Is authentication and authorisation reqd? Is encryption needed? Will the apln interface with other aplns? Will the product be directly accessed by the Internet? Preventive ctrls (encryption, unique user login), detective ctrl (audit modules) and corrective controls (for data integrity) are iden in this phase.
Baseline docu creation – inputs from design docu. Design freeze – no more func can be added after this. Design freeze is intended to prevent scope creep . $1 to prevent a problem; $10 to correct a mistake during production; $100 to correct mistake after product has reached end users/customers.
Access control mechanisms are chosen now. Encryption method and algorithm are chosen.
Imp that pgmrs use secure coding practices. Prevent buffer overflow (check input lengths), verify syntax, perform checksums, ensure correct data format entry. SW devp in distinct modules; Each module has specific func; Modules logically chained together to form finished SW. modular design helps maintainability of finished SW. Indl modules can be updated or repl with ease. Modular design – different teams can work on different modules. High cohesion – each module performs only one task or similarly related tasks. Low coupling – a module should not rely on too many different modules to work. Eg- a modul;e performing only addition or (addn, subtraction and multiplication(similar job)) is said to have high cohesion. If module A needs to send data to module B, C and D to perform its task – it is high coupling (not desirable). Pers testing codes to be different than the developers. Use separate environment for code developing, testing and final production environment. – separation of duties. Backdoors (a specific key combination to bypass all access controls and get to the code; also called maint hooks. Remove before sending SW into production.
Lec 1 apln security(4pd)
CYBER SECURITY AT APPLICATION LEVEL SANTOSH KHADSARE
INVOLVES ALTERING THE RAW DATA JUST BEFORE A COMPUTER PROCESSES IT AND THEN CHANGING IT BACK AFTER PROCESSING IS COMPLETED SECONDARY STATE BOARD PRIVATE STUDENTS TOPPED OVER GOV T STUDENTS 6 DIGIT ROLL NUMBER GOV T STUDENTS STARTS WITH 3 PRIVATE STUDENTS STARTS WITH 4 SOFT WARE MANIPULATION FOR ROLL_ NO 3 if marks between 68 & 100 DEDUCT 9 FOR ROLL_ NO 4 if marks between 68 & 88 ADD 3 9
Data Information we keep on computers (product design, financial records, personnel data) Lost time, lost sales, lost confidence Resources Unauthorized use of computer time & space Reputation Misrepresentation, forgery, negative publicity
Confidentiality - Protection from unauthorized persons Integrity - consistency of data; no unauthorized creation, alteration or destruction Availability - ensuring access to legitimate users Legitimate use - ensuring appropriate use by authorized users
Intrusion - unauthorized access and use of systems Denial of ser vice - an attack aimed at preventing use of company computers email bomb or flooding/Internet worm disabled, rerouted or replaced services Information thef t - network taps, database access, hacking into sites to give out more info or to wrong parties
Security Services Authentication (entity, data origin) Access control (prevent unauthorized access) Confidentiality (disclosure, encryption) Data integrity (value of data item) Non-repudiation (falsely denying a transaction)
No Security - not an option Security thru Obscurity - don’t tell anyone where your site is Host Security - enforced security on each host; progressively difficult to manage as number of hosts increase Network Security - control network access to hosts and services; firewalls, strong authentication, and encryption
Biometrics, Cryptography,Smartcards, Confidentiality Confidentiality VPNs,Voice based Systems PKI Authentication Authentication Availability Availability Clustering, Redundancy,Digital Signatures, Hot Standby, PortPKI Mirroring Integrity Integrity Assurability Assurability Availability + Digital Signatures, Non-Repudiation Non-Repudiation Reliability PKI
Information Security Info Security Measures States Components IN PROCESSING IN STORAGE INTRANSMISSION As Strong As The Weakest Link …
WAN / NETWORK BASED INTRANET FIREWALL MOBILE USER ROUTER ROUTER SWITCH PCs HQ ABC CORPSHQ XYZ CORPS SERVERS
INTERNET Red Zone Fm ISP Layer 3 Switch WAN IP DMZ (Orange DMZ (Orange IDS Zone) Zone) WebServer FW IP 192.168.3. 2 DNS Server Cop L 2 SW 192.168.1.1Green Zone Mail ServerGreen Zone L 2 SWTo another L2SW
GatewayINTERNE V.35 ROUTE 18.104.22.168 22.214.171.124 126.96.36.199 T R IPS DMZ 188.8.131.52 L2 192.168.1.1 HW SW FW 192.168.2.1/26 192.168.1.2 192.168.1.3 192.168.1.4 L2 192.168.2.X/28 SW To OTHER NW SERVE SERVER SERVER VLAN LOCAL NW R Domain users . DNS . RAID . ANTI VIRUS . HTTP . RDBMS . HIPS NW TASK- TASK- . SMTP . DATABACKUP . SCANNER PRINT E AWAN 1 2 R BIOMETRIC 192.168.2.2 192.168.2.4 SENSOR . Secure disk BIOMETRIC . True Crypt SENSOR
NETWORK BASED WAN FIREWALL MOBILE ANTI USERHOST BASED VIRUS ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS
Cyber Security is the set of "measures taken to protect aCyber Security is the set of "measures taken to protect acomputer or computer system (as on the Internet) againstcomputer or computer system (as on the Internet) againstunauthorized access or attack.“unauthorized access or attack.“This broad and all-encompassing cyber security definition This broad and all-encompassing cyber security definitionposes a significant challenge for enterprises; therefore, it poses a significant challenge for enterprises; therefore, itis highly critical for enterprises to have an in-depth cyber is highly critical for enterprises to have an in-depth cybersecurity strategy and plan in place in order to provide the security strategy and plan in place in order to provide themaximum level of protection from cyber security risks at maximum level of protection from cyber security risks atnot just the network perimeter but also the application not just the network perimeter but also the applicationlayer. layer.
An application is a program or group of programsAn application is a program or group of programsdesigned for end users. Application software can bedesigned for end users. Application software can bedivided into two general classes: systems softwaredivided into two general classes: systems softwareand applications software ..and applications software Systems software consists of low-level programs Systems software consists of low-level programsthat interact with the computer at a very basic level. that interact with the computer at a very basic level.This includes operating systems ,, compilers, and This includes operating systems compilers, andutilities for managing computer resources. utilities for managing computer resources.applications software (also called end-userapplications software (also called end-userprograms) includes database programs, wordprograms) includes database programs, wordprocessors, and spreadsheets. Figurativelyprocessors, and spreadsheets. Figurativelyspeaking, applications software sits on top ofspeaking, applications software sits on top of
Application security encompasses measures takenApplication security encompasses measures takenthroughout the applications life-cycle to prevent throughout the applications life-cycle to preventexceptions in the security policy of an application or theexceptions in the security policy of an application or theunderlying system (vulnerabilities) through flaws in theunderlying system (vulnerabilities) through flaws in thedesign,design, development, development, deployment, deployment, upgrade, upgrade, or ormaintenance of the application.maintenance of the application.
Most security Many software The flaws within professional are developers do notthe software cause usually not have security as a a majority of the software main focus . vulnerability developers Software venders The computing The computing are trying to rush community is used community is used their products to to receiving to receiving markets with their software with software with eyes set on bugs and then bugs and then functionality not applying patches. applying patches. security.
Hard and Soft and Soft andcrunchy on chewy on chewy on the the inside the inside outside PP e r m e t e r eri ime ter ss e c u it y e c u rr it y In t t e r a l e In e r nn a l e v ir o is nn nment n is f f o r tf fe d orti i i i aa r e ee s y t v ir o n m e n t aa n d ss o f w a r r e aa o d oft s y t o ee x p o i t o xpl loi nc twa e aa n d ss li d n d oo ed hh a s bb e n a s ee o t o n c e aa c c s s r e e cce li d b t a in e e n o b t a in d . ess ed.
Software controls – implemented byOperating Combination System of three
Aplns and Cmptr systems are usually devp for functionality first,not security.To get the best of both, security and functionality will have to bedesigned and devp at the same timeDeveloping aplns first and then trying to add security cancause problems: May reduce overall func Can open security holes when the apln is to be integrated with other aplns
Security solns today look to solve problems through controlssuch as IDS, IPS, FWs, Avs, Vulnerability scanners, etc.This is because our SW contains many vulnerabilities.Our systems are hard on the outside and soft inside. Why?We have implemented strong perimeter defences, however ourinternal environment and SW is easy to exploit once access hasbeen gained.Why are perimeter devices more often considered rather thandeveloping secure SW?
In the past, SW was devp for func and not security.Mainframe era.Many programmers do not have experience of secure coding.Most security professionals are not SW developers.Many SW developers do not have security as the main focus.SW vendors under tight deadlines to get products into market;security suffers.Customers cannot control flaws in the SW they purchase,so they must depend on perimeter protection. Thus the presentday over-reliance on perimeter defences.
Traditionally, we consumers have always demandedfunctionality from the aplns, with little thought to security.Only in the last 6 – 8 yrs, the focus is slowly shifting tofunctionality coupled with security.
Security controls can be used for:InputsProcessingOutputDevp controls with potential risks in mind.SW to be used in a closed trusted environment versus anopen environment..
Goal is to:Prevent data corruptionPrevent security compromisesReduce vulnerabilities.Controls can be preventive, detective and corrective.Can be in the form of administrative or physical controls; but aremostly technical in nature.
Buggy SW is rel Buggy SW is rel Hackers find SW Hackers find SW vulnerabilities vulnerabilities Web sites post these vulnerabilities on Web sites post these vulnerabilities on Internet and methods of exploiting them Internet and methods of exploiting them SW vendor develops and releases SW SW vendor develops and releases SW patches to fix these vulnerabilities patches to fix these vulnerabilitiesThe new patch goes on the stack of SW The new patch goes on the stack of SWpatches that all NW admin need to test patches that all NW admin need to test and install and install
NW admin today has to integrate various aplns and differentcomputer systems.Coys today are rushing to devp aplns capable of taking on-lineorders, storing credit card info and est extranets with businesspartners.All of this is an extremely complex activity.On top of all this security is expected and demands.As the complexity of the environment grows, trackingcompromises and errors becomes a difficult task.
SW controls are usually implemented nowadays through a mix of:OS controlsApln controlsDB controlsOS controls can control a subject’s access to an object.These controls do not restrict a subject’s action within an apln.Apln controls can ensure only valid inputs are inserted, data is processed in the correct sequence, and only certain subjects can view data in sensitive fields.
Aplns must draw a balance between Functionality and Security.Out of the box installation is always insecure.If an apln is extremely user friendly, it is probably not secure.Why?User friendly implies – extra lines of code.More lines of code – more the potential vulnerabilities.
Also once vendors iden vulnerabilities and rel patches,NW admin may not apply them. Why?NW admin may not be up to date on current vulnerabilitiesand patches.They may not fully understand the imp of patches.They may be afraid that patches may cause otherproblemsBottomline – Insecure systemsAlso, If an apln fails – it must fail secure.
Software Development Life CycleSDLC stands for Software Development Life Cycle. ASoftware Development Life Cycle is essentially a series ofsteps, or phases, that provide a model for the developmentand lifecycle management of an application or piece ofsoftware.The methodology within the SDLC process can varyacross industries and organizations, but standards such asISO/IEC 12207 represent processes that establish a lifecyclefor software, and provide a mode for the development,acquisition, and configuration of software systems.
The intent of a SDLC process it to help produce aproduct that is cost-efficient, effective, and of highquality. Once an application is created, the SDLCmaps the proper deployment and decommissioningof the software once it becomes a legacy.
Risks to databasesToday more and more coys holding sensitive data (creditcard info, stock inventory, etc) in DBs.Earlier employees only accessed DBs. Today DBconnectivity provided to customers also (Eg – check onlineavailability of an item).How do you secure DBs? Group users in different roles and assign rights and permissions to various roles. Customers are assigned a role to only view data; and that too only specific fields of data. Customers interact with the DB through a middleware (apln). Middleware checks roles and presents data as per permissions assigned to that role.
Risks to databases – DB IntegrityConcurrency ProblemOccurs when a DB is accessed by more than oneapln/users at the same time.SW lock used to overcome this. Processes lock tableswithin DB, make changes and then rel the SW lock. Nextprocess can access DB only after the 1st process has rel theSW lock.
Risks to databases – DB IntegrityDB SW performs three main types of integrity services:Entity Integrity: Every row (record) is uniquely iden by aprimary key.Referential Integrity: All foreign keys reference existingprimary keys.Semantic Integrity: Rules pertaining to data types, logicalvalues are enforced.
Risks to databases – DB IntegrityOther Operations in DB SW to protect integrity of data:Rollback:An operation that ends a current transaction and cancelscurrent changes to a DB. The DB reverts to its previousstate.Could be changes to the data / schema.Roll back occurs when the DB experiences a glitch or ifprocessing sequence is disrupted.
Risks to databases – DB IntegrityOther Operations in DB SW to protect integrity of data:Commit:This operation completes a transaction and executes allchanges just made by the user. DB is updated to reflect thelatest changes.If commit cannot complete correctly, a rollback isperformed.Ensures that partial changes do not take place and data isnot corrupted.
Risks to databases – DB IntegrityOther Operations in DB SW to protect integrity of data:Savepoints:Same like system restore in Win OS.If a system failure takes place, the DB attempts to revert tothe previous savepoint.Setting savepoints consumes resources. Bal to be stuckbetween No of Savepoints and not enough of them.Savepoints can be initiated by a time interval, user action,or No of transactions.Savepoint restores data by enabling user to go back intime before the system crashed.
Risks to databases – DB IntegrityOther Operations in DB SW to protect integrity of data:Checkpoints:Similar to Savepoints.When a specific amt of mem is filled, a checkpoint istriggered.This saves data from mem to a temp file.If system crashes, the DB will attempt to restore data fromthis temp file.
A few Database AttacksBrute Force attacks against PasswordsDefault Username and passwords not changed by the sys adminEg: “scott”; “tiger” - username/password combination inOracle DB till 11g ver.Microsoft SQL Server – came with default (publically known)passwords.Easily guessable passwords chosen by sys admin..
A few Database AttacksPrivilege EscalationGen happens due to mis-configuration of database or underlyingOS.Eg: A low privilege user has read rights only.However, he can read all colns in the DB incl colns holdingcredit card info.(mis-configuration – Restd DB views were not enforced).
A few Database AttacksExploiting unused / un-necessary servicesEg: Listener service in Oracle DB.It seeks out and fwds network connection requests to Oracle DB.When an apln has to access a DB – poorly written aplns cancause connections w/o authentication and authorisation.Install only those features that you need to use.If you don’t install a feature, you don’t have to patch it up later.
A few Database AttacksExploiting unused / un-necessary services.Very Imp: Patch up DBs as and when patches are rel by thevendor.Gen sys admins avoid patching. Why?:Prevent downtime of the DB.Does not understand patches and what they doDo not have time to test patchesMay fear that patches may cause some other problems.
A few Database AttacksStolen BackupsGen an insider attack.If backup data is un-encypted, the attacker does not need tohack into a DB.Another problem with backups – too many versions of backups.Problem in tracking all ver.
A few Database AttacksSQL InjectionOccurs when the fields available for user input allowsSQL stmts to be inputted.Gen, this attack takes place on the middleware; which connectsto the backend DB.Eg: If an attacker gets a username/password screen, he caninput an SQL stmt which is passed by the apln server to the DBand gets executed toentry to the DB.Gen the result of poor programming practices.