Information Security

CIA Triad
• Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to
guide policies for information security within an organization. The model is also sometimes
referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the
Central Intelligence Agency. The elements of the triad are considered the three most crucial
components of security.
• Confidentiality : is roughly equivalent to privacy. Measures undertaken to ensure confidentiality are
designed to prevent sensitive information from reaching the wrong people, while making sure that the right
people can infact get it .
• Integrity : Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire
life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a breach of confidentiality). These measures include file
permissions and user access controls. Version control maybe used to prevent erroneous changes or
accidental deletion by authorized users becoming a problem.
• Availability is best ensured by rigorously
maintaining all hardware, performing
hardware repairs immediately when needed
and maintaining a correctly functioning
operating system environment that is free of
software conflicts. It’s also important to keep
current with all necessary
system upgrades. Providing adequate
communication bandwidth and preventing
the occurrence of bottlenecks are equally
important.
• Threats
A threat is anything that can disrupt the operation, functioning, integrity, or availability of a network or system. There are
different categories of threats. There are natural threats, occurrences such as floods, earthquakes, and storms. There are
also unintentional threats that are the result of accidents and stupidity. Finally, there are intentional threats that are the
result of malicious indent. Each type of threat can be deadly to a network.
• Vulnerabilities
A vulnerability is an inherent weakness in the design, configuration, or implementation of a network or system that renders it
susceptible to a threat. Most vulnerabilities can usually be traced back to one of three sources:
1. Poor design: Hardware and software systems that contain design flaws that can be exploited. In essence, the systems are
created with security holes. An example of this type of vulnerability would be the "sendmail" flaws in early versions of Unix.
Thesendmail flaws allowed hackers to gain privileged "root" access to Unix systems.
2. Poor implementation: Systems that are incorrectly configured, and therefore vulnerable to attack. This type of vulnerability
usually results from inexperience, insufficient training, or sloppy work. An example of this type of vulnerability would be a
system that does not have restricted-access privileges on critical executable files, there by allowing these files to be altered
by unauthorized users.
3. Poor management: Inadequate procedures and insufficient checks and balances. Security measures cannot operate in a
vacuum; they need to be documented and monitored. Even something as simple as the daily backup of a system needs to be
verified. There also needs to be delineation of responsibility for some functions and dual custody for others. In this manner,
an organization can ensure that procedures are being followed and that no one person has total control of a system.
 USER Authentication
• User authentication is a process that allows a device
to verify the identify of someone who connects to a
network resource. There are many technologies
currently available to a network administrator to
authenticate users. Fireware operates with
frequently used applications, including RADIUS,
Windows Active Directory, LDAP, and token-based
SecurID. The Firebox also has its own authentication
server. You can use the Firebox authentication
features to monitor and control connections
through the Firebox.
Authentication is very important when you use
dynamic IP addressing (DHCP) for computers on the
trusted or optional network. It is also important if
you must identify your users before you let them
connect to resources on the external network.
Because the Firebox® associates a user name to an
IP address, we do not recommend that you use
authentication features in a network with multi-
user computers such as Unix servers, terminal
servers or Citrix servers. The Firebox authenticates
one user per computer.
Access Control
• Access control is a security technique that can be used to regulate who or what can view or use
resources in a computing environment.
• There are two main types of access control: physical and logical. Physical access control limits
access to campuses, buildings, rooms and physical IT assets. Logical access limits connections to
computer networks, system files and data.
• Mandatory access control
• Role based access control
• Rule based access control
• Discretionary access control
Password manager, Privileged user
management
• A password manager is a software application or hardware that helps a user store and
organize passwords. Password managers usually store passwords encrypted, requiring the user to
create a master password: a single, ideally very strong password which grants the user access to
their entire password database. Some password managers store passwords on the user's
computer (called offline password managers), whereas others store data in the provider's cloud
(often called online password managers). However offline password managers also offer data
storage in the user's own cloud accounts rather than the provider‘s cloud.
• Privileged User Management (PUM), also known as “Superuser Privilege
Management” (SUPM), controls access to the administrative accounts that exist
on operating systems, applications, and databases that are used to install,
configure, administer, and manage these platforms. It also limits how long access
is granted to these accounts and provides a complete audit trail of this activity.
Data Protection
• Protecting sensitive data is the end goal of almost all IT security measures. Two
strong arguments for protecting sensitive data are to avoid identity theft and
to protect privacy.The improper disclosure of sensitive data can also cause harm
and embarrassment to students, faculty, and staff, and potentially harm the
reputation of the Institute. Therefore, it is to everyone's advantage to ensure that
sensitive data is protected.
• Plan ahead
• Know your Data
• Scale Down
• Lock up
Cryptography
• Cryptography is a method of storing and transmitting data in a particular form so that
only those for whom it is intended can read and process it. Cryptography is closely
related to the disciplines of cryptology and cryptanalysis. Cryptography includes
techniques such as microdots, merging words with images, and other ways to hide
information in storage or transit.
• Confidentiality (the information cannot be understood by anyone for whom it
was unintended)
• Integrity (the information cannot be altered in storage or transit between sender
and intended receiver without the alteration being detected)
• Non-repudiation (the creator/sender of the information cannot deny at a later
stage his or her intentions in the creation or transmission of the information)
• Authentication (the sender and receiver can confirm each other?s identity and
the origin/destination of the information)
• An intrusion detection system (IDS) is a device or software application that monitors a
network or systems for malicious activity or policy violations. Any detected activity or
violation is typically reported either to an administrator or collected centrally using
a security information and event management (SIEM) system. A SIEM system combines
outputs from multiple sources, and uses alarm filtering techniques to distinguish
malicious activity from false alarms.

• DIFFERENCE BETWEEN FIREWALL AND IDS

Though they both relate to network security, an IDS differs from a firewall in that a firewall
looks outwardly for intrusions in order to stop them from happening. Firewalls limit access
between networks to prevent intrusion and do not signal an attack from inside the
network. An IDS evaluates a suspected intrusion once it has taken place and signals an
alarm. An IDS also watches for attacks that originate from within a system.
Computer Security
• In computing, hardening is usually the process of securing a system by reducing its surface of
vulnerability, which is larger when a system performs more functions; in principle a single-
function system is more secure than a multipurpose one. Reducing available ways of attack
typically includes changing default passwords, the removal of unnecessary software,
unnecessary usernames or logins, and the disabling or removal of unnecessary services.
• A Blue Team is a group of highly skilled individuals who conduct systematic examinations of
Information Systems (IS) or products to determine adequacy of security measures, to identify
security deficiencies, to predict effectiveness of proposed security measures, and to confirm
adequacy of such measures after implementation.
• 1. Programs clean-up – Remove unnecessary programs. Every program is another potential
entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the
program is not something the company has vetted and "locked down," it shouldn’t be allowed.
Attackers look for backdoors and security holes when attempting to compromise networks.
Minimize their chances of getting through.
• 2. Use of service packs – Keep up-to-date and install the latest versions. It’s that simple. No one
thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.
• 3. Patches and patch management – Planning, testing, implementing and auditing patches should
be part of a regular security regimen. Make sure the OS is patched regularly, as well as the
individual programs on the client's computer.
• 4. Group policies – Define what groups can or can’t access and maintain these rules. Sometimes,
it’s simply user error that leads to a successful cyber attack. Establish or update user policies and
ensure all users are aware and comply with these procedures. For example, everyone should
be implementing strong passwords, securing their credentials and changing them regularly.
• 5. Security templates – Groups of policies that can be loaded in one procedure, they are
commonly used in corporate environments.
• 6. Configuration baselines – Baselining is the process of measuring changes in networking,
hardware, software, etc. To create a baseline, select something to measure and measure it
consistently for a period of time. Establish baselines and measure on a schedule that is acceptable
to both your standard for maintaining security and meeting your clients' needs.
Network Activity
• Network Activity Indicator displays the old 'two
monitors' icon in Windows 7 that flashed blue to
show network activity on the System Tray.
Network Activity Indicator indicates outgoing and
incoming network packets on all available interfaces.
• Using :This utility is a standalone executable. Run the
program, you'll see a new system tray icon.
Now you can monitor your network traffic in
Windows 7 using XP-like 'two monitors' icon on the
System Tray.
Malicious code
• Malicious code is the term used to describe any code in any part of a
software system or script that is intended to cause undesired effects,
security breaches or damage to a system. Malicious code is an application
security threat that cannot be efficiently controlled by conventional
antivirus software alone. Malicious code describes a broad category of
system security terms that includes attack scripts, viruses, worms, Trojan
horses, backdoors and malicious active content.
• Malicious code can take the form of:
• Java Applets
• ActiveX Controls
• Scripting languages
• Browser plug-ins
• Pushed content
• Malicious Code Threatens Enterprise Security
Malicious code can give a user remote access to a computer. This is known as an application
backdoor. Backdoors may be created with malicious intent, to gain access to confidential company
or customer information. But they can also be created by a programmer who wants quick access to
an application for troubleshooting purposes. They can even be created inadvertently through
programming errors. Regardless of their origin, all backdoors and malicious code can become a
security threat if they are found and exploited by hackers or unauthorized users.
• How to Avoid Malicious Code
One way to avoid malicious code in your applications is to add static analysis (also called “white-
box” testing) to your software development lifecycle to review your code for the presence of
malicious code. Veracode’s static code analysis looks at applications in non-runtime environment.
This method of security testing has distinct advantages in that it can evaluate both web and non-
web applications and, through advanced modeling, can detect malicious code in the software’s
inputs and outputs that cannot be seen through other testing methodologies.
Fault Tolerance
• Fault tolerance is the property that enables a system to continue operating properly in the event
of the failure of (or one or more faults within) some of its components. If its operating quality
decreases at all, the decrease is proportional to the severity of the failure, as compared to a
naively designed system in which even a small failure can cause total breakdown. Fault tolerance
is particularly sought after in high-availability or life-critical systems. The ability of maintaining
functionality when portions of a system break down is referred to as graceful degradation.[1]
• A fault-tolerant design enables a system to continue its intended operation, possibly at a reduced
level, rather than failing completely, when some part of the system fails. The term is most
commonly used to describe computer systems designed to continue more or less fully operational
with, perhaps, a reduction in throughput or an increase in response time in the event of some
partial failure. That is, the system as a whole is not stopped due to problems either in
the hardware or the software. An example in another field is a motor vehicle designed so it will
continue to be drivable if one of the tires is punctured, or a structure that is able to retain its
integrity in the presence of damage due to causes such as fatigue, corrosion, manufacturing
flaws, or impact.
Network Security
• In today’s industry, too many people continue to make the same mistakes with
their network security over and over again, and it seems like we just aren’t
learning our lesson. It was Einstein who once said, “You cannot solve problems by
using the same kind of thinking that we used when we created them,” meaning, if
a dilemma arises, you can’t hope to fix it and keep it fixed without changing your
methods. We all seem to fall into one or more of these habits over time, so to
help remind us all of what we need to look out for, here are some
common network security issues and solutions.
Network Security Issues
• Non-complex or Weak Network Access Passwords
Most network system administrators are open to an “old school” exploit known as brute forcing. In
order to correct this network security password vulnerability, they have implemented “CAPTCHA
Technology.” A common type of CAPTCHA requires the user to type letters or digits from a distorted
image that appears on screen, which is commonly used to prevent unwanted internet bots from
accessing websites and networks. This technology has given network security administrators a false
sense of security, in regard to countering brute forcing.
• Outdated Server Application or Software
Companies constantly release patches in order to ensure that your system is not vulnerable to new
public threats. Hackers consistently release new threats and exploits which could allow harm to
befall your network if these patches are not in place.
• Web Cookies
Although cookies do not carry viruses and cannot install malware on the host computer, the tracking of
cookies and third-party tracking cookies are commonly used ways to compile records of individuals’
browsing histories. Unencrypted cookies are a major network security issue because they can open your
system to a XSS (Cross Site Scripting) vulnerability and that is a major privacy concern.
• Plain Hashes
Anyone who knows their stuff can decrypt a Hash that is not Salted.
Hashing is used to index and retrieve items in a database and Plain Hashes are also used in
many encryption algorithms. A Salt (which is another type of encryption) is added to
Hashes in order to make a lookup table assisted Directory Attack (or Brute-Force)
impractical or extremely difficult, provided the Salt is large enough. Basically, an attacker
wouldn’t be able to use a pre-computed look up table to assist in exploiting your network,
which adds a whole new level of complexity to your network security system. So even if an
attacker gains access and compromises your database (table), it will still be very difficult for
the attacker to retrieve the information.
The best way to ensure safety in regard to Hashes is for your network administrator to hide
the Salt (or encryption key), because if the hacker is able to gain access to your Salt
encryption they can access your network system. Salt all of your Hashes. No Salt means no
security.
Network Security Solutions
• Firewalls
• Intrusion Detection Systems
• Host-based IDS: These systems are installed on a particular important machine (usually a server or
some important target) and are tasked with making sure that the system state matches a particular set
baseline. For example, the popular file-integrity checker Tripwire is run on the target machine just after
it has been installed. It creates a database of file signatures for the system and regularly checks the
current system files against their known safe signatures.
• Network-based IDS: These systems are more popular and quite easy to install. Basically, they
consist of a normal network sniffer running in promiscuous mode. (In this mode, the network
card picks up all traffic even if it is not meant for it.) The sniffer is attached to a database of
known attack signatures, and the IDS analyzes each packet that it picks up to check for known
attacks.

• Antivirus Systems
• Everyone is familiar with the desktop version of antivirus packages like Norton Antivirus
and McAfee. The way these operate is fairly simple -- when researchers find a new virus,
they figure out some unique characteristic it has (maybe a registry key it creates or a file
it replaces) and out of this they write the virus "signature.“
• Patching and updating
It is embarrassing and sad that this has to be listed as a security measure.
Despite being one of the most effective ways to stop an attack, there is a
tremendously laid-back attitude to regularly patching systems. There is no
excuse for not doing this, and yet the level of patching remains woefully
inadequate.
• Port scanners
A port scanner scans a host or a range of hosts to determine what ports are
open and what service is running on them. This tells the attacker which
systems can be attacked.
For example, if I scan a Web server and find that port 80 is running an old
Web server, like IIS/4.0, I can target this system with my collection of exploits
for IIS 4. Usually the port scanning will be conducted at the start of the
attack, to determine which hosts are interesting.