Security - Chapter 02 - Review*
Which management groups are responsible for implementing information security to protect the organization's ability to function?
General management, I.T. management, and information security management.
How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
The classic perception of the hacker is frequently glamorized in fictional accounts as someone who stealthily manipulates their way through a maze of computer networks, systems, and data to find the information that resolves the dilemma posed in the plot and saves the day. However, in reality, a hacker frequently spends long hours examining the types and structures of the targeted systems because he or she has to use skill, guile, or fraud to attempt to bypass the controls placed around information that is the property of someone else. The perception of a hacker has evolved over the years. The traditional hacker profile was male, age 13-18, with limited parental supervision who spent all his free time at the computer. The current profile of a hacker is a male or female, age 12 - 60, with varying technical skill levels, and can be internal or external to the organization. Today there are both expert hackers and unskilled hackers. The expert hackers create the software and schemes to attack computer systems while the novice hackers are the ones who merely utilize the software created by the expert hacker.
What is a buffer overflow, and how is it used against a Web server?
A buffer overflow occurs when more data is sent to a buffer than it can handle. It can be caused over a network when there is a mismatch in the processing rates between the two entities involved in the communication process.
What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why?
A denial-of-service attack occurs when an attacker sends a large number of connection or information requests to a target. A distributed denial-of-service attack occurs when a coordinated stream of requests is launched against a target from many locations at the same time. A distributed denial-of-service attack is potentially more dangerous and devastating. In most DDoS attacks, numerous machines are first compromised and used as "zombies" to carry out the denial-of-service attack against a single target. DDoS attacks are most difficult to defend against, and there are currently no controls any single organization can apply.
What is the difference between a skilled hacker and an unskilled hacker (other than skill levels)? How does the protection against each differ?
An expert hacker in one who develops software scripts and codes to exploit relatively unknown vulnerabilities. The expert hacker is usually a master of several programming languages, networking protocols, and operating systems. An unskilled hacker is one who uses scripts and code developed by skilled hackers. They rarely create or write their own hacks, and are often relatively unskilled in programming languages, networking protocols, and operating systems. Protecting against an expert hacker is much more difficult, due in part to the fact that most of the time the expert hacker is using new, undocumented attack code. This makes it almost impossible to guard against these attacks at first. Conversely, an unskilled hacker generally uses hacking tools that have been made publicly available. Therefore, protection against these hacks can be maintained by staying up-to-date on the latest patches and being aware of hacking tools that have been published by expert hackers.
Why is information security a management problem? What can management do that technology cannot?
Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization's data.
What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?
Common types of malware are viruses, worms, Trojan horses, logic bombs, and back doors. Computer viruses are segments of code that induce other programs to perform actions. Worms are malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication. Once a trusting user executes a Trojan horse program it will unleash viruses or worms to the local workstation and the network as a whole.
Why is data the most important asset an organization possesses? What other assets in the organization require protection?
Data is important in the organization because without it an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that functions within the modern social context of connected and responsive service relies on information systems to support these services, protecting data in motion and data at rest are both critical. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets.
Why do employees constitute one of the greatest threats to information security?
Employees are the greatest threats since they are the closest to the organizational data and will have access by nature of their assignments. They are the ones who use it in everyday activities, and employee mistakes represent a very serious threat to the confidentiality, integrity, and availability of data. Employee mistakes can easily lead to the revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas, and failure to protect information.
What are the various types of force majeure? Which type might be of greatest concern to an organization in Las Vegas? Oklahoma City? Miami? Los Angeles?
Force majeure refers to forces of nature or acts of God that pose a risk, not only to the lives of individuals, but also to information security. Force majeure includes fire, flood, earthquake, lightning, landslide or mudslide, tornado or severe windstorm, hurricane or typhoon, tsunami, electrostatic discharge (ESD), and/or dust contamination. A major concern to an organization in Las Vegas might be dust contamination. Tornado is a concern for Oklahoma City, OK. Miami, FL would be most concerned with hurricanes or tsunamis. Earthquakes, mud-slides, wildfires and riots would be of concern to LA.
Has the implementation of networking technology created more or less risk for businesses that use information technology? Why?
Networking is usually considered to have created more risk for businesses that use information technology. This is due to the fact that potential attackers have more and readier access to these information systems when they have been networked, especially if they are interconnected to the Internet.
Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
Polymorphism causes greater concern because it makes malicious code more difficult to detect. The code changes over time, which means commonly used anti-virus software, which uses preconfigured signatures for detection, will be unable to detect the newly changed attack. This makes polymorphic threats harder to protect against.
How does technological obsolescence constitute a threat to information security? How can an organization protect against it?
Technological obsolescence is a security threat caused by management's potential lack of planning and failure to anticipate the technology needed for evolving business requirements. Technological obsolescence occurs when the infrastructure becomes outdated, which leads to unreliable and untrustworthy systems. As a result, there is a risk of loss of data integrity from attacks. One of the best ways to prevent this is through proper planning by management. Once discovered, outdated technologies must be replaced. Information Technology personnel must help management identify probable obsolescence so that any necessary replacement (or upgrade) of technologies can be done in a timely fashion.
For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system?
The attacker must first gain access to a network to install the sniffer. Social engineering offers the best way for an attacker to gain access to a network to install a physical sniffer device. By convincing an unwitting employee to instruct the attacker as to the whereabouts of the networking equipment, the installation of the sniffer can be accomplished.
What methods does a social engineering hacker use to gain information about a user's login id and password? How would this method differ if it were targeted towards an administrator's assistant versus a data-entry clerk?
The attacker must first gain access to a network to install the sniffer. Social engineering offers the best way for an attacker to gain access to a network to install a physical sniffer device. By convincing an unwitting employee to instruct the attacker as to the whereabouts of the networking equipment, the installation of the sniffer can be accomplished.
What measures can individuals take to protect against shoulder surfing?
The best way for an individual to avoid shoulder surfing is to avoid, as far as possible, the accessing of confidential information when another person is present. The individual should limit the number of times he/she accesses confidential data, and do it only when he/she is sure that nobody can observe them. One should be constantly aware of who is around when accessing sensitive information.
What is the most common form of violation of intellectual property? How does an organization protect against it? What agencies fight it?
The most common violations involve the unlawful use or duplication of software-based intellectual property known as software piracy. Some organizations have used such security measures as digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media. Also, most companies file patents, trademarks or copyrights which can allow a company to legally pursue a violator. Another effort to combat piracy is the online registration process. During installation, software users are asked or even required to register their software to obtain technical support, or the use of all features. There are two major organizations that investigate allegations of software abuse: Software and Information Industry Association (SIIA) and the Business Software Alliance (BSA).
What are the types of password attacks? What can a systems administrator do to protect against them?
The types of password attacks include: Password Crack, Brute Force, and Dictionary: Password crack: Attempting to reverse calculate the password is called "cracking." Cracking is used when a copy of the Security Account Manager data file can be obtained. A possible password is taken from the SAM file and run through the hashing algorithm in an attempt to guess the password. Brute Force: The application of computing and network resources to try every possible combination of options for a password. Dictionary: A form of brute force for guessing passwords. The dictionary attack selects specific accounts and uses a list of commonly used passwords with which to guess. To protect against password attacks, security administrators can: a. Implement controls that limit the number of attempts allowed. b. Use a "disallow" list of passwords from a similar dictionary. c. Require use of additional numbers and special characters in passwords.
What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
When an attacker is able to control access to an asset, it can be held hostage to the attacker's demands. For example, if an attacker is able to gain access to a set of data in a database and then encrypt that data, they may extort money or other value from the owner in order to share the encryption key so that the data can be used by the owner.
Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value?
Yes, the IP of an organization may be its highest value asset. Attackers can threaten its value by reducing or removing its availability to the owner or by stealing and then selling copies of the asset thus causing a loss in the economic value of the assets.