Management
identify asset
identify vulnerabilities
identify threats
identify controls
2.1 ASSETS, ATTACKS, RISKS, THREATS, VULNERABILITIES AND COUNTERMEASURES
Now that we have already defined the main objective of this course, we will be discussing the Common
Body of Knowledge in the areas of Information Assurance and Security.
ASSETS
Crown Jewels refer to a precious ornament or jewelries worn by a sovereign on certain state oecasions
Simply, crown jewels are particularly valuable or prized possession or something we secure to a safe
place.
This analogy will give us what an ASSET is. In every Information System we develop, we treat ev
data as a “crown jewels”.
In Information Security, ASSET refers to any pieces of information, device or some other parts related to
‘them that supports business activities. Assets are either components of a computer and/or the data that are
stored in it, Basically, assets are the stuff that should be put under strict security measure because failure
to do so may result into losses to the organization.
To put is simply, assets are the main reason why we need to secure and assure our information system,
that once these are exposed, it may lead to problems leading to the organizations” losses,
‘On a detailed part, mismanagement on the assets may lead into attacks. Attacks refer to activities that are
intended to snatch assets for the intention of using them for bad interests. This attacks are everywhere
whether on public or private sectors. One example of attacks isData Breaches.
Data Breaches is an event wherein an information is accessed without the consent of the authorized. This
data breach is widely observed on the Web-based Information Systems because many assets exposed over
the internet are attacker's apple of the eye. In fact, victims rise at 80% in India in 2019. The chart below
shows the different types of attacks happened in the web recorded in the Month of September, 2019.(cyber Water: 2.1% WA O.7%
(Cyber Espionage: 12.9%
Cyber Cre: 84.396
‘Source: https://www.hackmageddon.com/2019/11/04/september-2019-cyber-attacks-statistics/
‘The following are the list of Assets that Information Assurance and Security is trying to protect;
Customer Data
IT and Network Infrastructure
Intellectual Property
Finances and Financial Data
Service Availability and Productivity
Reputation
aveene
On the other hand, the person with a bad intention to attack one's asset is a Hacker. Hackers refer to
anyone with a professional skill to access assets without any authorization. Their intention is basically to
commit crimes, mostly to steal and destroy systems. Sometimes, systems were being hacked to hold the
assets of the system in hostage wherein ransom is being collected in condition to bringing back the assets.
However, good hackers also exist. They are the one who uses their skills in hardware and software to
bypass security of a device or a network. Their intention is to provide service to the victims of attacks.
Either public or private sectors are hiring good hackers to help them keep their systems safe.
Computer Security Professional named hackers metaphorically using hat colors such as White, Black and
Gray. This name comes from the old spaghetti in the western country sides where black has been worn by
bad cowboys, white has been worn by the good ones and gray in neutral
Black Hat Hackers
Black Hat Hackers basically have an advanced knowledge in destroying networks. They perform the
hacking through bypassing the security measures of the networks. This type of hacker also has a
knowledge in creating malware which intends to gain access to the systems to steal personal and financial
assets.White Hat Hackers
Hackers who utilizes their skills to do good is referred to as White Hat Hackers. Most of the big
companies intentionally employs white hat hackers to work for them. Their main responsibility is to
check and find ditch in their systems through hacking
The main difference of White Hat Hackers to the Black ones is that, white hat performs hacking with the
owner's permission while the black one, doesn’t.In fact, they are some trainings and certifications for
ethical hacking,
Grey Hat Hackers
Grey can neither be white or black. This analogy applies with the Grey Hat Hackers. They are
combinations of ethical and unethical hackers. Sometimes, they will find for a system or organizations"
‘weakness without authorized access and report it to the company. Companies then will hire them to
secure the asset. However, if they do not employ the Grey Hat Hackers, they will exploit the said assets
online for the other Black Hat Hackers perform their intentions
The term hacker always means not good to us. However. it is very important for us to understand that our
Judgement to them shall always depend on their intentions,
Aside from hackers, we also have someone who violate or breaks the security of the remote machines.
They are known as Crackers. Initially, crackers get unauthorized access to the vital data and deprive it to
the original user or owner.
Crackers can be identified as fortunately few and far between—experts who discovers security ditch and
exploit them and/or the script kiddie—one who knows how to get programs and run them legitimately.
‘These hackers and crackers are the one whom Information Security
is trying to catch.
Every Attacker, whether a Hacker or a Cracker, uses tools to perform their attacks. The following are the
tools they utilize to do their intentions;
1. Protocol Analyzers (Sniffers). These applications put the host NIC into mode that passes all
traffic to the CPU rather than to the controller itis designed to receive.
2. Port Scanner is an application that intends to probe a host for open port.
3. Finger scanning, is a way to acquire human biometric like fingerprints.
4. Vulnerability Scanning Tools are automated tools that scans web-based applications and finds
Vulnerability. Examples are Cross-site scripting, SQL. Injection, Command Injection, Path
‘Traversal and insecure server configuration.
5. Exploit Software is a bit of technology, a chunk of data or a series of commands that
compromises a bug or vulnerability to trigger unintended or unforeseen behavior to occur on
computer software, hardware or anything electroni
6. Wardialers. This can be used to find backdoors into your network. This dials telephones tocheck
ifthere is a line that contains data through a modem and the like.
7. Password Cracker. This software is used to retrieve a forgotten password or other network
resources. Sometimes, these are used to access resources without permission,
8. Keystroke Loggers. Keylogger refers to a surveillance application that has the ability to record
every keystroke that is made on the system. This intends to record log file that is usually
encrypted.Security Breach
Security breaches happen a lot — not at your house necessarily, but in large and small organizations.
Intention to destroy a company’s standing and finances is one concrete reason why Security Breach exists
‘Security and data breaches can happen on a large uncontrollable scale,
This happens when an attacker or intruder gains access without the permission of the asset's owner or
keeper. They use bypass mechanism that typically can reach the restricted areas, Security breach is a
violation that can lead to damage and even loss of assets.
Simply, Security Breaches refers to any action that would result in a violation of any rules of the Central
Intelligence Agency. Most of these breaches disrupt services intentionally. However, some of them are
accidental but both can cause hardware or software failures.
The following are activities that cause Se
ty Breaches;
1. Attack through Denial of Service (DoS). This refers to an ai
resulting for a legitimate user not to use the destroyed asset.
ributed denial-of-service (DDoS). This happens when an attacker floods network traffic to
the target making it impossible for a legitimate user be denied to use the network or a node.
3, Unacceptable Web Browsing. Acceptable web browsing is defined in an Acceptable Use Policy
(AUP) like finding for a file in the ditectory or browsing restricted sites.
4. Wiretapping. Wiretapping refers to the practice of connecting a listening device to a telephone
line to secretly monitor a conversation,
5. Backdoor. This refers to the hidden access included by the developers. Backdoors are used to
obtain exposure to the data repositories.
6. Data Modifications. Refers to the change in data that happens purposely or accidentally. It may
also include ineomplete and truncated data,
that kills a machine or network,
Additional Security Challenges may include:
1, Spam and Spim. Spam refers to unsolicited email spim are spams over instant messaging.
2, Cookies. Cookies contain little chunks of data that may include login credentials that make it
possible for a user to have a great browsing experience.
3. Hoaxes.A hoax is a message that claims to warn recipients of a (non-existent) computer virus
threat,
RISK, THREATS AND VULNERABILITIES,
Risk, Threats and Vulnerabilities are some characteristic that describes something that is needs to be
taken care, Failing to do so may lead into an attack,
Risk refers to the probability that bad things will happen to a specific asset.
‘Threat is defined as any action that might compromise or destroy an asset.Vulnes
lnerability is a weakness that may harm systems or networks.
There
There are a wide variety of threats that spread out specially in the internet. Many call the internet as
marketplace of threats,
Threats can be categorized into Three Types which includes:
7 Disclosure Threats. These threats may include sabotage and espionage.
Unauthorized Threats. One of the examples in relation to Unauthorized Threat isthe
Unauthorized Changes—modifications made execeding the policy that has been agreed upon
Denial or Destruction ‘Threats. DoS and/or DDoS best explains these threats.
3
Categories of Malicious Attacks
Malicious Attacks can be regarded according tothe intent of actions. These may include the following:
1. An interception refers to an access gained by an unauthorized party to an asset. This may include
clicit program copying and/or wiretapping.
2. Interruption happens when a system becomes lost, unavailable or unusable,
3. Modification occurs when an unauthorized attacker tampers an asset.
4. Fabrica
refers to the counterfeiting of a system or network that is done by unauthorized party.
Types of Active Threats
The following enlists types of threats that is currently active that developers or Information Security
Professional shall be aware of:
1. Birthday Attacks
2. Brute-Force Password Attacks
3. Dictionary Password Attacks
4. IP Addressing Spoofing
5. Hijacking
6. Replay Attacks
7. Man-In-The-Middle Attacks
8. Masquerading,
9. Social Engineering
10. Phishing
11. Phreaking
12. Pharming
Malicious Software (Malware)
In the context of installing before, during and after installing software to our systems, we can say that is it
‘malicious if
Causes damage
alates security privileges
Divulges private data
4. Modifies or deletes dataGeneral Classification of Malware
Virus
Lik ci
ike human being, our systems or assets can be infected by a virus too. In computing, virus comes into
another program or appli
= ication, Basically, it contaminate a program and can cause it to be copied to other
™mPuters themselves. Most of the time, when the user uses an infected application, the virus triggers.
Worm refers to a program that is self-contained. This also duplicates and send itself to other hosts without
any user intervention. One scary thing about worm is that, it does not need an application that is installed
to contaminate the whole system.
Trojan Horse
Trojan Horse is a malware that hides into a useful program. This collects sensitive information, and may
open backdoors into computers. Trojan Horse can actively upload and download files.
Rootkit
A rootkit is a group of software that is malicious. Basically, these applications gets access to a machine
unauthorizedly and hides their existence on the other applications.
Spyware
Spywares are type of malwares, They target the confidential data. Mostly, they can monitor the actions
and even can do a course of actions like scanning, snooping and installing another spyware. They can
even change the default browser of a computer.
COUNTERMEASURES
As our Old English Saying states, prevention is better than cure, in information security we can also cure,
if not prevent these attacks to happen. There are suggested activities and tools so that we, as Information
Security Professional can do as an antidote or defense from the said attacks.
Countermeasures, basically is an action to detect vulnerabilities, prevent attacks and/or react to the
impacts of positive attacks, In cases of an attack, a victim can get help from the security consultants, law
enforcement offices and/ or experts.
‘The following are countermeasures that can help in preventing and/or curing malware:
Training events for users
Regular updates and bulletins about malwares
Do not transfer assets to untrusted or unknown sources.
Evaluate new programs or quarantine files on a computer
Purchase and install anti-malware software and scan your files on a regular basis,
Use comprehensive login credentials
On the other hand, Firewall can defend your system from various forms of attacks too. Basically, firewall
is a program or a dedicated device that inspects network traffic present in a network. It's purpose is to
deny or permit traffic depending on protocols.—
2.2 CERTIFI
CATION PROGRAMS IN THE INFORMATION SECURITY FIELD