SlideShare a Scribd company logo

University of the CumberlandsSchool of Computer & Information .docx

Download as DOCX, PDF
D
DustiBuckner14

University of the Cumberlands School of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 8: Business Analytics Chapter 8: Business Analytics 8.1 Architecture 8.2 Threats 8.3 Attack Surfaces 8.3.1 Attack Surface Enumeration 8.4 Mitigations 8.5 Administrative Controls 8.5.1 Enterprise Identity Systems (Authentication and Authorization) 8.6 Requirements 8.1 Architecture Data science is a set of fundamental principles that guide the extraction of knowledge from data. Data mining is the extraction of knowledge from data via technologies that incorporate these principles. Like many enterprises, Digital Diskus has many applications for the various processes that must be executed to run its business, from finance and accounting to sales, marketing, procurement, inventory, supply chain, and so forth. A great deal of data is generated across these systems. But, unfortunately, as a business grows into an enterprise, most of its business systems will be discreet. Getting a holistic view of the health of the business can be stymied by the organic growth of applications and data stores. 8.1 Architecture – Cont. Figure 8.1 Business analytics logical data flow diagram (DFD). 8.1 Architecture – Cont. Figure 8.2 Business analytics data interactions. Figure 8.2 is a drill down view of the data gathering interactions of the business analytics system within the enterprise architecture. Is the visualization in Figure 8.2 perhaps a bit easier to understand? To reiterate, we are looking at the business analysis and intelligence system, which must touch almost every data gathering and transaction-processing system that exists in the internal network. And, as was noted, business analytics listens to the message bus, which includes messages that are sent from less trusted zones. 5 8.2 Treats Figure 8.3 Business analytics system architecture. As we move to system specificity, if we have predefined the relevant threats, we can apply the threats’ goals to the system under analysis. This application of goals leads directly on to the “AS” of ATASM: attack surfaces. Understanding your adversaries’ targets and objectives provides insight into possible attack surfaces and perhaps which attack surfaces are most important and should be prioritized. It’s useful to understand a highly connected system like business analytics in situ, that is, as the system fits into its larger enterprise architectural context. However, we don’t yet have the architecture of the system itself. Figure 8.3 presents the logical components of this business analytics system. There are five major components of the system: 1. Data Analysis processing 2. Reporting module 3. Data gathering module 4. Agents which are co-located with target data repositories 5. A management console 6 8.3 Attack Surfaces In this context, where several components share the same host, how would you treat the communications between them? Should.

Education
1 of 18
University of the Cumberlands School of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 8: Business Analytics Chapter 8: Business Analytics 8.1 Architecture 8.2 Threats 8.3 Attack Surfaces 8.3.1 Attack Surface Enumeration 8.4 Mitigations 8.5 Administrative Controls 8.5.1 Enterprise Identity Systems (Authentication and Authorization) 8.6 Requirements 8.1 Architecture Data science is a set of fundamental principles that guide the extraction of knowledge from data. Data mining is the extraction of knowledge from data via technologies that incorporate these principles. Like many enterprises, Digital Diskus has many applications for the various processes that must be executed to run its business, from finance and accounting to sales, marketing, procurement,
inventory, supply chain, and so forth. A great deal of data is generated across these systems. But, unfortunately, as a business grows into an enterprise, most of its business systems will be discreet. Getting a holistic view of the health of the business can be stymied by the organic growth of applications and data stores. 8.1 Architecture – Cont. Figure 8.1 Business analytics logical data flow diagram (DFD). 8.1 Architecture – Cont. Figure 8.2 Business analytics data interactions. Figure 8.2 is a drill down view of the data gathering interactions of the business analytics system within the enterprise architecture. Is the visualization in Figure 8.2 perhaps a bit easier to understand? To reiterate, we are looking at the business analysis and intelligence system, which must touch almost every data gathering and transaction-processing system that exists in the internal network. And, as was noted, business analytics listens to the message bus, which includes messages that are sent from less trusted zones. 5
8.2 Treats Figure 8.3 Business analytics system architecture. As we move to system specificity, if we have predefined the relevant threats, we can apply the threats’ goals to the system under analysis. This application of goals leads directly on to the “AS” of ATASM: attack surfaces. Understanding your adversaries’ targets and objectives provides insight into possible attack surfaces and perhaps which attack surfaces are most important and should be prioritized. It’s useful to understand a highly connected system like business analytics in situ, that is, as the system fits into its larger enterprise architectural context. However, we don’t yet have the architecture of the system itself. Figure 8.3 presents the logical components of this business analytics system. There are five major components of the system: 1. Data Analysis processing 2. Reporting module 3. Data gathering module 4. Agents which are co-located with target data repositories 5. A management console 6 8.3 Attack Surfaces In this context, where several components share the same host, how would you treat the communications between them? Should these communications be considered to traverse a trusted or an untrusted network? If Digital Diskus applies the rigor we indicated above to the management of the servers on which business analytics runs, what additional attack surfaces should
be added from among those three components and their intercommunications when all of these share a single host? If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface? Why should the output of Management Console be considered an attack surface? Previously, the point was made that all inputs should be considered attack surfaces. However, when the outputs of the system need protection, such as the credentials going into the business analytics configuration files and metadata, then the outputs should be considered an attack surface. If the wily attacker has access to the outputs of Management Console, then the attacker may gain the credentials to many systems. 7 8.3 Attack Surfaces – Cont. Figure 8.4 Business analytics user interactions. Figure 8.4 returns to a higher level of abstraction, obscuring the details of the business analytics modules running on the host. Since we can treat the collection of modules as an atomic unit for our purposes, we move up a level of granularity once again to view the system in its logical context. Management Console has been broken out as a separate component requiring its own
defenses. The identity system has been returned to the diagram, as has the security monitoring systems. These present possible attack surfaces that will need examination. In addition, these will become part of the defenses of the system, as we shall see. Access controls to Management Console itself, authentication and authorization to perform certain actions, will be key because Management Console is, by its nature, a configurator and controller of the other functions, a target. Which brings us to Figure 8.4. 8 8.3 Attack Surfaces – Cont. How might an attacker deliver such a payload? The obvious answer to this question will be to take over a data source in some manner. This, of course, would require an attack of the data source to be successful and becomes a “one-two punch.” However, it’s not that difficult. If the attacker can deliver a payload through one of the many exposed applications that Digital Diskus maintains, the attack can rest in a data store and wait until the lucky time when it gets delivered to the business analytics system. In other words, the attacker doesn’t have to deliver the payload directly to Data Gathering. She or he must somehow deliver the attack into a data store where it can wait patiently to be brought into the data gathering function. The results most certainly present an attack opportunity if the permissions on the results store are not set defensively, which, in this case means: Processing store is only mounted on the host that runs Processing and Reporter Write permission is only granted to Processing Read permission is only granted to Reporter
Only a select few administers may perform maintenance functions on the processing data store Every administrative action on processing store is logged and audited for abnormal activity 9 8.3.1 Attack Surface Enumeration 10 8.4 Mitigations As you consider the attack surfaces in the list on the previous slide, what security controls have already been listed? The questions that then will be asked for this type of critical system that maintains highly sensitive data will be something like, “Who should have these privileges and how many people need them?” Competing against simplicity and economies of scale are the differences in data sensitivity and system criticality. In the case of business analytics, there appears to be a clear need to protect the configuration files and the results files as carefully as possible leaving as small an attack surface as can be managed. That is, these two sensitive locations that store critical organizational data should be restricted to a need-to-access basis, which essentially means as few administrators as possible within the organization who can manage the systems effectively
and continuously. If we were actually implementing the system, we might have to engage with the operational server management teams to construct a workable solution for everyone. For our purposes in this example, we can simply specify the requirement and leave the implementation details unknown. 11 8.5 Administrative Controls Access will be restricted to a need-to-know basis. As we have noted, changes to the systems are monitored and audited. At the application level, files and directories will be given permissions such that only the applications that need to read particular files or data are given permission to read those files. This is all in accordance with the way that proper administrative and operating system permissions should be set up. The business analytics systems and tools don’t require superuser rights for reading and executing everything on the system. Therefore, the processing unit has rights to its configuration files and data gathering module files. The reporting module reads its own configuration files. None of these can write into the configuration data. Only Management Console is given permission to write data into the configuration files. In this way, even if any of the three processing modules is compromised, the compromised component cannot make use of configuration files to compromise any of the other modules in the system. This is how self-defensive software should operate. Business analytics adheres to these basic security principles, thus allowing the system to be deployed in less trusted environments, even less protected than what Digital Diskus
provides. 12 8.5.1 Enterprise Identity Systems (Authentication and Authorization) Authentication via the corporate directory and authorization via group membership still remain two of the important mitigations that have been implemented. Having reviewed the available mitigations, which attack surfaces seem to you to be adequately protected? And, concomitantly, which attack surfaces still require an adequate defense? 13 8.6 Requirements In order to prevent an attacker from obscuring an attack or otherwise spoofing or fooling the security monitoring system, the business analytics activity and event log files should only be readable by the security monitoring systems. And the log files permissions should be set such that only event-producing modules of the business analytics system may write to its log file. Although it is true that a superuser on most operating systems can read and write any file, in this way, attackers would have to gain these high privileges before they could alter the log files that will feed into the security monitoring system.
14 8.6 Requirements – Cont. Table 8.1 is not intended as a complete listing of requirements from which the security architecture would be designed and implemented. As I explained above, when I perform a security architecture analysis, I try to document every requirement, whether the requirement has been met or not. In this way, I document the defense-in-depth of the system. If something changes during implementation, or a security feature does not fulfill its promise or cannot be built for some reason, the requirements document provides all the stakeholders with a record of what the security posture of the system should be. I find that risk is easier to assess in the face of change when I’ve documented the full defense, irrespective of whether it exists or must be built. 15 Chapter 8: Summary The architect (or peer reviewing architect team) must decide the scope of the risk’s possible impact (consequences). The scope of the impact dictates at what level of the organization risk decisions must be made. The decision maker(s) must have sufficient organizational decision-making authority for the impacts. For instance, if the impact is confined to a particular system, then perhaps the managers involved in building and using that system would have sufficient decision making scope for the risk. If the impact is to an entire collection of teams underneath a particular director, then she or he must make that
risk decision. If the risk impacts an enterprise’s brand, then the decision might need to be escalated all the way to the Chief Operating Officer or even the Chief Executive, perhaps even to the Board of Directors, if serious enough. The scope of the impact is used as the escalation guide in the organizations for which I’ve worked. Of course, your organization may use another approach. Chapter 8: Summary END University of the Cumberlands School of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 9: Endpoint Anti-malware Chapter 9: Endpoint Anti-malware 9.1 A Deployment Model Lens 9.2 Analysis 9.3 More on Deployment Model 9.4 Endpoint AV Software Security Requirements
Chapter 9: Endpoint Anti-malware Figure 9.1 Endpoint security software. For the business analytics example, we knew something about the protections— both technical and process—that were applied to the host and operating system upon which the core of the business analytics system runs in that environment. Consequently, we discounted the ability of an attacker to listen in on the kernel-level communications, most particularly, the “localhost,” intra-kernel network route. Additionally, if an attacker has already gained sufficiently high privileges on the system to control processes and perhaps even to access process memory, “game over.” 9.1 A Deployment Model Lens The user is installing antivirus software in response to the belief that the machine is already compromised. In other words, endpoint security software must assume that, very similar to software exposed to the public Internet, it is being installed into an aggressively hostile environment. Any assumptions about the operating system being free of successful compromises would cause the endpoint antivirus software, itself, to become a juicy target. At the very least, assumptions about a safe environment might lead security software makers to believe that they don’t have to take the care with their security posture that, in fact, is demanded by the real-world situation. The foregoing leads us to two axioms: Assume active attackers may be on the machine even at installation time. Assume that attackers will poke and prod at every component, every input, every line of communication.
9.2 Analysis In consumer-oriented products, the user will have the ability to turn security functions off and on. In corporate environments, usually only system administrators have this power. The user interface can take control of the security of the system. That, of course, makes the user interface component an excellent target for attack. Likewise, the AV Engine performs the actual examination to determine whether files and traffic are malicious. If the engine can be fooled, then the attacker can execute an exploit without fear of discovery or prevention. Consequently, a denial of service (DoS) attack on the AV Engine may be a very powerful first step to compromising the endpoint. To contrast this with the user interface, if the attacker is successful in stopping the user interface the security services should continue to protect, regardless. On the other hand, if the attacker can stop the AV Engine, she or he then has access to an unprotected system. Each of these components presents an important target; the targets offer different advantages, however. Testing shows the presence, not the absence of bugs. 9.2 Analysis – Cont. The AV engine itself will have to be written to be as self- defensive as possible. Even if the AV engine validates the user interface before allowing itself to be configured by the user interface, still, those input values should not be entirely trusted. The user interface may have bugs in it that could allow attacker control. In addition, the user interface might pass an attack through to the engine from external configuration parameters. The AV engine has another input. In order to determine whether files are malicious, they may have to be opened and examined. Most certainly, in today’s malware-ridden world, a percentage
of the files that are examined are going to contain attacks. There’s nothing to stop the attacker from placing attacks in suspicious files that go after any vulnerabilities that may lie within the file examination path. Thus, the AV Engine must protect itself rigorously while, at the same time, examining all manner of attack code. In fact, the entire path through which evil files and traffic pass must expect the worst and most sophisticated types of attacks. The file open, parse, and examination code must resist every imaginable type of file- based attack. 9.2 Analysis – Cont. Figure 9.2 Endpoint security software with management. In Figure 9.2, we can see that the system engages in communications with automated entities beyond the endpoint itself. Even if this were not true, a communicator might be employed for intermodule communications within the system. In this case, the simple, independently operating case, it would be a matter of design style as to whether to abstract communications functions into a separate module. The design was chosen in this case, not only because the system does in fact support inbound and outbound communications (as depicted in Figure 9.2) but also for reasons of performance. 24 9.3 More on Deployment Model To make matters more complex, the validity of the update must be established such that it hasn’t been tampered with between
manufacturer and download at the endpoint (integrity). In fact, most security vendors don’t want the threat agents to have the details of what’s been prevented nor the details of how protections work. At the least, these proprietary secrets are best kept such that uncovering them requires a significant work factor. Defense is better if the attacker doesn’t have the precise details of the strategy and tactics. The foregoing general requirement suggests that communications should be confidential. This is particularly true when the communications must cross untrusted networks. If updates are coming from servers across the public Internet, then the network would not only be untrusted but also hostile. A working concept, when considering the security of customer premise equipment, is to understand that different customers require different security postures. Systems intended for deployment across a range of security postures and approaches will do best by placing security decisions into the hands of the deployers. Indeed, no matter the guidance from the vendor for a particular piece of software, customers will do what is convenient for their situation. For instance, regardless of what guidance is given to customers about keeping the management console for our endpoint system off of untrusted networks, customers will do as they wish. 9.3 More on Deployment Model – Cont. Before deploying new software, whether the updates are to the running modules or to the malware identification mechanisms used by the engine, the validity of the updates must be established. However updates are obtained for dispersal by the management console, whether by download from the software maker’s website, or through some sort of push outwards to the management console, attackers attempting to insert malicious code must be prevented. This validation could be done with a
standard binary hash and signature. The hash value can be checked for validity. The signature will be made with the private key that can be checked against the public key for validity. This is the standard approach for this problem. For most organizations, any system having to do with the organization’s security will be considered sensitive and critical. As such, the parts of the security system implementing management of the system are typically considered need-to- know, restricted systems and interfaces. In particular, any system, such as this management console, that can change the security posture of other systems requires significant protection. 9.4 Endpoint AV Software Security Requirements Events and data flow from kernel driver to AV Engine only (never from engine to kernel). Only the AV engine may open the kernel driver, and only on system startup. “Open” is the only control operation allowed from user mode to kernel driver. No other component may communicate with the kernel driver. The kernel driver startup and initialization code must validate, sanitize, and put into canonical form inputs from AV engine. Kernel driver initialization and startup must occur during the operating system startup sequence and must complete before users are allowed to log on to the system. Kernel driver initialization must complete before user logon to the system. Kernel driver initialization must occur as early as is possible during operating system startup. Before communications are allowed to proceed between any two or more modules in the system, validation must be performed on the identity and integrity of the calling process/module/binary. The preferred mechanism is validation of a digital signature
over the binary. The signature must be signed by the private key of the software manufacturer. Every other component except the kernel driver must run in user mode. 9.4 Endpoint AV Software Security Requirements – Cont. Installation should confine the reading and writing of the configuration files to the User Interface only. The system must have the ability to encrypt communications from/to the management console. This must be system administrator configurable. The management console must contain a user authentication system. The management console must contain a user authorization system. The management console must be able to authenticate to an LDAP. Management console authorization must be able to be performed by LDAP group membership. The administrator must be able to configure the management console to use any combination of: Local authentication LDAP authentication Local authorization LDAP group membership The user interface must re-authenticate the user before allowing changes. The management console will be able to run in a hardened state. There will be a customer document describing the hardened configuration. Hardening is configurable at customer discretion.
9.4 Endpoint AV Software Security Requirements – Cont. Input validation coding must be implemented on every system input, with particular care to file parsing and examination path, the reading of the configuration files, and inputs from Communicator. The file and event handling paths through the code must be rigorously fuzzed. All components of the system must be built using a rigorous Security Development Lifecycle (SDL), with particular emphasis on secure coding techniques, input validation n, and rigorous proof of the effectiveness of the SDL (i.e., security assurance testing for vulnerabilities). Vulnerability testing before product release must be thorough and employ multiple, overlapping strategies and tools. Chapter 9: Summary As was noted, the list of requirements presented here cannot be taken as a complete list, since some of the requirements refer to previous discussions and are not reiterated here. For a real- world system, I would list all requirements, so as to create a complete picture of the security needs of the system. The architectures presented in this book, I'll reiterate, should be taken as examples, not as recipes. Chapter 9: Summary END image4.emf image5.emf image6.emf
image7.emf image8.png image9.png image10.emf image11.emf image1.emf image2.emf

Recommended

School of Computer & Information SciencesISOL-536 - Se.docx
School of Computer & Information SciencesISOL-536 - Se.docxSchool of Computer & Information SciencesISOL-536 - Se.docx
School of Computer & Information SciencesISOL-536 - Se.docxjeffsrosalyn
 
Due tomorrow 7122021 at 800pmNo plagiarism Develop thos
Due tomorrow 7122021 at 800pmNo plagiarism Develop thosDue tomorrow 7122021 at 800pmNo plagiarism Develop thos
Due tomorrow 7122021 at 800pmNo plagiarism Develop thosAlyciaGold776
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
VMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aVMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aTom - Creed
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxjolleybendicty
 
Application Of A New Database Management System
Application Of A New Database Management SystemApplication Of A New Database Management System
Application Of A New Database Management SystemPamela Wright
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for BeginnersBAKOTECH
 

Recommended

School of Computer & Information SciencesISOL-536 - Se.docx
School of Computer & Information SciencesISOL-536 - Se.docxSchool of Computer & Information SciencesISOL-536 - Se.docx
School of Computer & Information SciencesISOL-536 - Se.docxjeffsrosalyn
 
Due tomorrow 7122021 at 800pmNo plagiarism Develop thos
Due tomorrow 7122021 at 800pmNo plagiarism Develop thosDue tomorrow 7122021 at 800pmNo plagiarism Develop thos
Due tomorrow 7122021 at 800pmNo plagiarism Develop thosAlyciaGold776
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
VMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aVMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aTom - Creed
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxjolleybendicty
 
Application Of A New Database Management System
Application Of A New Database Management SystemApplication Of A New Database Management System
Application Of A New Database Management SystemPamela Wright
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
SIEM for Beginners
SIEM for BeginnersSIEM for Beginners
SIEM for BeginnersBAKOTECH
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administrationAnil Kumar Reddy Cheppalli
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Cloud Storage and Security
Cloud Storage and SecurityCloud Storage and Security
Cloud Storage and SecurityShashank Srivastava
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
IRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET Journal
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Section 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docxSection 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docxrtodd280
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...KajolPatel17
 
F0341026029
F0341026029F0341026029
F0341026029inventionjournals
 
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docxYour new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docxDustiBuckner14
 
Writing Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docxWriting Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docxDustiBuckner14
 
What Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docxWhat Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docxDustiBuckner14
 
· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docx· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docxDustiBuckner14
 

More Related Content

Similar to University of the CumberlandsSchool of Computer & Information .docx

Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
IRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET Journal
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Section 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docxSection 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docxrtodd280
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...KajolPatel17
 

Similar to University of the CumberlandsSchool of Computer & Information .docx (18)

Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptx
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Cloud Storage and Security
Cloud Storage and SecurityCloud Storage and Security
Cloud Storage and Security
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
IRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data Collection
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Section 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docxSection 1 PROJECT INTRODUCTION .docx
Section 1 PROJECT INTRODUCTION .docx
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...
 
F0341026029
F0341026029F0341026029
F0341026029
 

More from DustiBuckner14

Your new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docxYour new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docxDustiBuckner14
 
Writing Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docxWriting Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docxDustiBuckner14
 
What Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docxWhat Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docxDustiBuckner14
 
· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docx· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docxDustiBuckner14
 
You are a medical student working your way throughcollege and ar.docx
You are a medical student working your way throughcollege and ar.docxYou are a medical student working your way throughcollege and ar.docx
You are a medical student working your way throughcollege and ar.docxDustiBuckner14
 
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docxDustiBuckner14
 
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docx
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docxUsing the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docx
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docxDustiBuckner14
 
What We Can Afford” Poem By Shavar X. Seabrooks L.docx
What We Can Afford” Poem By Shavar X. Seabrooks L.docxWhat We Can Afford” Poem By Shavar X. Seabrooks L.docx
What We Can Afford” Poem By Shavar X. Seabrooks L.docxDustiBuckner14
 
What are the techniques in handling categorical attributesHow.docx
What are the techniques in handling categorical attributesHow.docxWhat are the techniques in handling categorical attributesHow.docx
What are the techniques in handling categorical attributesHow.docxDustiBuckner14
 
Theresa and Mike fully support creating a code of conduct for th.docx
Theresa and Mike fully support creating a code of conduct for th.docxTheresa and Mike fully support creating a code of conduct for th.docx
Theresa and Mike fully support creating a code of conduct for th.docxDustiBuckner14
 
Unit VII 1. Suppose a firm uses sugar in a product tha.docx
Unit VII 1. Suppose a firm uses sugar in a product tha.docxUnit VII 1. Suppose a firm uses sugar in a product tha.docx
Unit VII 1. Suppose a firm uses sugar in a product tha.docxDustiBuckner14
 
Title PageThis spreadsheet supports STUDENT analysis of the case .docx
Title PageThis spreadsheet supports STUDENT analysis of the case .docxTitle PageThis spreadsheet supports STUDENT analysis of the case .docx
Title PageThis spreadsheet supports STUDENT analysis of the case .docxDustiBuckner14
 
Title If a compensation system works well for one business, that .docx
Title If a compensation system works well for one business, that .docxTitle If a compensation system works well for one business, that .docx
Title If a compensation system works well for one business, that .docxDustiBuckner14
 
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docx
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docxReview the Article Below Keller, J. G., Miller, C., LasDulce, C.docx
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docxDustiBuckner14
 
Teachers reach diverse learners by scaffolding instruction in ways t.docx
Teachers reach diverse learners by scaffolding instruction in ways t.docxTeachers reach diverse learners by scaffolding instruction in ways t.docx
Teachers reach diverse learners by scaffolding instruction in ways t.docxDustiBuckner14
 
ScenarioThe HIT Innovation Steering Committee of a large.docx
ScenarioThe HIT Innovation Steering Committee of a large.docxScenarioThe HIT Innovation Steering Committee of a large.docx
ScenarioThe HIT Innovation Steering Committee of a large.docxDustiBuckner14
 
Space ... the final frontier.  So, as I am sure everyone knows, .docx
Space ... the final frontier.  So, as I am sure everyone knows, .docxSpace ... the final frontier.  So, as I am sure everyone knows, .docx
Space ... the final frontier.  So, as I am sure everyone knows, .docxDustiBuckner14
 
The Internal EnvironmentInstitutionStudent’s name.docx
The Internal EnvironmentInstitutionStudent’s name.docxThe Internal EnvironmentInstitutionStudent’s name.docx
The Internal EnvironmentInstitutionStudent’s name.docxDustiBuckner14
 
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docx
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docxTHE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docx
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docxDustiBuckner14
 
Take a moment to look over the prompts below and formulate a conce.docx
Take a moment to look over the prompts below and formulate a conce.docxTake a moment to look over the prompts below and formulate a conce.docx
Take a moment to look over the prompts below and formulate a conce.docxDustiBuckner14
 

More from DustiBuckner14 (20)

Your new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docxYour new clientsThe Wagner’s – Scott and Ella are a young marri.docx
Your new clientsThe Wagner’s – Scott and Ella are a young marri.docx
 
Writing Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docxWriting Conclusions for Research PapersWhat is the purpose.docx
Writing Conclusions for Research PapersWhat is the purpose.docx
 
What Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docxWhat Is Septic TankSeptic or septic typically is used t.docx
What Is Septic TankSeptic or septic typically is used t.docx
 
· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docx· You should respond to at least two of your peers by extending, r.docx
· You should respond to at least two of your peers by extending, r.docx
 
You are a medical student working your way throughcollege and ar.docx
You are a medical student working your way throughcollege and ar.docxYou are a medical student working your way throughcollege and ar.docx
You are a medical student working your way throughcollege and ar.docx
 
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx
[removed]THIS IEP INCLUDES FORMCHECKBOX Transitions.docx
 
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docx
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docxUsing the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docx
Using the Integrated Model of Work Motivation Figure 12.1 (Latham, 2.docx
 
What We Can Afford” Poem By Shavar X. Seabrooks L.docx
What We Can Afford” Poem By Shavar X. Seabrooks L.docxWhat We Can Afford” Poem By Shavar X. Seabrooks L.docx
What We Can Afford” Poem By Shavar X. Seabrooks L.docx
 
What are the techniques in handling categorical attributesHow.docx
What are the techniques in handling categorical attributesHow.docxWhat are the techniques in handling categorical attributesHow.docx
What are the techniques in handling categorical attributesHow.docx
 
Theresa and Mike fully support creating a code of conduct for th.docx
Theresa and Mike fully support creating a code of conduct for th.docxTheresa and Mike fully support creating a code of conduct for th.docx
Theresa and Mike fully support creating a code of conduct for th.docx
 
Unit VII 1. Suppose a firm uses sugar in a product tha.docx
Unit VII 1. Suppose a firm uses sugar in a product tha.docxUnit VII 1. Suppose a firm uses sugar in a product tha.docx
Unit VII 1. Suppose a firm uses sugar in a product tha.docx
 
Title PageThis spreadsheet supports STUDENT analysis of the case .docx
Title PageThis spreadsheet supports STUDENT analysis of the case .docxTitle PageThis spreadsheet supports STUDENT analysis of the case .docx
Title PageThis spreadsheet supports STUDENT analysis of the case .docx
 
Title If a compensation system works well for one business, that .docx
Title If a compensation system works well for one business, that .docxTitle If a compensation system works well for one business, that .docx
Title If a compensation system works well for one business, that .docx
 
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docx
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docxReview the Article Below Keller, J. G., Miller, C., LasDulce, C.docx
Review the Article Below Keller, J. G., Miller, C., LasDulce, C.docx
 
Teachers reach diverse learners by scaffolding instruction in ways t.docx
Teachers reach diverse learners by scaffolding instruction in ways t.docxTeachers reach diverse learners by scaffolding instruction in ways t.docx
Teachers reach diverse learners by scaffolding instruction in ways t.docx
 
ScenarioThe HIT Innovation Steering Committee of a large.docx
ScenarioThe HIT Innovation Steering Committee of a large.docxScenarioThe HIT Innovation Steering Committee of a large.docx
ScenarioThe HIT Innovation Steering Committee of a large.docx
 
Space ... the final frontier.  So, as I am sure everyone knows, .docx
Space ... the final frontier.  So, as I am sure everyone knows, .docxSpace ... the final frontier.  So, as I am sure everyone knows, .docx
Space ... the final frontier.  So, as I am sure everyone knows, .docx
 
The Internal EnvironmentInstitutionStudent’s name.docx
The Internal EnvironmentInstitutionStudent’s name.docxThe Internal EnvironmentInstitutionStudent’s name.docx
The Internal EnvironmentInstitutionStudent’s name.docx
 
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docx
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docxTHE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docx
THE RESEARCH PROPOSAL BUS8100 8Chapter 2 - Literature ReviewTh.docx
 
Take a moment to look over the prompts below and formulate a conce.docx
Take a moment to look over the prompts below and formulate a conce.docxTake a moment to look over the prompts below and formulate a conce.docx
Take a moment to look over the prompts below and formulate a conce.docx
 

Recently uploaded

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 

Recently uploaded (20)

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 

University of the CumberlandsSchool of Computer & Information .docx

  • 1. University of the Cumberlands School of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 8: Business Analytics Chapter 8: Business Analytics 8.1 Architecture 8.2 Threats 8.3 Attack Surfaces 8.3.1 Attack Surface Enumeration 8.4 Mitigations 8.5 Administrative Controls 8.5.1 Enterprise Identity Systems (Authentication and Authorization) 8.6 Requirements 8.1 Architecture Data science is a set of fundamental principles that guide the extraction of knowledge from data. Data mining is the extraction of knowledge from data via technologies that incorporate these principles. Like many enterprises, Digital Diskus has many applications for the various processes that must be executed to run its business, from finance and accounting to sales, marketing, procurement,
  • 2. inventory, supply chain, and so forth. A great deal of data is generated across these systems. But, unfortunately, as a business grows into an enterprise, most of its business systems will be discreet. Getting a holistic view of the health of the business can be stymied by the organic growth of applications and data stores. 8.1 Architecture – Cont. Figure 8.1 Business analytics logical data flow diagram (DFD). 8.1 Architecture – Cont. Figure 8.2 Business analytics data interactions. Figure 8.2 is a drill down view of the data gathering interactions of the business analytics system within the enterprise architecture. Is the visualization in Figure 8.2 perhaps a bit easier to understand? To reiterate, we are looking at the business analysis and intelligence system, which must touch almost every data gathering and transaction-processing system that exists in the internal network. And, as was noted, business analytics listens to the message bus, which includes messages that are sent from less trusted zones. 5
  • 3. 8.2 Treats Figure 8.3 Business analytics system architecture. As we move to system specificity, if we have predefined the relevant threats, we can apply the threats’ goals to the system under analysis. This application of goals leads directly on to the “AS” of ATASM: attack surfaces. Understanding your adversaries’ targets and objectives provides insight into possible attack surfaces and perhaps which attack surfaces are most important and should be prioritized. It’s useful to understand a highly connected system like business analytics in situ, that is, as the system fits into its larger enterprise architectural context. However, we don’t yet have the architecture of the system itself. Figure 8.3 presents the logical components of this business analytics system. There are five major components of the system: 1. Data Analysis processing 2. Reporting module 3. Data gathering module 4. Agents which are co-located with target data repositories 5. A management console 6 8.3 Attack Surfaces In this context, where several components share the same host, how would you treat the communications between them? Should these communications be considered to traverse a trusted or an untrusted network? If Digital Diskus applies the rigor we indicated above to the management of the servers on which business analytics runs, what additional attack surfaces should
  • 4. be added from among those three components and their intercommunications when all of these share a single host? If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface? Why should the output of Management Console be considered an attack surface? Previously, the point was made that all inputs should be considered attack surfaces. However, when the outputs of the system need protection, such as the credentials going into the business analytics configuration files and metadata, then the outputs should be considered an attack surface. If the wily attacker has access to the outputs of Management Console, then the attacker may gain the credentials to many systems. 7 8.3 Attack Surfaces – Cont. Figure 8.4 Business analytics user interactions. Figure 8.4 returns to a higher level of abstraction, obscuring the details of the business analytics modules running on the host. Since we can treat the collection of modules as an atomic unit for our purposes, we move up a level of granularity once again to view the system in its logical context. Management Console has been broken out as a separate component requiring its own
  • 5. defenses. The identity system has been returned to the diagram, as has the security monitoring systems. These present possible attack surfaces that will need examination. In addition, these will become part of the defenses of the system, as we shall see. Access controls to Management Console itself, authentication and authorization to perform certain actions, will be key because Management Console is, by its nature, a configurator and controller of the other functions, a target. Which brings us to Figure 8.4. 8 8.3 Attack Surfaces – Cont. How might an attacker deliver such a payload? The obvious answer to this question will be to take over a data source in some manner. This, of course, would require an attack of the data source to be successful and becomes a “one-two punch.” However, it’s not that difficult. If the attacker can deliver a payload through one of the many exposed applications that Digital Diskus maintains, the attack can rest in a data store and wait until the lucky time when it gets delivered to the business analytics system. In other words, the attacker doesn’t have to deliver the payload directly to Data Gathering. She or he must somehow deliver the attack into a data store where it can wait patiently to be brought into the data gathering function. The results most certainly present an attack opportunity if the permissions on the results store are not set defensively, which, in this case means: Processing store is only mounted on the host that runs Processing and Reporter Write permission is only granted to Processing Read permission is only granted to Reporter
  • 6. Only a select few administers may perform maintenance functions on the processing data store Every administrative action on processing store is logged and audited for abnormal activity 9 8.3.1 Attack Surface Enumeration 10 8.4 Mitigations As you consider the attack surfaces in the list on the previous slide, what security controls have already been listed? The questions that then will be asked for this type of critical system that maintains highly sensitive data will be something like, “Who should have these privileges and how many people need them?” Competing against simplicity and economies of scale are the differences in data sensitivity and system criticality. In the case of business analytics, there appears to be a clear need to protect the configuration files and the results files as carefully as possible leaving as small an attack surface as can be managed. That is, these two sensitive locations that store critical organizational data should be restricted to a need-to-access basis, which essentially means as few administrators as possible within the organization who can manage the systems effectively
  • 7. and continuously. If we were actually implementing the system, we might have to engage with the operational server management teams to construct a workable solution for everyone. For our purposes in this example, we can simply specify the requirement and leave the implementation details unknown. 11 8.5 Administrative Controls Access will be restricted to a need-to-know basis. As we have noted, changes to the systems are monitored and audited. At the application level, files and directories will be given permissions such that only the applications that need to read particular files or data are given permission to read those files. This is all in accordance with the way that proper administrative and operating system permissions should be set up. The business analytics systems and tools don’t require superuser rights for reading and executing everything on the system. Therefore, the processing unit has rights to its configuration files and data gathering module files. The reporting module reads its own configuration files. None of these can write into the configuration data. Only Management Console is given permission to write data into the configuration files. In this way, even if any of the three processing modules is compromised, the compromised component cannot make use of configuration files to compromise any of the other modules in the system. This is how self-defensive software should operate. Business analytics adheres to these basic security principles, thus allowing the system to be deployed in less trusted environments, even less protected than what Digital Diskus
  • 8. provides. 12 8.5.1 Enterprise Identity Systems (Authentication and Authorization) Authentication via the corporate directory and authorization via group membership still remain two of the important mitigations that have been implemented. Having reviewed the available mitigations, which attack surfaces seem to you to be adequately protected? And, concomitantly, which attack surfaces still require an adequate defense? 13 8.6 Requirements In order to prevent an attacker from obscuring an attack or otherwise spoofing or fooling the security monitoring system, the business analytics activity and event log files should only be readable by the security monitoring systems. And the log files permissions should be set such that only event-producing modules of the business analytics system may write to its log file. Although it is true that a superuser on most operating systems can read and write any file, in this way, attackers would have to gain these high privileges before they could alter the log files that will feed into the security monitoring system.
  • 9. 14 8.6 Requirements – Cont. Table 8.1 is not intended as a complete listing of requirements from which the security architecture would be designed and implemented. As I explained above, when I perform a security architecture analysis, I try to document every requirement, whether the requirement has been met or not. In this way, I document the defense-in-depth of the system. If something changes during implementation, or a security feature does not fulfill its promise or cannot be built for some reason, the requirements document provides all the stakeholders with a record of what the security posture of the system should be. I find that risk is easier to assess in the face of change when I’ve documented the full defense, irrespective of whether it exists or must be built. 15 Chapter 8: Summary The architect (or peer reviewing architect team) must decide the scope of the risk’s possible impact (consequences). The scope of the impact dictates at what level of the organization risk decisions must be made. The decision maker(s) must have sufficient organizational decision-making authority for the impacts. For instance, if the impact is confined to a particular system, then perhaps the managers involved in building and using that system would have sufficient decision making scope for the risk. If the impact is to an entire collection of teams underneath a particular director, then she or he must make that
  • 10. risk decision. If the risk impacts an enterprise’s brand, then the decision might need to be escalated all the way to the Chief Operating Officer or even the Chief Executive, perhaps even to the Board of Directors, if serious enough. The scope of the impact is used as the escalation guide in the organizations for which I’ve worked. Of course, your organization may use another approach. Chapter 8: Summary END University of the Cumberlands School of Computer & Information Sciences ISOL-536 - Security Architecture & Design Chapter 9: Endpoint Anti-malware Chapter 9: Endpoint Anti-malware 9.1 A Deployment Model Lens 9.2 Analysis 9.3 More on Deployment Model 9.4 Endpoint AV Software Security Requirements
  • 11. Chapter 9: Endpoint Anti-malware Figure 9.1 Endpoint security software. For the business analytics example, we knew something about the protections— both technical and process—that were applied to the host and operating system upon which the core of the business analytics system runs in that environment. Consequently, we discounted the ability of an attacker to listen in on the kernel-level communications, most particularly, the “localhost,” intra-kernel network route. Additionally, if an attacker has already gained sufficiently high privileges on the system to control processes and perhaps even to access process memory, “game over.” 9.1 A Deployment Model Lens The user is installing antivirus software in response to the belief that the machine is already compromised. In other words, endpoint security software must assume that, very similar to software exposed to the public Internet, it is being installed into an aggressively hostile environment. Any assumptions about the operating system being free of successful compromises would cause the endpoint antivirus software, itself, to become a juicy target. At the very least, assumptions about a safe environment might lead security software makers to believe that they don’t have to take the care with their security posture that, in fact, is demanded by the real-world situation. The foregoing leads us to two axioms: Assume active attackers may be on the machine even at installation time. Assume that attackers will poke and prod at every component, every input, every line of communication.
  • 12. 9.2 Analysis In consumer-oriented products, the user will have the ability to turn security functions off and on. In corporate environments, usually only system administrators have this power. The user interface can take control of the security of the system. That, of course, makes the user interface component an excellent target for attack. Likewise, the AV Engine performs the actual examination to determine whether files and traffic are malicious. If the engine can be fooled, then the attacker can execute an exploit without fear of discovery or prevention. Consequently, a denial of service (DoS) attack on the AV Engine may be a very powerful first step to compromising the endpoint. To contrast this with the user interface, if the attacker is successful in stopping the user interface the security services should continue to protect, regardless. On the other hand, if the attacker can stop the AV Engine, she or he then has access to an unprotected system. Each of these components presents an important target; the targets offer different advantages, however. Testing shows the presence, not the absence of bugs. 9.2 Analysis – Cont. The AV engine itself will have to be written to be as self- defensive as possible. Even if the AV engine validates the user interface before allowing itself to be configured by the user interface, still, those input values should not be entirely trusted. The user interface may have bugs in it that could allow attacker control. In addition, the user interface might pass an attack through to the engine from external configuration parameters. The AV engine has another input. In order to determine whether files are malicious, they may have to be opened and examined. Most certainly, in today’s malware-ridden world, a percentage
  • 13. of the files that are examined are going to contain attacks. There’s nothing to stop the attacker from placing attacks in suspicious files that go after any vulnerabilities that may lie within the file examination path. Thus, the AV Engine must protect itself rigorously while, at the same time, examining all manner of attack code. In fact, the entire path through which evil files and traffic pass must expect the worst and most sophisticated types of attacks. The file open, parse, and examination code must resist every imaginable type of file- based attack. 9.2 Analysis – Cont. Figure 9.2 Endpoint security software with management. In Figure 9.2, we can see that the system engages in communications with automated entities beyond the endpoint itself. Even if this were not true, a communicator might be employed for intermodule communications within the system. In this case, the simple, independently operating case, it would be a matter of design style as to whether to abstract communications functions into a separate module. The design was chosen in this case, not only because the system does in fact support inbound and outbound communications (as depicted in Figure 9.2) but also for reasons of performance. 24 9.3 More on Deployment Model To make matters more complex, the validity of the update must be established such that it hasn’t been tampered with between
  • 14. manufacturer and download at the endpoint (integrity). In fact, most security vendors don’t want the threat agents to have the details of what’s been prevented nor the details of how protections work. At the least, these proprietary secrets are best kept such that uncovering them requires a significant work factor. Defense is better if the attacker doesn’t have the precise details of the strategy and tactics. The foregoing general requirement suggests that communications should be confidential. This is particularly true when the communications must cross untrusted networks. If updates are coming from servers across the public Internet, then the network would not only be untrusted but also hostile. A working concept, when considering the security of customer premise equipment, is to understand that different customers require different security postures. Systems intended for deployment across a range of security postures and approaches will do best by placing security decisions into the hands of the deployers. Indeed, no matter the guidance from the vendor for a particular piece of software, customers will do what is convenient for their situation. For instance, regardless of what guidance is given to customers about keeping the management console for our endpoint system off of untrusted networks, customers will do as they wish. 9.3 More on Deployment Model – Cont. Before deploying new software, whether the updates are to the running modules or to the malware identification mechanisms used by the engine, the validity of the updates must be established. However updates are obtained for dispersal by the management console, whether by download from the software maker’s website, or through some sort of push outwards to the management console, attackers attempting to insert malicious code must be prevented. This validation could be done with a
  • 15. standard binary hash and signature. The hash value can be checked for validity. The signature will be made with the private key that can be checked against the public key for validity. This is the standard approach for this problem. For most organizations, any system having to do with the organization’s security will be considered sensitive and critical. As such, the parts of the security system implementing management of the system are typically considered need-to- know, restricted systems and interfaces. In particular, any system, such as this management console, that can change the security posture of other systems requires significant protection. 9.4 Endpoint AV Software Security Requirements Events and data flow from kernel driver to AV Engine only (never from engine to kernel). Only the AV engine may open the kernel driver, and only on system startup. “Open” is the only control operation allowed from user mode to kernel driver. No other component may communicate with the kernel driver. The kernel driver startup and initialization code must validate, sanitize, and put into canonical form inputs from AV engine. Kernel driver initialization and startup must occur during the operating system startup sequence and must complete before users are allowed to log on to the system. Kernel driver initialization must complete before user logon to the system. Kernel driver initialization must occur as early as is possible during operating system startup. Before communications are allowed to proceed between any two or more modules in the system, validation must be performed on the identity and integrity of the calling process/module/binary. The preferred mechanism is validation of a digital signature
  • 16. over the binary. The signature must be signed by the private key of the software manufacturer. Every other component except the kernel driver must run in user mode. 9.4 Endpoint AV Software Security Requirements – Cont. Installation should confine the reading and writing of the configuration files to the User Interface only. The system must have the ability to encrypt communications from/to the management console. This must be system administrator configurable. The management console must contain a user authentication system. The management console must contain a user authorization system. The management console must be able to authenticate to an LDAP. Management console authorization must be able to be performed by LDAP group membership. The administrator must be able to configure the management console to use any combination of: Local authentication LDAP authentication Local authorization LDAP group membership The user interface must re-authenticate the user before allowing changes. The management console will be able to run in a hardened state. There will be a customer document describing the hardened configuration. Hardening is configurable at customer discretion.
  • 17. 9.4 Endpoint AV Software Security Requirements – Cont. Input validation coding must be implemented on every system input, with particular care to file parsing and examination path, the reading of the configuration files, and inputs from Communicator. The file and event handling paths through the code must be rigorously fuzzed. All components of the system must be built using a rigorous Security Development Lifecycle (SDL), with particular emphasis on secure coding techniques, input validation n, and rigorous proof of the effectiveness of the SDL (i.e., security assurance testing for vulnerabilities). Vulnerability testing before product release must be thorough and employ multiple, overlapping strategies and tools. Chapter 9: Summary As was noted, the list of requirements presented here cannot be taken as a complete list, since some of the requirements refer to previous discussions and are not reiterated here. For a real- world system, I would list all requirements, so as to create a complete picture of the security needs of the system. The architectures presented in this book, I'll reiterate, should be taken as examples, not as recipes. Chapter 9: Summary END image4.emf image5.emf image6.emf