Security and Data Management
Security and Data Management
Forms of cyber attack
Denial of service attacks do not attempt to break system security, they attempt to make your website and servers unavailable to legitimate users, by swamping a system with fake requests—usually in an attempt to exhaust server resources.
A DoS attack will involve a single Internet connection. Distributed denial of service attacks are launched from multiple connected devices that are distributed across the Internet.
These multi-person, multi-device attacks target the network infrastructure in an attempt to saturate it with huge volumes of traffic.
Password based attacks
This uses a simple file containing words found in a dictionary. This attack uses exactly the kind of words that many people use as their password.
Brute force attack
Similar to the dictionary attack but able to detect non-dictionary words by working through all possible alphanumeric combinations from aaa1 to zzz10.
It’s not quick, but it will uncover your password eventually.
A user-generated password is unlikely to be random. Passwords are likely to be based upon our interests, hobbies, pets, family etc. Educated guesses often work.
Internet users frequently receive messages that request password or credit card information to “set up their account”.
Social engineering involves tricking a user into giving out sensitive information such as a password, by posing as a legitimate system administrator.
Examples of social engineering attacks carried out by deception include phishing, which is an attempt to acquire users’ details using fake emails and websites, and pharming, where users are unknowingly re-directed to a fake website, again with the intention of identity theft.
SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statements and compromise the security of information held in a database.
IP address spoofing
A spoof is a hoax, or a trick. IP address spoofing involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page.
The attacker can then use the hoax page to steal sensitive data, such as a credit card number, or install malware.
Shoulder surfing is using direct observation to get information. It is relatively simple to stand next to someone and watch as they fill out a form, or enter a PIN number, but shoulder surfing can also be carried out long distance with the aid of binoculars or even CCTV.
Internet protocols, operating systems and network equipment all present inherent technical weaknesses that must be recognised and protected against.
User behaviour can also compromise security e.g. sending sensitive documents to unintended recipients, opening malicious attachments to scam emails, or using the same passwords for multiple systems.
Viruses are programs that can replicate themselves and be spread from one system to another by attaching themselves to host files.
They are used to modify or corrupt information on a targeted computer system.
Installed by opening attachments or downloading infected software.
Spyware can be used to collect stored data without the user’s knowledge.
Worms are self-replicating programs that identify vulnerabilities in operating systems and enable remote control of the infected computer.
A Trojan is a program that appears to perform a useful function, but also provides a ‘backdoor’ that enables data to be stolen.
A type of spyware that can be used to track keystrokes and capture passwords, account numbers for fraudulent use.
Protection from malware
Virus protection software
Is a program that can be loaded into memory when the computer is running.
Each virus has its own unique ‘signature’ that is known to virus protection software and stored in a database. Data stored on a computer system is scanned to see if any of the virus signatures within the database exist on the system.
A firewall can be a software or hardware security system that controls the incoming and outgoing network traffic.
Packets of data are analysed to determine whether they should be allowed through or not.
The basic function of a firewall is to monitor where data has come from and where it is going and to determine if this communication is allowed. It does this by checking a list of pre-defined rules.
Keep your OS up to date
New ways to bypass the operating system’s built-in security are often discovered and can be covered by installing the security patches issued by the operating system manufacturer.
Use latest versions of a web browser
As for operating systems the manufacturers of web browsers seek to continually improve their products and remove possible security vulnerabilities.
Most browsers will download updates automatically, but will need a restart for the update to be installed.
Look out for phishing emails
Emails hat ask you to confirm personal details are usually fake. They should be caught by the spam filter, be suspicious and do not provide any sensitive details
If you suspect you have malware on your computer you will need to download and run a malicious software removal tool that should detect and remove malware not blocked by the anti-virus software.
Data held on computer systems is often archived.
Archiving is the process of storing data that is no longer in current or frequent use. It is held for security, legal or historical reasons.
The process of archiving data frees up resources on the main computer system and allows faster access to data that is in use.
Foot printing is the first step in the evaluation of the security of any computer system. It involves gathering all available information about the computer system or network and the devices that are attached to it.
Foot printing should enable a penetration tester to discover how much detail a potential attacker could find out about a system and allow an organisation to limit the technical information about its systems that is publicly available.
Ethical hacking is carried out with the permission of the system owner to cover all computer attack techniques.
An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the system owner to improve system security.
Penetration testing is a sub set of ethical hacking that deals with the process of testing a computer system, or network to find vulnerabilities that an attacker could exploit.
The tests can be automated with software applications or they can be performed manually.
External testing, to find out if an outside attacker can get in and how far they can get in once they have gained access.
Targeted testing, testing carried out by the organization's IT team and the penetration testing team working together.
Internal testing, to estimate how much damage a dissatisfied employee could cause.
Blind testing, to simulate the actions and procedures of a real attacker by severely limiting the information given to the team performing the test.
Online networks are vital to many business operations. they are liable to attacks targeted to access confidential data.
Cybersecurity refers to the range of measures that can be taken to protect computer systems, networks and data from unauthorised access or cyberattack.
The role of cookies
Cookies are data stored on a computer system. They allow websites to store a small amount of uniquely identifying data on your computer system while you are visiting. This may be useful as the website can then identify you in future without requesting that you identify yourself each time, i.e. by entering a username and password.
Another use of a cookie would be when adding items to a shopping basket over a period of time. The cookie allows you to store this information between separate browsing sessions.
Protecting software systems
Secure by design
Secure by design is an approach that seeks to make software systems as free of vulnerabilities as possible through such measures as continuous testing and adherence to best programming practices.
At the design stage malicious practices are taken for granted and it is assumed that the new system will have invalid data entered or will be the subject of hacking attempts.
These issues are taken into account and corresponding security measures
are considered to ensure security is not an afterthought and so reduce the need for addressing vulnerabilities and patching security holes as they are discovered in use.
Buffer overflow attacks
A buffer overflow occurs when a program tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
This may occur accidentally through programming error, or it may be caused intentionally in a buffer overflow attack, where the overflow data may contain codes designed to change data, or disclose confidential information.
Every time you want to install an app you are asked to give permission for the software to access certain settings and features of your device e.g. Facebook's Messenger App, which boasts over 1,000,000,000 downloads, requires permission to access a large amount of personal data and requires direct control over your mobile device.
It is unlikely that many of those who downloaded this app read the full ‘Terms of Service’ before accepting them. It is not always easy to understand what you are permitting an app to do.
Same Origin Policy (SOP) is a security measure that prevents a web site's scripts from accessing and interacting with scripts used on other sites.
Running scripts from other sites would be dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.
Accepting parameter without validation
Dynamically generated HTML pages can introduce security risks if inputs are not validated on the way in.
Malicious script can be embedded within input that is submitted to web pages and this could then appear to browsers as originating from a trusted source.
Approaches to prevent this type of cross-site scripting attack rely on the design of validation rules that will check and filter input parameters.