Cyber

Security
Parkerian Hexad

Confidentiality, Integrity, Availability, Authenticity, Possession, Utility

Authenticity:
• Quality or state of being genuine or original
• Information is authentic when it is in the same state in which it was
created, stored or transferred
• E-mail spoofing: sending emails with a falsified sender address to
mislead recipients about the message’s origin
• Tricks recipients into opening messages they might otherwise avoid
• Facilitates phishing or malware distribution
•Authenticity ensures who sent the data is trustworthy.
•Integrity ensures what was sent has not been tampered with.
Parkerian Hexad
Possession or Control:
• Refers to the ownership or control of information
• Breach of confidentiality always results in a breach of possession but
not vice versa
• Possession can be compromised without exposing content of
information
• If encrypted customer data is stolen, possession is breached but
confidentiality remains intact if the thief cannot decrypt the data
Parkerian Hexad
Utility:
• Refers to the usefulness of the data
• Information has useful when it can serve a purpose
• If information is available but not in a format meaningful to the end
user, it is not useful
• For a climate researcher, decades of weather data might be useful but
for a tourist short term weather forecast is more useful
Need for Security
Business Needs:
• Protecting the organization’s ability to function: Information security
ensures critical systems and process are protected against disruptions by
cyber threats
• Enabling safe operation of applications: Security measures protect software
and applications from malicious attacks
• Protecting the data the organization collects and uses: Prevents
unauthorized access, data breaches or leaks
• Safeguarding the organization’s technology uses: Protects physical and
digital technology resources- servers, devices and networks from theft,
damage or cyberattacks
Threats
Threats
Deliberate Software Attacks:
• when an individual or group designs and deploys software to attack a
system
• Referred to as malicious code or malicious software or malware
• Designed to damage, destroy or deny service to the target systems
• Viruses, worms, Trojan horses, back doors
• DoS attacks by Mafiaboy on Amazon.com, CNN.com, Ebay.com,
Yahoo.com etc
Threats
1. Virus
• Requires a host: attaches itself to a system file
• Replicates itself to infect other files or systems
• Most common method of virus transmission- email attachment files
• Mitigation: Filtering emails and blocking email attachments of certain
types
• Macro Virus: Targets macros in software like MS Word or Excel
• Boot Virus: Infects the key operating system files located in computer’s
boot sector
Threats
2. Worms
• Self-replicating malware that spreads across networks without user
intervention.
• Consumes system resources, slows down the network, and causes
system crashes.
• Can continuously replicate itself until it exhausts available resources
such as memory, bandwidth etc.
• Code Red, Sircam, Nimda (`admin’ spelled backwards), Klez
Threats
3. Trojan Horses
• Malware that disguises itself
as a normal program
• Reveal their designed
behavior only when
activated
• Once activated, it can steal
sensitive information, giving
attackers control of the
system, or installing other
malware.
Threats
3. Trojan Horses
• Often disguised as helpful, necessary pieces of software such as
readme.exe files
• In Jan, 1999, internet users received emails with attachment
Happy99.exe- when opened, displayed a fireworks animation with
message “Happy 1999” while secretly installing a Trojan horse into the
system – propagated itself by following up every email the user sent
with a second email to the same recipient
Threats
4. Back Door or Trap Door
• Method of bypassing normal authentication or security protocols
• Often intentionally built into a system, by developers for debugging or
maintenance purposes
• Can be exploited by attackers to gain unauthorized control
• Malicious actors might also install backdoors through malware or other
vulnerabilities
Attacks
1. Malicious Code
• Execution of viruses, worms, Trojan horses to destroy
• State-of-the-art MC attack is the polymorphic or multivector worm.
• Outbreak of Nimda in 2001
• Bots, Spyware, Adware

2. Password Crack
• Attempting to reverse calculate a password is called cracking
• Use methods like brute force, dictionary attack
Attacks
3. Brute Force
• Application of computing and network resources to try every possible
combination
• Often called a password attack

4. Dictionary Attack
• Variation of the brute force attack
• Selects specific target accounts and uses a list of commonly used
passwords (the dictionary)
• Mitigation: disallow easy-to-guess passwords and rules requiring
numbers and/or special characters in passwords
Password Power
Password Power
Attacks
5. DoS and DDoS
• In DoS, attackers sends large number of connection or information
requests
• Overloads system – cannot respond to legitimate requests for service
• System may crash or become unable to perform ordinary functions
• In DDoS, a DoS attack is conducted from many locations at the same
time
• Most difficult to defend against- considered a weapon of mass
destruction on the Internet
• Web server, mail server – vulnerable to DoS attacks
Attacks

6. Spoofing
• Technique used to gain unauthorized access to computers
• Involves sending messages with a forged IP address to deceive the
recipient into thinking they are from a trusted source
• Protection: Modern routers and firewalls can prevent IP spoofing
Attacks
7. Man-in-the-Middle
• A third party intercepts and potentially alters communication between
two parties without their knowledge
• Attacker positions themselves between sender and receiver to capture,
modify, or inject data
• Packet sniffing: intercepts data packets over the internet
• Session hijacking: takes control of a session between a user and
a service
• Protection: SSL/TLS (Secure Sockets Layer/ Transport Layer Security) to
ensure data is securely transmitted
Attacks
8. Social Engineering
• Use of social skills to convince people to reveal access credentials or
other valuable information to the attacker.
Phishing:
• Attackers impersonate trusted organizations (such as banks or email
providers)
• Trick users into revealing sensitive information like passwords, credit
card details, or login credentials.
• Often done via email, SMS (smishing), or social media (vishing).
Attacks
8. Social Engineering
Pharming:
• Redirects legitimate website traffic to fraudulent websites without
the user's knowledge.
• Exploits vulnerabilities in the domain name system (DNS) or
compromises the victim's device to reroute their web traffic
• e.g., www.bank.com- Instead of being directed to the legitimate
website, the user is redirected to a fraudulent site that looks
identical to the real one
Risk Management
Risk Assessment
How to assign a risk rating or score to an information asset?
Risk Assessment
• Value of an asset: refers to its importance to an organization,
measured by its contribution to business operations, profitability, or
decision-making

• Likelihood: probability that a specific vulnerability will be the object

• In risk assessment, a numerical value is assigned to likelihood

• NIST SP 800-30 assigns a value between 0.1 (low) and 1.0 (high)
Risk Determination
Risk =(likelihood of vulnerability occurrence) x (value or impact) – (percentage risk
already controlled) + (an element of uncertainty)

• Example: Information asset A has a value score of 50 and has one vulnerability.
Vulnerability 1 has a likelihood of 1.0 with no current controls. Estimate that
assumptions and data are 90 percent accurate.

• Example: Information asset B has a value score of 100 and has two vulnerabilities:
Vulnerability 2 has a likelihood of 0.5 with a current control that addresses 50
percent of its risk; vulnerability 3 has a likelihood of 0.1 with no current controls.
Estimate that assumptions and data are 80 percent accurate.

Calculate the risk ratings for the three vulnerabilities

Vulnerability 1:

(50 x 1) – 0% + 10% = (50 x 1) – (50 x 1) x 0 + (50 x 1) x 0.1

Vulnerability 3:
Approaches to Information Security Implementation
• Bottom-up approach: starts at the bottom level
• Top-down approach: initiated by upper level managers (issues policy,
procedures, standards)
• Approaches:
• The Systems Development Life Cycle (SDLC)*
• The Security Systems Development Life Cycle*

*Exercise
Secure Software Development
• Development of systems and software is accomplished using
methodologies such as – SDLC
• Create software that can be deployed in a secure fashion – Software
Assurance (SA)
• Software Assurance and the SA Common Body of Knowledge
• Software Design Principles
• Software Development Security Problems
Secure Software Development
• Development of systems and software is accomplished using
methodologies such as – SDLC
• Create software that can be deployed in a secure fashion – Software
Assurance (SA)
• Software Assurance and the SA Common Body of Knowledge
• Software Design Principles
• Software Development Security Problems