more of the
target’s systems and remain there undetected.

S-ITCS318 15
 Security Vulnerability and Exploits
Hardware Vulnerabilities

are most often the result of hardware design

Meltdown and Spectre

Google security researchers discovered Meltdown and Spectre, two
hardware vulnerabilities that affect almost all central processing units
(CPUs) released since 1995 within desktops, laptops, servers,
smartphones, smart devices and cloud services.

Attackers exploiting these vulnerabilities can read all memory from a given
system (Meltdown), as well as data handled by other applications
(Spectre).

The Meltdown and Spectre vulnerability exploitations are referred to as
side-channel attacks (information is gained from the implementation of a

S-ITCS318 16
 computer system).

Hardware vulnerabilities are specific to device models and are not generally
exploited through random compromising attempts.

Software Vulnerabilities

are usually introduced by errors in the operating system or application code.

SYNful Knock

allowed attackers to gain control of enterprise grade routers, such as the
legacy Cisco ISR routers, from which they could monitor all network
communication and infect other network devices.

Categorizing Software Vulnerabilities

Butter overflow

Buffers are memory areas allocated to an application. A vulnerability
occurs when data is written beyond the limits of a buffer. By changing data
beyond the boundaries of a buffer, the application can access memory
allocated to other processes.

Non-validated input

Programs often require data input, but this incoming data could have
malicious content, designed to force the program to behave in an
unintended way.

Race conditions

This vulnerability describes a situation where the output of an event
depends on ordered or timed outputs. A race condition becomes a source
of vulnerability when the required ordered or timed events do not occur in
the correct order or at the proper time.

Weaknesses in security practices

Systems and sensitive data can be protected through techniques such as
authentication, authorization and encryption. Developers should stick to
using security techniques and libraries that have already been created,

S-ITCS318 17
 tested and verified and should not attempt to create their own security
algorithms. These will only likely introduce new vulnerabilities.

Access control problems

Access control is the process of controlling who does what and ranges
from managing physical access to equipment to dictating who has access
to a resource, such as a file, and what they can do with it, such as read or
change the file. Many security vulnerabilities are created by the improper
use of access controls.

Software Updates

The goal of software updates is to stay current and avoid exploitation of
vulnerabilities. Microsoft, Apple and other operating system producers release
patches and updates almost every day and applications such as web
browsers, mobile apps and web servers are often updated by the companies
or organizations responsible for them.

Google’s Project Zero is a great example of this practice. After discovering a
number of vulnerabilities in various software used by end users, Google
formed a permanent team dedicated to finding software vulnerabilities.

S-ITCS318 18
 The Cybersecurity Landscape
Cryptocurrency

is digital money that can be used to buy goods and services, using strong
encryption techniques to secure these online transactions. Banks,
governments and even companies like Microsoft and AT&T are very aware of
its importance and are jumping on the cryptocurrency bandwagon!

Cryptojacking

is an emerging threat that hides on a user’s computer, mobile phone, tablet,
laptop or server, using that machine’s resources to 'mine’ cryptocurrencies
without the user's consent or knowledge.

S-ITCS318 19