Security Investigation: Threats

THREATS

To protect an organization’s information, you must

        Know yourself

(i.e) be familiar wit the information to be protected, and the systems that store, transport and process it.

2. Know the threats you face

To make sound decisions about information security, management must be informed about the various threats facing the organization, its application, data and information systems.

A threat is an object, person, or other entity, that represents a constant danger to an asset.

1 Threats to Information Security

2 Threats

ü Acts of Human Error or Failure:

   Acts performed without intent or malicious purpose by an authorized user.

   because of in experience ,improper training,

   Making of incorrect assumptions.

One of the greatest threats to an organization’s information security is the organization’s own employees.

ü Entry of erroneous data

ü accidental deletion or modification of data

ü storage of data in unprotected areas.

ü Failure to protect information can be prevented with

     Training

     Ongoing awareness activities -Verification by a second party

     Many military applications have robust, dual- approval controls built in .

Compromises to Intellectual Property

ü Intellectual Property is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas.

ü Intellectual property includes trade secrets, copyrights, trademarks, and patents.

ü Once intellectual property has been defined and properly identified, breaches to IP constitute a threat to the security of this information.

ü Organization purchases or leases the IP of other organizations.

ü Most Common IP breach is the unlawful use or duplication of software based intellectual property more commonly known as software Piracy.

ü Software Piracy affects the world economy.

ü U.S provides approximately 80% of world’s software.

In  addition  to  the  laws  surrounding  software  piracy,  two  watch  dog  organizations

investigate allegations of software abuse.

            Software and Information Industry Association (SIIA) (i.e)Software Publishers Association

            Business Software Alliance (BSA)

            Another effort to combat (take action against) piracy is the online registration process.

Deliberate Acts of Espionage or Trespass

ü Electronic and human activities that can breach the confidentiality of information.

ü When an unauthorized individual’s gain access to the information an organization is trying to protect is categorized as act of espionage or trespass.

ü Attackers can use many different methods to access the information stored in an information system.

            Competitive Intelligence[use web browser to get information from market research]

            Industrial espionage(spying)

3.  Shoulder Surfing(ATM)

Trespass

   Can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

   Sound principles of authentication & authorization can help organizations protect valuable information and systems.

   Hackers-> “People who use and create computer software to gain access to information illegally”

   There are generally two skill levels among hackers.

   Expert Hackers-> Masters of several programming languages, networking protocols, and operating systems .

   Unskilled Hackers

ü Deliberate Acts of information Extortion (obtain by force or threat)

   Possibility of an attacker or trusted insider stealing information from a computer system and demanding compensation for its return or for an agreement not to disclose the information.

ü Deliberate Acts of sabotage or Vandalism

   Destroy an asset or

   Damage the image of organization

   Cyber terrorism-Cyber terrorists hack systems to conduct terrorist activities through network or internet pathways.

ü Deliberate Acts of Theft

   Illegal taking of another’s property-- is a constant problem.

   Within an organization, property can be physical, electronic, or intellectual.

   Physical theft can be controlled by installation of alarm systems.

   Trained security professionals.

   Electronic theft control is under research.

ü Deliberate Software Attacks

Because of malicious code or malicious software or sometimes malware.

   These software components are designed to damage, destroy or deny service to the target system.

   More common instances are

   Virus, Worms, Trojan horses, Logic bombs, Backdoors.

   “The British Internet Service Provider Cloudnine” be the first business “hacked out of existence”

ü     Virus

   Segments of code that performs malicious actions.

   Virus transmission is at the opening of Email attachment files.

   Macro virus-> Embedded in automatically executing macrocode common in word processors, spreadsheets and database applications.

   Boot Virus-> infects the key operating files located in the computer’s boot sector.

ü     Worms

   A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication.

   Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth.

   Eg: MS-Blaster, MyDoom, Netsky, are multifaceted attack worms.

   Once the worm has infected a computer , it can redistribute itself to all e-mail addresses found on the infected system.

   Furthermore, a worm can deposit copies of itself onto all Web servers that the infected systems can reach, so that users who subsequently visit those sites become infected.

ü     Trojan Horses

Are software programs that hide their true nature and reveal their designed behavior only when activated.

Back Door or Trap Door

ü A Virus or Worm has a payload that installs a backdoor or trapdoor component in a system, which allows the attacker to access the system at will with special privileges.

Eg: Back Orifice

Polymorphism

ü A Polymorphic threat is one that changes its apparent shape over time, making it undetectable by techniques that look for preconfigured signatures.

ü These viruses and Worms actually evolve, changing their size, and appearance to elude detection by antivirus software programs.

Virus & Worm Hoaxes

Types of Trojans

· Data Sending Trojans

· Proxy Trojans

· FTP Trojans

· Security software disabler Trojans

· Denial of service attack Trojans(DOS)

Virus

A program or piece of code that be loaded on to your computer, without your knowledge and run against your wishes.

Worm

1.   A program or algorithm that replicates itself over a computer network and usually performs malicious actions.

Trojan Horse

ü A destructive program that masquerade on beginning application, unlike viruses, Trojan horse do not replicate themselves.

Blended threat

ü Blended threats combine the characteristics of virus, worm, Trojan horses & malicious code with server and Internet Vulnerabilities.

Antivirus Program

   A Utility that searches a hard disk for viruses and removes any that found.

ü     Forces of Nature

   Fire: Structural fire that damages the building. Also encompasses smoke damage from a fire or water damage from sprinkles systems.

   Flood: Can sometimes be mitigated with flood insurance and/or business interruption Insurance.

   Earthquake: Can sometimes be mitigated with specific causality insurance and/or business interruption insurance, but is usually a separate policy.

   Lightning: An Abrupt, discontinuous natural electric discharge in the atmosphere.

   Landslide/Mudslide: The downward sliding of a mass of earth & rocks directly damaging all parts of the information systems.

   Tornado/Severe Windstorm

   Huricane/typhoon

   Tsunami

   Electrostatic Discharge (ESD)

   Dust Contamination

Since it is not possible to avoid force of nature threats, organizations must implement controls to limit damage.

They must also prepare contingency plans for continued operations, such as disaster recovery plans, business continuity plans, and incident response plans, to limit losses in the face of these threats.

ü     Deviations in Quality of Service

   A product or service is not delivered to the organization as expected.

   The Organization’s information system depends on the successful operation of many interdependent support systems.

   It includes power grids, telecom networks, parts suppliers, service vendors, and even the janitorial staff & garbage haulers.

   This degradation of service is a form of availability disruption.

Internet Service Issues

ü Internet service Provider(ISP) failures can considerably undermine the availability of information.

ü The web hosting services are usually arranged with an agreement providing minimum service levels known as a Service level Agreement (SLA).

ü When a Service Provider fails to meet SLA, the provider may accrue fines to cover losses incurred by the client, but these payments seldom cover the losses generated by the outage.

Communications & Other Service Provider Issues

ü Other utility services can affect the organizations are telephone, water, waste water, trash pickup, cable television, natural or propane gas, and custodial services.

ü The loss of these services can impair the ability of an organization to function.

ü For an example, if the waste water system fails, an organization might be prevented from allowing employees into the building.

ü This would stop normal business operations.

Power Irregularities

ü Fluctuations due to power excesses.

ü Power shortages &

ü Power losses

This can pose problems for organizations that provide inadequately conditioned power for their information systems equipment.

   When voltage levels spike (experience a momentary increase),or surge ( experience prolonged increase ), the extra voltage can severely damage or destroy equipment.

   The more expensive uninterruptible power supply (UPS) can protect against spikes and surges.

ü         Technical Hardware Failures or Errors

   Resulting in unreliable service or lack of availability

   Some errors are terminal, in that they result in unrecoverable loss of equipment.

   Some errors are intermittent, in that they resulting in faults that are not easily repeated.

ü         Technical software failures or errors

   This category involves threats that come from purchasing software with unknown, hidden faults.

   Large quantities of computer code are written, debugged, published, and sold before all their bugs are detected and resolved.

   These failures range from bugs to untested failure conditions.

ü         Technological obsolescence

   Outdated infrastructure can lead to unreliable and untrustworthy systems.

   Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity from attacks.