Module 4

Types of direct attack

Distributed Denial of Service Brute Force Attack Man in the Middle

Application filtering

Generally more secure and flexible than packet-filtering firewalls but they are more expensive Installed on a host computer to control use of network applications Filter viruses and log actions more effectively which help network administrators spot potential security breaches.

Cryptojacking

Hackers secretly use victim's computer to mine cryptocurrency Reduces performance of victim's computer.

Black hats

Hackers who specialize in unauthorized penetration of information systems. They attack systems for profit, fun, or political motivation or as part of a social cause. These penetration attacks often involve modifying and destroying data.

A millionaire Hacker's Lessons for Corporate America

Idea is that compnay will fix what's wrong to harden itself against bad actors looking to steal data, conduct espionage and disrupt business operations. Santiago Lopez looks for security holes missed by customers that contract with the San Francisco-based firm. One large company gave you $10,000 for finding a way to manipulate one of its servers to access data it shouldn't have been able to. Was that challenging? It took me a full day to close that bug and prepare my report. It wasn't long to identify the area [that was] vulnerable. It took much longer to see what kind of secret information I could access. That can be the most difficult task at times, being able to identify how much information you can access with that failure. And it is what gives the most reward. Hacking has surged during the Covid-19 pandemic, as the Journal has reported. What effects will that have in the future? Employees are online and information is more vulnerable. Hackers are trying to get those employees to click to load malicious software. Hackers are learning a lot, some new ways to get people's money. It's getting worse. I have not yet experienced any company where I have not been able to find a bug, no matter how minimal. Even if there is a company where you feel like you can't find a bug, it doesn't mean that someone else can't find it. Without a doubt, companies are struggling to protect themselves. Cybersecurity is advancing year after year, so even if they manage to create a new type of protection or evolve in some way, bad hackers will always be running the race and they will be discovering and preparing different new ways to make companies vulnerable. You're really effective at what you do. What does this say about corporate cybersecurity? They're not investing money or time or work in trying to grow their cybersecurity team. A lot of companies, if you report bugs to them, they don't have the expertise to fix them. Software that they build themselves has more bugs but software generally is vulnerable, always. If software has access to important data, then encrypt it. How do different industries compare? Banks and companies that are all digital are good. Universities don't care about security because maybe they don't have sensitivity to customers. Health care? They're not investing so much in cybersecurity, but they should. They have private information. Overall, cybersecurity teams need more money. What kinds of technology changes are coming that will create cybersecurity problems? Artificial intelligence has helped us a lot to optimize tasks, process data and make decisions much faster than a human being could. However, new technologies, including artificial intelligence, create big cybersecurity risks, as potential vulnerabilities are not fully understood when they are found. This means that with more organizations relying on machine learning to perform business-critical actions, AI systems are sure to become a major target for hackers. Should companies be worried? If an attacker had the opportunity to control an AI algorithm, it would be a huge problem since physical objects could be controlled for the first time. An AI attack can transform a stop sign into a green light in the eyes of an autonomous car. The data could also be controlled so that the way it is collected, stored and used can be changed. Imagine an AI attack could control the way that Google or Facebook collects your personal data and the hacker could save or manipulate the data as he pleased. What about quantum computing, which experts say will be able to crack today's encryption? That's way in the future. It's not easy to crack encryption code, so for now, that's a good guard against hackers. The larger problem is that people are not being cautioned about cybersecurity. Are all employees having training in cybersecurity? It doesn't seem like it. Employees, when they click on links, make a big hole for a hacker to enter. If you're not training people well, no matter what technology you have, you're only creating future problems. Customers aren't happy when their data is hacked. They will go to a competitor. Make the investment.

Script kiddies

Inexperienced, usually young hackers who use programs that others have developed to attack computer and network systems and deface Web sites.

Difference between pretexting and phising

Pretexting: generally targeting specific piece of info from specific person/organization, phishing trying to get what can from whomever. Involves more work on the part of the attacker and is intended to be more difficult to discover.

Backdoors

Programming routine built into system by designer or programmer Enables designer or programmer to bypass security and sneak back into system later to access programs or flies

Intrusion Detection system

Protect against external and internal access Placed in front of a firewall Identify attack signatures, trace patterns, and generate alarms for the network administrator Cause routers to terminate connections with suspicious sources Prevent DoS attacks

Corporate network

Protected against intrusion, denial-of-service attacks, and unauthorized access.

Front-end servers

Protected against unauthorized access

Back-end systems

Protected to ensure data confidentiality, accuracy, and integrity

Asymmetric

Public and private key. So powerful. Best way to secure data. A. Locked B. Unlocked C. Locked instead of one key, two keys go with this lock: Key no. 1 Key no. 2 Public key known to everyone and private or secret key known only to recipient. Message encoded with public key decrypted only with same algorithm used by public key requiring recipient's private key. (look over link from slide)

Brute force

Repeatedly going through possible passwords until one works

Man in the Middle Attack

Reroutes communication through a third party which intercepts all information. Can give the impression of secure communication.

Dumpster diving

Social engineers often search through dumpsters or trashcans looking for discarded materials

McCumber Cube details

Defines 9 characteristics of info security Includes different states which info can exist in system. Suggests a comprehensive security system must provide 3 levels of security

TLS

Transport Layer Security Updated, more secure version of SSL

Virtual Private Network (VPN)

Tunnel of creativity within the internet. network redirect it through a specially configured remote server This means that if you surf online with a VPN, the VPN server becomes the source of your data other third parties cannot see which websites you visit or what data you send and receive online. a filter that turns all your data into "gibberish". Even if someone were to get their hands on your data, it would be useless. How it works: Client to the left, DNS in the middle, Amazon on the right, ATN can see what is going through this network. Takes in packets from external sources and decides where it will go. To which network it will go.

Logic bomb

Type of Trojan program used to release a virus, worm, or other destructive code Triggered at certain time or by specific event

Malwares

Typically not noticeable in use All computer systems are vulnerable

biometric security measures

Use of physiological element unique to person that cannot be stolen, lost, copied, or passed on to others.

Baiting

Use prospect of something of interest to target to induce them to perform action that is advantageous to attacker. Ex: Leaving USB key labeled "Salaries 2019" at a table

TDoS (telephony denial of service) attacks

Uses high volumes of automated calls to tie up a target phone system, halting incoming and outgoing calls

Callback modems

Verify whether user's access is valid Done by logging the user off and then calling the user back at a predetermined number. Useful when many employees work off-site and need to connect to the network from remote locations examples: DUO

Tailgating

When an unauthorized person follows and employee into restricted area.

Malicious software

any software bringing harm to computer system

Sniffing

capturing and recording network traffic. Can be done for legitimate reasons, such as monitoring network performance, hackers often use it to intercept info.

Availability

computers and networks can access info they need. Means quick recovery in event of system failure or disaster

Viruses

consist of self-propagating program code that is triggered by specific time or event When infect program or operating system is used, virus attaches to other files

Packet filtering

control data traffic by configuring a router to examine. These are somewhat inefficient How it works: All the way left internet, moves into firewall, then to rounders (keep track of all info and send it to the right destination.) (they take the IP address and send it to the right web stations), finally it goes to the web stations.

Access controls

designed to protect systems from unauthorized access in order to preserve data integrity Terminal resource security Passwords

B. unlocked

in the middle

Worm

independent programs that can spread themselves without having to be attached to a host program. Usually replicate into full-blown versions that eat up computing resources

Two types of VPN

layer two tunneling protocol internet protocol security

Shoulder surfing

looking over someone's should easiest form of collecting info.

Trojan

looks like genuine application do not replicate selves but can be just as destructive open backdoor entry to computer which gives malicious users/programs access to your system, allowing confidential and personal info to be theft.

Keystroke loggers

monitor and record keystrokes can be software or hardware devices

Phising

often use spoofing techniques (change one letter in domain address) Send fraudulent emails that seem to come from legitimate sources

Symmetric

security key (look over link from slide)

Proxy server

software that acts as intermediary between two systems between network users and internet

Spyware

software that secretly gathers information about users while they browse the web Some can change computer settings Prevented by installing antivirus or antispyware software

Comprehensive security system

step one is designing fault-tolerant systems so that the system ensure the availability in the event of a system failure by using a combination of hardware and software.

CIA Triangle

the important aspects of computer and network security

Data encryption

transforms data, called plaintext or cleartext, into a scrambled form called ciphertext that cannot be read by others Receiver unscrambles data using a decryption key The rules for encryption, known as the encryption algorithm, determine how simple or complex the transformation process should be. CLEMSON -> FOHPVRQ (original message is replaced by the letter three positions farther in the alphabet)

how internet works

www. clemson. edu DNS server is in the middle (top left is the web address, top right is the IP address, Right side of the screen is the server. clemson.edu codifies the docs or data in a server. Server either in a public domain or other. DNS server: stores website names and corresponding IP address Ways they try and trick you: Create a fake website server.

Disaster recovery plan tasks

•Identify vendors of all software and hardware •Document changes to hardware and software •Review insurance policies •Set up alternative sites •Keep backups off-site •Keep copy of disaster recovery plan off-site •Go through mock disaster to assess response

levels of network security

1. Front-end servers (e-mail and Web servers) 2. Back-end systems (workstations and internal servers) 3. Corporate network

Components of comprehensive security system

1. Biometric, nonbiometric, and physical security measures 2. Access controls 3. Virtual private networks 4. Data encryption 5. E-commerce transaction security measures 6. Computer Emergency Response Team (CERT) 7. Zero trust security

Integrity

Accuracy of info resources within organization How can the recipient know that the data's contents have not been changed during transmission?

White hats

Also known as ethical hackers, these are computer security experts who specialize in penetration testing and other testing methods to ensure that a company's information systems are secure.

Which is safer mobile apps or websites

An app Safer because server is regulated by one company.

Three main nonbiometric security measures

Callback modems Firewalls Intrusion detection systems

Key no. 1

Can only turn to the left

Key no. 2

Can only turn to the right

Firewalls

Combinations of hardware and software acting as filters between private networks and external numbers Network administrator defines rules for access, and all other data transmissions are blocked. Types: Packet-filtering firewalls, application-filtering firewalls, and proxy servers

Passwords

Combinations of numbers, characters, and symbols that are entered to allow access to a system.

Blended threats

Combines characteristics of viruses, worms, and malicious codes with vulnerabilities on networks. Search for vulnerabilities in computer networks and take advantage of them

What does CIA stand for?

Confidentiality Integrity Availability

Physical security measures

Control access to computers and networks Include devices for securing computers from theft Cable shielding room shielding Cable shielding example: Two systems are interconnected Network is in the middle And cables are connecting to it from either side. information is stored inside of the packets

E-commerce Transaction Security Measures

Encryption - SSl, TSL Password: Two factor verification - SMS -> pin. DUO -> [Code] Invoice, acknowledging messages, emails, receipts Dispute transactions - E Commerce firm or bank

Zero trust security

Every person and every device that accesses a network must be secured •Within the organization •Outside of the organization •Least-privilege access •User is only given access needed to perform job •Microsegmentation •Break up security perimeters into small zones •Maintain separate access •Multifactor authentication (MFA) •Single access method is not adequate

How firewalls work

Examine data passing into or out of private network and decide whether to allow transmission based on users' IDS, the transmission's origin and destination, and the transmission's contents. rules by network admin. Blacklisted websites

Adware

Form of spyware that collects info about user to determine advertisements to display.

McCumber Cube

Framework for evaluating info security

Authentication

How can the recipient know that data is actually from the sender?

HTTPS

Hypertext Transfer Protocol Secure Appears in URL when website secured by SSL certificate. Details of certificate including issuing authority and corporate name of website owner, viewed by clicking on lock symbol on the browser bar.

Packets

Information transmitted is stored in a packet

Pharming

Internet users directed to fraudulent web sites with intention of stealing personal info. Difference is pharmers hijack official web site address and change website ip address

A. Locked

Key turned all the way to the left

C. Locked

Key turned all the way to the right

Scareware

Malicious software that social engineer uses to cause fear, threat, or anxiety and encourages the recipient to buy software that is infected.

Malicious softwares

Malwares Trojan Virus Worm logic bomb spyware adware keyloggers cryptojacking

Botnet

Network of computers and IoT devices. Infected with malicious software

Company network

Old days: Companies kept data all together in one circle These days: Keep data in cloud network, which is an internet based network. Clouds: Allows people within companies to all have access to data. Examples of companies that use this: Microsoft, Amazon. All the companies trust Amazon to secure and keep the data. But, should they be because of confidentiality.

Pretexting

Operating under pretext to create illusion of legitimacy. May involve outside work

Types of hackers

Script kiddies Black hats White hats

SSL

Secure Sockets Layer Standard technology for keeping internet connect secure/ safeguard sensitive data being sent between two systems, preventing criminals from reading and modifying and info transferred, including potential personal details. The two systems can be a server and a client or server to server.

Steps when developing a comprehensive security plan

Set up a security committee •Post security policy in visible places •Raise employee awareness •Use strong passwords •Install software patches and updates •Revoke terminated employees' passwords and ID badges immediately •Keep sensitive data, software, and printouts locked in secured locations •Exit programs and systems promptly •Limit computer access to authorized personnel only •Periodically compare communication logs with communication billing •Install antivirus programs, firewalls, and intrusion detection systems •Use only licensed software •Ensure fire protection systems and alarms are up to date, and test them regularly •Check environmental factors •Temperature and humidity levels (at data storage units) •Use physical security measures •Corner bolts on workstations, ID badges, and door locks •Consider biometric security measures •Wipe devices before recycling or donating •Consider zero trust security protocols

VPN advantage

Set-up costs are low

Encryption

Symmetry Assymmetric

Confidentiality

System must prevent disclosing info to anyone without access to it. How can you ensure that only the sender and intended recipient can read the message?

Nonreproduction of origin

The sender cannot deny having sent the data. Nonrepudiation of receipt—The recipient cannot deny having received the data.

distributed denial-of-service (DDoS) attack

Thousands of computers work together to bombard a Website with thousands of requests in a short period, causing it to grind to a halt