SlideShare a Scribd company logo

Lec 1 apln security(4pd)

Download as PPT, PDF
Santosh Khadsare
Santosh Khadsare
1 of 61
CYBER SECURITY AT APPLICATION LEVEL SANTOSH KHADSARE
 INVOLVES ALTERING THE RAW DATA JUST BEFORE A COMPUTER PROCESSES IT AND THEN CHANGING IT BACK AFTER PROCESSING IS COMPLETED  SECONDARY STATE BOARD  PRIVATE STUDENTS TOPPED OVER GOV T STUDENTS  6 DIGIT ROLL NUMBER  GOV T STUDENTS STARTS WITH 3  PRIVATE STUDENTS STARTS WITH 4  SOFT WARE MANIPULATION  FOR ROLL_ NO 3 if marks between 68 & 100 DEDUCT 9  FOR ROLL_ NO 4 if marks between 68 & 88 ADD 3 9
4
5
 Data  Information we keep on computers (product design, financial records, personnel data)  Lost time, lost sales, lost confidence  Resources  Unauthorized use of computer time & space  Reputation  Misrepresentation, forgery, negative publicity
Confidentiality Integrity Avalaibility
 Confidentiality - Protection from unauthorized persons  Integrity - consistency of data; no unauthorized creation, alteration or destruction  Availability - ensuring access to legitimate users  Legitimate use - ensuring appropriate use by authorized users
Functionality Moving Ball Security Ease of Use
 Intrusion - unauthorized access and use of systems  Denial of ser vice - an attack aimed at preventing use of company computers  email bomb or flooding/Internet worm  disabled, rerouted or replaced services  Information thef t - network taps, database access, hacking into sites to give out more info or to wrong parties
• Scanners • Key-loggers. • Trojans. • Remote Admin Toolkits. • Spyware. • Backdoors. • Worms. • Remote Sniffers. • Distributed Denial of Service.
 Security Services  Authentication (entity, data origin)  Access control (prevent unauthorized access)  Confidentiality (disclosure, encryption)  Data integrity (value of data item)  Non-repudiation (falsely denying a transaction)
 No Security - not an option  Security thru Obscurity - don’t tell anyone where your site is  Host Security - enforced security on each host; progressively difficult to manage as number of hosts increase  Network Security - control network access to hosts and services; firewalls, strong authentication, and encryption
Biometrics, Cryptography, Smartcards, Confidentiality Confidentiality VPNs, Voice based Systems PKI Authentication Authentication Availability Availability Clustering, Redundancy, Digital Signatures, Hot Standby, Port PKI Mirroring Integrity Integrity Assurability Assurability Availability + Digital Signatures, Non-Repudiation Non-Repudiation Reliability PKI
Information Security Info Security Measures States Components IN PROCESSING IN STORAGE IN TRANSMISSION As Strong As The Weakest Link …
WAN / NETWORK BASED INTRANET FIREWALL MOBILE USER ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS
INTERNET Red Zone Fm ISP Layer 3 Switch WAN IP DMZ (Orange DMZ (Orange IDS Zone) Zone) WebServer FW IP 192.168.3. 2 DNS Server Cop L 2 SW 192.168.1.1 Green Zone Mail Server Green Zone L 2 SW To another L2 SW
Gateway INTERNE V.35 ROUTE 136.0.0.1 136.0.0.2 136.0.0.3 T R IPS DMZ 136.0.0.4 L2 192.168.1.1 HW SW FW 192.168.2.1/26 192.168.1.2 192.168.1.3 192.168.1.4 L2 192.168.2.X/28 SW To OTHER NW SERVE SERVER SERVER VLAN LOCAL NW R Domain users . DNS . RAID . ANTI VIRUS . HTTP . RDBMS . HIPS NW TASK- TASK- . SMTP . DATABACKUP . SCANNER PRINT E AWAN 1 2 R BIOMETRIC 192.168.2.2 192.168.2.4 SENSOR . Secure disk BIOMETRIC . True Crypt SENSOR
NETWORK BASED WAN FIREWALL MOBILE ANTI USER HOST BASED VIRUS ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS
Cyber Security is the set of "measures taken to protect a Cyber Security is the set of "measures taken to protect a computer or computer system (as on the Internet) against computer or computer system (as on the Internet) against unauthorized access or attack.“ unauthorized access or attack.“ This broad and all-encompassing cyber security definition This broad and all-encompassing cyber security definition poses a significant challenge for enterprises; therefore, it poses a significant challenge for enterprises; therefore, it is highly critical for enterprises to have an in-depth cyber is highly critical for enterprises to have an in-depth cyber security strategy and plan in place in order to provide the security strategy and plan in place in order to provide the maximum level of protection from cyber security risks at maximum level of protection from cyber security risks at not just the network perimeter but also the application not just the network perimeter but also the application layer. layer.
An application is a program or group of programs An application is a program or group of programs designed for end users. Application software can be designed for end users. Application software can be divided into two general classes: systems software divided into two general classes: systems software and applications software .. and applications software  Systems software consists of low-level programs  Systems software consists of low-level programs that interact with the computer at a very basic level. that interact with the computer at a very basic level. This includes operating systems ,, compilers, and This includes operating systems compilers, and utilities for managing computer resources. utilities for managing computer resources. applications software (also called end-user applications software (also called end-user programs) includes database programs, word programs) includes database programs, word processors, and spreadsheets. Figuratively processors, and spreadsheets. Figuratively speaking, applications software sits on top of speaking, applications software sits on top of
Application security encompasses measures taken Application security encompasses measures taken throughout the application's life-cycle to prevent throughout the application's life-cycle to prevent exceptions in the security policy of an application or the exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the underlying system (vulnerabilities) through flaws in the design, design, development, development, deployment, deployment, upgrade, upgrade, or or maintenance of the application. maintenance of the application.
Most security Many software The flaws within professional are developers do not the software cause usually not have security as a a majority of the software main focus . vulnerability developers Software venders The computing The computing are trying to rush community is used community is used their products to to receiving to receiving markets with their software with software with eyes set on bugs and then bugs and then functionality not applying patches. applying patches. security.
Hard and Soft and Soft and crunchy on chewy on chewy on the the inside the inside outside PP e r m e t e r eri ime ter ss e c u it y e c u rr it y In t t e r a l e In e r nn a l e v ir o is nn nment n is f f o r tf fe d orti i i i aa r e ee s y t v ir o n m e n t aa n d ss o f w a r r e aa o d oft s y t o ee x p o i t o xpl loi nc twa e aa n d ss li d n d oo ed hh a s bb e n a s ee o t o n c e aa c c s s r e e cce li d b t a in e e n o b t a in d . ess ed.
Software controls – implemented by Operating Combination System of three
Aplns and Cmptr systems are usually devp for functionality first, not security. To get the best of both, security and functionality will have to be designed and devp at the same time Developing aplns first and then trying to add security can cause problems: May reduce overall func Can open security holes when the apln is to be integrated with other aplns
Security solns today look to solve problems through controls such as IDS, IPS, FWs, Avs, Vulnerability scanners, etc. This is because our SW contains many vulnerabilities. Our systems are hard on the outside and soft inside. Why? We have implemented strong perimeter defences, however our internal environment and SW is easy to exploit once access has been gained. Why are perimeter devices more often considered rather than developing secure SW?
In the past, SW was devp for func and not security. Mainframe era. Many programmers do not have experience of secure coding. Most security professionals are not SW developers. Many SW developers do not have security as the main focus. SW vendors under tight deadlines to get products into market; security suffers. Customers cannot control flaws in the SW they purchase, so they must depend on perimeter protection. Thus the present day over-reliance on perimeter defences.
Traditionally, we consumers have always demanded functionality from the aplns, with little thought to security. Only in the last 6 – 8 yrs, the focus is slowly shifting to functionality coupled with security.
Security controls can be used for: Inputs Processing Output Devp controls with potential risks in mind. SW to be used in a closed trusted environment versus an open environment. .
Goal is to: Prevent data corruption Prevent security compromises Reduce vulnerabilities. Controls can be preventive, detective and corrective. Can be in the form of administrative or physical controls; but are mostly technical in nature.
Buggy SW is rel Buggy SW is rel Hackers find SW Hackers find SW vulnerabilities vulnerabilities Web sites post these vulnerabilities on Web sites post these vulnerabilities on Internet and methods of exploiting them Internet and methods of exploiting them SW vendor develops and releases SW SW vendor develops and releases SW patches to fix these vulnerabilities patches to fix these vulnerabilities The new patch goes on the stack of SW The new patch goes on the stack of SW patches that all NW admin need to test patches that all NW admin need to test and install and install
NW admin today has to integrate various aplns and different computer systems. Coys today are rushing to devp aplns capable of taking on-line orders, storing credit card info and est extranets with business partners. All of this is an extremely complex activity. On top of all this security is expected and demands. As the complexity of the environment grows, tracking compromises and errors becomes a difficult task.
SW controls are usually implemented nowadays through a mix of: OS controls Apln controls DB controls OS controls can control a subject’s access to an object. These controls do not restrict a subject’s action within an apln. Apln controls can ensure  only valid inputs are inserted, data is processed in the correct sequence, and only certain subjects can view data in sensitive fields.
Aplns must draw a balance between Functionality and Security. Out of the box installation is always insecure. If an apln is extremely user friendly, it is probably not secure. Why? User friendly implies – extra lines of code. More lines of code – more the potential vulnerabilities.
SDLC – Security Issues
Also once vendors iden vulnerabilities and rel patches, NW admin may not apply them. Why? NW admin may not be up to date on current vulnerabilities and patches. They may not fully understand the imp of patches. They may be afraid that patches may cause other problems Bottomline – Insecure systems Also, If an apln fails – it must fail secure.
Software Development Life Cycle SDLC stands for Software Development Life Cycle. A Software Development Life Cycle is essentially a series of steps, or phases, that provide a model for the development and lifecycle management of an application or piece of software. The methodology within the SDLC process can vary across industries and organizations, but standards such as ISO/IEC 12207 represent processes that establish a lifecycle for software, and provide a mode for the development, acquisition, and configuration of software systems.
The intent of a SDLC process it to help produce a product that is cost-efficient, effective, and of high quality. Once an application is created, the SDLC maps the proper deployment and decommissioning of the software once it becomes a legacy.
Project Initiation Functional Design Analysis and Plg System Design Specs SW Devp Installation/Implementation Operations / Maintenance Disposal
Problems with Database Security
Risks to databases Today more and more coys holding sensitive data (credit card info, stock inventory, etc) in DBs. Earlier employees only accessed DBs. Today DB connectivity provided to customers also (Eg – check online availability of an item). How do you secure DBs? Group users in different roles and assign rights and permissions to various roles. Customers are assigned a role to only view data; and that too only specific fields of data. Customers interact with the DB through a middleware (apln). Middleware checks roles and presents data as per permissions assigned to that role.
Risks to databases – DB Integrity Concurrency Problem Occurs when a DB is accessed by more than one apln/users at the same time. SW lock used to overcome this. Processes lock tables within DB, make changes and then rel the SW lock. Next process can access DB only after the 1st process has rel the SW lock.
Risks to databases – DB Integrity DB SW performs three main types of integrity services: Entity Integrity: Every row (record) is uniquely iden by a primary key. Referential Integrity: All foreign keys reference existing primary keys. Semantic Integrity: Rules pertaining to data types, logical values are enforced.
Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Rollback: An operation that ends a current transaction and cancels current changes to a DB. The DB reverts to its previous state. Could be changes to the data / schema. Roll back occurs when the DB experiences a glitch or if processing sequence is disrupted.
Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Commit: This operation completes a transaction and executes all changes just made by the user. DB is updated to reflect the latest changes. If commit cannot complete correctly, a rollback is performed. Ensures that partial changes do not take place and data is not corrupted.
Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Savepoints: Same like system restore in Win OS. If a system failure takes place, the DB attempts to revert to the previous savepoint. Setting savepoints consumes resources. Bal to be stuck between No of Savepoints and not enough of them. Savepoints can be initiated by a time interval, user action, or No of transactions. Savepoint restores data by enabling user to go back in time before the system crashed.
Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Checkpoints: Similar to Savepoints. When a specific amt of mem is filled, a checkpoint is triggered. This saves data from mem to a temp file. If system crashes, the DB will attempt to restore data from this temp file.
A few Database Attacks Brute Force attacks against Passwords Default Username and passwords not changed by the sys admin Eg: “scott”; “tiger” - username/password combination in Oracle DB till 11g ver. Microsoft SQL Server – came with default (publically known) passwords. Easily guessable passwords chosen by sys admin..
A few Database Attacks Privilege Escalation Gen happens due to mis-configuration of database or underlying OS. Eg: A low privilege user has read rights only. However, he can read all colns in the DB incl colns holding credit card info. (mis-configuration – Restd DB views were not enforced).
A few Database Attacks Exploiting unused / un-necessary services Eg: Listener service in Oracle DB. It seeks out and fwds network connection requests to Oracle DB. When an apln has to access a DB – poorly written aplns can cause connections w/o authentication and authorisation. Install only those features that you need to use. If you don’t install a feature, you don’t have to patch it up later.
A few Database Attacks Exploiting unused / un-necessary services. Very Imp: Patch up DBs as and when patches are rel by the vendor. Gen sys admins avoid patching. Why?: Prevent downtime of the DB. Does not understand patches and what they do Do not have time to test patches May fear that patches may cause some other problems.
A few Database Attacks Stolen Backups Gen an insider attack. If backup data is un-encypted, the attacker does not need to hack into a DB. Another problem with backups – too many versions of backups. Problem in tracking all ver.
A few Database Attacks SQL Injection Occurs when the fields available for user input allows SQL stmts to be inputted. Gen, this attack takes place on the middleware; which connects to the backend DB. Eg: If an attacker gets a username/password screen, he can input an SQL stmt which is passed by the apln server to the DB and gets executed toentry to the DB. Gen the result of poor programming practices.
Lec 1 apln security(4pd)

Recommended

Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopPriyanka Aash
 
Network Forensics
Network ForensicsNetwork Forensics
Network ForensicsConferencias FIST
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 

Recommended

Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopPriyanka Aash
 
Network Forensics
Network ForensicsNetwork Forensics
Network ForensicsConferencias FIST
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber CrimeShenick Network Systems
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
SDN and Named Data Networking Security
SDN and Named Data Networking SecuritySDN and Named Data Networking Security
SDN and Named Data Networking Securitywolverinetyagi
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...IDES Editor
 
Ip trace ppt
Ip trace pptIp trace ppt
Ip trace pptdeepakmarndi
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemSeungjoo Kim
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 

More Related Content

What's hot

(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
SDN and Named Data Networking Security
SDN and Named Data Networking SecuritySDN and Named Data Networking Security
SDN and Named Data Networking Securitywolverinetyagi
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...IDES Editor
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemSeungjoo Kim
 

What's hot (20)

(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber Crime
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
 
Network forensics
Network forensicsNetwork forensics
Network forensics
 
SDN and Named Data Networking Security
SDN and Named Data Networking SecuritySDN and Named Data Networking Security
SDN and Named Data Networking Security
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
 
Ip trace ppt
Ip trace pptIp trace ppt
Ip trace ppt
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
 

Viewers also liked

BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (9)

BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Lec 1 apln security(4pd)

Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
CRENNO Technologies Network Consultancy & Session Border Controller Solut...
CRENNO Technologies Network Consultancy & Session Border Controller Solut...CRENNO Technologies Network Consultancy & Session Border Controller Solut...
CRENNO Technologies Network Consultancy & Session Border Controller Solut...Erol TOKALACOGLU
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environmentnicolasotira
 
Cisco Connected Grid Solutions
Cisco Connected Grid SolutionsCisco Connected Grid Solutions
Cisco Connected Grid SolutionsAmos Simoes
 
Axial What We Do
Axial What We DoAxial What We Do
Axial What We Dodmcleodglas
 
Risk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to FitRisk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to FitRisk Crew
 
Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Lai Yoong Seng
 
Oded nahum branch repeater 6 technical introduction
Oded nahum branch repeater 6 technical introductionOded nahum branch repeater 6 technical introduction
Oded nahum branch repeater 6 technical introductionDigicomp Academy AG
 

Similar to Lec 1 apln security(4pd) (20)

S series presentation
S series presentationS series presentation
S series presentation
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
ALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 BrochureALOE Transit SBC rev.1 Brochure
ALOE Transit SBC rev.1 Brochure
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
CRENNO Technologies Network Consultancy & Session Border Controller Solut...
CRENNO Technologies Network Consultancy & Session Border Controller Solut...CRENNO Technologies Network Consultancy & Session Border Controller Solut...
CRENNO Technologies Network Consultancy & Session Border Controller Solut...
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Vpn
Vpn Vpn
Vpn
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Lecture03 H
Lecture03 HLecture03 H
Lecture03 H
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environment
 
Cisco Connected Grid Solutions
Cisco Connected Grid SolutionsCisco Connected Grid Solutions
Cisco Connected Grid Solutions
 
Axial What We Do
Axial What We DoAxial What We Do
Axial What We Do
 
Risk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to FitRisk Factory: PCI Shrink to Fit
Risk Factory: PCI Shrink to Fit
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Ct 1 Danielson
Ct 1 DanielsonCt 1 Danielson
Ct 1 Danielson
 
Voip
VoipVoip
Voip
 
Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012
 
Oded nahum branch repeater 6 technical introduction
Oded nahum branch repeater 6 technical introductionOded nahum branch repeater 6 technical introduction
Oded nahum branch repeater 6 technical introduction
 

More from Santosh Khadsare

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 

More from Santosh Khadsare (20)

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Smart card
Smart cardSmart card
Smart card
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Webmail
WebmailWebmail
Webmail
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Web server
Web serverWeb server
Web server
 
Samba server
Samba serverSamba server
Samba server
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
 
New internet
New internetNew internet
New internet
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 

Lec 1 apln security(4pd)

  • 1. CYBER SECURITY AT APPLICATION LEVEL SANTOSH KHADSARE
  • 2.
  • 3. INVOLVES ALTERING THE RAW DATA JUST BEFORE A COMPUTER PROCESSES IT AND THEN CHANGING IT BACK AFTER PROCESSING IS COMPLETED  SECONDARY STATE BOARD  PRIVATE STUDENTS TOPPED OVER GOV T STUDENTS  6 DIGIT ROLL NUMBER  GOV T STUDENTS STARTS WITH 3  PRIVATE STUDENTS STARTS WITH 4  SOFT WARE MANIPULATION  FOR ROLL_ NO 3 if marks between 68 & 100 DEDUCT 9  FOR ROLL_ NO 4 if marks between 68 & 88 ADD 3 9
  • 4. 4
  • 5. 5
  • 6. Data  Information we keep on computers (product design, financial records, personnel data)  Lost time, lost sales, lost confidence  Resources  Unauthorized use of computer time & space  Reputation  Misrepresentation, forgery, negative publicity
  • 8. Confidentiality - Protection from unauthorized persons  Integrity - consistency of data; no unauthorized creation, alteration or destruction  Availability - ensuring access to legitimate users  Legitimate use - ensuring appropriate use by authorized users
  • 9. Functionality Moving Ball Security Ease of Use
  • 10. Intrusion - unauthorized access and use of systems  Denial of ser vice - an attack aimed at preventing use of company computers  email bomb or flooding/Internet worm  disabled, rerouted or replaced services  Information thef t - network taps, database access, hacking into sites to give out more info or to wrong parties
  • 11. Scanners • Key-loggers. • Trojans. • Remote Admin Toolkits. • Spyware. • Backdoors. • Worms. • Remote Sniffers. • Distributed Denial of Service.
  • 12. Security Services  Authentication (entity, data origin)  Access control (prevent unauthorized access)  Confidentiality (disclosure, encryption)  Data integrity (value of data item)  Non-repudiation (falsely denying a transaction)
  • 13. No Security - not an option  Security thru Obscurity - don’t tell anyone where your site is  Host Security - enforced security on each host; progressively difficult to manage as number of hosts increase  Network Security - control network access to hosts and services; firewalls, strong authentication, and encryption
  • 14. Biometrics, Cryptography, Smartcards, Confidentiality Confidentiality VPNs, Voice based Systems PKI Authentication Authentication Availability Availability Clustering, Redundancy, Digital Signatures, Hot Standby, Port PKI Mirroring Integrity Integrity Assurability Assurability Availability + Digital Signatures, Non-Repudiation Non-Repudiation Reliability PKI
  • 15. Information Security Info Security Measures States Components IN PROCESSING IN STORAGE IN TRANSMISSION As Strong As The Weakest Link …
  • 16.
  • 17. WAN / NETWORK BASED INTRANET FIREWALL MOBILE USER ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS
  • 18. INTERNET Red Zone Fm ISP Layer 3 Switch WAN IP DMZ (Orange DMZ (Orange IDS Zone) Zone) WebServer FW IP 192.168.3. 2 DNS Server Cop L 2 SW 192.168.1.1 Green Zone Mail Server Green Zone L 2 SW To another L2 SW
  • 19. Gateway INTERNE V.35 ROUTE 136.0.0.1 136.0.0.2 136.0.0.3 T R IPS DMZ 136.0.0.4 L2 192.168.1.1 HW SW FW 192.168.2.1/26 192.168.1.2 192.168.1.3 192.168.1.4 L2 192.168.2.X/28 SW To OTHER NW SERVE SERVER SERVER VLAN LOCAL NW R Domain users . DNS . RAID . ANTI VIRUS . HTTP . RDBMS . HIPS NW TASK- TASK- . SMTP . DATABACKUP . SCANNER PRINT E AWAN 1 2 R BIOMETRIC 192.168.2.2 192.168.2.4 SENSOR . Secure disk BIOMETRIC . True Crypt SENSOR
  • 20. NETWORK BASED WAN FIREWALL MOBILE ANTI USER HOST BASED VIRUS ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS
  • 21. Cyber Security is the set of "measures taken to protect a Cyber Security is the set of "measures taken to protect a computer or computer system (as on the Internet) against computer or computer system (as on the Internet) against unauthorized access or attack.“ unauthorized access or attack.“ This broad and all-encompassing cyber security definition This broad and all-encompassing cyber security definition poses a significant challenge for enterprises; therefore, it poses a significant challenge for enterprises; therefore, it is highly critical for enterprises to have an in-depth cyber is highly critical for enterprises to have an in-depth cyber security strategy and plan in place in order to provide the security strategy and plan in place in order to provide the maximum level of protection from cyber security risks at maximum level of protection from cyber security risks at not just the network perimeter but also the application not just the network perimeter but also the application layer. layer.
  • 22.
  • 23.
  • 24. An application is a program or group of programs An application is a program or group of programs designed for end users. Application software can be designed for end users. Application software can be divided into two general classes: systems software divided into two general classes: systems software and applications software .. and applications software  Systems software consists of low-level programs  Systems software consists of low-level programs that interact with the computer at a very basic level. that interact with the computer at a very basic level. This includes operating systems ,, compilers, and This includes operating systems compilers, and utilities for managing computer resources. utilities for managing computer resources. applications software (also called end-user applications software (also called end-user programs) includes database programs, word programs) includes database programs, word processors, and spreadsheets. Figuratively processors, and spreadsheets. Figuratively speaking, applications software sits on top of speaking, applications software sits on top of
  • 25. Application security encompasses measures taken Application security encompasses measures taken throughout the application's life-cycle to prevent throughout the application's life-cycle to prevent exceptions in the security policy of an application or the exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the underlying system (vulnerabilities) through flaws in the design, design, development, development, deployment, deployment, upgrade, upgrade, or or maintenance of the application. maintenance of the application.
  • 26.
  • 27.
  • 28.
  • 29. Most security Many software The flaws within professional are developers do not the software cause usually not have security as a a majority of the software main focus . vulnerability developers Software venders The computing The computing are trying to rush community is used community is used their products to to receiving to receiving markets with their software with software with eyes set on bugs and then bugs and then functionality not applying patches. applying patches. security.
  • 30. Hard and Soft and Soft and crunchy on chewy on chewy on the the inside the inside outside PP e r m e t e r eri ime ter ss e c u it y e c u rr it y In t t e r a l e In e r nn a l e v ir o is nn nment n is f f o r tf fe d orti i i i aa r e ee s y t v ir o n m e n t aa n d ss o f w a r r e aa o d oft s y t o ee x p o i t o xpl loi nc twa e aa n d ss li d n d oo ed hh a s bb e n a s ee o t o n c e aa c c s s r e e cce li d b t a in e e n o b t a in d . ess ed.
  • 31. Software controls – implemented by Operating Combination System of three
  • 32. Aplns and Cmptr systems are usually devp for functionality first, not security. To get the best of both, security and functionality will have to be designed and devp at the same time Developing aplns first and then trying to add security can cause problems: May reduce overall func Can open security holes when the apln is to be integrated with other aplns
  • 33. Security solns today look to solve problems through controls such as IDS, IPS, FWs, Avs, Vulnerability scanners, etc. This is because our SW contains many vulnerabilities. Our systems are hard on the outside and soft inside. Why? We have implemented strong perimeter defences, however our internal environment and SW is easy to exploit once access has been gained. Why are perimeter devices more often considered rather than developing secure SW?
  • 34. In the past, SW was devp for func and not security. Mainframe era. Many programmers do not have experience of secure coding. Most security professionals are not SW developers. Many SW developers do not have security as the main focus. SW vendors under tight deadlines to get products into market; security suffers. Customers cannot control flaws in the SW they purchase, so they must depend on perimeter protection. Thus the present day over-reliance on perimeter defences.
  • 35. Traditionally, we consumers have always demanded functionality from the aplns, with little thought to security. Only in the last 6 – 8 yrs, the focus is slowly shifting to functionality coupled with security.
  • 36. Security controls can be used for: Inputs Processing Output Devp controls with potential risks in mind. SW to be used in a closed trusted environment versus an open environment. .
  • 37. Goal is to: Prevent data corruption Prevent security compromises Reduce vulnerabilities. Controls can be preventive, detective and corrective. Can be in the form of administrative or physical controls; but are mostly technical in nature.
  • 38. Buggy SW is rel Buggy SW is rel Hackers find SW Hackers find SW vulnerabilities vulnerabilities Web sites post these vulnerabilities on Web sites post these vulnerabilities on Internet and methods of exploiting them Internet and methods of exploiting them SW vendor develops and releases SW SW vendor develops and releases SW patches to fix these vulnerabilities patches to fix these vulnerabilities The new patch goes on the stack of SW The new patch goes on the stack of SW patches that all NW admin need to test patches that all NW admin need to test and install and install
  • 39. NW admin today has to integrate various aplns and different computer systems. Coys today are rushing to devp aplns capable of taking on-line orders, storing credit card info and est extranets with business partners. All of this is an extremely complex activity. On top of all this security is expected and demands. As the complexity of the environment grows, tracking compromises and errors becomes a difficult task.
  • 40. SW controls are usually implemented nowadays through a mix of: OS controls Apln controls DB controls OS controls can control a subject’s access to an object. These controls do not restrict a subject’s action within an apln. Apln controls can ensure  only valid inputs are inserted, data is processed in the correct sequence, and only certain subjects can view data in sensitive fields.
  • 41. Aplns must draw a balance between Functionality and Security. Out of the box installation is always insecure. If an apln is extremely user friendly, it is probably not secure. Why? User friendly implies – extra lines of code. More lines of code – more the potential vulnerabilities.
  • 43. Also once vendors iden vulnerabilities and rel patches, NW admin may not apply them. Why? NW admin may not be up to date on current vulnerabilities and patches. They may not fully understand the imp of patches. They may be afraid that patches may cause other problems Bottomline – Insecure systems Also, If an apln fails – it must fail secure.
  • 44. Software Development Life Cycle SDLC stands for Software Development Life Cycle. A Software Development Life Cycle is essentially a series of steps, or phases, that provide a model for the development and lifecycle management of an application or piece of software. The methodology within the SDLC process can vary across industries and organizations, but standards such as ISO/IEC 12207 represent processes that establish a lifecycle for software, and provide a mode for the development, acquisition, and configuration of software systems.
  • 45. The intent of a SDLC process it to help produce a product that is cost-efficient, effective, and of high quality. Once an application is created, the SDLC maps the proper deployment and decommissioning of the software once it becomes a legacy.
  • 46. Project Initiation Functional Design Analysis and Plg System Design Specs SW Devp Installation/Implementation Operations / Maintenance Disposal
  • 48. Risks to databases Today more and more coys holding sensitive data (credit card info, stock inventory, etc) in DBs. Earlier employees only accessed DBs. Today DB connectivity provided to customers also (Eg – check online availability of an item). How do you secure DBs? Group users in different roles and assign rights and permissions to various roles. Customers are assigned a role to only view data; and that too only specific fields of data. Customers interact with the DB through a middleware (apln). Middleware checks roles and presents data as per permissions assigned to that role.
  • 49. Risks to databases – DB Integrity Concurrency Problem Occurs when a DB is accessed by more than one apln/users at the same time. SW lock used to overcome this. Processes lock tables within DB, make changes and then rel the SW lock. Next process can access DB only after the 1st process has rel the SW lock.
  • 50. Risks to databases – DB Integrity DB SW performs three main types of integrity services: Entity Integrity: Every row (record) is uniquely iden by a primary key. Referential Integrity: All foreign keys reference existing primary keys. Semantic Integrity: Rules pertaining to data types, logical values are enforced.
  • 51. Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Rollback: An operation that ends a current transaction and cancels current changes to a DB. The DB reverts to its previous state. Could be changes to the data / schema. Roll back occurs when the DB experiences a glitch or if processing sequence is disrupted.
  • 52. Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Commit: This operation completes a transaction and executes all changes just made by the user. DB is updated to reflect the latest changes. If commit cannot complete correctly, a rollback is performed. Ensures that partial changes do not take place and data is not corrupted.
  • 53. Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Savepoints: Same like system restore in Win OS. If a system failure takes place, the DB attempts to revert to the previous savepoint. Setting savepoints consumes resources. Bal to be stuck between No of Savepoints and not enough of them. Savepoints can be initiated by a time interval, user action, or No of transactions. Savepoint restores data by enabling user to go back in time before the system crashed.
  • 54. Risks to databases – DB Integrity Other Operations in DB SW to protect integrity of data: Checkpoints: Similar to Savepoints. When a specific amt of mem is filled, a checkpoint is triggered. This saves data from mem to a temp file. If system crashes, the DB will attempt to restore data from this temp file.
  • 55. A few Database Attacks Brute Force attacks against Passwords Default Username and passwords not changed by the sys admin Eg: “scott”; “tiger” - username/password combination in Oracle DB till 11g ver. Microsoft SQL Server – came with default (publically known) passwords. Easily guessable passwords chosen by sys admin..
  • 56. A few Database Attacks Privilege Escalation Gen happens due to mis-configuration of database or underlying OS. Eg: A low privilege user has read rights only. However, he can read all colns in the DB incl colns holding credit card info. (mis-configuration – Restd DB views were not enforced).
  • 57. A few Database Attacks Exploiting unused / un-necessary services Eg: Listener service in Oracle DB. It seeks out and fwds network connection requests to Oracle DB. When an apln has to access a DB – poorly written aplns can cause connections w/o authentication and authorisation. Install only those features that you need to use. If you don’t install a feature, you don’t have to patch it up later.
  • 58. A few Database Attacks Exploiting unused / un-necessary services. Very Imp: Patch up DBs as and when patches are rel by the vendor. Gen sys admins avoid patching. Why?: Prevent downtime of the DB. Does not understand patches and what they do Do not have time to test patches May fear that patches may cause some other problems.
  • 59. A few Database Attacks Stolen Backups Gen an insider attack. If backup data is un-encypted, the attacker does not need to hack into a DB. Another problem with backups – too many versions of backups. Problem in tracking all ver.
  • 60. A few Database Attacks SQL Injection Occurs when the fields available for user input allows SQL stmts to be inputted. Gen, this attack takes place on the middleware; which connects to the backend DB. Eg: If an attacker gets a username/password screen, he can input an SQL stmt which is passed by the apln server to the DB and gets executed toentry to the DB. Gen the result of poor programming practices.

Editor's Notes

  1. Is authentication and authorisation reqd? Is encryption needed? Will the apln interface with other aplns? Will the product be directly accessed by the Internet? Preventive ctrls (encryption, unique user login), detective ctrl (audit modules) and corrective controls (for data integrity) are iden in this phase.
  2. Baseline docu creation – inputs from design docu. Design freeze – no more func can be added after this. Design freeze is intended to prevent scope creep . $1 to prevent a problem; $10 to correct a mistake during production; $100 to correct mistake after product has reached end users/customers.
  3. Access control mechanisms are chosen now. Encryption method and algorithm are chosen.
  4. Imp that pgmrs use secure coding practices. Prevent buffer overflow (check input lengths), verify syntax, perform checksums, ensure correct data format entry. SW devp in distinct modules; Each module has specific func; Modules logically chained together to form finished SW. modular design helps maintainability of finished SW. Indl modules can be updated or repl with ease. Modular design – different teams can work on different modules. High cohesion – each module performs only one task or similarly related tasks. Low coupling – a module should not rely on too many different modules to work. Eg- a modul;e performing only addition or (addn, subtraction and multiplication(similar job)) is said to have high cohesion. If module A needs to send data to module B, C and D to perform its task – it is high coupling (not desirable). Pers testing codes to be different than the developers. Use separate environment for code developing, testing and final production environment. – separation of duties. Backdoors (a specific key combination to bypass all access controls and get to the code; also called maint hooks. Remove before sending SW into production.