Please enable JavaScript.
Coggle requires JavaScript to display documents.
Domain 3 - Security Vulnerabilities, Threats and Countermeasures…
Domain 3 - Security Vulnerabilities, Threats and Countermeasures
-
-
-
Database Security
Inference
- inference attacks involve combining several pieces of non sensitive info to gain access to info that be classified at a higher level
- uses human deductive capacity rather than raw mathematical ability of database systems
How to address?
- best defence is to keep track of permissions granted to individuals
- also by intentionally blurring data eg. rounding salary totals to the nearest million
- also can use database partitioning
-
Agreggation
- aggregation = combining records from one or more tables to produce potentially useful info
- aggregation attacks used to collect lots of low level security items or low value items and combine them to create something of a higher sec level or value.
How to address?
- database security admins should strictly control access to aggregate functions and properly assess the potential info they may reveal to unauthorised people.
Data Analytics
is the science of raw data examination with the focus on extracting useful info out of the bulk data set
- Big Data
- refers to the collections of data that have become so huge that traditional means of analysis are ineffective.
- Big data involves numerous challenges around collection, storage, analysis, mining, transfer, distribution and results presentation.
- potential to reveal nuances and idiosyncrasies that are not apparent in smaller data sets
from security perspective ... orgs are trying to collect ever more detailed event and access data to help assess compliance, improve efficiency, productivity and to improve detecting violations
-
Client Based
Applets
Java Applets
- Java is compiled into byte code
- JVM takes the byte-code and executes it (eg. using JIT compiler into machine code)
- big advantage is that Java is platform independent.
- Java applets are short java p/ms download to perform operations on a remote system
- Java built with security in mind
- Sandboxed - isolates Java code objects from the rest of the OS and enforces strict rules about the resources these objs can access
- altho' sandboxing reduces the malicious attack scenarios, there are still plenty of vulnerabilities that can/have been exploited
sec vul:
- allow a remote system to send code to the local system for execution
- may contain a Trojan Horse component (unless code can be analysed line by line)
- self contained miniature p/ms sent from a server to a client to perform a particular action
ActiveX Controls
- MS version of Java Applets
- operate in similar way by implemented using a variety of languages eg. VB, C, C++. Java
Differences:
- uses proprietary MS tech and so can only run on MS browsers
- ActiveX controls are not sandboxed and have full access to the window's OS and can perform privileged actions
-
Local Caches
-
ex: ARP cache, DNS cache, Internet files cache etc
ARP Cache
Poisoning
- ARP = Address Resolution Protocol
- used to map IP network addresses to the hardware addresses used by a data link protocol
- form1: caused by an attack responding to ARP broadcast queries in order to send back falsified replies. If the false reply is received back first then this is used to populate the ARP cache and the valid reply is discarded
- form2: create static ARP entries. Done via the ARP command and has to be done locally
- Once ARP poisoning occurred traffic will be sent to the wrong address
Internet Files Cache
- a number of exploits can cause the client to download content and store it in the cache that was not an intended element of a requested web page.
- split-response attack
- mobile code scripting attack
- once files have been poisoned in the cache, then even when a legitimate web document calls on a cached item, the malicious item will be executed.
DNS Cache Poisoning
-
-
- similar to ARP cache - once a client receives a response from DNS, the response will be cached.
-
-
DNS query spoofing
- happens when the hacker is able to eavesdrop on a client's query to a DNS server. The attacker then sends back a reply with false info
Distributed Systems
- bring a host of vulnerabilities as systems are exposed to the outside world
- in general safeguarding distributed envs means understanding the vulnerabilities to which they are exposed and applying appropriate safeguards - technology solutions and controls, to policies and procedures
Cloud Computing
SaaS
-
- SaaS moves the task of managing software and its deployment to third-party services
- provides on-demand access to specific s/w apps w/o need for local installation
- usu. few local OS or h/w limitations
- sometimes subscription (eg. O365), PAYG or free (eg Google Docs)
PaaS
-
- functions at a lower level than SaaS, typically providing a platform on which software can be developed and deployed.
- PaaS providers abstract much of the work of dealing with servers
- gives clients an environment in which the operating system and server software, as well as the underlying server hardware and network infrastructure are taken care of
- leaves users free to focus on the business side of scalability, and the application development of their product or service
- where processing and storage are elsewhere over a network connection rather than locally.
IaaS
-
- at a lower level than SaaS and PaaS
- provides thefundamental building blocks for cloud services.
- IaaS is comprised of highly automated and scalable compute resources, complemented by cloud storage and network capability which can be self-provisioned, metered, and available on-demand.
- IaaS is the most flexible cloud computing model and allows for automated deployment of servers, processing power, storage, and networking.
(P2P) Peer to Peer
- are networking and distributed application solutions that share tasks and workloads amongs peers
- similar to grid computing except there is no central management system and the services provided are usually real time
- ex: BitTorrent, Skype, Spotify
- Sec concerns
- perceived inducement to pirate copyrighted materials
- ability to eavesdrop on distributed content
- lack of central control / oversight.
- potential for services to consume all available bandwidth
Grid Computing
a form of parallel distributed processing that loosely groups a significant num of processing nodes to work towards a specific processing goal
- members of the grid can enter/leave at random points - often joining only when grid members have spare capacity and leaving as soon as they don't
- when a sys leaves the grid it will save its work and may upload completed or partial work elements back to the grid
- biggest security concern is that the content of each work packet is potentially exposed to all
- many grid computing projects are open to all
- grid members could keep copies and examine contents
- not appropriate for Confidential, private or proprietary data
- grid computing computational capacity can change from moment to moment and work packets may be delayed or never returned.
- often uses a central primary core of servers to manage the project, track work packets and integrate returned work segments (so vulnerable in case these servers are not available)
- risk that if the central servers are compromised they can be used to attack grid computing members
Server Based
- issue of data flow control
- management of data flow important
- efficient transmission with minimal delays
- also reliable throughput using hashing and protecting confid with encryption,
- when data overflow - data may be lost of corrupted or a need to re-transmit
- data flow control provided by networking devices eg. routers, switches, n/w appliances etc
-
-
-
-