Lec 1 apln security(4pd)
-
Upload
santosh-khadsare-cehrhcsaccipgdbaops-mgt -
Category
Documents
-
view
180 -
download
2
Transcript of Lec 1 apln security(4pd)
CYBER SECURITY AT APPLICATION LEVEL
SANTOSH KHADSARE
3
INVOLVES ALTERING THE RAW DATA JUST BEFORE A COMPUTER PROCESSES IT AND THEN CHANGING IT BACK AFTER PROCESSING IS COMPLETED
SECONDARY STATE BOARD PRIVATE STUDENTS TOPPED OVER GOVT
STUDENTS 6 DIGIT ROLL NUMBER
GOVT STUDENTS STARTS WITH 3 PRIVATE STUDENTS STARTS WITH 4
SOFTWARE MANIPULATION FOR ROLL_ NO 3 if marks between 68 & 100
DEDUCT 9 FOR ROLL_ NO 4 if marks between 68 & 88
ADD 9
4
5
Data Information we keep on computers (product
design, financial records, personnel data) Lost time, lost sales, lost confidence
Resources Unauthorized use of computer time & space
Reputation Misrepresentation, forgery, negative
publicity
Integrity
Confidentiality
Avalaibility
Confidentiality - Protection from unauthorized persons
Integrity - consistency of data; no unauthorized creation, alteration or destruction
Availability - ensuring access to legitimate users
Legitimate use - ensuring appropriate use by authorized users
Security
Functionality
Ease of Use
Moving Ball
Intrusion - unauthorized access and use of systems
Denial of service - an attack aimed at preventing use of company computers email bomb or flooding/Internet worm disabled, rerouted or replaced services
Information theft - network taps, database access, hacking into sites to give out more info or to wrong parties
• Scanners• Key-loggers.• Trojans.• Remote Admin
Toolkits.• Spyware.• Backdoors.• Worms.• Remote Sniffers.• Distributed Denial
of Service.
Security Services Authentication (entity, data origin) Access control (prevent unauthorized
access) Confidentiality (disclosure, encryption) Data integrity (value of data item) Non-repudiation (falsely denying a
transaction)
No Security - not an option Security thru Obscurity - don’t tell
anyone where your site is Host Security - enforced security on
each host; progressively difficult to manage as number of hosts increase
Network Security - control network access to hosts and services; firewalls, strong authentication, and encryption
ConfidentialityConfidentiality
AvailabilityAvailability
AssurabilityAssurability
Non-RepudiationNon-Repudiation
IntegrityIntegrity
AuthenticationAuthentication
Clustering, Clustering, Redundancy,Redundancy,Hot Standby, PortHot Standby, PortMirroring Mirroring
Availability Availability + +
ReliabilityReliabilityDigital Signatures, PKI
Digital Signatures, PKI
Biometrics, Biometrics, Smartcards,Smartcards,Voice based SystemsVoice based Systems
Cryptography,Cryptography,VPNs,VPNs,
PKIPKI
Info Security Components
ININ
PROCESSINGPROCESSING
IN IN
TRANSMISSIONTRANSMISSION
IN IN
STORAGESTORAGE
Information States
Security Measures
As Strong As The Weakest Link …
PCs SERVERS
WAN / WAN / INTRANETINTRANET
HQ XYZ CORPSHQ ABC CORPS
MOBILE USER
FIREWALL
ROUTER
SWITCH
ROUTER
NETWORK BASED
INTERNET
Fm ISP
Layer 3 Switch WAN IP
Red Zone
IDS
FW IP Cop
WebServer
Mail Server
DNS Server
DMZ (Orange Zone)
DMZ (Orange Zone)
L 2 SW
L 2 SW
To another L2 SW
192.168.1.1
192.168.3.2
Green ZoneGreen Zone
ROUTER
INTERNET
V.35Gateway136.0.0.1 IPS136.0.0.2 136.0.0.3
HW FW
136.0.0.4L2 SW
192.168.1.1
SERVER
SERVERSERVER
. DNS
. HTTP
. SMTP
. RAID
. RDBMS
. DATABACKUP
. ANTI VIRUS
. HIPS
. SCANNER
DMZ
BIOMETRIC SENSOR
L2 SWVLAN
AWAN
TASK-2
TASK-1
. Secure disk
. True Crypt
192.168.1.2 192.168.1.3 192.168.1.4
192.168.2.1/26
Domain users
To OTHER NW
192.168.2.2 192.168.2.4
NWPRINTE
R
BIOMETRIC SENSOR
LOCAL NW
192.168.2.X/28
PCs SERVERS
WANWAN
SWITCH
ROUTER
ROUTER
FIREWALLANTI
VIRUS
MOBILE USER
HQ XYZ CORPS
HQ ABC CORPS
NETWORK BASED
HOST BASED
Cyber Security is the set of "measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.“
This broad and all-encompassing cyber security definition poses a significant challenge for enterprises; therefore, it is highly critical for enterprises to have an in-depth cyber security strategy and plan in place in order to provide the maximum level of protection from cyber security risks at not just the network perimeter but also the application layer.
Cyber Security is the set of "measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.“
This broad and all-encompassing cyber security definition poses a significant challenge for enterprises; therefore, it is highly critical for enterprises to have an in-depth cyber security strategy and plan in place in order to provide the maximum level of protection from cyber security risks at not just the network perimeter but also the application layer.
An application is a program or group of programs designed for end users. Application software can be divided into two general classes: systems software and applications software.
Systems software consists of low-level programs that interact with the computer at a very basic level. This includes operating systems, compilers, and utilities for managing computer resources.
applications software (also called end-user programs) includes database programs, word processors, and spreadsheets. Figuratively speaking, applications software sits on top of systems software because it is unable to run without the operating system and system utilities.
An application is a program or group of programs designed for end users. Application software can be divided into two general classes: systems software and applications software.
Systems software consists of low-level programs that interact with the computer at a very basic level. This includes operating systems, compilers, and utilities for managing computer resources.
applications software (also called end-user programs) includes database programs, word processors, and spreadsheets. Figuratively speaking, applications software sits on top of systems software because it is unable to run without the operating system and system utilities.
Application security encompasses measures taken
throughout the application's life-cycle to prevent
exceptions in the security policy of an application or
the underlying system (vulnerabilities) through flaws
in the design, development, deployment, upgrade, or
maintenance of the application.
Application security encompasses measures taken
throughout the application's life-cycle to prevent
exceptions in the security policy of an application or
the underlying system (vulnerabilities) through flaws
in the design, development, deployment, upgrade, or
maintenance of the application.
The flaws within the software
cause a majority of the
vulnerability
Most security professional are
usually not software
developers
Many software developers do
not have security as a main focus .
The computing community is
used to receiving
software with bugs and then
applying patches.
The computing community is
used to receiving
software with bugs and then
applying patches.
Software venders are
trying to rush their products
to markets with their eyes set
on functionality not security.
Hard and crunchy on the outside
Soft and chewy on the inside
Soft and chewy on the inside
Perimeter
security is
fortified and
solid
Perimeter
security is
fortified and
solid
Internal environment and software are easy to exploit once access has been obtained.
Internal environment and software are easy to exploit once access has been obtained.
Software controls –
implemented by
Operating System
Combination of three
Aplns and Cmptr systems are usually devp for functionality first, not security.
To get the best of both, security and functionality will have to be designed and devp at the same time
Developing aplns first and then trying to add security can cause problems:
May reduce overall funcCan open security holes when the apln is to be integrated
with other aplns
Security solns today look to solve problems through controls such as IDS, IPS, FWs, Avs, Vulnerability scanners, etc.
This is because our SW contains many vulnerabilities.
Our systems are hard on the outside and soft inside. Why?
We have implemented strong perimeter defences, however our internal environment and SW is easy to exploit once access has been gained.
Why are perimeter devices more often considered rather than developing secure SW?
In the past, SW was devp for func and not security. Mainframe era.
Many programmers do not have experience of secure coding.
Most security professionals are not SW developers.
Many SW developers do not have security as the main focus.
SW vendors under tight deadlines to get products into market; security suffers.
Customers cannot control flaws in the SW they purchase, so they must depend on perimeter protection. Thus the present day over-reliance on perimeter defences.
Traditionally, we consumers have always demanded functionality from the aplns, with little thought to security.
Only in the last 6 – 8 yrs, the focus is slowly shifting to functionality coupled with security.
Security controls can be used for:InputsProcessingOutput
Devp controls with potential risks in mind.SW to be used in a closed trusted environment versus an open environment.
.
Goal is to:Prevent data corruptionPrevent security compromisesReduce vulnerabilities.
Controls can be preventive, detective and corrective.Can be in the form of administrative or physical controls; but are mostly technical in nature.
Buggy SW is relBuggy SW is rel
Hackers find SW vulnerabilities
Hackers find SW vulnerabilities
Web sites post these vulnerabilities on Internet and methods of exploiting them
Web sites post these vulnerabilities on Internet and methods of exploiting them
SW vendor develops and releases SW patches to fix these vulnerabilities
SW vendor develops and releases SW patches to fix these vulnerabilities
The new patch goes on the stack of SW patches that all NW admin need to test
and install
The new patch goes on the stack of SW patches that all NW admin need to test
and install
NW admin today has to integrate various aplns and different computer systems.
Coys today are rushing to devp aplns capable of taking on-line orders, storing credit card info and est extranets with business partners.
All of this is an extremely complex activity.
On top of all this security is expected and demands.
As the complexity of the environment grows, tracking compromises and errors becomes a difficult task.
SW controls are usually implemented nowadays through a mix of:OS controlsApln controlsDB controls
OS controls can control a subject’s access to an object.These controls do not restrict a subject’s action within an apln.
Apln controls can ensure only valid inputs are inserted, data is processed in the correct sequence, and only certain subjects can view data in sensitive fields.
Aplns must draw a balance between Functionality and Security.
Out of the box installation is always insecure.
If an apln is extremely user friendly, it is probably not secure.Why?
User friendly implies – extra lines of code.More lines of code – more the potential vulnerabilities.
SDLC – Security Issues
Also once vendors iden vulnerabilities and rel patches, NW admin may not apply them. Why?
NW admin may not be up to date on current vulnerabilities and patches.They may not fully understand the imp of patches.They may be afraid that patches may cause other problems
Bottomline – Insecure systems
Also, If an apln fails – it must fail secure.
Software Development Life Cycle
SDLC stands for Software Development Life Cycle. A Software Development Life Cycle is essentially a series of steps, or phases, that provide a model for the development and lifecycle management of an application or piece of software.
The methodology within the SDLC process can vary across industries and organizations, but standards such as ISO/IEC 12207 represent processes that establish a lifecycle for software, and provide a mode for the development, acquisition, and configuration of software systems.
The intent of a SDLC process it to help produce a product that is cost-efficient, effective, and of high quality. Once an application is created, the SDLC maps the proper deployment and decommissioning of the software once it becomes a legacy.
Project Initiation
Functional Design Analysis and Plg
System Design Specs
SW Devp
Installation/Implementation
Operations / Maintenance
Disposal
Problems with Database Security
Risks to databasesToday more and more coys holding sensitive data (credit card info, stock inventory, etc) in DBs.
Earlier employees only accessed DBs. Today DB connectivity provided to customers also (Eg – check online availability of an item).
How do you secure DBs?
Group users in different roles and assign rights and permissions to various roles.Customers are assigned a role to only view data; and that too only specific fields of data.Customers interact with the DB through a middleware (apln). Middleware checks roles and presents data as per permissions assigned to that role.
Risks to databases – DB Integrity
Concurrency Problem
Occurs when a DB is accessed by more than one apln/users at the same time.
SW lock used to overcome this. Processes lock tables within DB, make changes and then rel the SW lock. Next process can access DB only after the 1st process has rel the SW lock.
Risks to databases – DB Integrity
DB SW performs three main types of integrity services:
Entity Integrity: Every row (record) is uniquely iden by a primary key.
Referential Integrity: All foreign keys reference existing primary keys.
Semantic Integrity: Rules pertaining to data types, logical values are enforced.
Risks to databases – DB Integrity
Other Operations in DB SW to protect integrity of data:
Rollback: An operation that ends a current transaction and cancels current changes to a DB. The DB reverts to its previous state.
Could be changes to the data / schema.
Roll back occurs when the DB experiences a glitch or if processing sequence is disrupted.
Risks to databases – DB Integrity
Other Operations in DB SW to protect integrity of data:
Commit:This operation completes a transaction and executes all changes just made by the user. DB is updated to reflect the latest changes.
If commit cannot complete correctly, a rollback is performed.
Ensures that partial changes do not take place and data is not corrupted.
Risks to databases – DB Integrity
Other Operations in DB SW to protect integrity of data:
Savepoints:Same like system restore in Win OS.
If a system failure takes place, the DB attempts to revert to the previous savepoint.
Setting savepoints consumes resources. Bal to be stuck between No of Savepoints and not enough of them.
Savepoints can be initiated by a time interval, user action, or No of transactions.
Savepoint restores data by enabling user to go back in time before the system crashed.
Risks to databases – DB Integrity
Other Operations in DB SW to protect integrity of data:
Checkpoints:Similar to Savepoints.
When a specific amt of mem is filled, a checkpoint is triggered.
This saves data from mem to a temp file.
If system crashes, the DB will attempt to restore data from this temp file.
A few Database Attacks
Brute Force attacks against Passwords
Default Username and passwords not changed by the sys adminEg: “scott”; “tiger” - username/password combination in Oracle DB till 11g ver.
Microsoft SQL Server – came with default (publically known) passwords.
Easily guessable passwords chosen by sys admin..
A few Database Attacks
Privilege Escalation
Gen happens due to mis-configuration of database or underlying OS.
Eg: A low privilege user has read rights only.However, he can read all colns in the DB incl colns holding credit card info. (mis-configuration – Restd DB views were not enforced).
A few Database AttacksExploiting unused / un-necessary servicesEg: Listener service in Oracle DB.It seeks out and fwds network connection requests to Oracle DB.
When an apln has to access a DB – poorly written aplns can cause connections w/o authentication and authorisation.
Install only those features that you need to use.
If you don’t install a feature, you don’t have to patch it up later.
A few Database AttacksExploiting unused / un-necessary services.
Very Imp: Patch up DBs as and when patches are rel by the vendor.
Gen sys admins avoid patching. Why?:Prevent downtime of the DB.Does not understand patches and what they doDo not have time to test patchesMay fear that patches may cause some other problems.
A few Database Attacks
Stolen BackupsGen an insider attack.
If backup data is un-encypted, the attacker does not need to hack into a DB.
Another problem with backups – too many versions of backups. Problem in tracking all ver.
A few Database Attacks
SQL InjectionOccurs when the fields available for user input allows SQL stmts to be inputted.
Gen, this attack takes place on the middleware; which connects to the backend DB.
Eg: If an attacker gets a username/password screen, he can input an SQL stmt which is passed by the apln server to the DB and gets executed toentry to the DB.
Gen the result of poor programming practices.