Domain 3 - Security Vulnerabilities, Threats and Countermeasures

Assess & Mitigate Security Vulnerabilities

Hardware

Memory

Cache RAM

  • used to improve performance by taking data from slower devices and temporarily storing it in faster devices when repeated use likely - cache RAM.
  • Processor
    • Level1 cache - holds onboard cache of v. fast memory
    • Level2 cache - static memory used to support the L1 cache
  • Real Memory - often contains a cache of info held on magnetic media or SSD
  • etc

Real Memory

  • also main memory or primary memory
  • typically the largest RAM storage resource available to a computer
  • usu. composed of a number of dynamic RAM chips and so have to be refreshed periodically by the CPU

Misc Terms

Registers

  • = small amount of on-board memory on a CPU, that provide it with directly accessible memory locations that the ALU uses when processing instructions / performing calcs
  • advantage is that it is part of the ALU itself and so is kept in sync with the CPU at typical CPU speeds

Memory Addressing

Register Addressing

  • eg CPU "register1"

Immediate Addressing

  • not a memory addressing scheme
  • instead a way to refer to data supplied to the CPU as part of an instruction eg. "add 2 to the value in register1"
    • the 2 is the immediate addressing (a value), the second is register addressing
  • memory addressing - is the means by which locations in memory can be referenced. Different addressing schemes:

Direct
Addressing

  • CPU is provided with the actual address of the memory location to access

Base+Offset
Addressing

  • uses a value stored in one of the CPU's registers as the base location from which to start counting
  • CPU then adds the offset supplied with the instruction

Indirect
Addressing

  • the memory address contains another memory address

RAM

Dynamic

uses a series of tiny capacitors - that over time lose their charge, so they have to be periodically refreshed by the CPU

Static

  • more sophisticated - uses flip-flop device (on/off switch) that maintain their state as long as power is maintained
  • no CPU overhead to re-fresh
  • static memory runs more quickly but is more expensive than dynamic (flip-flops more expensive than capacitors)
  • static and dynamic memory are combined to get the 'right' trade off between price and performance for the specific use.

Flash Memory

  • derivative concept from EEPROM
  • non volatile storage that can be electronically erased and re-written.
  • main difference is thar EEPROMs have to all contents erased whereas flash storage can be erased in blocks
  • most common is NAND (memory cards. thumb drives, mobile devices and SSDs) .

Electronically Erasable
Programmable Read
Only Memory (EEPROM)

  • uses electrical voltage to erase contents. More user friendly to do than EPROM

Secondary Memory

  • is data stored on media that is not immediately available to the CPU eg. SSD, flash, CD etc

Virtual Memory

  • special type of secondary memory that the OS makes to look and act just like real memory eg. pagefile.
  • cheap but slow

Erasable Programmable
Read-Only Memory (EPROM)

  • have small window where special UV light is shone and this erases the contents, allowing new contents to be burned in

Memory Security Issues

  • data may remain on the chip after power removed
  • memory chips are easy to steal
  • control of access to memory in a multi-user system

ROM

Programmable Read
Only Memory (PROM)

contents can be burned in once. After that can't be changed

used where some customisations are needed but changes not needed once done

Processor (CPU)

H/W compoments

Processor /
Architecture Types

CISC

  • Complex Instruction Set Computer
  • Forerunner to RISC
  • can execute several low level instructions in a single instruction

RISC

  • Reduced Instruction Set Computer
  • has reduced instruction set
  • the simple instructions need less clock cycles
  • was possible due to an increase in the speed of memories and the ability to get more work done in less clock cycles

Scalar

  • executes 1 instruction at a time

Superscalar

parallel instruction set for increased performance

Program Status Word Register (PSW)

holds the application's operating state eg. user mode or privileged mode

ALU

arithmetic

Control Unit

  • syncs opns
  • manages the instructions it receives from memory; decodes and executes and determines which instructions have priority

Memory Management Unit

handles addressing and cataloging of data stored in memory and translates logical addressing into physical addressing

Stack Pointer
Register

holds the address of the next instruction to be executed

Bus Interface
Unit

supervises transfers data transfers over the bus system between the CPU and I/O devices

Execution Types

multi-tasking

simultaneous execution of
more than 1 application on a
computer and is managed by the OS

most rely on OS to simulate (switches between tasks)

multi-threading

permits multiple concurrent tasks to
be performed within a single process

thread = self contained sequence of instructions that can execute in parallel with other threads that are part of the same parent process

used often in apps with frequent context switching

  • switching threads within a process ~40-50 instructions to switch
  • switching processes ~1000 instructions

example: multiple word docs - 1 process, multiple threads

  • sym multi-processing systems use threading at OS level. Sends one thread to each available processor for simultaneous execution #

multi-
processing

Symmetric
Multiprocessing (SMP)

where 1 computer contains
multiple processors which are all
treated equally and
controlled from a single OS

  • share common data bus, memory resources
  • can be large num processors
  • normally enough for most systems

good at processing simple
ops at very high rates

use of more than 1 processor
to increase computing power

Next Gen
multiprocessing

  • with advent of dual-core / quad-core
    processors single CPU
    multi-processing now possible

Massive Parallel
Processing (MPP)

typically house 100's/1000's of processors,
each with own OS,memory and databuses

  • for computationally intensive task, controlling app delegates responsibility to 1 processor
  • the processor breaks down task and delegates these to other processors
  • results returned to coordinating processor and combined then results returned to app

very powerful but very expensive

used mostly for computing or computational based research

good for processing v. large,
complex and computationally expensive
tasks that can be broken down
and distributed to subordinate units

multi-programming

similar to multi-tasking but
takes place on mainframe systems
and requires specific programmming

  • way to serialise multiple processes, so when 1 task waits for peripheral next task can resume.
  • 1st task doesn't resume until all other processes in batch have had their chance
  • for 1 task very slow but overall improves efficiency for all tasks in total

considered to be obsolete (legacy only)

multi-programming vs multi-tasking?

  • mp: large scale sys eg. mainframe vs
    mt: PCs (windows/linux)
  • mp: coordinated by specially written s/w and then executed via OS vs mt: coordinated by OS #

chip(s) that governs
all major ops

Any tangible part of c/p (can reach out and touch)

Processing Types

Single State

can only operate at 1
security level at a time

  • require policy mechanisms to
    manage info at diff security levels
  • sec admins approve a system
    to handle only 1 sec level at a time
  • burden on sec admins rather than h/w

Multi State

can simultaneously operate
at multiple security levels

uses specialised security
protection mechanisms multistate uses ...

relatively uncommon due to
expense of implementing mechanisms

Storage

Random vs
Sequential

Random

Sequential

Volatile vs
Nonvolatile

Volatile

nonvolatile

Storage Media
Security Issues

  • data remanence - data may remain on secondary storage even after being erased
  • removable media can be used to steal data
  • access to data is v. important security concern - access controls and enc must be applied to protect data

Primary vs
Secondary

Primary

Secondary

some storage types

NAS

  • Network Attached Storage
  • the storage devices are directly connected to a file server that makes the storage available at a file-level to the other computers. In a SAN, the storage is made available at a lower "block-level", leaving file system concerns to the "client" side.

typically shared by users and servers

SAN

  • storage area network (SAN)
  • is a network which provides access to consolidated, block level data storage.
  • SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear to the operating system as locally attached devices

typically used by servers

Input & Output
Devices

security risks ...

Monitors

  • can be compromised via TEMPEST

Printers

  • leave print-outs on printer
  • data stored locally on printer eg. on HDD, or RAM

Keyboards & Mice

  • TEMPEST vulnerable
  • Key stroke devices fitted into keyboard
  • Bluetooth can be intercepted

Modem

  • allow uncontrolled access into a n/w
  • if not properly configured can cause major security issues
  • consider total ban on modems

Protection Mechanisms

Protection Rings

  • organises code + components in OS and Apps that run under the OS into concentric rings
  • the deeper into the rings the higher the privilege level
  • most modern OS's use 4 rings ... 0 to 3

💥
Ring 0: OS Kernel / Memory (Resident Components)
Ring 1: Other OS Components
Ring 2: Drivers, Protocols etc
Ring 3: User Level Programs and Applications


Rings 0-2 run in supervisory/privileged mode
Ring 3 runs in user mode

  • dates back to Multics (1963-69) from which Unix derived

Security ... ring model allows OS to:

  • protect itself from users and apps
  • can enforce strict boundaries between high priv OS components and lower privilege parts of the OS/drivers

memory segmentation

  • strictest = each ring has own memory segment
  • requests for memory addr in lower ring, must call helper process in lower level ring

In practice many OS break into 2 memory segments

  • Kernel Mode / Privileged Mode - rings 0 to 2
  • User Mode - ring 3 user level programs
  • Essence = priority, priv and memory segmentation
  • process in lower numbered ring always runs before process in higher ring
  • processes in lower rings can access more resource and access OS more directly
  • mediated access model - higher ring processes need to ask handler/driver in a lower ring for services

in runtime env need to integrate sec info & ctrls to protect the integrity of the OS, manage which users can access specific data items, authorise/deny ops against data etc

mechanisms designed to prevent
info crossing between security levels

Operating Modes

User Mode

  • basic mode used by OS when executing user p/ms
  • often processes run in a virtual machine or virtual subsystem machine
    • simulated env created by OS as safe/efficient place for p/ms to execute
    • each VM is isolated

Privileged Mode

... also known as

  • supervisory / system / kernel mode

NB: don't confuse processor modes with user modes!

  • even tho high level processor mode is called 'privileged / supervisory' it has no relationship to the role of a user
  • all users apps (incl. those of admins) run in user mode
  • when sys admins use sys tools to make config changes this is done in user mode
  • when an app needs to run a priv op, it requests the OS using sys call (which OS has to approve) before it is executed using a priv mode not controlled by the user

Process States
aka Operating States)

  • OS can run in:
    • supervisor state - privileged, all access mode
    • problem state - user mode
      • priv are low, all access reqs checked against authorisation before granted/denied
      • because unprivileged nature of user access means problems can occur and the sys must take appropriate measures to protect security, integrity and confidentiality

* are different types of execution in which a process may run

States:

  • Ready - process ready to resume/begin processing
  • Waiting ("waiting for a resource" - sometimes called 'blocked'
  • Problem (Running) - process runs until it completes, time slice completes or it is blocked
  • Supervisory - when the process needs to perform an action that needs higher privileges than the problem state's set of privileges ie. anything not occuring in ring3 (problem state) needs to take place in supervisory mode
  • Stopped - process finishes or error occurs ... OS can recover all memory / resources allocated
  • processing queue
  • consume process time in fixed chunks = time slice
  • if not finished process gets added to queue
  • process scheduler usually selects highest priority process, so no guarantee when a process will be next run

Security Modes

  • what needs to be in place for these security modes?
    • hierarchical MAC env
    • total physical control over which subjs can access c/p console
    • total physical ctrl over which subjects can enter same room as c/p console

Dedicated
Mode equivalent to ...

all users need to have appropriate clearance, access permissions and need to know for all info stored on the system

each user must have:

  • sec clearance allowing access to all info processed by system
  • access approval for all info processed by the system
  • valid need to know for all info processed by the system
  • Need to know - relates to access authZ scheme where a subject's right to access obj takes into account not only privilege level but also their relevance to their role
    • those with no need to know shouldn't access the object regardless of their priv level

System High Mode

removes need to know requirement

each user must have:


  • sec clearance allowing access to all info processed by system
  • access approval for all info processed by the system


  • valid need to know for some info processed by system


  • US gov - 4 approved security modes for processing classified info
  • only used by gov and gov contractors but still need to know
  • as move from dedicated mode -> multi level mode
  • burden of enforcing requirements shifts from admin personnel (to physicaly restrict the system) to the h/w and s/w which control which info can be access by each user

Compartmented Mode

removes need to know and access permissions requirements

each user must have:

  • sec clearance allowing access to all info processed by system
  • access approval for any info they will have access to on the system
  • valid need to know for all info they will have access to on the system

CMW - Compartmented
Mode Workstations

  • special implementation of mode
  • users with necessary clearance can process multiple compartments of data at same time
  • 2 forms of sec labels need adding to each object
    • sensitivity levels - levels at which obj needs protecting
    • information labels - prevents data over classification and associate additional info with the objects

Multilevel Mode
(also Controlled
Sec Mode)

removes all 3 requirements

  • some users don't have valid sec clearance for all info processed. Access controlled by whether subj's clearance level dominates the object's sensitivity levels
  • each user must have access approval for all info they will access on the sys
  • each user must have a valid need to know for all info they will have access to

c/p architecture is an engineering discipline concerned with the design and construction of computing systems at a logical level

more complex a system, the less assurance it provides:

  • more complex = more areas for vulnerabilites
  • = more areas must be secured against threats

I/O Structures

  • related to general I/O operations rather than individual devices
  • esp for older legacy / non PnP devices
  • 3 main types of opns that require manual config on legacy devices:

Memory Mapped IO

  • where part of the address space that the CPU manages functions to provide access to some kind of device through a series of memory mapped addresses
  • reading the memory mapped locations, you are reading effectively from the device.
  • write to the memory mapped addresses and you are writing to the device
  • only allow 1 device access to the memory addresses
  • allow access should be through OS and subject to normal authZ and access controls

Interrupt (IRQ)

  • Interrupt Request
  • a technique for assigning specific signal lines to specific devices through a special interrupt controller

only the OS should be able to mediate access to IRQs at a sufficiently high level of priv to prevent tampering or accidental change

Direct Memory Access

  • devices that can exchange data directly with real memory (RAM) w/o needing held from the CPU use DMA to manage this
  • works as a channel with 2 signal lines
    • DMA Request (DMQ)
    • DMA Acknowledgement (DACK)
  • for config - manage addresses to keep device addresses unique and to make sure the addresses are only used for DMA
  • for sec - only the OS should be able to mediate DMA assignments and the use of DMA to access IO devices

Firmware

  • describes s/w stored on ROM chip
  • 2 types of firmware:

BIOS

  • on a motherboard
  • Basic Input/Output System (BIOS)
  • holds simple instructions to boot the OS from disk
  • updating = "flashing"
  • usu. stored on EEPROM
  • being replaced (since 2011) with UEFI
  • UEFI = Unified Extensible Firmware Interface
  • more advanced i/f between the h/w and OS

Device Firmware

  • general internal and external device firmware
  • many h/w devices need ltd processing power to complete tasks w/o loading the CPU.
  • these 'mini OSs' are contained in firmware on chips
  • usu. stored on EEPROM

Essential Security
Protection Mechanisms

Policy Mechanisms

  • are extensions of basic comp science doctrine

Principle of Least Privilege

  • esp. user mode vs supervisor mode

Separation of Privilege

  • builds on principle of least priv
  • granular access permissions ie. different permissions for each type of priv op
  • allows designers to assign some processes rights to perform certain supervisory funcs w/o granting them unrestricted access to the sys
  • allows reqs rto be inspected, checked against access controls and granted/denied based on the id of the user making the reqs or on groups to which the user belongs or sec roles they have

Accountability

  • reply on a system's ability to monitor activity on and interactions with a system's resources and config data and to protect resulting logs from unwanted access or alteration
  • relies on authN and authZ components

Security Policy &
Computer Architecture

  • role of sec policy = to guide and inform the design, dev, impl, testing and maintenance of a system.
  • for sys devs, a security policy is a doc that defines a set of rules, practices and procs that describe how the system should manage, protect, and distribute sensitive info.

multi-level security policies = security policies that prevent info flow from higher security levels down to lower sec levels

  • security needs to be applied throughout life-cycle
  • fact: 3rd party s/w should not be trusted
  • OS must use protection mechanisms to keep env stable and keep processes isolated.
  • computer system designers should adhere to a number of protection mechanisms / principles when designing secure sys

Technical Mechanisms

Layering

  • implement a structure similar to ring model for operating modes and apply it to each OS process
  • comms between layers only via well-defined, specific i/fs to provide the needed security
  • all in-bound reqs from outer (less sensitive) layers are subject to stringent authN and authZ checks
  • so that layer integrity is maintained inner layers don't know or depend on outer layers
  • no layer can tamper with the other
  • outer layers cannot violate or override any sec policy enforced by an inner layer

Abstraction

  • black box - users of an obj / OS don't need to know the details of how the object works; just need to know how to call the obj and what results will be returned.
  • essentially same used for mediated access to data or svcs
  • also, abstraction used for object groups (classes) where access control and operation rights are assigned to groups of objects rather than on a per-object basis.
  • the controls that system designers should build into systems

Data Hiding

  • important in multi-level sec sys
  • ensures data existing at one sec level is not visible to processes running at different sec levels
  • place objects in security containers that are different from those that subjects occupy to hide obj details from those with no need to know,

Hardware Segmentation

  • similar purpose to process isolation - prevents access of info that belongs to another process / sec level
  • does this by use of physical h/w ctrls
  • this is rare eg. national security implementations

Process Isolation

  • requires that the OS provides a separate memory space for each process's instructions and data
  • also requires OS to enforce the boundaries to prevent access
  • advantages:
    • prevents unauthorised data access
    • protects the integrity of processes
  • implement via VMs on per user or per process basis

Common Architecture
Flaws & Security Issues

Attacks based on
Design or Coding Flaws
& Security Issues

Input and Parameter Checking

  • esp. buffer overflow
  • buffer overflow is big opportunity for compromise
  • developers responsible for preventing this

Maintenance Hooks &
Privileged Programs

  • maintenance hook = backdoor = entry point into a sys known only by the developer
  • running a p/m whose sec level is elevated during execution is also vulnerability
    • need to be carefully written and tested
    • make accessible only to appropriate users
    • harden against misuse

Initialisation and Failure States

  • when an unprepared sys crashes and recovers there are opportunities to compromise security controls
  • many systems unload sec controls as part of shutdown procedures - Trusted Recovery ensures that all ctrls remain in place in the event of a crash.
  • during Trusted Recovery the sys ensures there is no chance to access when sec ctrls are disabled. Even recovery phase runs with ctrls intact.

Incremental Attacks

  • attacks which occur in slow, gradual increments

Data Diddling

  • where an attacker gains access and makes small, random or incremental changes to data during storage, processing, i/p, o/p or transaction
  • difficult to detect unless regular data integrity check (eg. checksum) is done each time a file is read or written
  • protection?:
    • encrypted file sys
    • file level enc
    • file monitoring which includes integrity checks eg. Tripwire

Salami Attack

  • refers to the systematic whittling of assets in accounts or other records with financial value where v. small amounts are deducted from balances regularly.
  • no actual proven cases, but it is a possible attack type

Programming

  • buffer overflow
  • exception handling - if a p/m doesn't exit gracefully. May be possible to crash a program after it has increased its sec level to carry out a normal task, then attacker may be able to compromise

Timing, State Changes
& Comm Disconnects

  • attackers can develop attackers based on the predictability of task execution
  • race condition attacks
    • because attacker is racing with the legitimate process to replace the obj before it is used.
    • ex: TOCTTOU attack

* communication disconnects attacks: * take action between 2 known states when the state of a resource or the entire system changes

  • all these are called state attacks because they attack timing, data flow control, and transition between one state to another

Technology & Process Integration

  • in biz continual process of integrating / intertwining existing processes in novel ways to come up with new functions / capabilities
  • pay attention to
    • single points of failure
    • emergent weaknesses in Service Orientated Architectures (SOA)
  • SOA
    • creates new apps / funs from existing but distinct s/w svcs
    • resulting app often is new - its security issues are unknown
    • all new deployments, esp new app/funcs need to be thoroughly checked

Covert Channels

* a method that is used to pass info over a path that is not normally used for comms

  • may not be protected by normal sec mechs (as not a comms channel)
  • covert channel provides a means to circumvent a security policy undetected
  • overt channel = a known, expected, authorised, designed, monitored and controlled method of comms
  • 2 types of covert channels:

  • covert timing channel
    • conveys info by altering the performance of a system component or by modifying a resource's timing in a predictable way.
    • very difficult to detect
  • covert storage channel
    • conveys info by writing data to a common storage area where another process can read it.
  • detection can be difficult, Best way is to implement auditing and analyse log files for any covert channel activity

Electromagnetic Radiation

  • EM emanations can be intercepted
  • should shield equipment, physically restrict personnel and devices
  • TEMPEST technologies can provide protection (faraday cages, jamming / noise generators etc)

Database Security

Inference

  • inference attacks involve combining several pieces of non sensitive info to gain access to info that be classified at a higher level
  • uses human deductive capacity rather than raw mathematical ability of database systems

How to address?

  • best defence is to keep track of permissions granted to individuals
  • also by intentionally blurring data eg. rounding salary totals to the nearest million
  • also can use database partitioning

Data Mining &
Data Warehousing

  • Data Dictionary
    • commonly used for storing critical info about data eg. usage, type, sources, relationships, formats
    • DBMS s/w reads the data dictionary to determine access rights for users
  • Data Mining
    • allows analysts to search through data warehouses for correlated info
    • data mining techniques result in the creation of data models that can be used to predict future activity
    • the activity of data mining produces Metadata
  • Data Warehouse
    • large DBs used to store large amounts of data from a variety of DBs
    • often hold historical info that cannot be kept in the main databases
  • Metadata
    • is data about data (or a concentration of data)
    • ex: security incident report produced from metadata extracted from a data warehouse of audit logs
    • usu. metadata is more valuable or sensitive than the bulk of data in the data warehouse. So often metadata is stored in a more secure container - the Data Mart
  • data warehouses and data mining important because:
    • data warehouses hold large amounts of potentially sensitive info , vulnerable to aggregation and inference attacks
      • data mining can be used as a sec tool when used to develop baselines for statistical anomaly-based IDS

Agreggation

  • aggregation = combining records from one or more tables to produce potentially useful info
  • aggregation attacks used to collect lots of low level security items or low value items and combine them to create something of a higher sec level or value.

How to address?

  • database security admins should strictly control access to aggregate functions and properly assess the potential info they may reveal to unauthorised people.

Data Analytics

is the science of raw data examination with the focus on extracting useful info out of the bulk data set

  • Big Data
    • refers to the collections of data that have become so huge that traditional means of analysis are ineffective.
    • Big data involves numerous challenges around collection, storage, analysis, mining, transfer, distribution and results presentation.
    • potential to reveal nuances and idiosyncrasies that are not apparent in smaller data sets

from security perspective ... orgs are trying to collect ever more detailed event and access data to help assess compliance, improve efficiency, productivity and to improve detecting violations

Large Scale Parallel
Data Systems

  • numerous calcs simultaneously
  • break large tasks into smaller pieces and execute in parallel by distributing each sub-element to a different processing subsystem.
  • the complexity of using large nums of processing systems often results in unexpected increase in problems and risks
  • area of large-scale parallel data systems still developing
  • is likely to be important tool in managing big data and will often involve cloud computing, grid computing or peer-to-peer computing solutions

Client Based

Applets

Java Applets

  • Java is compiled into byte code
  • JVM takes the byte-code and executes it (eg. using JIT compiler into machine code)
  • big advantage is that Java is platform independent.
  • Java applets are short java p/ms download to perform operations on a remote system
  • Java built with security in mind
  • Sandboxed - isolates Java code objects from the rest of the OS and enforces strict rules about the resources these objs can access
  • altho' sandboxing reduces the malicious attack scenarios, there are still plenty of vulnerabilities that can/have been exploited

sec vul:

  • allow a remote system to send code to the local system for execution
  • may contain a Trojan Horse component (unless code can be analysed line by line)
  • self contained miniature p/ms sent from a server to a client to perform a particular action

ActiveX Controls

  • MS version of Java Applets
  • operate in similar way by implemented using a variety of languages eg. VB, C, C++. Java

Differences:

  • uses proprietary MS tech and so can only run on MS browsers
  • ActiveX controls are not sandboxed and have full access to the window's OS and can perform privileged actions

MS Edge doesn't support ActiveX

Local Caches

anything temporarily stored on the client for future re-use

ex: ARP cache, DNS cache, Internet files cache etc

ARP Cache
Poisoning

  • ARP = Address Resolution Protocol
  • used to map IP network addresses to the hardware addresses used by a data link protocol
  • form1: caused by an attack responding to ARP broadcast queries in order to send back falsified replies. If the false reply is received back first then this is used to populate the ARP cache and the valid reply is discarded
  • form2: create static ARP entries. Done via the ARP command and has to be done locally
  • Once ARP poisoning occurred traffic will be sent to the wrong address

Internet Files Cache

  • a number of exploits can cause the client to download content and store it in the cache that was not an intended element of a requested web page.
    • split-response attack
    • mobile code scripting attack
  • once files have been poisoned in the cache, then even when a legitimate web document calls on a cached item, the malicious item will be executed.

DNS Cache Poisoning

HOSTS poisoning

adding false info in the hosts file

authorised
DNS server
attacks

  • aim to alter the primary record of a FQDN on its original host system
  • the authoritative DNS server hosts the zone file or domain database. If this is modified, then the change will propagate across the intenet
  • these attacks tend to be noticed quickly
  • so most attacks focus on caching DNS servers instead
  • similar to ARP cache - once a client receives a response from DNS, the response will be cached.

caching DNS
server attacks

is any DNS system deployed to cache DNS info from other DNS servers

  • most companies and ISP have their own caching DNS servers which means the attack is not so closely watched for.

DNS lookup
address changing

  • this focuses on sending an alternate IP address to the client to be used as the DNS server the client uses for DNS queries
  • DNS server address usu. sent to clients via DHCP but it can be assigned statically
  • these attacks focus on changing the DNS server lookup address (attacks can be scripted)

DNS query spoofing

  • happens when the hacker is able to eavesdrop on a client's query to a DNS server. The attacker then sends back a reply with false info

Distributed Systems

  • bring a host of vulnerabilities as systems are exposed to the outside world
  • in general safeguarding distributed envs means understanding the vulnerabilities to which they are exposed and applying appropriate safeguards - technology solutions and controls, to policies and procedures

Cloud Computing

SaaS

Software-as-a-Service

  • SaaS moves the task of managing software and its deployment to third-party services
  • provides on-demand access to specific s/w apps w/o need for local installation
  • usu. few local OS or h/w limitations
  • sometimes subscription (eg. O365), PAYG or free (eg Google Docs)

PaaS

Platform-as-a-Service

  • functions at a lower level than SaaS, typically providing a platform on which software can be developed and deployed.
  • PaaS providers abstract much of the work of dealing with servers
  • gives clients an environment in which the operating system and server software, as well as the underlying server hardware and network infrastructure are taken care of
  • leaves users free to focus on the business side of scalability, and the application development of their product or service
  • where processing and storage are elsewhere over a network connection rather than locally.

IaaS

Infrastructure-as-a-Service

  • at a lower level than SaaS and PaaS
  • provides thefundamental building blocks for cloud services.
  • IaaS is comprised of highly automated and scalable compute resources, complemented by cloud storage and network capability which can be self-provisioned, metered, and available on-demand.
  • IaaS is the most flexible cloud computing model and allows for automated deployment of servers, processing power, storage, and networking.

(P2P) Peer to Peer

  • are networking and distributed application solutions that share tasks and workloads amongs peers
  • similar to grid computing except there is no central management system and the services provided are usually real time
  • ex: BitTorrent, Skype, Spotify
  • Sec concerns
    • perceived inducement to pirate copyrighted materials
    • ability to eavesdrop on distributed content
    • lack of central control / oversight.
    • potential for services to consume all available bandwidth

Grid Computing

a form of parallel distributed processing that loosely groups a significant num of processing nodes to work towards a specific processing goal

  • members of the grid can enter/leave at random points - often joining only when grid members have spare capacity and leaving as soon as they don't
  • when a sys leaves the grid it will save its work and may upload completed or partial work elements back to the grid
  • biggest security concern is that the content of each work packet is potentially exposed to all
    • many grid computing projects are open to all
    • grid members could keep copies and examine contents
  • not appropriate for Confidential, private or proprietary data
  • grid computing computational capacity can change from moment to moment and work packets may be delayed or never returned.
  • often uses a central primary core of servers to manage the project, track work packets and integrate returned work segments (so vulnerable in case these servers are not available)
  • risk that if the central servers are compromised they can be used to attack grid computing members

Server Based

  • issue of data flow control
  • management of data flow important
  • efficient transmission with minimal delays
  • also reliable throughput using hashing and protecting confid with encryption,
  • when data overflow - data may be lost of corrupted or a need to re-transmit
  • data flow control provided by networking devices eg. routers, switches, n/w appliances etc

(ICS) Industrial Control Systems

  • wide num industries
  • num different types of ICS

DCS (Distributed
Control Systems)

  • usu. industrial process plans where the need to gather data and implement control over a large scale env from a single location is essential.
  • controlling elements are distributed across the monitored env eg. manufacturing floor or production line
  • the centralised monitoring locations send commands out of those localised controllers whilst gathering status and perf data
  • DCS can be analogue or digital

an ICS is a form of computer management device that controls industrial processes and machines

PLC (Programmable
Logic Controllers)

  • effectively are single purpose or focused purpose computers

typically deployed for the mgmt & automation of industrial electro-mechanical ops eg. controlling systems on an assembly line

SCADA (Supervisory Control and Data Acquisition)

  • can operate as a stand-alone device, be networked together with other SCADA sys, or with normal c/ps
  • most have minimal user interfaces eg. knobs, buttons, simple LCD screen
  • the static design and minimal human i/fs should make the systems fairly resilient to compromise or modification. So little security was built in
  • rootkit such as Stuxnet targeted a SCADA system.
  • many SCADA vendors have now started implementing sec improvements into their products.

Vulnerabilities in Mobile Systems

  • Android
    • OS based on Linux; 2008 first version
    • used widely (not just on mobile devices)
    • lots of different flavours
    • lots of sec vulnerabitlies
    • root increases a device's sec risk as all processes then run with root priv
  • wide range of sec features available but needs to be enabled and properly configured
  • mobile devices themselves hold sensitive data (contacts, phone numbers, emails etc)
  • loss of mobile device can mean compromise of personal and corporate data
  • eavesdropping - most conversations can be tapped into, and of course if close by can hear the conversations!
  • malicious insiders can bring in malicious code on storage devices (phones, tablets, memory cards, usb drives etc
  • can be used to leak/steal internal confidential/private data
  • photos of confidential material
  • smartphones + other mobile devices
  • v. popular,
  • internet capable and connect to corporate n/ws
  • significant potential for harm

Device Security

Screen Locks

GPS

Lockout

  • happens when a user fails to provide their credentials after repeated attempts, the device is locked out for a period of time or until the admin clears the lock out flag

Application
Control

  • a device mgmt solution that limits which apps can be installed on a device.
  • also to force certain apps to be installed or to enforce settings on various apps
  • can reduce exposure to malicious apps by limiting user ability to install apps that come from unknown sources

Remote Wiping

Storage
Segmentation

used to artificially compartmentalise various types or values of data on a storage medium.

  • ex: OS and pre-installed apps isolated from user downloaded apps

Full Device
Encryption

  • worthwhile encrypting all data but not protected if phone left unlocked

Asset Tracking

  • management process used to maintain oversight over an inventory, such as deployed mobile devices
  • asset sys can be active or passive
  • passive = relies on asset to check in with the asset service on a regular basis
  • active = uses polling/pushing technology to send queries out to devices
  • used to check authZ user still has the device
  • also can be used for verifying compliance with sec guidelines, or check for exposure of confidential info to unauthorised entities

Disabling Unused Features

Inventory Control

  • can relate to Asset Tracking
  • also can mean using mobile device for inventory control eg. in a warehouse. can use camera, RFID, NFC

Removable Storage

MDM (Mobile Device Management)

  • s/w solution to the challenging task of managing mobile devices used to access co. resources
  • can use to add/remove apps, manage data etc
  • with co devices and BYOD devices

Device Access Control

  • most mobile devices not secure even if locked - so to secure should enforce device encryption
  • iOS
    • Apple fully control the OS
    • can jailbreak (break iOS sec and access restrictions)

Application Security

Credential Management

is the storage of credentials in a central location

Key Management

  • most failures with cryptosystems is due to key management
  • good key selection = truly random numbers
  • most mobile devices have poor random num generators or access Random Number Generarors (RNG) over wireless link.
  • need to store keys securely. Best options
    • removable hardware
    • use TPM (Trusted Platform Module)

Authentication

  • mobile device authentication usu. simple
  • password, pin, face recog, fingerprint, proximity device etc
  • best to combine with encryption of drive
  • also need to focus on the apps used on the devices

Geotagging

  • where GPS enabled devices embed location info in data (eg. photograph)
  • location info can be valuable to a malicious user

Encryption

storage encryption

  • most mobiles support storage encryption. This should be enabled

communication encryption

  • some devices offer native support for communications encryption
  • num apps (eg. whatsapp) can add enc to data sessions, voice and/or video conferences

Application Whitelisting

  • also known as implicit deny and deny by default
  • prevents unauthorised s/w from running (inc. malware) unless it is on a pre-approved exceptions list
  • one of the few options remaining that shows real promise in protecting devices.
  • however, it can be circumvented with kernel level vulnerabilities and app config issues

BYOD Concerns

Support Ownership

  • who responsible for device repair?
  • BYOD policy should define what support to be provided by org and what by the individual

Data Ownership

  • personal and biz data
  • sometimes can segment private and biz
  • if lost can company wipe device?
  • BYOD policy should address backups for mobile devices

Patch Management

  • BYOD policy to define means and mechanisms of patch management
  • users need to understand the benefits, restrictions and consequences of using BYOD
  • reading and signing off on the BYOD policy + attending overview / training may be enuf for 'reasonable awareness'

Antivirus Management

  • BYOD policy should define what antivirus, anti-malware and anti-sypware scanners should be installed
  • policy allowing employees to bring their own devices into the office and use those devices to connect to (or through) the company networks to biz resources and/or inet.
  • increases risk to org

Forensics

  • BYOD policy should address forensics and investigations relating to mobile devices. Users need to know that in case of a sec violation or criminal activity that the mobile device might be involved; what could happen during the data gathering and whether it would be destructive or require the device to be confiscated

On-board Camera / Video

Acceptable Use Policy

Privacy

  • privacy and monitoring
  • works need to agree to be tracked/monitored and to give up some/most privacy even when not on comp property.
  • personal device under BYOD should be considered quasi-company property

Legal Concerns

  • increased liability and risk of data leakage

On-Boarding / Off-Boarding

  • on-boarding = installing security, management and productivity apps + secure config settings
  • off-boarding = removing these + company data (device wipe may be needed)

Architectural / Infra Considerations

  • orgs should evaluate their n/w and sec design, architecture and infrastructure to cope with additional devices and the implications of BYOD
  • impact on IP assignments, comms isolation, IDS impact etc

Adherence to Corporate Policies

User Acceptance

Web-Based
Systems Vulnerabilities

  • wide variety of system vulnerabilities and threats, including:

XML

XML Exploitation - a type of programming attack that is used to either falsify info being sent to a user or cause their sys to give up info w/o authZ

SAML

  • sec association markup language
  • abuses often focussed on web-based authN
  • if can falsify SAML comms or steal a visitor's access token then can bypass authN and get unauthorised access to a site
  • OWASP - Open Web Application Security Project
    • non profit security project focusing on improving sec for online or web based apps
    • also a large community that shares info, methodologies, tools, techniques etc related to better coding practices and more secure deployment architectures

Embedded Devices &
Cyber Physical Systems

Examples of Embedded
& Static Systems

IOT # # #

  • an extension of cyber-physical, embedded and n/w enabled devices
  • collection of devices that can communicate with one another over i/net or with control console in order to affect and monitor the real world

Cyber-Physical
Systems


  • devices that offer a computational means to control something in the real world
  • ex: key elements in robotics, sensor n/ws

robotic element

  • any computational device that can cause a movement to occur in the real world

sensors

  • any device that can detect physical conditions (temp, light, movement etc)

ex: prosthetics, collision avoidance in vehicles, precision in robot surgery etc

Mainframes

high end computer systems used to perform highly complex calcs and provide bulk data processing

  • older mainframes - static envs - designed to perform a single task
  • modern mainframes = much more flexible

Games Consoles

In-vehicle computing systems

network enabled devices

  • any portable or non portable device with native network capabilities
  • wifi, wired, bluetooth network enabled
  • ex: smartphones, tablets, smart TVs, Amazon fire tv stick etc.

Methods of Securing

Network Segmentation

  • involves controlling traffic among networked devices
  • can be used to isolate static envs to prevent changes and/or exploits reaching them
  • Complete/Physical n/w segmentation = when a n/w is isolated from all outside comms, so transactions can only occur between devices in the segmented n/w
  • logical n/w segmentation = with VLANS, other traffic control (MAC filtering, IP Addresses, physical ports, TCP/UDP etc)

Security Layers

* exist where devices with different levels of classification or sensitivity are grouped together and isolated from other groups with different levels

  • isolation can be absolute or one directional eg. lower level may not be able to start comms with higher level, but higher can initiate with lower
  • isolation can be physical or logical
    • logical isolation = needs classification labels on data/packets that needs to be respected
    • physical isolation = implement network segmentation or physical air gaps between n/ws of different sec levels

Manual Updates

  • should be used in a static env to ensure only tested and authorised changes are implemented
  • the problem with embedded and static systems is that they are minimal systems, with focus on reduced costs.
  • often lack of security, and difficulty with upgrades and patches

Application Firewalls

  • application f/w - is a device, server add-on, virtual svc, or sys filter that defines a strict set of comms rules for a service and its users
  • designed to be application-specific server f/w to prevent app specific protocol and payload attacks
  • network firewall - a h/w device (appliance) designed for general n/w filtering.
  • designed for broad protection for an entire n/w
  • should use both app and n/w firewalls in sequence

Control Redundancy & Diversity

  • defence in depth - uses multiple types of access control in literal or theoretical concentric circles.

Wrappers

  • wrappers can be used in malware eg. trojan horse (combines a benign host with malicious payload)
  • can also be used as encapsulation solutions.
  • some static envs can be configured to reject changes unless via a controlled channel.
    • The controlled channel can be a wrapper.
    • The wrapper can include integrity and authN features to ensure only intended and authZed updates are applied to a sys

Firmware Version Control

  • firmware updates should be implemented manually
  • oversight of firmware vers ctrl should focus on maintaining a stable operating platform while minimising expsure to downtime or compromise

Static Systems

  • a static environment / system is a set of conditions, events and surroundings that don't change
  • intended to remain unchanged
  • ex static systems:
    • applications, OSs, h/w sets, networks
      ... that are configured for a specific function and then to remain unaltered
  • always chance of h/w failure, s/w bug that could lead to an unexpected change

Embedded System

  • embedded system = a computer implemented as part of a larger system
  • can be ltd set of functions to support larger product it is part of
  • full computer or microcontroller (integrated chip with on-board memory and peripheral ports)
  • ex embedded systems:
    • network attached printers
    • smart TVs
    • HVAC Controls
    • Smart Appliances