exam 3

Transmission Control Protocol/Internet Protocol (TCP/IP)

- 4 layers

Data Network Components

- Mainframe/Server Hosts - File Servers - Workstations - Software - Network Operating System and Applications

Specific Network Security Objectives ( cont)

- Message non-repudiation is available -prevent unauthorized disclosure of message -prevent unauthoruized disclosure of traffic flow -remote access mechanisms are secure -security mechanisms are easy to implement and maintain] - security mechanisms are transparent ti end users

Major elements of database mngt system

- database -hardware -software -user

Open System Interconnection (OSI) model

7 layers, blueprint not thing, an idea)

Network Protocol Definition

A standard set of rules that governs the exchange of data between hardware and software components in a communications network

Intrusion Prevention System (IPS)

Ability to block attacks in Real time actively intercept and forward packets considered ' access control' and 'policy enforcement' whereas IDS is considered 'network monitoring and 'audot''

Internet Access

Allows users to access network information through an Internet Service Provider (ISP) connection.

A complete conceptual model of systems including software, hardware, and users is known as

Architecture disgram

When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?

Buffer Overflow

Malware Type: Virus

Central characteristic is reporduction generally requires some action by the user

Regarding application security which is not a common issue that poses a potential threat?

Check Sum Redistribution

to resolve IP numbers to names and names to IP numbers is the function of

DNS

OSI-

Data transfer is accomplished by a layer interacting with the layer above or below through the use of interface control information -ISO 7498 -Encipherment -access controls - data integrity

Which is not true of Enterprise Security Architecture

Development of the architecture if primarily end user driven

Confidentiality

Direct loss (backdoors, viruses, etc) Indirect loss( consequential damage due to unauthorized disclosure of confidential information, etc)

DNS

Domain Name System; distributed internet directory service -internet services rely on DNS to work, if DNS fails web sites cannot be located and email delivery stalls

Virtual Private Network (VPN)

Dynamically established secure network link between two specific network codes or subnets using a secure encapsulation uses tunneling and Encryption

Functional Design Definition

Functional requirements activities prepare project plan required security activities security areas in project plan

Objectives of Enterprise Security Architecture

Guidance for decision makers - the resulting business and security decision will be strategically aligned and consistent across the enetrprise -provides specific security-related guidance deciison makers

Infrastructure includes items such as

Hardware, software, operating system and all associated functions, applications, utilities, network environment ( physical things)

RAT

Installed, usually remotely after system installed and working, not in development . - trojan vs tool rootkits require working account, RATS generally dont

Intrusion Detection System (IDS)

Intrusion attempts and any set of actions that attempt to gain unauthorized access are detected auditing for intrusion attempts in a timely basis

IM Security Issues

Most lack encryption capabilities most have features to bypass traditional corporate firewalls

Data Network Components(cont.)

Network adapter/ network interface card hub brudges switches routers gateways

Transmission Control Protocol

Provides reliable data transmission retransmits lost/damaged data segments Sequences incoming segments to match original order Mark evert TCP packet with a source host and port number as well as a destinantion host and port number

General Remote Access Safeguards

Publish a clear/ definitive remote access policy and enforce it through audit -justify all remote users and review regularly -identify and periodically audit all remote access facilities, lines, and connections - consolidate all general dial up facilties into a central bank that is positioned on a DMZ

Malformed input attacks

SQL Injection - inserting a series of SQL statements into a 'query' by manipulating data input into an application

Deadlocking

Stalemate when 2 or more processes are each waiting for the other to do something before they can proceed

Architecture

The highest level concept of a system in its environment

Remote Access Services

Typically conducted over an untrusted network. •Increased risk to disclosure, modification, and denial of service. •Remote access security minimums -Strong identification and authentication services •Rapid growth of remote access via the Internet -Wide availability -Economical

malware types

Virus, Trojan Horse, Worms, Adware, Spyware, RAT( remote access trojan) , DDoS, back door, data diddler , etc

Time of check/Time of Use (TOC/TOU)

When control information is changed between the time that the system security functions check the contents of the variables and when the variables are actually used

Which of the following is a common framework used to develop an Enterprise Security Architecture

Zechman

Security architecture

a high-level design used to satisfy a system's security requirements as defined in an organization's security policy - security blueprint

Spoofing

pretnding to be an IP address woure not

Architecture includes

principles concepts methods practices standards -shift from an IT- centric to a business-centric ssecurity pricess to more effectively manage risk

Availability

programs, data, processing, resources; bandwidth, memory, disk space, mail queues

Architecture

refers to the cohesive design of the elements

General Remote access cont

- implement two factor -use VPN - use personal firewalls and anti virus tools on remote computers

Object reuse

an object may contain sensitive residual data

3GHz- common but older

bluetooth / phones

mobile code/ executable content

code that is downloaded to the users machine and executed running programs on a computer may give the program unexpected access to resources on the machine examples- web applets dynamic email

Trap doors/back doors

hidden mechanisms that bypass authentication measures; could enable unauthorized access

malware type- logic bomb

implanted by an insider, waits for condition or time, triggers negative payload

Intrusion prevention systems

intrusions are prevented

In testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application?

it should be live real-time online data from the current production system

Infrastructure

refers to the supporting elements needed for functionality

DNS (cont)

tree structured Name server- Responds to client request by supplying name to address conversions Resolver- when it does not know the answer, the resolver element will ask another name server for the information

View based access controls

•Security achieved through the appropriate use of 'views.' ( divide into "see" and " not see" -Allows the database to be logically divided into pieces - sensitive data is hidden from unauthorized users. - Controls are located in the front-end application that the user interfaces with and not the back-end query engine

Data Encapsulation

- To transmit data across a layered network, the data passes through each layer of the protocol stack - It begins at the application layer with the application software passing the data to the next lower protocol in the stack - At each layer, the data is encapsulated (the protocol processes the data in the format that the next protocol layer requires)

DBMS should provide

- Transaction persistence: stays there forever -Fault tolerance and recovery -sharing by multiple users -security controls( 1st business process )

Remote access threat

- insecure internet connections -unsecured modem access -diagnostic ports on various network devices

these are apart of data network

- mainframe -workstation -file server

Architecture

- will require formal commitment from the executives to be relied upon for guidance -often are challenging to define - may require assustance with SCOPE definition and mnagement , issue validation, and the definition of the resulting Security principles

Application software

-Comprised of programs, processes, utilities, driver, etc to provide user functionality and support business activities -allows user to execute and perform computerized task

Two objectives of O/S

-Control use of system resources -provide a convenient , easy to understand view of the computer to users

develop and document

-project construction construct from detailed design specification -required security write/ procure and install security related code

project initiation and planning

-project initiation activities identify user needs -required security activities identify security needs

The first step in establishing organization control for remote access

-publish a clear policy on remote access

Change Management Process

1. change request

OSI and TCI/IP is

OSI is the model upon which the TCP/IP protocol is based

complete conceptual model of systems including software, hardware, and users is

architecture diagram

Enterprise security architecture does not address

configurations for technical infrastructure

Strategic

longer life than a blueprint, design specification topology or configuration

malware type trojan horse

pruported to be a positive utility hidden negative payload, social enginerring

Eavesdropping

standard wired equivalent privacy is not used wep is flawed and vulnerable no user authentication

Detailed Design

system design develop detailed designs required security define security specifications

IP Adress (Internet Protocol)

32 bits 110111000 only add the 1s like a light switch

Most common frequency

5GHz - phones

An IP address is...

Composed of 32 bits

Which of the following statements about OSI and TCI/IP is correct

OSI is the model upon which the TCP/IP protocol is based

integrity

programs, system, data, trust relationships; formal( technical trust between subnets and domains) informal(social relations between partners, customers, and clients)

Teardrop Denial of Service Attack

slight change in numbers confere firewall

IP security Issues

•IP Fragmentation Attacks -Tiny fragment attack -Overlapping fragment attack -Teardrop Denial of Service Attack •IP Address Spoofing •Source Routing •Smurf and Fraggle •IP Tunneling over other protocols

The target - organization specific

- Sensitive and critical information - computing services such as storage space and other resources - Network access to interconnected networks, such as customers or business partner

TCP/IP (Transmission Control Protocol/Internet Protocol)

- break data into small pieces that can efficiently be handled by the network communicate the destination of the data to the network verify the receipt of the data on the other end of the transmission reconstruct the data in its original form

these are benefits of enterprise security arch

- constantly mane IT risk across enterprise - allow decision makers to make better and quicker security related decisions -reduce cost and managing IT risk

Relational database sec issues

- ensuring integrity of input data -preventing deadlocking -access controls ensuring only authorized users are preforming authorized activities

Introduction to enterprise security architecture

- how company competes , this contains the concepts , principles, structures,and standards used to design , monitor, and secure operating systems, hardware, networks, applications, and those controls used to enforce various levels of availability , integrity, and confidentiality.

an important consideration for security professionals in project initiation phase

- identification of security needs -identify appropriate security frameworks -conduct of risk analysis

Modern malware is network aware

- new means of spread - new methods of attack -new payloads

enterprise security arch addresses

- strategic alignment -process enhancement -business enablement

common issue that poses as a potential threat

- trap/backdoors -garbage collection -object reuse

database security issues

- unauthorized access -query attacks

System Life Cycle

-Project management-based methodology used to plan, execute, and control software development and maintenance -Provides a framework for the phases of software development projects and includes disposal stage -Involves teams of developers, analysts, owners, users, technical experts, and security experts

Specific Network Security Objectives

-Transmission channels and services are secure and accessible -u=interoperability of network security mechanisms are operational -messages sent are the messages that are received - message link between valid source and destination nodes

these are true about enterprise security arch

-a strategic prospective of organization is required to develop an enterprise security arch -focus on alignment w business processes -architectures should be designed to support organizational goals

Network protocol can also

-describe the format of a message and how it is exchanged - when computers communicate with one another -computers must agree on what a message means

Lack of ent sec arch

-increased consumer complaints - it and business units dont understand the more stringent regulatory and legal compliance requirements difficulty in supporting e-commerce

Tunneling

-is the act of packaging one network packet inside another -the vehicle for encapsulating packet inside protocol that is understood at the entry and exit points of a given network - for confidentiality and integrity the tunnels should be encrypted

Applications Environment

-operating system (O/S): first layer of software

in testing phase of an application development a desirable characteristic of test data

-should represent wide range of possible data that could be enetred in system by users -should be able to validate both before and after test run - provide means of checking upper and lower bounds of the system regrading field size, time, and dates

Address Resolution Protocol (ARP)

-used when a node knows the network layer address but needs the data link layer address to forward the encapsulating frame - the ARP software maintains a table of translations between IP address and data link addresses

Benefits of ent sec arch

Consistently manage IT risk across ent while levering industry best practices - reduces the cost - decision makers better and quicker security related decisions -promose inyerpperability -guidance

Management expectations

Mitigate risk ( most important when talking with organization) -first need to know what risk is present Enhance user productivity -security should not get in the way of productivity Reduce cost -most security is assumed to be built in Streamline application development/integration - Security must not inhibit applications

A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack

Mobile Code/Content

Enterprise

Multiple internal networks internal areas or domains, and various internal devices and systems, applications, and diverse user presence as a single collective unit - Entire organization internal and external

data diddler

Payload in a Trojan or virus that deliberately corrupts data, generally by small increments over time

Data Network Structures examples

Personal area network( on person, person device) -local area network(building) -wide area network( campus -internet -wireless personal area network -metropolitan area network -campus area network extranet

data network com include

Physical cabling- twisted pair / coaxial cable/ fiber optics wireless- radio frequency/infrared/optical/satellite

Which is not a principal benefit of an enterprise security architecture

Promote a positive perspective for systems management across the enterprise

Secure shell ( SSH, SSH2)

SSH - powerful method of performing client authentication - safeguards multiple service sessions between two systems - important from infrastructure POV

Remote access tech

allows users to access network information through a dial in or wireless connection

Secure Shell

data compression data confidentiality and integrity

garbage collection

de-allocation of storage following program execute

Systems development life cycle framework

define , design, develop, deliver initiation/ requirements

Databases

developed to manage information from many sources in one location - preserves storage space - eliminates the need forr duplication prevents inconsistency in data

Which of the following is generally not considered part of a data network

end user

DNS=

phonebook IP

In the project initiation phase of the system development life cycle which is not an important consideration for a security professional

preform unit test to evaluate the security of code

We want to do what in ent sec arch

protect the company, make it easy for users, dont stand in the way of progress and do it as cheaply as possible

Which should be the first step in the establishing organization control for remote access

publish a clear policy on remote access

Malware Type -Worms

reproduces generally uses loopholes in system, does not involve user , ofter attacks server software of some type

To resolve IP numbers to names and names to IP numbers is the function of

the DNS

O/S vs control center

the operating system is a fundamental software that manages the overall operation of a computer, while a control center is a user interface component that allows users to control and customize specific settings on the system. The control center operates within the framework provided by the operating system.

Buffer overflow

the process of exploiting a program weakness by sending long strings of input data to a system that is not prepared to truncate it through proper bound checking - developers should take this type of vulnerability into acct when developing and testing programs

General Remote Access Safeguards( cont)

use phone lines restricted to outbound access for dial out services set modems to answer after a pre-determined number of rings; counters" war Dialers" use secure modems for single port diagnostic and administrative access or unplug when not in use consolidate remote access facilities when practice

Malware type- Hoax

uses users rather than programming 'meme' or mind virus , social enginerring usually warns of a 'new virus'

common framework used to develop ent security arch

zechman

Wireless LAN Vulnerabilities Subtopics

• Detection • Eavesdropping • Modification • Injection • Hijacking • WLAN Architecture • Radio Frequency Management

Lock Controls- the ACID test

•Atomicity( rewrite whole record to make change) - either all changes take effect or none do. •Consistency -a transaction is allowed only if it meets owner/system-defined integrity constraints. •Isolation -the results of the transaction are not visible until the transaction is complete. •Durability -a completed transaction is permanent.

DNS Security Issues

•Attackers have been known to corrupt the tree and obtain access to a trusted machine. •The name servers can be poisoned so that legitimate addresses are replaced. •Unauthorized users could discover sensitive information if querying is allowed by users.

DDOS Zombie

•Expands effect of denial of service. -Middle of master / attacker - agent - target structure. -Hides attacker, multiplies attack.

Virus types

•File infector •Boot sector infector •System infector •Email virus •Multipartite •Macro virus •Script virus •Hoax

Backdoor, Trapdoor

•Implanted intentionally in development, or by error, usually by an insider •Maintenance hook (may have been deliberate and useful) •Also bug / loophole / wormhole

Spyware and Adware

•Intended as marketing, not malice •Installed with other software -As a separate function or program •Generates unwanted or irrelevant advertising •Reports on user activities -possibly other installed programs, possibly user surfing

Malware Types - BotNets

•Networks of infected machines. - for distributed denial of service. - as proxies for SPAM. - often controlled via Internet Relay Chat servers

Change management key points

•Rigorous process that addresses quality assurance. •Changes must be submitted, approved, tested and recorded. •Should have a back out plan in case change is not successful.

Malicious Software Definition

•Software or programs intentionally designed to include functions for penetrating a system, breaking security policies, or to carry malicious or damaging payloads. •Programming bugs or errors are not generally included in the topic •Backdoors, data diddlers, DDoS, hoax warnings, logic bombs, pranks, RATs, trojans, viruses, worms, zombies, etc.

Lock Controls

•Used to control read and write access to specific rows of data in relational systems, or objects in object-oriented systems. •locks ensure only one user at a time can alter data. •Better programming logic and testing reduce deadlocking problems.