48730 cyber security - studentvip
TRANSCRIPT
48730
CYBER SECURITY STUDY NOTES
2019
1
TABLE OF CONTENTS
ABLE OF CONTENTS WEEK 1 – INTRODUCTION TO CYBERSECURITY ...................................................................................................... 2
WEEK 2 – DELOITTE GUEST LECTURE ...................................................................................................................... 6
WEEK 3 – WEB SECURITY ........................................................................................................................................ 7
WEEK 4 – TRANSPORT LAYER SECURITY ............................................................................................................... 13
WEEK 5 – TCP/IP BASED ATTACKS ......................................................................................................................... 18
WEEK 6 – OPERATING SYSTEM SECURITY ............................................................................................................. 22
WEEK 7 – CAs X.509 AND KERBEROS .................................................................................................................... 29
WEEK 8 – DELOITTE GUEST LECTURE 2 ................................................................................................................. 33
WEEK 9 – INTRUSION DETECTION AND PREVENTION (IDP) ................................................................................. 34
WEEK 10 – EMAIL AND VPN SECURITY.................................................................................................................. 43
WEEK 11 – NETWORK ACCESS CONTROL AND WIRELESS SECURITY .................................................................... 49
2
WEEK 1 – INTRODUCTION TO CYBERSECURITY FOCUS OF CYBER SECURITY - Prevent un-authorised access to resources,
stealing and modifying data and network misuse - Protect your own network - Recover quickly from attacks
CYBER SECURITY LANDSCAPE - Security threat zones – Web threats, mobile
devices (IOT), social media and scams, targeted attacks, e-crime and malware
DEFENCE STRATEGY - Prevention – Stop attackers from violating security policies - Detection – Detect attackers’ violation of security policies - Recovery – Stop attacks, assess and repair damage - Education – Best defence is intelligence
BASIC DEFINITIONS - Computer Security – Controls which ensure confidentiality, integrity, and availability of information system
assets including hardware, software, firmware, and information being processed, stored, and communicated
- Network Security – Measures to prevent, detect, and correct security violations that involve the transmission of information
- Cyber Security – Measures to protect and defend the use of a global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, embedded processors and controllers
WHAT SECURITY GOALS ARE IMPORTANT? - Confidentiality
o Data Confidentiality – Only intended users can understand the contents o Data Privacy – Control or influence what information related to an individual may be collected and
stored and between whom that information may be disclosed - Integrity
o Data Integrity – Information and data are changed only in a specified and authorized manner o System Integrity – Assures a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system - Availability
o Assures that systems work promptly, and service is not denied to authorized users - Authenticity – Verifies users are who they claim to be and that data has come from a trusted source - Accountability and Non-Repudiation – Actions made by an entity must be traced uniquely to that entity - Access Control – Only permit access to resources for designated user/process
BREACH OF SECURITY AND IMPACT AT DIFFERENT LEVELS
3
SECURITY CHALLENGES - Potential attacks on the security features need to be considered - Procedures used to provide particular services are often counter-intuitive - It is necessary to decide where to use the various security mechanisms - Requires constant monitoring, is often an afterthought - Security mechanisms typically involve more than a particular algorithm or protocol - Security is essentially a battle of wits between a perpetrator and the designer - Little benefit from security investment is perceived until a security failure occurs - Strong security is often viewed as an impediment to efficient and user-friendly operation
SECURITY VULNERABILITIES, THREATS AND ATTACKS - Categories of vulnerabilities
o Corrupted (Loss of integrity) o Leaky (Loss of confidentiality) o Unavailable or very slow (Loss of availability)
- Threats represent potential security harm to an asset when vulnerabilities are exploited - Attacks are threats that have been carried out
o Passive – Make use of information from the system without affecting system resources o Active – Alter system resources or affect operation o Insider – Initiated by an entity inside the organisation o Outsider – Initiated from outside the perimeter
RISK ASSESSMENT - Risk = Probability (Exploit) x Exploit Cost - Probability can be a combination of: Discoverability (D), Reproducibility (R) and Exploitability (E) - Exploit cost can be a combination of: Number of affected users (A) and Damage potential (D) - DREAD Model – Used to evaluate risk – Lowest = 1, Highest = 5
o EG. SQL Injection that reveals customer data ▪ D = 3, R = 5, E = 3, A = 4, D = 5 ▪ Risk = (3+5+3+4+5)/5 = 4/5
COMMON VULNERABILITY SCORING SYSTEM (CVSS) CALCULATOR - NIST has outlined method of calculating vulnerability HTTP://nvd.nist.gov/cvss.cfm?calculator&version=2 - Security Engineering involves; Identifying threats, how they can be remediated, finding vulnerabilities
CYBER THREATS - Threat Actors:
o Social – People are the primary attack vector o Operational – Failures of policy and procedure o Technological – Technical issues with the system o Environmental – From natural or physical facility factors
- Threat modelling – Helps determine the threat surface, assign risk and drive vulnerability mitigation
OSI SECURITY ARCHITECTURE - Security Attack – Action that compromises the security of information
4
- Security Mechanism – Process that is designed to detect, prevent or recover from a security attack - Security Service – Enhances security of data processing systems and information transfers of an organisation
FUNDAMENTAL SECURITY DESIGN PRINCIPLES - National Center of Academic Excellence in Information Assurance/Cyber Defence
o Economy of mechanism, Fail-safe defaults, Complete mediation, Open design separation of privilege, Least privilege, Least common mechanism, Psychological acceptability, Isolation, Encapsulation, Modularity, Layering, Least astonishment
ATTACK SURFACE - Consists of the reachable and exploitable vulnerabilities in a system
o Network attack surface – Vulnerabilities over a network, or internet o Software attack surface – Vulnerabilities in application, utility or OS code o Human attack surface – Vulnerabilities created by personnel or outsiders.
EG. Social Engineering
VULNERABILITY ASSOCIATED WITH ATTACK TREES
MALWARE AND WORMS - Malicious code often masquerades as part of useful software/message/information - Exploits existing vulnerabilities in systems making quiet and easy entry - Some programs need host programs to hide their tracks – Trojan horses, spyware, viruses, and rootkits - Others can exist and propagate independently – Worms, automated viruses and zombies - Propagation mechanisms: Sharing files via P2P, IRC, Instant messaging, SQL injection, Web pages, Buffer
Overflow, Emails
TROJAN HORSE AND BACKDOOR - Program with hidden malware
o Usually superficially attractive o Often used to propagate a virus/worm or install a backdoor o Allow attackers to gain unauthorised access
SECURITY MECHANISMS - Hardening of OS and applications - Patches in OS and applications via security updates - Local, domain and public security policies - Cryptography (Hash functions for authenticity, Symmetric, Public-key infrastructure, Certificates, PRNG) - Authentication and key establishment within a domain
1. HOST PROTECTION - Use of Anti-malware software - OS and application security patches - Host-based firewall and intrusion detection
o Patterns of specific known exploits and vulnerabilities are looked for o Behavioural-based analysis watches for suspicious behaviour
- Configuration hardening
5
2. NETWORK ACCESS CONTROL/PROTECTION (NAC/NAP) - Needs a server side and client side (agent) software process in a host - Agent reports the health state of the host to NAC/NAP server - Policies for user/group/process access rights – Cisco ACS, Symantec Endpoint Protection Manager - Cisco Network Admission Control (NAC), Symantec and McAfee NAC
3. CRYPTO AND PROTOCOLS - Symmetric key crypto – Confidentiality: Encryption – Authentication: Hash - Public key crypto – Encryption, Signature, Certificate – Authentication - SSL protects transport layer using public key crypto for establishing a symmetric key and authentication - SSL uses symmetric key for encryption, VPN for network layer
4. PERIMETER PROTECTION - Can be physical (Router Interface) or virtual (VLAN) - Firewall provides ongoing inspection and filtering of IP and transport headers - IDS: Reports detected malicious packets, IPS: Blocks and reports detected malicious packets - Detection based on signatures and abnormal behaviours
THE TOP 4 MITIGATION STRATEGIES 1. Application Whitelisting – Only allowing clients to run tested software 2. Patching Systems – Setting systems to auto-update, risk some applications will not work after patch 3. Restricting Administrative Privileges – Admins have two accounts, root access should not use internet 4. Creating a Defence-in-depth System