Protect Your System: Understanding the Importance of System Security and Vulnerabilities -- ISAA

 

Let's Talk About System Security

Topics to be Discussed:

System Vulnerabilities, Network Security Systems, System Security, System Security Tools, Web Security, Application Security, Intrusion Detection Systems,

---

Vulnerabilities 📌

Vulnerabilities are weaknesses in a system that gives threats the opportunity to compromise assets. All systems have vulnerabilities. Even though the technologies are improving but the number of vulnerabilities are increasing such as tens of millions of lines of code, many developers, human weaknesses, etc. Vulnerabilities mostly happened because of Hardware, Software, Network and Procedural vulnerabilities.

Hardware Vulnerability:

1. A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely. For examples:
2. Old version of systems or devices
3. Unprotected storage
4. Unencrypted devices, etc.

Software Vulnerability:

A software error happen in development or configuration such as the execution of it can violate the security policy. For examples:

1. Lack of input validation
2. Unverified uploads
3. Cross-site scripting
4. Unencrypted data, etc.

Network Vulnerability:

A weakness happen in network which can be hardware or software. For examples:

1. Unprotected communication
2. Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
3. Social engineering attacks
4. Misconfigured firewalls

Network Security 📌

Network Security is vital in protecting client data and information, keeping shared data secure and ensuring reliable access and network performance as well as protection from cyber threats. A well designed network security solution reduces overhead expenses and safeguards organizations from costly losses that occur from a data breach or other security incident. Ensuring legitimate access to systems, applications and data enables business operations and delivery of services and products to customers.

Firewall

Firewalls control incoming and outgoing traffic on networks, with predetermined security rules. Firewalls keep out unfriendly traffic and is a necessary part of daily computing. Network Security relies heavily on Firewalls, and especially Next Generation Firewalls, which focus on blocking malware and application-layer attacks.

Network Segmentation

Network segmentation defines boundaries between network segments where assets within the group have a common function, risk or role within an organization. For instance, the perimeter gateway segments a company network from the Internet. Potential threats outside the network are prevented, ensuring that an organization’s sensitive data remains inside. Organizations can go further by defining additional internal boundaries within their network, which can provide improved security and access control.

Access Control

Access control defines the people or groups and the devices that have access to network applications and systems thereby denying unsanctioned access, and maybe threats. Integrations with Identity and Access Management (IAM) products can strongly identify the user and Role-based Access Control (RBAC) policies ensure the person and device are authorized access to the asset.

Email Security

Email security refers to any processes, products, and services designed to protect your email accounts and email content safe from external threats. Most email service providers have built-in email security features designed to keep you secure, but these may not be enough to stop cybercriminals from accessing your information.

Data Loss Prevention (DLP) 📌

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and best practices to prevent the exposure of sensitive information outside of an organization, especially regulated data such as personally identifiable information (PII) and compliance related data: HIPAA, SOX, PCI DSS, etc.

Intrusion Prevention Systems (IPS) 📌

IPS technologies can detect or prevent network security attacks such as brute force attacks, Denial of Service (DoS) attacks and exploits of known vulnerabilities. A vulnerability is a weakness for instance in a software system and an exploit is an attack that leverages that vulnerability to gain control of that system. When an exploit is announced, there is often a window of opportunity for attackers to exploit that vulnerability before the security patch is applied. An Intrusion Prevention System can be used in these cases to quickly block these attacks.

Security of a computer system 📌

It is a crucial task. It is a process of ensuring confidentiality and integrity of the OS. A system is said to be secure if its resources are used and accessed as intended under all the circumstances, but no system can guarantee absolute security from several of the various malicious threats and unauthorized access.

Security of a system can be threatened via two violations:

• Threat: A program which has the potential to cause serious damage to the system.
• Attack: An attempt to break security and make unauthorized use of an asset.

Security violations affecting the system can be categorized as malicious and accidental. Malicious threats, as the name suggests are a kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Accidental Threats, on the other hand, are comparatively easier to be protected against. Example: DDOS.

Security can be compromised via any of the breaches mentioned:

• Breach of confidentiality: This type of violation involves the unauthorized reading of data.
• Breach of integrity: This violation involves unauthorized modification of data.
• Breach of availability: It involves unauthorized destruction of data.
• Theft of service: It involves unauthorized use of resources.
• Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.

Security System Goals 📌

Henceforth, based on the above breaches, the following security goals are aimed:

1. Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources.
2. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files.
3. Availability: All the resources of the system must be accessible to all the authorized users i.e only one user/process should not have the right to hog all the system resources. If such kind of situation occurs, denial of service could happen. In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.

Threats can be classified into the following two categories:

1. Program Threats: A program written by a cracker to hijack the security or to change the behaviour of a normal process.
2. System Threats: These threats involve the abuse of system services. They strive to create a situation in which operating-system resources and user files are misused. They are also used as a medium to launch program threats.

Types of Program Threats 📌

1. Virus: An infamous threat, known most widely. It is a self-replicating and a malicious thread which attaches itself to a system file and then rapidly replicates itself, modifying and destroying essential files leading to a system breakdown.

Further, Types of computer viruses can be described briefly as follows: – file/parasitic – appends itself to a file – boot/memory – infects the boot sector – macro – written in a high-level language like VB and affects MS Office files – source code – searches and modifies source codes – polymorphic – changes in copying each time – encrypted – encrypted virus + decrypting code – stealth – avoids detection by modifying parts of the system that can be used to detect it, like the read system call – tunneling – installs itself in the interrupt service routines and device drivers – multipartite – infects multiple parts of the system

1. Trojan Horse: A code segment that misuses its environment is called a Trojan Horse. They seem to be attractive and harmless cover program but are a really harmful hidden program which can be used as the virus carrier. In one of the versions of Trojan, User is fooled to enter its confidential login details on an application. Those details are stolen by a login emulator and can be further used as a way of information breaches.

Another variance is Spyware, Spyware accompanies a program that the user has chosen to install and downloads ads to display on the user’s system, thereby creating pop-up browser windows and when certain sites are visited by the user, it captures essential information and sends it over to the remote server. Such attacks are also known as Convert Channels.

1. Trap Door: The designer of a program or system might leave a hole in the software that only he is capable of using, the Trap Door works on similar principles. Trap Doors are quite difficult to detect as to analyze them, one needs to go through the source code of all the components of the system.
2. Logic Bomb: A program that initiates a security attack only under a specific situation.

Types of System Threats 📌

Aside from the program threats, various system threats are also endangering the security of our system:

1. Worm: An infection program which spreads through networks. Unlike a virus, they target mainly LANs. A computer affected by a worm attacks the target system and writes a small program “hook” on it. This hook is further used to copy the worm to the target computer. This process repeats recursively, and soon enough all the systems of the LAN are affected. It uses the spawn mechanism to duplicate itself. The worm spawns copies of itself, using up a majority of system resources and also locking out all other processes.

The basic functionality of a the worm can be represented as:

1. Port Scanning: It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is an automated process which involves creating a TCP/IP connection to a specific port. To protect the identity of the attacker, port scanning attacks are launched from Zombie Systems, that is systems which were previously independent systems that are also serving their owners while being used for such notorious purposes.
2. Denial of Service: Such attacks aren’t aimed for the purpose of collecting information or destroying system files. Rather, they are used for disrupting the legitimate use of a system or facility. These attacks are generally network based. They fall into two categories: – Attacks in this first category use so many system resources that no useful work can be performed.

For example, downloading a file from a website that proceeds to use all available CPU time. – Attacks in the second category involves disrupting the network of the facility. These attacks are a result of the abuse of some fundamental TCP/IP principles. the fundamental functionality of TCP/IP.

Security Measures Taken 📌

To protect the system, Security measures can be taken at the following levels:

• Physical: The sites containing computer systems must be physically secured against armed and malicious intruders. The workstations must be carefully protected.
• Human: Only appropriate users must have the authorization to access the system. Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to gain unauthorized access) must be avoided.
• Operating system: The system must protect itself from accidental or purposeful security breaches.
• Networking System: Almost all of the information is shared between different systems via a network. Intercepting these data could be just as harmful as breaking into a computer. Henceforth, Network should be properly secured against such attacks.

Usually, Anti Malware programs are used to periodically detect and remove such viruses and threats. Additionally, to protect the system from the Network Threats, firewall is also be used.