2. Introduction to IT system
security
• IT system security covers everything from prevention, detection and
response to improper access from within and outside an organization,
to protect information and systems.
• As the critical importance of IT systems grows daily, so does the
volume of targeted attacks, internal fraud and other security risks from
which IT systems need to be defended.
• Elements of IT system security
– Vulnerability
– Threat
– Risk
– Exposure
– Countermeasure or Safeguard
– The Relation Between the Security Elements
3. Goals of IT System Security
• IT security generally is comprised of five main goals:
Integrity: guaranteeing that the data are those that they
are believed to be
Confidentiality: ensuring that only authorized individuals
have access to the resources being exchanged
Availability: guaranteeing the system's proper operation
Non-repudiation: guaranteeing that an operation cannot
be denied
Authentication: ensuring that only authorized individuals
have access to the resources
4. Elements of IT System Security
• Vulnerability
• Threat
• Risk
• Exposure
12. System security risk management
The process of risk assessment involves following activities:
– determining the assessment's scope and methodology
– collecting and analyzing data
– interpreting the risk analysis results
System security risk management
14. Introduction of Changing Threats
– Basics of Operating Systems & changing threats
• Operating systems are the software that provides access to the various
hardware resources (e.g. CPU, memory, and devices) that comprise a
computer system.
• Any program that is being run on a computer system has instructions
executed by that computer’s CPU, but these programs may also require
the use of other peripheral resources of these complex systems.
– Formal security mechanisms in operating system
• With the developments in technology and the advent of cloud, there
have been increasing trends of operating systems being deployed onto
storage resources and shared public computation in cloud data centers.
• This, in turn, has attracted attacks against collocated operating systems
and their hosting platforms and hence rendering the protection of data
and availability of services ineffective.
15. Why OS is Hard to Secure?
– OS not able to find themselves prone attacks
• The software required to interface these peripheral devices and
network of devices could operate in privileged mode within the
operating system.
• This way, they could access resources, such as processor memory,
directly. An attacker is able to gain full control of the operating
system, via a crafted USB device, owing to the vulnerabilities within
USB device drivers in the operating system.
– Multiple peripherals can be externally connected through interfaces,
such as integral devices
– Unlike USB driver and hardware devices developed by the hardware
manufacturers, etc.
16. Securing Operating Systems
How to secure operating system and its models:
– Trust Model
– Threat Model
There have been consistent goals for a secure operating system
established for almost every community:
• Ensuring that the operating system is able to separate users and
access to resources by following a defined policy.
• Ensuring that a trusted execution path is followed. “Trusted” means
that there are no vulnerabilities that might affect the operating
system’s ability to separate users and access to resources, such as
memory, files, I/O and processes.
17. Trust Model
• For an operating system, its trust model is synonymous with the
system’s trusted computing base (TCB).
• Ideally, a system TCB should consist of the minimal amount of
software necessary to enforce the security goals correctly.
• The software that must be trusted includes the software that
defines the security goals and the software that enforces the
security goals (i.e., the operating system’s security mechanism).
• Further, software that bootstraps this software must also be
trusted.
• Thus, an ideal TCB would consist of a bootstrapping mechanism
that enables the security goals to be loaded and subsequently
enforced for lifetime of the system.
18. Trust Model
• The secure operating system developer must prove that their
systems have a viable trust model. This requires that:
1. The system TCB must mediate all security-sensitive operations.
2. Verification of the correctness of the TCB software and its data.
3. Verification that the software’s execution cannot be tampered by
processes outside the TCB.
19. Threat Model
• A threat model defines a set of operations that an attacker may
use to compromise a system.
• In this threat model, we assume a powerful attacker who is
capable of injecting operations from the network and maybe in
control of some of the running software on the system.
• Key Security Features
• – Access control
• – Network protection
• There are principles that are well established to ensure secure
control access and its proper practical implementation:
• It has to be ensured that there exists a trusted mechanism to first
decide and then enforce the rights of the user (requesting access
to a resource) along with designated rights of the resource
requested.
20. Threat Model
• When these rights are being enforced, it has to be made sure
that there are no vulnerabilities present in the enforcement
capability. It must be free from any modifications or tampering
done beforehand. This concept is referred to as the Trusted
Computing Base.
• A trusted path must be followed while the enforcement
happens. This minimizes the possibility of interruption of
execution path by malicious processes or users. This concept is
known as the Trusted Path.
21. Key Security Features
• Access control
• Operating system, at its core, has the ability to administer control
over access to system information and resources.
• This is done in order to mitigate threats as well as minimize the
possibility of any accidental damage by the users.
• The need to prevent a poorly implemented application, that can
access the private data of users stored in the memory, is as
important as the need to prevent inadvertent download of malware
through a browser and installing unwanted spying software.
• In layman’s terms, access is the ability to read from, write to, or
execute a file, operating systems, such as Microsoft Windows,
provide richer access operations that provides the option to acquire
ownership of or even delete a data type.
22. Key Security Features
• There are principles that are well established to ensure secure
control access and its proper practical implementation:
• It has to be ensured that there exists a trusted mechanism to first
decide and then enforce the rights of the user (requesting access to
a resource) along with designated rights of the resource requested.
• When these rights are being enforced, it has to be made sure that
there are no vulnerabilities present in the enforcement capability. It
must be free from any modifications or tampering done
beforehand. This concept is referred to as the Trusted Computing
Base.
• A trusted path must be followed while the enforcement happens.
This minimizes the possibility of interruption of execution path by
malicious processes or users. This concept is known as the Trusted
Path.
23. Network protection
• With most users finding it mandatory to communicate with each
other and while accessing applications and data, most of the
operating systems are deployed in highly networked
environments.
• Before the advent of the more sophisticated operating systems,
network that connected the users were believed to be trustworthy
as the files that were being shared.
• These networks connected organizations on trusted or in-house
networks. Nowadays, we have devices that are highly mobile
being connected over untrusted and public networks (for e.g., the
Internet).
• So, to counter this problem, operating systems adapted and the
developers started to embed security features (such as firewalls,
network encryption and network access protection) onto their
• operating systems.
24. Malware protection
• Users’ requirements to access and exchange application and files
have been increasing.
• This has led to an increase in the means of exchange including
social media platforms, web portals and messaging systems.
• Most of the cyber security attacks have had been a result of a
malicious file being received from an email or a website.
• Application Verification and Control
• For example, this mechanism is implemented by Apple iOS.
Apple’s operating system enforces all applications from the app
store.
• There is no provision to install applications from external
sources. The application on the Apple app store are signed by
Apple after verifying their integrity from a security perspective.
25. Application Separation: Sandboxing
• The technique of sandboxing is used to provide a form of isolation to
an application to ensure that the functionality of the application is
“boxed-in” (limited), such that the ability of the application to access
other running applications, or the memory or network resources of
other applications.
• This method can be applied using different approaches.
• A hypervisor is sought which provides a “container” to separate out
and execute multiple operating systems on a common platform.
• Whole operating system is virtualized and run on a hypervisor which
summaries the hardware environment for the platform.
• While this approach protects applications on the same hardware
irrespective of the operating system, it does not offer any protection
to other applications in the same operating system.
26. Application Execution
• There is a possibility of application being exploited by attackers
using the user supplied input.
• Buffer overrun is the most common form of attacks in the which
the input supplied by user end up to be written directly to the
operating systems and application memory (normally used to store
application execution code, temporary and global data) without
any prior verification of its integrity.
• The attacker, using this vulnerability of data going in without any
check, takes control of the application execution by supplying
sufficient data and manipulating the stack pointer.
• The attacker, rather than simply execute the application, executes
the data and code they have written to the memory within the
application context.
27. Physical Theft
• Operating systems have found protection using following ways:
• Operating systems can now encrypt individual data files and
also the data stored in the memory.
• Applications and data can be protected from other users and
processes in case an individual gains
• access to device for a short period.
• Data on devices is protected against subsequent copying in
case the device gets stolen. This is done by
• encrypting all the data present on the device.
29. Server Operating System Security
Guidelines
– Installation & Configuration
• System Administrators verify that already installed Servers & guidance
for new server setup and general topics required for setting up a server in
secure environment. The installation should be carried out from the
original media, supplied by the vendor.
– OS Hardening
Patches: One of the most important tasks of the System Administrator
(SA) is to keep the most current patches for the OS and application
software installed on a server. Many of these patches fix security
vulnerabilities that are well known to intruders.
• Service packs are used to patch a wide range of vulnerabilities and bugs.
• The latest service pack that has been tested to work in one’s environment
should always be applied after installing the operating system.
30. Server Operating System Security
Guidelines
• Hotfixes are released more frequently than service packs and are
meant to patch a more specific problem.
• Not all hotfixes may be needed for a particular system. Before
installing these fixes on critical systems or installing them on a
large number of devices, hotfixes should be tested to ensure that
there is no conflict with other third party drivers.
• Disabling unwanted services and protocols
• Only required network services should be installed in the server.
• There are many default services with the standard OS software.
Depending upon the role of server one should load only
required network services, like on a mail server DNS service is
not required.
31. Server Operating System Security
Guidelines
• Each network protocol should be configured for security settings,
like in case of TCP/IP protocol only essential ports should be
enabled.
• For example, on MS Windows NT Server disable inbound and
outbound traffic to the external connections for TCP and UDP ports
135, 137, 139 and UDP port 138.
• Blocking these ports prevents potential intruders from gathering
useful information such as computer names, usernames, and services
running on those computers.
• Security scanner tools like NMAP, NESSUS should be run to know
which ports or services are currently open or running on the server.
32. Workstation Operating System
Security Guidelines
• The word "workstation" is used in this module to mean the
combination of the hardware, operating system, application
software, and network connection.
• Planning and executing the deployment of workstation.
• Configuring workstation to help make them less vulnerable to attack.
• Maintaining the integrity of deployed workstation.
• Improving user awareness of security issues.
33. OS and Application S/W Hardening
• OS media should be procured only from an authorised vendor of the
manufacturer.
• To patch up the vulnerabilities and loopholes of the OS, install all the
latest service packs, security patches, hot-fixes, OS updates, etc. as
available and applicable for this version at the time of installation.
• These patches/updates etc. are available from the vendors as well as
from their websites.
• Initially, all the ports should be closed/disabled and may be
enabled/opened as and when required.
• Turn off all network services that are not needed.
• Define how long the computer or application can be used. Create a
mandatory automated logoff policy based on inactivity or time of day.
• Disable application features that expose vulnerability through
configuration changes.
• Control access to settings, control panels and run functions. Define who
has access to applications by location, time of day or time period.
35. Threats of Mobile Operating Systems
• Some major threats & vulnerabilities of mobile
OS
• – Malware
Trojans
Virus
Worm
Spyware
• – Vulnerabilities
Device-Hardware Vulnerabilities
Software Vulnerabilities
37. Threats of Mobile Operating Systems
• • Some major attacks of mobile OS
• – Hardware-based attacks
• – Device-independent attacks
• – Software-based attacks
• – User-based attacks
• JTAG (Joint Test Action Group) Attacks
• Forensic Analysis
• Phishing Attacks
• QR Code Based Attacks
• SSL Proxy Attacks
39. What is Endpoint Security
• Security is top of mind for today’s CIO/CISO and endpoints are the new
target.
• Criminals are targeting employees and using their devices to gain access to
networks.
• Compromise is inevitable but a breach can be prevented. Anti-virus
solutions are important but they no longer offer complete protection to the
organization.
• The terms Endpoint Security or Endpoint Protection are generally used to
refer to corporate products that include a range of security features. These
typically include:
• Malware removal based on existing signature files and heuristic algorithms
• Built-in antispyware protection
• Ingress/Egress firewall
• IPS/IDS sensors and warning systems
• Application control and user management
• Data input/output control, including portable devices
40. Endpoint Security
• Endpoint security products may contain features and
functionality such as:
• Data loss prevention
• Insider threat protection
• Disk, endpoint, and email encryption
• Application whitelisting or control
• Network access control
• Data classification
• Endpoint detection and response
• Privileged user control
41. Critical Components of Endpoint
Security
• Endpoint encryption fully encrypts your enterprise data on
endpoints, including laptops, mobile devices, and other
endpoints, as well as in individual folders, files, and removable
storage devices like CDs and USB drives.
• Application control prevents the execution of unauthorized
applications on endpoints, a core component of comprehensive
endpoint security measures.
• Application control solves the challenge of employees
downloading unauthorized or dangerous applications on mobile
devices, which could create network vulnerabilities and lead to
unauthorized access.
42. Endpoint security perspectives:
Consumer versus corporate
there is no central administration:
• Signature and application updates are received from the
developer's control servers via the Internet.
• Endpoint security apps are configured on each computer.
• Alert and log entries are only available on the affected computer.
Centralized administration allows:
• Single sign-on web interface for configuring endpoints.
• All log entries and alerts to be sent to one location, the controlling
server.
• Downloading of signature and application updates once, then the
server application pushes the files out to all endpoints.
43. Pillars of Endpoint Security
• Four Pillars of Endpoint Security include:
• Endpoint hardening - protect the endpoint from attack
• Endpoint resiliency - make the endpoint auto-healing
• Network prioritization - guard network bandwidth
• Network resiliency - make the network auto-healing
There are four tenets of security: identity, authentication, access control,
and authorization.
• Identity - how principals, such as users, are represented.
• Authentication - how identity is established. For example, a user in
possession of a smartcard provisioned with a trusted X.509 certificate,
plus knowledge of the smartcard PIN, will use the card to authenticate,
thereby establishing his or her identity within the system.
• Access control - the ability of the system to selectively allow or deny
principals to perform actions on protected objects. Access control
enforces authorization rules.
• Authorization - the process by which access control rules are expressed.
44. • Endpoint Hardening: The goal of the first pillar - endpoint
hardening - is to ensure that network assets are using the latest
technologies to defend against threats. Typical threats include
unsafe email attachments, worm-like viruses that propagate
over the network, and related threats to your web browsers.
The following technologies can aid in endpoint hardening:
• Antivirus and anti-malware software
• Mandatory integrity levels
• Auditing of network resource access
45. Endpoint Resiliency
• The goal of endpoint resiliency is to ensure that health information
on devices and applications is continuously gathered and
monitored. That way failed devices or applications can be
automatically repaired, thus allowing operations to continue.
The following technologies can make endpoints more resilient:
• Network access control (NAC), including products such as Cisco
NAC and Microsoft Network Access Protection
• Configuration baselining, including the use of government
standards such as Security Content Automation Protocol (SCAP)
• Patching
• Antivirus and anti-malware software
• Centralized policy and confirmation management, including
products such as Microsoft System Center and VMware vCenter
46. Network Prioritization
• The goal of network prioritization is to ensure that the available
infrastructure can always meet application bandwidth needs.
This consideration applies not only at well-known peak demand
times, but also when there are unexpected surges on network
loads and distributed external and internal attacks.
Network Resiliency
• The goal of network resiliency is to allow for seamless asset
failover. Techniques in this area ideally afford reconfiguring the
network in real-time as performance degrades.
• This pillar is similar to endpoint resiliency in that the goal is to
facilitate network self-healing in order to minimize the
management burden.
47. Endpoint Security in BYOD
• Four Pillars of Endpoint Security in Bring your own device (BYOD)
• Endpoint hardening - technologies like platform attestation allow
server-side resources to extract high-assurance security claims from
mobile devices.
• This helps to keep sensitive data off malware and rootkit infested
devices and can also be used to enforce client attributes, such as the
use of hardware-based disk encryption.
• The latest generation of mobile devices supports a variety of high-
integrity security features, including TPMs, SIMs, and other
hardened cryptographic and data protection features.
• Endpoint reliability -Enforcing patching and platform updates is key
to maintaining endpoint reliability; technologies exist to do this
across all platforms.
48. Endpoint Security in BYOD
• Network prioritization - link encryption is a must-have. All web
applications should enforce Transport Layer Security (TLS); all
clients support it. Bandwidth waste is on unencrypted or untrusted
requests is avoided.
• Network reliability - many of the same proven security technologies
and practices apply equally across traditional enterprise computing
assets: routers, servers, laptops, and desktops.
• They need to be utilized and they’re constantly increasing in
sophistication. This applies whether the assets are mobile, private
cloud, or public cloud.
49. Endpoint Encryption
Defining endpoint encryption and its difference modes
– Disk Encryption: Endpoint encryption (which typically includes
disk encryption and removable media encryption) protects this data,
rendering it unreadable to unauthorized users. Endpoint encryption
describes the differences between disk encryption and file
encryption, details how disk encryption and removable media
encryption work, and addresses recovery mechanisms.
– Removable Media Encryption: Removable media encryption
software provides the ability to encrypt files on removable storage
devices. When a user copies files of a system onto a removable
storage device, each file is encrypted to a password, a shared key or
a certificate. At the same time, utilities for Windows or Mac systems
can be copied (if permitted by policy) allowing authorized access to
data without the endpoint client installed on a machine.
50. Driver influence endpoint security
• Explaining the business drivers that influence the endpoint
security
– Correct and reliable operation
– Service-level agreements
– IT asset value
– Protection of the business asset value or brand image
– Legal and regulatory compliance
– Contractual obligation
– Financial loss and liability
– Critical infrastructure
– Safety and survival
51. Driver influence endpoint security
• Explaining the IT drivers that influence the endpoint security
– Internal threats and threat agents
– External threats and threat agents
– IT service management commitments
– IT environment complexity
– Business environment complexity
– Audit and traceability
– IT vulnerabilities: Configuration
– IT vulnerabilities: Flaws
– IT vulnerabilities: Exploits
– End User Complexity
– Fast-Growing Web Threats
– VPN Security Challenges
52. Challenges of Endpoint Security
– Complacency and Risk
• IT management bandwidth
• More flexible and mobile workforce
• Lack of integration
• Fast moving security threats
– Business Challenges
• Lack of IT resources
• No in-house expertise
• Ad-hoc PC management
• Focus on more important tasks
• – The Threats Keep Coming
53. Endpoint Security Solutions
General aspects covered by an Endpoint Solution
– Personal Firewall
– Wireless Security
– Port Control
– Data Encryption
– USB and Storage Device Security
– Application Control
– Integrity and Remediation
– Client Self-Defense
– Alerts Monitoring
55. Gartner’s Magic Quadrant
Endpoint protection platforms capabilities & things include in EPP
– Antimalware
– Personal firewall
– Port and device control
EPP solutions also often include:
• Vulnerability assessment
• Application control and application sandboxing
• Memory protection
• Behavioral monitoring of application code
• Endpoint detection and remediation technology
• Full-disk and file encryption, also known as mobile data protection
• Endpoint data loss prevention (DLP)
• Enterprise mobility management (EMM), typically in a parallel non -
integrated product
57. Evaluation Criteria Definitions
– Ability to Execute
Product/Service, Overall Viability, Sales Execution/Pricing
Market Responsiveness/Record
Marketing Execution
Customer Experience
Operations
Completeness of Vision Market Understanding
Marketing Strategy
Sales Strategy
Offering (Product) Strategy
Business Model
Innovation
58. Vendor Strengths and Limitations
• Bitdefender: Bitdefender still generates the majority of its revenue from
consumer sales, but the gap between consumer sales and enterprise sales
narrowed in 2015.
• The company is investing heavily into its sales operations in Europe and
the U.S. Updates to the enterprise offering included improvements in
security event feeds from endpoints to the management console,
formulating better insights into the presence of malware, unwanted
applications, advanced threats and remediation.
Strengths
• Bitdefender provides very good malware detection capabilities, including
a sandboxed application emulation environment, automatic unknown file
analysis and continuous behavior monitoring, resulting in very good
public test scores.
Limitations
Bitdefender does not offer full feature parity between Windows, OS X
and Linux. The Windows offering supports anti-malware, firewall,
content control and device control. OS X and Linux have only anti-
malware capabilities.
59. Vendor Strengths and Limitations
Check Point Software Technologies
• Check Point Software Technologies is a well-known network
security company. Its venture into the EPP market, starting with
the 2004 acquisition of ZoneAlarm, continues to suffer from
poor marketing and channel execution.
Strengths
• Endpoint's URL filtering capability enables an off-LAN URL
filtering security policy synchronized with a firewall blade
policy.
Limitations
• Check Point's application control capabilities (which it calls
"program control") remain largely unchanged for this year.
Application control capabilities continue to rely on URL
filtering, anti-bot and anti-malware for restricting unapproved
and suspicious applications.
62. Application Server Security Overview
• Security is a system issue, not a single-product issue. Each
component of system application affects the security of the entire
system.
• Web Browsers
• Firewalls
• Load Balancers
• Virtual Private Networks (VPNs)
63. SSL Keys and Certificates
• When an SSL session is negotiated, the following steps take place:
• The server sends the client its public key.
• The client creates a bulk encryption key, often a 128 bit RC4 key,
using a specified encryption suite.
• The client encrypts the bulk key with the server's public key, and
sends the encrypted bulk key to the server.
• The server decrypts the bulk encryption key using the server’s
private key.
• This set of operations is called key exchange. After key exchange
has taken place, the client and the server use the bulk encryption
key to encrypt all exchanged data.
65. SSL (Secure Socket Layer)
• transport layer security service
• originally developed by Netscape
• version 3 designed with public input
• subsequently became Internet standard
known as TLS (Transport Layer Security)
• uses TCP to provide a reliable end-to-end
service
• SSL has two layers of protocols
67. SSL Architecture
SSL connection
a transient, peer-to-peer, communications link
associated with 1 SSL session
SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
68. SSL Architecture
Session state is defined by
Session Identifier
Peer Certificate
Compression methods
Cipher Spec
Master Secret
Is Resumable
Connection state is defined by
Server and Client Random
Server write MAC secret
Client write MAC secret
Server write key
Client write key
Initialization vectors
Sequence numbers
70. SSL Change Cipher Spec Protocol
• one of 3 SSL specific protocols which use the
SSL Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use
71. SSL Alert Protocol
conveys SSL-related alerts to peer entity
severity
• warning or fatal
specific alert
• fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
• warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked, certificate
expired, certificate unknown
compressed & encrypted like all SSL data
72. SSL Handshake Protocol
allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
74. Need of Security
• Application Server Threats and Countermeasures
– Network Eavesdropping
– Unauthorized Access
– Viruses, Worms, and Trojan Horses
75. Introduction to Oracle Application Server
• Introduction to Oracle Application Server and security objectives
– Providing Basic Security Services
– Supporting Standards
– Ensuring Deployment and Configuration Flexibility
– Minimizing Application Development and Deployment Cost
– Providing Security in Depth
77. Oracle Application Server Security Best
Practices
– Best practices for HTTPS Use
– Best Practices for Cookie Security
– Best Practices for Certificates Use
– Review Code and Content Against Already Known Attack
– Follow Common Sense Firewall Practices
– Leverage Declarative Security
– Use Switched Connections in DMZ
– Place Application Server in the DMZ
– Secure Sockets Layer
78. Web Application Server Security best
practices
– Use separate servers for internal and external applications
– Use Separate Development Server for Testing and Debugging Apps
– Audit Website activity and store logs in a secure location
– Education of developers on sound security coding practices
– Patching Operating System and Web Server
– Use of Application Scanners
79. Introduction to OWASP
• Introduction to OWASP and top 10 OWASP
– Insecure Data Storage
– Weak Server-Side Controls
– Insufficient Transport Layer Protection
– Client Side Injection
– Poor Authorization and Authentication
– Improper Session Handling
– Security Decisions via Untrusted Inputs
– Side Channel Data Leakage
– Broken Cryptography
– Sensitive Information Disclosure
80. Mobile Application Security Testing
• We Can Divide Mobile Application Testing into Three Parts:
– Dynamic analysis
– Black box security testing
– Static analysis & code review
81. Identifying and protecting
• Every piece of data is sensitive. Data cannot be classified as sensitive
and non-sensitive. Users enter data into an application under the
assumption that security will not be compromised. Considering the
importance users give to data, applications should be designed to treat
every little piece of user data as sensitive.
Examples of personal data users prefer to keep private:
• Their location
• Contacts
• Unique device and customer identifiers
• Identity of the data subject
• Identity of the phone (make of the phone)
• Credit card and payment data
• Phone call logs, SMS or instant messaging
• Browsing history
• Email
82. Protecting Data
• The data handled by an application should be protected from storage to
transit
• Access to data being stored in another field is to be taken into
consideration while handling data
• An important location where data leak can occur is the side channel data
leakage
• Data should be logged or shown in error logs
• Each piece of code that handles data needs to be crafted carefully
• User data should be encrypted using smart algorithms before being
stored on the device
• The encryption method should use a strong key
• The data stored on the device should be accessible only to the application
that stores the data
• The data should not be given global read privileges leading to other
applications residing on the device
• Whenever the data is transferred to other locations, such as a server, the
application should use https
83. Formidable App
• Creating a Formidable App
• Developers creating mobile applications need to realize that the mobile
application is only a part of the system that attackers target.
• When an application is built, every piece of information that enters the
application needs to be validated.
• User input should be considered, but not enforced while making security
decisions
• The data stored on the device should be handled carefully to ensure that
none of the information is accessible even when the device changes
hands
• The permissions set to the files and databases should ensure that
application use is unique and should be accessible only to the owner
• The user may install a malicious application accidentally. Such
applications should not be able to access the files and database of the
developed application
84. Steps to Create a Secure and
Powerful Application
• The first step is to identify the data that is most critical to an
application or a device – this can be done by threat modeling the
data before development.
• Consider all the data that the application uses, analyze the data
and identify the threat level associated with the data.
• Once the threat modeling is done, decide the level of security
that is required to protect the data.
• During the coding phase the developer writes necessary
protection methods for the data.
• This includes validations on both client and server sides to
hashing and encryption of data. Security is embedded into the
application without disturbing the business logic of the
application.
87. Introduction to Database Server
Security
• A database can be defined as a collection of data that is saved on
a computer system’s hard drive.
• Databases allow any authorized user to access, enter and analyse
data quickly and easily. It’s a collection of queries, tables and
views.
• The data stored in the databases are usually organised to model
aspects that support processes that require information storage
and retrieval.
• These layers are: database administrator system administrator,
security officer, developers and employee and security can be
breached at any of these layers by an attacker.
88. Importance of Database Server
Security
• Database servers are the foundation of virtually every Electronic
Business, Financial, and Enterprise Resource Planning (ERP)
system, and frequently include sensitive information from business
partners and customers.
• Data integrity and improper access can be compromised by many
factors, including complexity, insecure password usage,
misconfigurations, and unrecognized system backdoors, making
imperative regular use of an adaptive database server security
solution.
• Database security concerns the use of a broad range of information
security controls to protect databases (potentially including the data,
the database applications or stored functions, the database systems,
the database servers and the associated network links) against
compromises of their confidentiality, integrity and availability.
89. Architecture for Database Systems
• Explaining the Architecture for Database Systems and it provide:
– Independence of data and programs
– Ease of system design
– Ease of programming
– Powerful query facilities
– Protection of data
90. Architecture for Database Systems
• As new computing methods have evolved, different methods of
transferring the data between the database systems and the end users
have been also evolved. For database-backed up systems, there are
three most common architectures as follows:
• A direct link to the computer which performs all the work
• A client/server (two-tier) architecture
• A thin client (three-tier) architecture
In general, the goals of database security are:
• Confidentiality and secrecy: Data should not ever be revealed to anyone
who is not authorized to access it
• Authentication, accuracy and integrity: It means that data cannot be
modified maliciously or corrupted intentionally.
• Recoverable and availability: Systems should continue working, and the
lost data could be recovered easily, efficiently and in the original form
91. Database attacks,security & lifecycle
• Attacks on Database
• Two kinds of attack can be made to the databases; physical attack
and the logical attack. Physical attacks can include forced
disclosure of sensitive information like passwords, demolition of
storage devices in system, complete power failure, and theft of
secured information. While logical threats are intentionally or
unauthorized access to sensitive information.
– Insider Threat
– Login Attacks
93. Need of Database Server Security
• Following are the database vulnerabilities
– Lack of security feature maturity Login Attacks
– Database Password Management
– Oracle Internal Password
– Oracle Listener Process password
– Oracle Internal Password - “orapw” File Permission Control
– Operating system back doors
– Auditing
– TrojanHorses
Database Vulnerabilities
• Risks associated with vendor-supplied software
• Risks associated with administration
• Risks associated with user activity
94. Database Server threats &
countermeasures
• Following are the database vulnerabilities
– SQL Injection – Network Eavesdropping
– Unauthorized Server Access – Password Cracking
•
95. Acquiring Database and Server Security
• Explaining the database acquiring and server security
mechanisms
– NAT and PAT – A demilitarised zone (DMZ)
– Content-based firewalls – SSL connections – IPSec security
96. Securing Open Source Databases
• How to secure open source
database and its methodology
– Patches and Updates
– Services
– Protocols
– Accounts
– Files and Directories
– Shares
– Ports
– Registry
– Auditing and Logging
– SQL Server Security
– SQL Server Logins, Users, and
Roles
– SQL Server Database Objects
98. Best Practices to secure database
server
• Database server secure practices and planning
– Strong Password Policy Execution
– Discard all Default Users and Demo-test Databases
– Change the Admin User Name
– User Privileges Need to be Restricted
– Disable Public Network Access to Database Servers
– Enforce SSL/TLS on Remote Connections and Restrict IP
– Check for Database Dumps in Public Locations
– Encrypt Your Application Files and Backups
– Web Application Firewall and Malware Scanner Should be
used
– Always keep the Software Updated
99. Security Checklist for a Database
Administrator
• Ensure that the database RDBMS version is a vendor supported
product version.
• Monitor the RDBMS software on a regular basis to detect
unauthorized modifications.
• Ensure that all directories and file permissions created by the
installation of a RDBMS are protected in accordance with
security evaluation specifications if available or, if not, vendor
recommendations.
• Ensure that end user accounts are not granted permissions to
change directory or file permissions associated with the database
software.
111. Apply Scoping Guidance
The application of appropriate scoping guidance to the initial
baseline
• – Apply Security Objective-related Considerations
• – Apply Common Control-related Considerations
• – System Component Allocation-related Considerations
• – Apply Scalability-related Considerations
• – Document the Decisions in the Security Plan
112. Analyzing System Environment
A brief description of the technical system is provided which
includes any environmental or technical factors that raise special
security concerns, such as:
– The system is connected to the Internet;
– It is located in a harsh or overseas environment;
– Software is rapidly implemented;
– The software resides on an open network used by the general
public or with overseas access;
– The application is processed at a facility outside of the
organization's control; or
– The general support mainframe has dial-up lines.
113. Planning for security in the system
lifecycle
Few basic phases of IT system lifecycle
– Initiation Phase
– Development/Acquisition Phase
– Implementation Phase
– Operation/Maintenance Phase