exam 3
Transmission Control Protocol/Internet Protocol (TCP/IP)
- 4 layers
Data Network Components
- Mainframe/Server Hosts - File Servers - Workstations - Software - Network Operating System and Applications
Specific Network Security Objectives ( cont)
- Message non-repudiation is available -prevent unauthorized disclosure of message -prevent unauthoruized disclosure of traffic flow -remote access mechanisms are secure -security mechanisms are easy to implement and maintain] - security mechanisms are transparent ti end users
Major elements of database mngt system
- database -hardware -software -user
Open System Interconnection (OSI) model
7 layers, blueprint not thing, an idea)
Network Protocol Definition
A standard set of rules that governs the exchange of data between hardware and software components in a communications network
Intrusion Prevention System (IPS)
Ability to block attacks in Real time actively intercept and forward packets considered ' access control' and 'policy enforcement' whereas IDS is considered 'network monitoring and 'audot''
Internet Access
Allows users to access network information through an Internet Service Provider (ISP) connection.
A complete conceptual model of systems including software, hardware, and users is known as
Architecture disgram
When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?
Buffer Overflow
Malware Type: Virus
Central characteristic is reporduction generally requires some action by the user
Regarding application security which is not a common issue that poses a potential threat?
Check Sum Redistribution
to resolve IP numbers to names and names to IP numbers is the function of
DNS
OSI-
Data transfer is accomplished by a layer interacting with the layer above or below through the use of interface control information -ISO 7498 -Encipherment -access controls - data integrity
Which is not true of Enterprise Security Architecture
Development of the architecture if primarily end user driven
Confidentiality
Direct loss (backdoors, viruses, etc) Indirect loss( consequential damage due to unauthorized disclosure of confidential information, etc)
DNS
Domain Name System; distributed internet directory service -internet services rely on DNS to work, if DNS fails web sites cannot be located and email delivery stalls
Virtual Private Network (VPN)
Dynamically established secure network link between two specific network codes or subnets using a secure encapsulation uses tunneling and Encryption
Functional Design Definition
Functional requirements activities prepare project plan required security activities security areas in project plan
Objectives of Enterprise Security Architecture
Guidance for decision makers - the resulting business and security decision will be strategically aligned and consistent across the enetrprise -provides specific security-related guidance deciison makers
Infrastructure includes items such as
Hardware, software, operating system and all associated functions, applications, utilities, network environment ( physical things)
RAT
Installed, usually remotely after system installed and working, not in development . - trojan vs tool rootkits require working account, RATS generally dont
Intrusion Detection System (IDS)
Intrusion attempts and any set of actions that attempt to gain unauthorized access are detected auditing for intrusion attempts in a timely basis
IM Security Issues
Most lack encryption capabilities most have features to bypass traditional corporate firewalls
Data Network Components(cont.)
Network adapter/ network interface card hub brudges switches routers gateways
Transmission Control Protocol
Provides reliable data transmission retransmits lost/damaged data segments Sequences incoming segments to match original order Mark evert TCP packet with a source host and port number as well as a destinantion host and port number
General Remote Access Safeguards
Publish a clear/ definitive remote access policy and enforce it through audit -justify all remote users and review regularly -identify and periodically audit all remote access facilities, lines, and connections - consolidate all general dial up facilties into a central bank that is positioned on a DMZ
Malformed input attacks
SQL Injection - inserting a series of SQL statements into a 'query' by manipulating data input into an application
Deadlocking
Stalemate when 2 or more processes are each waiting for the other to do something before they can proceed
Architecture
The highest level concept of a system in its environment
Remote Access Services
Typically conducted over an untrusted network. •Increased risk to disclosure, modification, and denial of service. •Remote access security minimums -Strong identification and authentication services •Rapid growth of remote access via the Internet -Wide availability -Economical
malware types
Virus, Trojan Horse, Worms, Adware, Spyware, RAT( remote access trojan) , DDoS, back door, data diddler , etc
Time of check/Time of Use (TOC/TOU)
When control information is changed between the time that the system security functions check the contents of the variables and when the variables are actually used
Which of the following is a common framework used to develop an Enterprise Security Architecture
Zechman
Security architecture
a high-level design used to satisfy a system's security requirements as defined in an organization's security policy - security blueprint
Spoofing
pretnding to be an IP address woure not
Architecture includes
principles concepts methods practices standards -shift from an IT- centric to a business-centric ssecurity pricess to more effectively manage risk
Availability
programs, data, processing, resources; bandwidth, memory, disk space, mail queues
Architecture
refers to the cohesive design of the elements
General Remote access cont
- implement two factor -use VPN - use personal firewalls and anti virus tools on remote computers
Object reuse
an object may contain sensitive residual data
3GHz- common but older
bluetooth / phones
mobile code/ executable content
code that is downloaded to the users machine and executed running programs on a computer may give the program unexpected access to resources on the machine examples- web applets dynamic email
Trap doors/back doors
hidden mechanisms that bypass authentication measures; could enable unauthorized access
malware type- logic bomb
implanted by an insider, waits for condition or time, triggers negative payload
Intrusion prevention systems
intrusions are prevented
In testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application?
it should be live real-time online data from the current production system
Infrastructure
refers to the supporting elements needed for functionality
DNS (cont)
tree structured Name server- Responds to client request by supplying name to address conversions Resolver- when it does not know the answer, the resolver element will ask another name server for the information
View based access controls
•Security achieved through the appropriate use of 'views.' ( divide into "see" and " not see" -Allows the database to be logically divided into pieces - sensitive data is hidden from unauthorized users. - Controls are located in the front-end application that the user interfaces with and not the back-end query engine
Data Encapsulation
- To transmit data across a layered network, the data passes through each layer of the protocol stack - It begins at the application layer with the application software passing the data to the next lower protocol in the stack - At each layer, the data is encapsulated (the protocol processes the data in the format that the next protocol layer requires)
DBMS should provide
- Transaction persistence: stays there forever -Fault tolerance and recovery -sharing by multiple users -security controls( 1st business process )
Remote access threat
- insecure internet connections -unsecured modem access -diagnostic ports on various network devices
these are apart of data network
- mainframe -workstation -file server
Architecture
- will require formal commitment from the executives to be relied upon for guidance -often are challenging to define - may require assustance with SCOPE definition and mnagement , issue validation, and the definition of the resulting Security principles
Application software
-Comprised of programs, processes, utilities, driver, etc to provide user functionality and support business activities -allows user to execute and perform computerized task
Two objectives of O/S
-Control use of system resources -provide a convenient , easy to understand view of the computer to users
develop and document
-project construction construct from detailed design specification -required security write/ procure and install security related code
project initiation and planning
-project initiation activities identify user needs -required security activities identify security needs
The first step in establishing organization control for remote access
-publish a clear policy on remote access
Change Management Process
1. change request
OSI and TCI/IP is
OSI is the model upon which the TCP/IP protocol is based
complete conceptual model of systems including software, hardware, and users is
architecture diagram
Enterprise security architecture does not address
configurations for technical infrastructure
Strategic
longer life than a blueprint, design specification topology or configuration
malware type trojan horse
pruported to be a positive utility hidden negative payload, social enginerring
Eavesdropping
standard wired equivalent privacy is not used wep is flawed and vulnerable no user authentication
Detailed Design
system design develop detailed designs required security define security specifications
IP Adress (Internet Protocol)
32 bits 110111000 only add the 1s like a light switch
Most common frequency
5GHz - phones
An IP address is...
Composed of 32 bits
Which of the following statements about OSI and TCI/IP is correct
OSI is the model upon which the TCP/IP protocol is based
integrity
programs, system, data, trust relationships; formal( technical trust between subnets and domains) informal(social relations between partners, customers, and clients)
Teardrop Denial of Service Attack
slight change in numbers confere firewall
IP security Issues
•IP Fragmentation Attacks -Tiny fragment attack -Overlapping fragment attack -Teardrop Denial of Service Attack •IP Address Spoofing •Source Routing •Smurf and Fraggle •IP Tunneling over other protocols
The target - organization specific
- Sensitive and critical information - computing services such as storage space and other resources - Network access to interconnected networks, such as customers or business partner
TCP/IP (Transmission Control Protocol/Internet Protocol)
- break data into small pieces that can efficiently be handled by the network communicate the destination of the data to the network verify the receipt of the data on the other end of the transmission reconstruct the data in its original form
these are benefits of enterprise security arch
- constantly mane IT risk across enterprise - allow decision makers to make better and quicker security related decisions -reduce cost and managing IT risk
Relational database sec issues
- ensuring integrity of input data -preventing deadlocking -access controls ensuring only authorized users are preforming authorized activities
Introduction to enterprise security architecture
- how company competes , this contains the concepts , principles, structures,and standards used to design , monitor, and secure operating systems, hardware, networks, applications, and those controls used to enforce various levels of availability , integrity, and confidentiality.
an important consideration for security professionals in project initiation phase
- identification of security needs -identify appropriate security frameworks -conduct of risk analysis
Modern malware is network aware
- new means of spread - new methods of attack -new payloads
enterprise security arch addresses
- strategic alignment -process enhancement -business enablement
common issue that poses as a potential threat
- trap/backdoors -garbage collection -object reuse
database security issues
- unauthorized access -query attacks
System Life Cycle
-Project management-based methodology used to plan, execute, and control software development and maintenance -Provides a framework for the phases of software development projects and includes disposal stage -Involves teams of developers, analysts, owners, users, technical experts, and security experts
Specific Network Security Objectives
-Transmission channels and services are secure and accessible -u=interoperability of network security mechanisms are operational -messages sent are the messages that are received - message link between valid source and destination nodes
these are true about enterprise security arch
-a strategic prospective of organization is required to develop an enterprise security arch -focus on alignment w business processes -architectures should be designed to support organizational goals
Network protocol can also
-describe the format of a message and how it is exchanged - when computers communicate with one another -computers must agree on what a message means
Lack of ent sec arch
-increased consumer complaints - it and business units dont understand the more stringent regulatory and legal compliance requirements difficulty in supporting e-commerce
Tunneling
-is the act of packaging one network packet inside another -the vehicle for encapsulating packet inside protocol that is understood at the entry and exit points of a given network - for confidentiality and integrity the tunnels should be encrypted
Applications Environment
-operating system (O/S): first layer of software
in testing phase of an application development a desirable characteristic of test data
-should represent wide range of possible data that could be enetred in system by users -should be able to validate both before and after test run - provide means of checking upper and lower bounds of the system regrading field size, time, and dates
Address Resolution Protocol (ARP)
-used when a node knows the network layer address but needs the data link layer address to forward the encapsulating frame - the ARP software maintains a table of translations between IP address and data link addresses
Benefits of ent sec arch
Consistently manage IT risk across ent while levering industry best practices - reduces the cost - decision makers better and quicker security related decisions -promose inyerpperability -guidance
Management expectations
Mitigate risk ( most important when talking with organization) -first need to know what risk is present Enhance user productivity -security should not get in the way of productivity Reduce cost -most security is assumed to be built in Streamline application development/integration - Security must not inhibit applications
A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack
Mobile Code/Content
Enterprise
Multiple internal networks internal areas or domains, and various internal devices and systems, applications, and diverse user presence as a single collective unit - Entire organization internal and external
data diddler
Payload in a Trojan or virus that deliberately corrupts data, generally by small increments over time
Data Network Structures examples
Personal area network( on person, person device) -local area network(building) -wide area network( campus -internet -wireless personal area network -metropolitan area network -campus area network extranet
data network com include
Physical cabling- twisted pair / coaxial cable/ fiber optics wireless- radio frequency/infrared/optical/satellite
Which is not a principal benefit of an enterprise security architecture
Promote a positive perspective for systems management across the enterprise
Secure shell ( SSH, SSH2)
SSH - powerful method of performing client authentication - safeguards multiple service sessions between two systems - important from infrastructure POV
Remote access tech
allows users to access network information through a dial in or wireless connection
Secure Shell
data compression data confidentiality and integrity
garbage collection
de-allocation of storage following program execute
Systems development life cycle framework
define , design, develop, deliver initiation/ requirements
Databases
developed to manage information from many sources in one location - preserves storage space - eliminates the need forr duplication prevents inconsistency in data
Which of the following is generally not considered part of a data network
end user
DNS=
phonebook IP
In the project initiation phase of the system development life cycle which is not an important consideration for a security professional
preform unit test to evaluate the security of code
We want to do what in ent sec arch
protect the company, make it easy for users, dont stand in the way of progress and do it as cheaply as possible
Which should be the first step in the establishing organization control for remote access
publish a clear policy on remote access
Malware Type -Worms
reproduces generally uses loopholes in system, does not involve user , ofter attacks server software of some type
To resolve IP numbers to names and names to IP numbers is the function of
the DNS
O/S vs control center
the operating system is a fundamental software that manages the overall operation of a computer, while a control center is a user interface component that allows users to control and customize specific settings on the system. The control center operates within the framework provided by the operating system.
Buffer overflow
the process of exploiting a program weakness by sending long strings of input data to a system that is not prepared to truncate it through proper bound checking - developers should take this type of vulnerability into acct when developing and testing programs
General Remote Access Safeguards( cont)
use phone lines restricted to outbound access for dial out services set modems to answer after a pre-determined number of rings; counters" war Dialers" use secure modems for single port diagnostic and administrative access or unplug when not in use consolidate remote access facilities when practice
Malware type- Hoax
uses users rather than programming 'meme' or mind virus , social enginerring usually warns of a 'new virus'
common framework used to develop ent security arch
zechman
Wireless LAN Vulnerabilities Subtopics
• Detection • Eavesdropping • Modification • Injection • Hijacking • WLAN Architecture • Radio Frequency Management
Lock Controls- the ACID test
•Atomicity( rewrite whole record to make change) - either all changes take effect or none do. •Consistency -a transaction is allowed only if it meets owner/system-defined integrity constraints. •Isolation -the results of the transaction are not visible until the transaction is complete. •Durability -a completed transaction is permanent.
DNS Security Issues
•Attackers have been known to corrupt the tree and obtain access to a trusted machine. •The name servers can be poisoned so that legitimate addresses are replaced. •Unauthorized users could discover sensitive information if querying is allowed by users.
DDOS Zombie
•Expands effect of denial of service. -Middle of master / attacker - agent - target structure. -Hides attacker, multiplies attack.
Virus types
•File infector •Boot sector infector •System infector •Email virus •Multipartite •Macro virus •Script virus •Hoax
Backdoor, Trapdoor
•Implanted intentionally in development, or by error, usually by an insider •Maintenance hook (may have been deliberate and useful) •Also bug / loophole / wormhole
Spyware and Adware
•Intended as marketing, not malice •Installed with other software -As a separate function or program •Generates unwanted or irrelevant advertising •Reports on user activities -possibly other installed programs, possibly user surfing
Malware Types - BotNets
•Networks of infected machines. - for distributed denial of service. - as proxies for SPAM. - often controlled via Internet Relay Chat servers
Change management key points
•Rigorous process that addresses quality assurance. •Changes must be submitted, approved, tested and recorded. •Should have a back out plan in case change is not successful.
Malicious Software Definition
•Software or programs intentionally designed to include functions for penetrating a system, breaking security policies, or to carry malicious or damaging payloads. •Programming bugs or errors are not generally included in the topic •Backdoors, data diddlers, DDoS, hoax warnings, logic bombs, pranks, RATs, trojans, viruses, worms, zombies, etc.
Lock Controls
•Used to control read and write access to specific rows of data in relational systems, or objects in object-oriented systems. •locks ensure only one user at a time can alter data. •Better programming logic and testing reduce deadlocking problems.