Cyber security combines people, processes,and technology to continually monitorvulnerabilities and involves protecting theinformation by preventing, detecting, andresponding to attacks.Cyber Security is a highly technical, specializedfield.
Cyber crime is an evil having its origin in thegrowing dependence on computers in modern life.93% of electronic records breached were in thefinancial services industry.90% of breaches were tied to organized crime.
NetworkSniffingSpoofingSession HijackingDenial of servicesHostViruses, Trojanhorses, and wormsPassword crackingUnauthorizedaccessApplicationInput validationAuthenticationAuthorizationExceptionmanagement
NETWORK LEVEL THREAT
Sniffing or eavesdropping isthe act of monitoring traffic onthe network for data such asplaintext passwords orconfiguration information.
Countermeasures:• Use strong physical security and propersegmenting of the network.• Use firewalls• Encrypt communication fully. This preventssniffed packets from being usable to anattacker. SSL and IPSec (Internet ProtocolSecurity) are examples of encryptionsolutions.
Spoofing is a means to hideones true identity on thenetwork. To create a spoofedidentity, an attacker uses afake source address that doesnot represent the actualaddress of the packet.
Countermeasures:• Filter incoming packets that appear to comefrom an internal IP address at your perimeter.• Filter outgoing packets that appear tooriginate from an invalid local IP address.
Also known as man in themiddle attacks, sessionhijacking deceives a server ora client into accepting theupstream host as the actuallegitimate host.
Countermeasures:• Use encrypted session negotiation.• Use encrypted communication channels.• Stay informed of platform patches to fixTCP/IP vulnerabilities.
Denial of service denieslegitimate users access toa server or services.
Countermeasures:• Apply the latest service packs.• Harden the TCP/IP stack by applying settingsto increase the size of the TCP connectionqueue.• Use a network Intrusion Detection System(IDS) because these can automatically detectand respond to attacks.
HOST LEVEL THREAT
A virus is a program that is designed to perform maliciousacts and cause disruption to your operating system orapplications.A Trojan horse resembles a virus except that the maliciouscode is contained inside what appears to be a harmless datafile or executable program.A worm is similar to a Trojan horse except that it self-replicates from one server to another.
Countermeasures:• Stay current with the latest operating systemservice packs and software patches.• Block all unnecessary ports at the firewall andhost.• Disable unused functionality includingprotocols and services.• Harden weak, default configuration settings.
When an attacker wants toestablish an authenticatedconnection only he/shehas to crack the accountspassword.
Countermeasures:• Use strong passwords for all account types.• Apply lockout policies to end-user accounts tolimit the number of retry attempts that can beused to guess the password.• Do not use default account names, andrename standard accounts such as theadministrators account and the anonymousInternet user account used by many Webapplications.
Inadequate access controlscould allow an unauthorizeduser to access restrictedinformation or performrestricted operations.
Countermeasures:• Configure secure Web permissions.• Lock down files and folders with restrictedNTFS permissions.• Use .NET Framework access controlmechanisms within your ASP.NETapplications, including URL authorization andprincipal permission demands.
Input validation is a security issue if anattacker discovers that your applicationmakes unfounded assumptions aboutthe type, length, format, or range ofinput data. The attacker can thensupply carefully crafted input thatcompromises your application.
Example of susceptible threats• Buffer overflows• Cross-site scripting
Buffer Overflow• A buffer overflow occurs when a program or processtries to store more data in a buffer (temporary datastorage area) than it is intended to hold. Sincebuffers are created to contain a limited amount ofdata; the extra information can overflow intoadjacent buffers, corrupting or overwriting the validdata held in them.Countermeasure• A stack cannot be altered when a function returns.The mechanism of Buffer overflow protect will checkthis problem.• Use software like StackGuard. It supports andchecks for immediate corruption of a canary duringbuffer overflow.
Cross site Scripting• Cross Site Scripting is a process that can occur anywherea web application uses input from a malicious user togenerate output without validating or encoding the input.Countermeasure• Validate the users input against what is expected• Encode user supplied output• After you believe you’ve done the right things during codedevelopment, inspect your code with a scan.