LESSON 2.pdf

Full Transcript

a. identify assets
b. identify vulnerabilities
c. identify threats
d. identify controls

2.1 ASSETS,
ATTACKS, RISKS, THREATS, VULNERABILITIES AND
COUNTERMEASURES
Now that we have already defined the main objective of this course, we will be discussing the Common
Body of Knowledge in the areas of Information Assurance and Security.

ASSETS
Crown Jewels refer to a precious ornament or jewelries worn by a sovereign on certain state occasions.
Simply, crown jewels are particularly valuable or prized possession or something we secure to a safe place.
This analogy will give us what an ASSET is. In every Information System we develop, we treat every data
as a “crown jewels”.
In Information Security, ASSET refers to any pieces of information, device or some other parts related to
them that supports business activities. Assets are either components of a computer and/or the data that are
stored in it. Basically, assets are the stuff that should be put under strict security measure because failure to
do so may result into losses to the organization.
To put is simply, assets are the main reason why we need to secure and assure our information system, that
once these are exposed, it may lead to problems leading to the organizations’ losses.
On a detailed part, mismanagement on the assets may lead into attacks. Attacks refer to activities that are
intended to snatch assets for the intention of using them for bad interests. This attacks are everywhere
whether on public or private sectors. One example of attacks isData Breaches.
Data Breaches is an event wherein an information is accessed without the consent of the authorized. This
data breach is widely observed on the Web-based Information Systems because many assets exposed over
the internet are attacker’s apple of the eye. In fact, victims rise at 80% in India in 2019. The chart below
shows the different types of attacks happened in the web recorded in the Month of September, 2019.
 Source: https://www.hackmageddon.com/2019/11/04/september-2019-cyber-attacks-statistics/

The following are the list of Assets that Information Assurance and Security is trying to protect;
1. Customer Data
2. IT and Network Infrastructure
3. Intellectual Property
4. Finances and Financial Data
5. Service Availability and Productivity
6. Reputation
On the other hand, the person with a bad intention to attack one’s asset is a Hacker. Hackers refer to anyone
with a professional skill to access assets without any authorization. Their intention is basically to commit
crimes, mostly to steal and destroy systems. Sometimes, systems were being hacked to hold the assets of
the system in hostage wherein ransom is being collected in condition to bringing back the assets.
However, good hackers also exist. They are the one who uses their skills in hardware and software to bypass
security of a device or a network. Their intention is to provide service to the victims of attacks. Either public
or private sectors are hiring good hackers to help them keep their systems safe.
Computer Security Professional named hackers metaphorically using hat colors such as White, Black and
Gray. This name comes from the old spaghetti in the western country sides where black has been worn by
bad cowboys, white has been worn by the good ones and gray in neutral.

Black Hat Hackers
Black Hat Hackers basically have an advanced knowledge in destroying networks. They perform the
hacking through bypassing the security measures of the networks. This type of hacker also has a knowledge
in creating malware which intends to gain access to the systems to steal personal and financial assets.
White Hat Hackers
Hackers who utilizes their skills to do good is referred to as White Hat Hackers. Most of the big companies
intentionally employs white hat hackers to work for them. Their main responsibility is to check and find
ditch in their systems through hacking.
The main difference of White Hat Hackers to the Black ones is that, white hat performs hacking with the
owner’s permission while the black one, doesn’t.In fact, they are some trainings and certifications for ethical
hacking.

Grey Hat Hackers
Grey can neither be white or black. This analogy applies with the Grey Hat Hackers. They are combinations
of ethical and unethical hackers. Sometimes, they will find for a system or organizations’ weakness without
authorized access and report it to the company. Companies then will hire them to secure the asset. However,
if they do not employ the Grey Hat Hackers, they will exploit the said assets online for the other Black Hat
Hackers perform their intentions.
The term hacker always means not good to us. However, it is very important for us to understand that our
judgement to them shall always depend on their intentions.
Aside from hackers, we also have someone who violate or breaks the security of the remote machines. They
are known as Crackers. Initially, crackers get unauthorized access to the vital data and deprive it to the
original user or owner.
Crackers can be identified as fortunately few and far between—experts who discovers security ditch and
exploit them and/or the script kiddie—one who knows how to get programs and run them legitimately.
These hackers and crackers are the one whom Information Security is trying to catch.
Every Attacker, whether a Hacker or a Cracker, uses tools to perform their attacks. The following are the
tools they utilize to do their intentions;
1. Protocol Analyzers (Sniffers). These applications put the host NIC into mode that passes all
traffic to the CPU rather than to the controller it is designed to receive.
2. Port Scanner is an application that intends to probe a host for open port.
3. Finger scanning, is a way to acquire human biometric like fingerprints.
4. Vulnerability Scanning Tools are automated tools that scans web-based applications and finds
vulnerability. Examples are Cross-site scripting, SQL Injection, Command Injection, Path
Traversal and insecure server configuration.
5. Exploit Software is a bit of technology, a chunk of data or a series of commands that compromises
a bug or vulnerability to trigger unintended or unforeseen behavior to occur on computer software,
hardware or anything electronic.
6. Wardialers. This can be used to find backdoors into your network. This dials telephones to check
if there is a line that contains data through a modem and the like.
7. Password Cracker. This software is used to retrieve a forgotten password or other network
resources. Sometimes, these are used to access resources without permission.
8. Keystroke Loggers. Keylogger refers to a surveillance application that has the ability to record
every keystroke that is made on the system. This intends to record log file that is usually encrypted.
Security Breach
Security breaches happen a lot — not at your house necessarily, but in large and small organizations.
Intention to destroy a company’s standing and finances is one concrete reason why Security Breach exists.
Security and data breaches can happen on a large uncontrollable scale.
This happens when an attacker or intruder gains access without the permission of the asset’s owner or
keeper. They use bypass mechanism that typically can reach the restricted areas. Security breach is a
violation that can lead to damage and even loss of assets.
Simply, Security Breaches refers to any action that would result in a violation of any rules of the Central
Intelligence Agency. Most of these breaches disrupt services intentionally. However, some of them are
accidental but both can cause hardware or software failures.
The following are activities that cause Security Breaches;
1. Attack through Denial of Service (DoS). This refers to an attack that kills a machine or
network, resulting for a legitimate user not to use the destroyed asset.
2. Distributed denial-of-service (DDoS). This happens when an attacker floods network traffic to
the target making it impossible for a legitimate user be denied to use the network or a node.
3. Unacceptable Web Browsing. Acceptable web browsing is defined in an Acceptable Use Policy
(AUP) like finding for a file in the directory or browsing restricted sites.
4. Wiretapping. Wiretapping refers to the practice of connecting a listening device to a telephone
line to secretly monitor a conversation.
5. Backdoors. This refers to the hidden access included by the developers. Backdoors are used to
obtain exposure to the data repositories.
6. Data Modifications. Refers to the change in data that happens purposely or accidentally. It may
also include incomplete and truncated data.
Additional Security Challenges may include:
1. Spam and Spim. Spam refers to unsolicited email spim are spams over instant messaging.
2. Cookies. Cookies contain little chunks of data that may include login credentials that make it
possible for a user to have a great browsing experience.
3. Hoaxes.A hoax is a message that claims to warn recipients of a (non-existent) computer virus
threat.

RISK, THREATS AND VULNERABILITIES
Risk, Threats and Vulnerabilities are some characteristic that describes something that is needs to be taken
care. Failing to do so may lead into an attack,
Risk refers to the probability that bad things will happen to a specific asset.
Threat is defined as any action that might compromise or destroy an asset.
 Vulnerability is a weakness that may harm systems or networks.
There are a wide variety of threats that spread out specially in the internet. Many call the internet as
marketplace of threats.

Threats can be categorized into Three Types which includes:
1. Disclosure Threats.These threats may include sabotage and espionage.
2. Unauthorized Threats. One of the examples in relation to Unauthorized Threats is the
Unauthorized Changes—modifications made exceeding the policy that has been agreed upon
3. Denial or Destruction Threats. DoS and/or DDoS best explains these threats.

Categories of Malicious Attacks
Malicious Attacks can be regarded according to the intent of actions. These may include the following:
1. An interception refers to an access gained by an unauthorized party to an asset. This may include
elicit program copying and/or wiretapping.
2. Interruption happens when a system becomes lost, unavailable or unusable.
3. Modification occurs when an unauthorized attacker tampers an asset.
4. Fabrication refers to the counterfeiting of a system or network that is done by unauthorized
party.

Types of Active Threats
The following enlists types of threats that is currently active that developers or Information Security
Professional shall be aware of:
1. Birthday Attacks
2. Brute-Force Password Attacks
3. Dictionary Password Attacks
4. IP Addressing Spoofing
5. Hijacking
6. Replay Attacks
7. Man-In-The-Middle Attacks
8. Masquerading
9. Social Engineering
10. Phishing
11. Phreaking
12. Pharming

Malicious Software (Malware)
In the context of installing before, during and after installing software to our systems, we can say that is it
malicious if it;
1. Causes damage
2. Escalates security privileges
3. Divulges private data
4. Modifies or deletes data
General Classification
of Malware Virus

Like human being, our systems or assets can be infected by a virus too. In computing, virus
comes into another program or application. Basically, it contaminate a program and can
cause it to be copied to other computers themselves. Most of the time, when the user uses
an infected application, the virus triggers.

Worm
Worm refers to a program that is self-contained. This also duplicates and send itself to other
hosts without any user intervention. One scary thing about worm is that, it does not need an
application that is installed to contaminate the whole system.

Trojan Horse
Trojan Horse is a malware that hides into a useful program. This collects sensitive
information, and may open backdoors into computers. Trojan Horse can actively upload and
download files.

Rootkit
A rootkit is a group of software that is malicious. Basically, these applications gets access
to a machine unauthorizedly and hides their existence on the other applications.

Spyware
Spywares are type of malwares. They target the confidential data. Mostly, they can monitor
the actions and even can do a course of actions like scanning, snooping and installing
another spyware. They can even change the default browser of a computer.

COUNTERMEASURES
As our Old English Saying states, prevention is better than cure, in information security we
can also cure, if not prevent these attacks to happen. There are suggested activities and tools
so that we, as Information Security Professional can do as an antidote or defense from the
said attacks.
Countermeasures, basically is an action to detect vulnerabilities, prevent attacks and/or react
to the impacts of positive attacks. In cases of an attack, a victim can get help from the
security consultants, law enforcement offices and/ or experts.
The following are countermeasures that can help in preventing and/or curing malware:
1. Training events for users
2. Regular updates and bulletins about malwares
3. Do not transfer assets to untrusted or unknown sources.
4. Evaluate new programs or quarantine files on a computer
 5. Purchase and install anti-malware software and scan your files on a regular basis
6. Use comprehensive login credentials
On the other hand, Firewall can defend your system from various forms of attacks too.
Basically, firewall is a program or a dedicated device that inspects network traffic present
in a network. It’s purpose is to deny or permit traffic depending on protocols.