DIS Unit-2

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 51

UNIT 2

SECURITY INVESTIGATION

Need for Security –Business Needs First – Threats– Attacks –Legal, Ethical, and
Professional Issues in Information Security- An Overview of Computer Security -
Access Control Matrix, Policy-Security policies, Confidentiality policies, Integrity
policies and Hybrid policies
NEED FOR SECURITY
• The purpose of information security management is to ensure
business continuity and reduce business damage by preventing and
minimizing the impact of security incidents
• Information Security Management System (ISMS) enables information
to be shared, by ensuring the protection of information and
computing assets.
Securing the information on your computer means:
• Ensuring that your information remains confidential and only those
who should access that information, can.
• Knowing that no one has been able to change your information, so
you can depend on its accuracy (information integrity).
• Making sure that your information is available when you need it (by
making back-up copies and, if appropriate, storing the back-up copies
off-site).
BUSINESS NEEDS FIRST
• Focusing on business needs is a crucial aspect of information security
investigations
• It's about protecting the business's critical assets, ensuring continuity
of operations, and minimizing risks that could impact the
organization's bottom line.
Four important functions for an organization:
1. Protecting the functionality of an organization
2. Enabling the safe operation of applications implemented on the
organization’s IT systems
3. Protects the data the organization collects and uses.
4. Safeguards the technology assets in use at the organization.
1. Protecting the functionality of an organization
Decision makers in organizations must set policy and operate
their organizations in compliance with the complex, shifting legislation
that controls the use of technology.

2. Enabling the safe operation of applications


The modern organization needs to create an environment that
safeguards applications using the organization’s IT systems, particularly
those applications that serve as important elements of the
infrastructure of the organization.
3. Protecting data that organizations collect & use
• Protecting data in rest and in motion
• Both are critical aspects of information security.
• The value of data motivates attackers to steal, sabotage, or corrupt
it. Therefore, it is essential for the protection of integrity and value of
the organization’s data
4. Safeguarding Technology assets in organizations
• Must add secure infrastructure services based on the size and scope
of the enterprise.
• Organizational growth could lead to the need for public key
infrastructure(PKI), an integrated system of software, encryption
methodologies.
THREATS
A threat is an object,
person, or other entity,
that represents a
constant danger to an
asset.
1. Acts of Human Error or Failure:
• Acts performed without intent or malicious purpose by an
authorized user.
• because of in experience ,improper training,
• Making of incorrect assumptions.
One of the greatest threats to an organization’s information security is
the organization’s own employees.
• Entry of erroneous data
• accidental deletion or modification of data
• storage of data in unprotected areas.
Failure to protect information can be prevented with
- Training
- Ongoing awareness activities
- Verification by a second party
- Many military applications have robust, dual- approval controls
built in .
2. Compromises to Intellectual Property
• Intellectual Property(IP) is defined as the ownership of ideas and control over those
ideas.
• Intellectual property includes trade secrets, copyrights, trademarks, and patents.
• Once intellectual property has been defined and properly identified, breaches to IP
constitute a threat to the security of this information.
• Organization purchases or leases the IP of other organizations.
• Most Common IP breach is the unlawful use or duplication of software based
intellectual property more commonly known as software Piracy.
• Software Piracy affects the world economy.

Two watch dog organizations investigate allegations of software abuse.


1. Software and Information Industry Association (SIIA)
2. Business Software Alliance (BSA)
3. Deliberate Acts of Espionage or Trespass
• Electronic and human activities that can breach the confidentiality of
information.
• When an unauthorized individual’s gain access to the information an
organization is trying to protect is categorized as act of espionage or
trespass.
• Attackers can use many different methods to access the information
stored in an information system. They are
1. Competitive Intelligence[use web browser to get information from
market research]
2. Industrial espionage(spying)
3. Shoulder Surfing(Observational)
Trespass
• Can lead to unauthorized real or virtual actions that enable
information gatherers to enter premises or systems they have not
been authorized to enter.
• Hackers-> “People who use and create computer software to gain
access to information illegally”
• There are generally two skill levels among hackers.
• Expert Hackers-> Masters of several programming languages,
networking protocols, and operating systems .
• Unskilled Hackers
4. Deliberate Acts of information Extortion (obtain by force or threat)
Possibility of an attacker stealing information from a computer
system and demanding compensation for its return or for an agreement not
to disclose the information.

5. Deliberate Acts of sabotage or Vandalism


• Destroy an asset
• Damage the image of organization
• Cyber terrorism-Cyber terrorists hack systems to conduct terrorist
activities through network or internet pathways.
6. Deliberate Acts of Theft
• Illegal taking of another’s property-- is a constant problem.
• Within an organization, property can be physical, electronic, or intellectual.
• Physical theft can be controlled by installation of alarm systems and Trained
security professionals.
• Electronic theft control is under research.
7. Deliberate Software Attacks
• Because of malicious code or malicious software or sometimes malware.
• These software components are designed to damage, destroy or deny service to
the target system.
More common instances are
• Virus, Worms, Trojan horses, Logic bombs, Backdoors
7.1 Virus
• A program or piece of code that be loaded on to your computer, without your
knowledge and run against your wishes
• Macro virus-> Embedded in word processors, spreadsheets and database applications.
• Boot Virus-> infects the key operating files located in the computer’s boot sector.
7.2 Worms
• A worm is a malicious program that replicates itself constantly
• Worms can continue replicating themselves until they completely fill available
resources, such as memory, hard drive space, and network bandwidth.
• Eg: MS-Blaster, MyDoom, Netsky, are multifaceted attack worms.
• Once the worm has infected a computer , it can redistribute itself to all e-mail
addresses found on the infected system.
• Furthermore, a worm can deposit copies of itself onto all Web servers that the infected
systems can reach, so that users who subsequently visit those sites become infected.
7.3 Trojan Horses

• They are software programs that hide their true nature and reveal their
designed behavior only when activated.
7.4 Back Door or Trap Door
A Virus or Worm has a payload that installs a backdoor or trapdoor
component in a system, which allows the attacker to access the system at will with
special privileges. Eg: Back Orifice
A backdoor is a hidden or undocumented method of bypassing normal
authentication or security controls in a computer system, application, or network

Polymorphism
• A Polymorphic threat is one that changes its apparent shape over time, making
it undetectable by techniques that look for preconfigured signatures.
• These viruses and Worms actually evolve, changing their size, and appearance to
elude detection by antivirus software programs.
7.5 Virus & Worm Hoaxes
Types of Trojans
• Data Sending Trojans
• Proxy Trojans
• FTP Trojans
• Security software disabler Trojans
• Denial of service attack Trojans(DOS)
Virus- A program or piece of code that be loaded on to your computer, without your knowledge
and run against your wishes
Worm- A program or algorithm that replicates itself over a computer network and usually
performs malicious actions.
Trojan Horse- They are destructive programs that hide their true nature and reveal their designed
behavior only when activated.
Blended threat- Blended threats combine the characteristics of virus, worm, Trojan horses &
malicious code with server and Internet Vulnerabilities.
Antivirus Program- A Utility that searches a hard disk for viruses and removes any that found.
7.8 Forces of Nature
• Fire: Structural fire that damages the building. Also encompasses smoke damage from a fire or water
damage from sprinkles systems.
• Flood: Can sometimes be mitigated with flood insurance and/or business interruption Insurance.
• Earthquake: Can sometimes be mitigated with specific causality insurance and/or business interruption
insurance, but is usually a separate policy.
• Lightning: An Abrupt, discontinuous natural electric discharge in the atmosphere.
• Landslide/Mudslide: The downward sliding of a mass of earth & rocks directly damaging all parts of the
information systems.
• Tornado/Severe Windstorm
• Huricane/typhoon
• Tsunami
• Electrostatic Discharge (ESD)
• Dust Contamination

Since it is not possible to avoid force of nature threats, organizations must implement controls to limit
damage.
7.9 Deviations in Quality of Service
• The Organization’s information system depends on the successful operation of
many interdependent support systems.
• It includes power grids, telecom networks, parts suppliers, service vendors, and
even the janitorial staff/custodian & garbage haulers.
• This degradation of service is a form of availability disruption.
1. Internet Service Issues
2. Communications & Other Service Provider Issues
3. Power Irregularities
7.10 Technical Hardware Failures or Errors
• Resulting in unreliable service or lack of availability
• Some errors are terminal, in that they result in unrecoverable loss of equipment.
• Some errors are intermittent, in that they resulting in faults that are not easily repeated.
7.11 Technical software failures or errors
• This category involves threats that come from purchasing software with unknown,
hidden faults.
• Large quantities of computer code are written, debugged, published, and sold before all
their bugs are detected and resolved.
• These failures range from bugs to untested failure conditions.
7.12 Technological obsolescence
• Outdated infrastructure can lead to unreliable and untrustworthy systems.
• Management must recognize that when technology becomes outdated, there is a risk of
loss of data integrity from attacks.
ATTACKS
• An attack is an act of or action that takes advantage of a vulnerability
to compromise a controlled system.
• It is accomplished by a threat agent that damages or steals an
organization’s information or physical asset.
• Vulnerability is an identified weakness in a controlled system, where
controls are not present or are no longer effective.
• Attacks exist when a specific act or action comes into play and may
cause a potential loss.
Malicious code
• The malicious code attack includes the execution of viruses, worms, Trojan
horses, and active Web scripts with the intent to destroy or steal information.
• The state –of-the-art malicious code attack is the polymorphic or multivector,
worm.
• These attack programs use up to six known attack vectors to exploit a variety of
vulnerabilities in commonly found information system devices. They are as
follows
Attack Replication Vectors
1. IP scan & attack
2. Web browsing
3. Virus
4. Unprotected shares
5. Mass mail
6. Simple Network Management Protocol(SNMP)
1. IP scan & attack
The infected system scans a random or local range of IP addresses and targets any of several vulnerabilities
known to hackers.
2. Web browsing
If the infected system has write access to any Web pages, it makes all Web content files (.html,.asp,.cgi & others)
infectious, so that users who browse to those pages become infected.
3. Virus
Each infected machine infects certain common executable or script files on all computers to which it can write
with virus code that can cause infection.
4. Unprotected shares
Using vulnerabilities in file systems and the way many organizations configure them, the infected machine copies
the viral component to all locations it can reach.
5. Mass Mail
By sending E-mail infections to addresses found in the address book, the infected machine infects many users,
whose mail -reading programs also automatically run the program & infect other systems.
6. Simple Network Management Protocol (SNMP)
By using the widely known and common passwords that were employed in early versions of this protocol, the
attacking program can gain control of the device. Most vendors have closed these vulnerabilities with software
upgrades.
Examples
• Hoaxes: Refers to a false piece of information that is spread with the
intention of misleading, causing panic, or tricking individuals into
taking unnecessary actions that could potentially harm their
computer systems, data, or overall security.
• Various forms- emails, social media posts, blog articles, or official
messages that seem to come from reputable sources
• Backdoors: A backdoor is a hidden or undocumented method of
bypassing normal authentication or security controls in a computer
system, application, or network
Password Crack: Practice of attempting to guess or discover
passwords used to secure various accounts and systems.

Brute Force: It's a technique where attackers systematically attempt


every possible password until they find the correct one. Also called as
Password attack

Brute force attacks are a subset of password cracking techniques, and


password cracking includes multiple approaches to gain unauthorized
access to systems or accounts.
• Spoofing: It is a technique used to gain unauthorized access to
computers, where in the intruder sends messages to a computer that
has an IP address that indicates that the messages are coming from a
trusted host.
Dictionary: List of potential passwords is referred to as a "dictionary”.
Attacker tries to gain unauthorized access by guessing passwords from
a predefined list of words, phrases, or commonly used passwords.

Denial –of- Services(DOS) & Distributed Denial –of- Service(DDOS): It


aims to disrupt the normal functioning system, or service by
overwhelming it with a flood of traffic or requests.

Man-in-the –Middle: An attacker monitors packets from the network,


modifies them, and inserts them back into the network. Uses IP
spoofing. Otherwise called as TCP hijacking attack.
SPAM: Irrelevant messages sent over digital communication channels,
such as email, social media and etc. They are Usually sent in bulk and
are often intended for advertising, phishing, spreading malware, or
promoting fraudulent schemes.

Mail Bombing: Attacker routes large quantities of e-mail to the target.


It causes the recipient's email server or client potentially
unresponsive. This attack is designed to disrupt the target's
communication and productivity.
Sniffers: Program or device that can monitor data traveling over a
network. Unauthorized sniffers can be extremely dangerous to a
network’s security. Sniffer often works on TCP/IP networks, So they are
called as “packet Sniffers”.
Social Engineering: Process of using social skills to convince people to
reveal access credentials or other valuable information to the attacker.
Buffer Overflow: Application error that occurs when more data is sent
to a buffer than it can handle. Attacker can make the target system
execute instructions.
Timing Attack: Attacker attempts to guess a user's password by trying
different password combinations one after another. They measure the
time it takes for the system to respond to each login attempt.
LEGAL, ETHICAL, AND
PROFESSIONAL ISSUES IN
INFORMATION SECURITY
1. Law and Ethics in Information Security
• Laws -rules that prohibit certain behavior in society
• Ethics- socially acceptable behaviors(Cultural Norms)
Types of Law
• Civil law- deals the disputes between individuals, organizations
• Criminal law- focuses on offenses
• Tort law- deals with civil wrongs or injuries caused by one party
• Private law- protects individual rights
• Public law- governs the interactions between citizens and the government.
2. Relevant U.S. Laws – General:
• Computer Fraud and Abuse Act of 1986
• National Information Infrastructure Protection Act of 1996
• USA Patriot Act of 2001
• Telecommunications Deregulation and Competition Act of 1996
• Communications Decency Act (CDA)
• Computer Security Act of 1987
Privacy: Privacy is the fundamental right and concept that individuals have the
authority to control their personal information and decide who
can access, use, or share it.

Privacy of Customer Information:


• Privacy of Customer Information Section of Common Carrier Regulations
• Federal Privacy Act of 1974
• The Electronic Communications Privacy Act of 1986
• The Health Insurance Portability & Accountability Act Of 1996 (HIPAA) also
known as the Kennedy-Kassebaum Act
• The Financial Services Modernization Act or Gramm-Leach-Bliley Act of
1999
ACT SUBJECT DATE DESCRIPTION
Communications Telecommunications 1934 Regulates interstate and
Act of 1934,updated foreign
by Telecommunications.
Telecommunications
Deregulation &
Competition Act

Computer Fraud & Threats to 1986 Defines and formalizes


Abuse Act Computers laws to counter threats
from computer related acts
and offenses.
Computer Security Federal Agency 1987 Requires all federal
Act of 1987 Information Security computer systems that
contain classified
information to have surety
plans in place, and requires
periodic security training
for all individuals who
operate, design, or manage
such systems.

U.S Laws to Information Security Professionals


ACT SUBJECT DATE DESCRIPTION
Economic Trade secrets. 1996 Designed to prevent abuse of information gained
Espionage Act of by an individual working in one company and
1996 employed by another.
Electronic Cryptography 1986 Also referred to as the Federal Wiretapping Act;
Communications regulates interception and disclosure of electronic
Privacy Act of information.
1986
Federal Privacy Privacy 1974 Governs federal agency use of personal information
Act
of 1974
Gramm-Leach- Banking 1999 Focuses on facilitating affiliation among banks,
Bliley Act of 1999 insurance and securities firms; it has significant
impact on the privacy of personal information used
by these industries
Health Insurance Health care 1996 Regulates collection, storage, and transmission of
Portability and privacy sensitive personal health care information.
Accountability Act

U.S Laws to Information Security Professionals


ACT SUBJECT DATE DESCRIPTION
National Information Criminal intent 1996 Categorized crimes based on defendant’s
Infrastructure protection Act authority to access computer and criminal
of 1996 intent.
Sarbanes-Oxley Act of 2002 Financial Reporting 2002 Affects how public organizations and
accounting firms deal with corporate
governance, financial disclosure, and
the practice of public accounting

Security and Freedom Use and sale of 1999 Clarifies use of encryption for people in the
through software that uses or United states and permits all persons in
Encryption Act of 1999 enables encryption. the U.S. to buy or sell any encryption
product and states that the government
cannot require the use of any kind of key
escrow system for encryption products.

U.S.A. Patriot Act of 2001 Terrorism 2001 Defines stiffer penalties for prosecution of
terrorist crimes.

U.S Laws to Information Security Professionals


Freedom of Information Act of 1966 (FOIA):
The Freedom of Information Act provides any person with the right to request access to
federal agency records or information, not determined to be of national security
-US Government agencies are required to disclose any requested information on
receipt of a written request

State & Local Regulations:


It is the responsibility of the information security professional to understand state laws and
regulations and insure the organization’s security policies and procedures comply with
those laws and regulations
International Laws and Legal Bodies:
Recently the Council of Europe drafted the European Council Cyber-Crime
Convention, designed
- to create an international task force to oversee a range of security functions
associated with Internet activities,
- to standardize technology laws across international borders
Digital Millennium Copyright Act (DMCA):
•DMCA is the US version of an international effort to reduce the impact of copyright,
trademark, and privacy infringement
•The European Union Directive 95/46/EC increases protection of individuals with
regard to the processing of personal data and limits the free movement of such data
•The United Kingdom has already implemented a version of this directive called the
Database Right
United Nations Charter:
United Nations Charter provides provisions for information security during Information Warfare
 Information Warfare (IW) involves the use of information technology to conduct offensive
operations as part of an organized and lawful military operation by a sovereign state
IW is a relatively new application of warfare, although the military has been conducting electronic
warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy
communications
Policy Versus Law:
 Most organizations develop and formalize a body of expectations called policy
 Policies function in an organization like laws
 For a policy to become enforceable, it must be:
- Distributed to all individuals who are expected to comply with it
- Readily available for employee reference
- Easily understood with multi-language translations and translations for visually impaired, or literacy-
impaired employees
- Acknowledged by the employee.
4. Ethical Concepts in Information Security:
Cultural Differences in Ethical Concepts
 Differences in cultures cause problems in determining what is ethical and what is not ethical
 Studies of ethical sensitivity to computer use reveal different nationalities have different
perspectives
 Difficulties arise when one nationality’s ethical behavior contradicts that of another national
group
Ethics and Education
Employees must be trained and kept aware of a number of topics related to information security,
not the least of which is the expected behaviors of an ethical employee
Many employees may not have the formal technical training to understand that their behavior
Proper ethical and legal training is vital to creating an informed, well prepared, and low risk system
user
Deterrence to Unethical and Illegal Behavior
• Deterrence - preventing an illegal or unethical activity
• Laws, policies, and technical controls are all examples of deterrents
• Laws and policies only deter if three conditions are present:
- Fear of penalty
- Probability of being caught
- Probability of penalty being administered
OVERVIEW OF COMPUTER SECURITY
• Computing system: is a collection of hardware, software, data, and
people that an organization uses to do computing tasks
• Computer security-protecting our computing system
Main aspects are:
• Prevention:- Prevent your assets from being damaged
• Detection :- Detect when assets has been damage
• Reaction:- Recover your assets
Computer Security: Ensuring the data stored in a computer cannot be read or
compromised by an individual‘s without authorization.
Most computer security measures involve data encryption and passwords.
Access Control
• Access control is restricting access to a system or its resources based
on the identity of the user
Minimize the risk of unauthorized access
Access Control are a collection of mechanism that work together to protect
the assets of the enterprise. They help protect against threats by reducing
exposure to unauthorizes activities and providing access to only authorized
user
Access
Control
Access Control Matrix
• All the information needed for access control administration can be
put into a matrix with rows representing the subjects or groups of
subjects and columns representing the objects.
Feature of the access control matrix is its sparseness. Because the matrix is so sparse,
storage consideration becomes an issue, and it is better to store the matrix as a list.
Types of Access Control

You might also like