DIS Unit-2
DIS Unit-2
DIS Unit-2
SECURITY INVESTIGATION
Need for Security –Business Needs First – Threats– Attacks –Legal, Ethical, and
Professional Issues in Information Security- An Overview of Computer Security -
Access Control Matrix, Policy-Security policies, Confidentiality policies, Integrity
policies and Hybrid policies
NEED FOR SECURITY
• The purpose of information security management is to ensure
business continuity and reduce business damage by preventing and
minimizing the impact of security incidents
• Information Security Management System (ISMS) enables information
to be shared, by ensuring the protection of information and
computing assets.
Securing the information on your computer means:
• Ensuring that your information remains confidential and only those
who should access that information, can.
• Knowing that no one has been able to change your information, so
you can depend on its accuracy (information integrity).
• Making sure that your information is available when you need it (by
making back-up copies and, if appropriate, storing the back-up copies
off-site).
BUSINESS NEEDS FIRST
• Focusing on business needs is a crucial aspect of information security
investigations
• It's about protecting the business's critical assets, ensuring continuity
of operations, and minimizing risks that could impact the
organization's bottom line.
Four important functions for an organization:
1. Protecting the functionality of an organization
2. Enabling the safe operation of applications implemented on the
organization’s IT systems
3. Protects the data the organization collects and uses.
4. Safeguards the technology assets in use at the organization.
1. Protecting the functionality of an organization
Decision makers in organizations must set policy and operate
their organizations in compliance with the complex, shifting legislation
that controls the use of technology.
• They are software programs that hide their true nature and reveal their
designed behavior only when activated.
7.4 Back Door or Trap Door
A Virus or Worm has a payload that installs a backdoor or trapdoor
component in a system, which allows the attacker to access the system at will with
special privileges. Eg: Back Orifice
A backdoor is a hidden or undocumented method of bypassing normal
authentication or security controls in a computer system, application, or network
Polymorphism
• A Polymorphic threat is one that changes its apparent shape over time, making
it undetectable by techniques that look for preconfigured signatures.
• These viruses and Worms actually evolve, changing their size, and appearance to
elude detection by antivirus software programs.
7.5 Virus & Worm Hoaxes
Types of Trojans
• Data Sending Trojans
• Proxy Trojans
• FTP Trojans
• Security software disabler Trojans
• Denial of service attack Trojans(DOS)
Virus- A program or piece of code that be loaded on to your computer, without your knowledge
and run against your wishes
Worm- A program or algorithm that replicates itself over a computer network and usually
performs malicious actions.
Trojan Horse- They are destructive programs that hide their true nature and reveal their designed
behavior only when activated.
Blended threat- Blended threats combine the characteristics of virus, worm, Trojan horses &
malicious code with server and Internet Vulnerabilities.
Antivirus Program- A Utility that searches a hard disk for viruses and removes any that found.
7.8 Forces of Nature
• Fire: Structural fire that damages the building. Also encompasses smoke damage from a fire or water
damage from sprinkles systems.
• Flood: Can sometimes be mitigated with flood insurance and/or business interruption Insurance.
• Earthquake: Can sometimes be mitigated with specific causality insurance and/or business interruption
insurance, but is usually a separate policy.
• Lightning: An Abrupt, discontinuous natural electric discharge in the atmosphere.
• Landslide/Mudslide: The downward sliding of a mass of earth & rocks directly damaging all parts of the
information systems.
• Tornado/Severe Windstorm
• Huricane/typhoon
• Tsunami
• Electrostatic Discharge (ESD)
• Dust Contamination
Since it is not possible to avoid force of nature threats, organizations must implement controls to limit
damage.
7.9 Deviations in Quality of Service
• The Organization’s information system depends on the successful operation of
many interdependent support systems.
• It includes power grids, telecom networks, parts suppliers, service vendors, and
even the janitorial staff/custodian & garbage haulers.
• This degradation of service is a form of availability disruption.
1. Internet Service Issues
2. Communications & Other Service Provider Issues
3. Power Irregularities
7.10 Technical Hardware Failures or Errors
• Resulting in unreliable service or lack of availability
• Some errors are terminal, in that they result in unrecoverable loss of equipment.
• Some errors are intermittent, in that they resulting in faults that are not easily repeated.
7.11 Technical software failures or errors
• This category involves threats that come from purchasing software with unknown,
hidden faults.
• Large quantities of computer code are written, debugged, published, and sold before all
their bugs are detected and resolved.
• These failures range from bugs to untested failure conditions.
7.12 Technological obsolescence
• Outdated infrastructure can lead to unreliable and untrustworthy systems.
• Management must recognize that when technology becomes outdated, there is a risk of
loss of data integrity from attacks.
ATTACKS
• An attack is an act of or action that takes advantage of a vulnerability
to compromise a controlled system.
• It is accomplished by a threat agent that damages or steals an
organization’s information or physical asset.
• Vulnerability is an identified weakness in a controlled system, where
controls are not present or are no longer effective.
• Attacks exist when a specific act or action comes into play and may
cause a potential loss.
Malicious code
• The malicious code attack includes the execution of viruses, worms, Trojan
horses, and active Web scripts with the intent to destroy or steal information.
• The state –of-the-art malicious code attack is the polymorphic or multivector,
worm.
• These attack programs use up to six known attack vectors to exploit a variety of
vulnerabilities in commonly found information system devices. They are as
follows
Attack Replication Vectors
1. IP scan & attack
2. Web browsing
3. Virus
4. Unprotected shares
5. Mass mail
6. Simple Network Management Protocol(SNMP)
1. IP scan & attack
The infected system scans a random or local range of IP addresses and targets any of several vulnerabilities
known to hackers.
2. Web browsing
If the infected system has write access to any Web pages, it makes all Web content files (.html,.asp,.cgi & others)
infectious, so that users who browse to those pages become infected.
3. Virus
Each infected machine infects certain common executable or script files on all computers to which it can write
with virus code that can cause infection.
4. Unprotected shares
Using vulnerabilities in file systems and the way many organizations configure them, the infected machine copies
the viral component to all locations it can reach.
5. Mass Mail
By sending E-mail infections to addresses found in the address book, the infected machine infects many users,
whose mail -reading programs also automatically run the program & infect other systems.
6. Simple Network Management Protocol (SNMP)
By using the widely known and common passwords that were employed in early versions of this protocol, the
attacking program can gain control of the device. Most vendors have closed these vulnerabilities with software
upgrades.
Examples
• Hoaxes: Refers to a false piece of information that is spread with the
intention of misleading, causing panic, or tricking individuals into
taking unnecessary actions that could potentially harm their
computer systems, data, or overall security.
• Various forms- emails, social media posts, blog articles, or official
messages that seem to come from reputable sources
• Backdoors: A backdoor is a hidden or undocumented method of
bypassing normal authentication or security controls in a computer
system, application, or network
Password Crack: Practice of attempting to guess or discover
passwords used to secure various accounts and systems.
Security and Freedom Use and sale of 1999 Clarifies use of encryption for people in the
through software that uses or United states and permits all persons in
Encryption Act of 1999 enables encryption. the U.S. to buy or sell any encryption
product and states that the government
cannot require the use of any kind of key
escrow system for encryption products.
U.S.A. Patriot Act of 2001 Terrorism 2001 Defines stiffer penalties for prosecution of
terrorist crimes.