Module 4
Types of direct attack
Distributed Denial of Service Brute Force Attack Man in the Middle
Application filtering
Generally more secure and flexible than packet-filtering firewalls but they are more expensive Installed on a host computer to control use of network applications Filter viruses and log actions more effectively which help network administrators spot potential security breaches.
Cryptojacking
Hackers secretly use victim's computer to mine cryptocurrency Reduces performance of victim's computer.
Black hats
Hackers who specialize in unauthorized penetration of information systems. They attack systems for profit, fun, or political motivation or as part of a social cause. These penetration attacks often involve modifying and destroying data.
A millionaire Hacker's Lessons for Corporate America
Idea is that compnay will fix what's wrong to harden itself against bad actors looking to steal data, conduct espionage and disrupt business operations. Santiago Lopez looks for security holes missed by customers that contract with the San Francisco-based firm. One large company gave you $10,000 for finding a way to manipulate one of its servers to access data it shouldn't have been able to. Was that challenging? It took me a full day to close that bug and prepare my report. It wasn't long to identify the area [that was] vulnerable. It took much longer to see what kind of secret information I could access. That can be the most difficult task at times, being able to identify how much information you can access with that failure. And it is what gives the most reward. Hacking has surged during the Covid-19 pandemic, as the Journal has reported. What effects will that have in the future? Employees are online and information is more vulnerable. Hackers are trying to get those employees to click to load malicious software. Hackers are learning a lot, some new ways to get people's money. It's getting worse. I have not yet experienced any company where I have not been able to find a bug, no matter how minimal. Even if there is a company where you feel like you can't find a bug, it doesn't mean that someone else can't find it. Without a doubt, companies are struggling to protect themselves. Cybersecurity is advancing year after year, so even if they manage to create a new type of protection or evolve in some way, bad hackers will always be running the race and they will be discovering and preparing different new ways to make companies vulnerable. You're really effective at what you do. What does this say about corporate cybersecurity? They're not investing money or time or work in trying to grow their cybersecurity team. A lot of companies, if you report bugs to them, they don't have the expertise to fix them. Software that they build themselves has more bugs but software generally is vulnerable, always. If software has access to important data, then encrypt it. How do different industries compare? Banks and companies that are all digital are good. Universities don't care about security because maybe they don't have sensitivity to customers. Health care? They're not investing so much in cybersecurity, but they should. They have private information. Overall, cybersecurity teams need more money. What kinds of technology changes are coming that will create cybersecurity problems? Artificial intelligence has helped us a lot to optimize tasks, process data and make decisions much faster than a human being could. However, new technologies, including artificial intelligence, create big cybersecurity risks, as potential vulnerabilities are not fully understood when they are found. This means that with more organizations relying on machine learning to perform business-critical actions, AI systems are sure to become a major target for hackers. Should companies be worried? If an attacker had the opportunity to control an AI algorithm, it would be a huge problem since physical objects could be controlled for the first time. An AI attack can transform a stop sign into a green light in the eyes of an autonomous car. The data could also be controlled so that the way it is collected, stored and used can be changed. Imagine an AI attack could control the way that Google or Facebook collects your personal data and the hacker could save or manipulate the data as he pleased. What about quantum computing, which experts say will be able to crack today's encryption? That's way in the future. It's not easy to crack encryption code, so for now, that's a good guard against hackers. The larger problem is that people are not being cautioned about cybersecurity. Are all employees having training in cybersecurity? It doesn't seem like it. Employees, when they click on links, make a big hole for a hacker to enter. If you're not training people well, no matter what technology you have, you're only creating future problems. Customers aren't happy when their data is hacked. They will go to a competitor. Make the investment.
Script kiddies
Inexperienced, usually young hackers who use programs that others have developed to attack computer and network systems and deface Web sites.
Difference between pretexting and phising
Pretexting: generally targeting specific piece of info from specific person/organization, phishing trying to get what can from whomever. Involves more work on the part of the attacker and is intended to be more difficult to discover.
Backdoors
Programming routine built into system by designer or programmer Enables designer or programmer to bypass security and sneak back into system later to access programs or flies
Intrusion Detection system
Protect against external and internal access Placed in front of a firewall Identify attack signatures, trace patterns, and generate alarms for the network administrator Cause routers to terminate connections with suspicious sources Prevent DoS attacks
Corporate network
Protected against intrusion, denial-of-service attacks, and unauthorized access.
Front-end servers
Protected against unauthorized access
Back-end systems
Protected to ensure data confidentiality, accuracy, and integrity
Asymmetric
Public and private key. So powerful. Best way to secure data. A. Locked B. Unlocked C. Locked instead of one key, two keys go with this lock: Key no. 1 Key no. 2 Public key known to everyone and private or secret key known only to recipient. Message encoded with public key decrypted only with same algorithm used by public key requiring recipient's private key. (look over link from slide)
Brute force
Repeatedly going through possible passwords until one works
Man in the Middle Attack
Reroutes communication through a third party which intercepts all information. Can give the impression of secure communication.
Dumpster diving
Social engineers often search through dumpsters or trashcans looking for discarded materials
McCumber Cube details
Defines 9 characteristics of info security Includes different states which info can exist in system. Suggests a comprehensive security system must provide 3 levels of security
TLS
Transport Layer Security Updated, more secure version of SSL
Virtual Private Network (VPN)
Tunnel of creativity within the internet. network redirect it through a specially configured remote server This means that if you surf online with a VPN, the VPN server becomes the source of your data other third parties cannot see which websites you visit or what data you send and receive online. a filter that turns all your data into "gibberish". Even if someone were to get their hands on your data, it would be useless. How it works: Client to the left, DNS in the middle, Amazon on the right, ATN can see what is going through this network. Takes in packets from external sources and decides where it will go. To which network it will go.
Logic bomb
Type of Trojan program used to release a virus, worm, or other destructive code Triggered at certain time or by specific event
Malwares
Typically not noticeable in use All computer systems are vulnerable
biometric security measures
Use of physiological element unique to person that cannot be stolen, lost, copied, or passed on to others.
Baiting
Use prospect of something of interest to target to induce them to perform action that is advantageous to attacker. Ex: Leaving USB key labeled "Salaries 2019" at a table
TDoS (telephony denial of service) attacks
Uses high volumes of automated calls to tie up a target phone system, halting incoming and outgoing calls
Callback modems
Verify whether user's access is valid Done by logging the user off and then calling the user back at a predetermined number. Useful when many employees work off-site and need to connect to the network from remote locations examples: DUO
Tailgating
When an unauthorized person follows and employee into restricted area.
Malicious software
any software bringing harm to computer system
Sniffing
capturing and recording network traffic. Can be done for legitimate reasons, such as monitoring network performance, hackers often use it to intercept info.
Availability
computers and networks can access info they need. Means quick recovery in event of system failure or disaster
Viruses
consist of self-propagating program code that is triggered by specific time or event When infect program or operating system is used, virus attaches to other files
Packet filtering
control data traffic by configuring a router to examine. These are somewhat inefficient How it works: All the way left internet, moves into firewall, then to rounders (keep track of all info and send it to the right destination.) (they take the IP address and send it to the right web stations), finally it goes to the web stations.
Access controls
designed to protect systems from unauthorized access in order to preserve data integrity Terminal resource security Passwords
B. unlocked
in the middle
Worm
independent programs that can spread themselves without having to be attached to a host program. Usually replicate into full-blown versions that eat up computing resources
Two types of VPN
layer two tunneling protocol internet protocol security
Shoulder surfing
looking over someone's should easiest form of collecting info.
Trojan
looks like genuine application do not replicate selves but can be just as destructive open backdoor entry to computer which gives malicious users/programs access to your system, allowing confidential and personal info to be theft.
Keystroke loggers
monitor and record keystrokes can be software or hardware devices
Phising
often use spoofing techniques (change one letter in domain address) Send fraudulent emails that seem to come from legitimate sources
Symmetric
security key (look over link from slide)
Proxy server
software that acts as intermediary between two systems between network users and internet
Spyware
software that secretly gathers information about users while they browse the web Some can change computer settings Prevented by installing antivirus or antispyware software
Comprehensive security system
step one is designing fault-tolerant systems so that the system ensure the availability in the event of a system failure by using a combination of hardware and software.
CIA Triangle
the important aspects of computer and network security
Data encryption
transforms data, called plaintext or cleartext, into a scrambled form called ciphertext that cannot be read by others Receiver unscrambles data using a decryption key The rules for encryption, known as the encryption algorithm, determine how simple or complex the transformation process should be. CLEMSON -> FOHPVRQ (original message is replaced by the letter three positions farther in the alphabet)
how internet works
www. clemson. edu DNS server is in the middle (top left is the web address, top right is the IP address, Right side of the screen is the server. clemson.edu codifies the docs or data in a server. Server either in a public domain or other. DNS server: stores website names and corresponding IP address Ways they try and trick you: Create a fake website server.
Disaster recovery plan tasks
•Identify vendors of all software and hardware •Document changes to hardware and software •Review insurance policies •Set up alternative sites •Keep backups off-site •Keep copy of disaster recovery plan off-site •Go through mock disaster to assess response
levels of network security
1. Front-end servers (e-mail and Web servers) 2. Back-end systems (workstations and internal servers) 3. Corporate network
Components of comprehensive security system
1. Biometric, nonbiometric, and physical security measures 2. Access controls 3. Virtual private networks 4. Data encryption 5. E-commerce transaction security measures 6. Computer Emergency Response Team (CERT) 7. Zero trust security
Integrity
Accuracy of info resources within organization How can the recipient know that the data's contents have not been changed during transmission?
White hats
Also known as ethical hackers, these are computer security experts who specialize in penetration testing and other testing methods to ensure that a company's information systems are secure.
Which is safer mobile apps or websites
An app Safer because server is regulated by one company.
Three main nonbiometric security measures
Callback modems Firewalls Intrusion detection systems
Key no. 1
Can only turn to the left
Key no. 2
Can only turn to the right
Firewalls
Combinations of hardware and software acting as filters between private networks and external numbers Network administrator defines rules for access, and all other data transmissions are blocked. Types: Packet-filtering firewalls, application-filtering firewalls, and proxy servers
Passwords
Combinations of numbers, characters, and symbols that are entered to allow access to a system.
Blended threats
Combines characteristics of viruses, worms, and malicious codes with vulnerabilities on networks. Search for vulnerabilities in computer networks and take advantage of them
What does CIA stand for?
Confidentiality Integrity Availability
Physical security measures
Control access to computers and networks Include devices for securing computers from theft Cable shielding room shielding Cable shielding example: Two systems are interconnected Network is in the middle And cables are connecting to it from either side. information is stored inside of the packets
E-commerce Transaction Security Measures
Encryption - SSl, TSL Password: Two factor verification - SMS -> pin. DUO -> [Code] Invoice, acknowledging messages, emails, receipts Dispute transactions - E Commerce firm or bank
Zero trust security
Every person and every device that accesses a network must be secured •Within the organization •Outside of the organization •Least-privilege access •User is only given access needed to perform job •Microsegmentation •Break up security perimeters into small zones •Maintain separate access •Multifactor authentication (MFA) •Single access method is not adequate
How firewalls work
Examine data passing into or out of private network and decide whether to allow transmission based on users' IDS, the transmission's origin and destination, and the transmission's contents. rules by network admin. Blacklisted websites
Adware
Form of spyware that collects info about user to determine advertisements to display.
McCumber Cube
Framework for evaluating info security
Authentication
How can the recipient know that data is actually from the sender?
HTTPS
Hypertext Transfer Protocol Secure Appears in URL when website secured by SSL certificate. Details of certificate including issuing authority and corporate name of website owner, viewed by clicking on lock symbol on the browser bar.
Packets
Information transmitted is stored in a packet
Pharming
Internet users directed to fraudulent web sites with intention of stealing personal info. Difference is pharmers hijack official web site address and change website ip address
A. Locked
Key turned all the way to the left
C. Locked
Key turned all the way to the right
Scareware
Malicious software that social engineer uses to cause fear, threat, or anxiety and encourages the recipient to buy software that is infected.
Malicious softwares
Malwares Trojan Virus Worm logic bomb spyware adware keyloggers cryptojacking
Botnet
Network of computers and IoT devices. Infected with malicious software
Company network
Old days: Companies kept data all together in one circle These days: Keep data in cloud network, which is an internet based network. Clouds: Allows people within companies to all have access to data. Examples of companies that use this: Microsoft, Amazon. All the companies trust Amazon to secure and keep the data. But, should they be because of confidentiality.
Pretexting
Operating under pretext to create illusion of legitimacy. May involve outside work
Types of hackers
Script kiddies Black hats White hats
SSL
Secure Sockets Layer Standard technology for keeping internet connect secure/ safeguard sensitive data being sent between two systems, preventing criminals from reading and modifying and info transferred, including potential personal details. The two systems can be a server and a client or server to server.
Steps when developing a comprehensive security plan
Set up a security committee •Post security policy in visible places •Raise employee awareness •Use strong passwords •Install software patches and updates •Revoke terminated employees' passwords and ID badges immediately •Keep sensitive data, software, and printouts locked in secured locations •Exit programs and systems promptly •Limit computer access to authorized personnel only •Periodically compare communication logs with communication billing •Install antivirus programs, firewalls, and intrusion detection systems •Use only licensed software •Ensure fire protection systems and alarms are up to date, and test them regularly •Check environmental factors •Temperature and humidity levels (at data storage units) •Use physical security measures •Corner bolts on workstations, ID badges, and door locks •Consider biometric security measures •Wipe devices before recycling or donating •Consider zero trust security protocols
VPN advantage
Set-up costs are low
Encryption
Symmetry Assymmetric
Confidentiality
System must prevent disclosing info to anyone without access to it. How can you ensure that only the sender and intended recipient can read the message?
Nonreproduction of origin
The sender cannot deny having sent the data. Nonrepudiation of receipt—The recipient cannot deny having received the data.
distributed denial-of-service (DDoS) attack
Thousands of computers work together to bombard a Website with thousands of requests in a short period, causing it to grind to a halt