ISEC MST

ISEC MST

#ISEC MST(L1 - L3)

##1. Goals of ISEC:
- <b>C</b>onfidentiality
- <b>I</b>ntegrity
- <b>A</b>vailablity

Steps to defend against attacks:

1. Layering --- Having multiple layers of security mechanisms
2. Limiting --- Limiting access to certain data/rights/physical documents
3.  Diversity --- Having layers that are different from each other
4.  Obscurity --- Insider details must not be leaked
5.  Simplicity --- Simple for insiders, complex for outsiders

Have **diverse** **layers**, and **obscure** data by **limiting** access and rights; yet **simple**.

How is information secured?
1. Authentication -- Usage of passwords and keys
2. Authorization -- Approval of passwords and keys
3. Accounting -- Tracking actions and events

---

## 2. Malware

- **Viruses**
- **Worms**
- **Trojans** -- They don't look like malware when executed, but they are
- **Logic Bombs** -- Triggered by a logical event (file delete, April's fools etc.)
- **Rootkits** -- Embedded into the system, impossible to detect and remove, and will allow for other malware to be executed by making the OS think it is valid software
- **Privilege escalation** -- Gaining access to higher-level/different privileges otherwise not accessible



###Why?
Because of **Profit**

- **Keyloggers** allows hackers to get info on passwords etc.
- **Spam** email such as Ads, or Nigerian Warlords needing money
- **Illegal collection** of personal / browser data to find out which ads to show
- **Bot herders** who control **Botnets** full of **Zombies** using an **IRC** (Internet Relay Chat) to **DDoS** servers or **Mine Bitcoin**

---

####Viruses and Worms

|     | Viruses | Worms |
---- | ---- | --------
Transferring medium | Human action | On its own
Infection method | Inject code into existing file | Exploit system / OS vulnerabilities
Remote-controlled | No | Yes

####Viruses
Takes the form of
- **File infector virus** -- changing a file into a .com / .exe file
- **Boot virus** -- Copies code to the boot sector, infecting any other drive that comes along
- **Macro virus** -- A relatively harmless virus that makes use of Microsoft Office's macros to mess up your documents and such
- **Resident virus** -- Stored in memory such that even if it's deactivated, it will still run
- **Companion virus** -- makes a file with a different extension to make it appear as that file, such as mydoc.docx will be 'cloned' as mydoc.exe, and mydoc.exe will run when mydoc.docx is opened, but it will be hard to notice, cuz they both have the same name

**Metamorphic viruses** change how they appear every time, making it harder to spot.

**Polymorphic viruses** changes their encryption and operating code, making hard to spot even for computers and anti-virus software.

####Worms
They a lot more damage and allows the hacker to gain remote control over the computer, e.g. deleting files, messing things up for every device on the network etc.

---

###Social engineering (Sociopathy)
Abusing humans natural tendency to *trust* people and information.
**Phishing** --- making use of familiar brand names, fake DBS website, fake eBay logo on an email. Nigerian Princes and Warlords.
**Tailgating** --- gaining access to a condo because the person in front thinks you must be a resident, and lets you in as well
**Kidnap & Ransom hoaxes** (and *WhatsApp* hoaxes too)

> Preventable by being vigilant and observant of the links presented and attachments in an email.

---

###Hardware attacks
**BIOS** can be flashed & altered as modern BIOSes uses **PROM**. Rootkits instal themselves into the BIOS and everything becomes vulnerable to attack

> **BIOS** attacks are hard to prevent, and hard to repair

**USB** flash drives can contain malware, or can be stolen to get access to unauthorized data

> Preventable by disabling USB hardware, or using Anti-Virus software

**Cell Phones** can also have viruses (Smart Phone), or Spam text/calls (Loan sharks on Whatsapp)

**Virtualized systems** can be attacked with a **hypervisor hook**, where malware is attached to a hypervisor (software that manages the VM), and sees all the data that passes through the two systems etc.

---

##3. Application Attacks
- **Web apps** (JS, ActiveX, WebASM)
- **.exe apps** (Buffer overflow, malware...)

**Zero-day attacks** are when previously unknown vulnerabilities are exploited.

OS hardening involves:
- updates
- protecting from buffer overflows
- configuring OS policies (rules)

Hotfix < Security Patch < Service Pack

Hotfix
: 	Small fix for a relatively small issue, may be not related to security as well (such as the Start menu not working issue in windows 10). Applicable to a specific group of people only.

Security Patch
:	Related to security -- covers newly discovered vulnerabilities -- and has multiple fixes and changes to the OS. Applicable to everyone.

Service Packs
:	Huge packs of relevant hotfixes and security patches combined to form a new "version" of the OS, which also includes user suggestions and improvements.

Patches can create new problems, but it's good to have them auto-updated so that they can be downloaded from the local server & no need internet access.

---

###Data
**DLP** (Data Loss Prevention)
Protect data from unauthorized users

####Buffer overflow
In a program, the return address pointer comes after the memory allocation for storing values. If one of these values overflow (e.g. putting the value of 2 for a boolean), the extra low-endian bit will overflow into the return address pointer, changing the return address of the function, and possibly directing the pointer to malware.

---

###OS Security Configuration
Configuration has 4 steps:

1. Create security policy (A document to denote the limits)
	- Password: age, length, expiry, cannot be used before
	- Logout: Max attempts logging in before disabling acct, duration of acct disable
	- Audit: Account change, Policy change
2. Set configuration baseline (The OS software to enforce the policies in the document)
	- Setting the limits programmatically.
3. Security Template
	- Differing levels of security for differing devices. Different devices has a diff baseline.
4. Deployment
	- Distributing the templates on to the computers

---

###Web Apps
- Cookies
- JavaScript
- Java Applets
- ActiveX
- Cross-site scripting

####Cookies
- Privacy risk --- track browsing history
- First-party, Third-party
- Delete them after browsing session, or block them

####JavaScript
- Can automatically download a program and run it
- Can capture and send user info without user knowledge
- Disable within the browser

####Java
- Can make hostile applications
- Standalone as well
- Sandbox - Java runs in the JVM, more restricted access to privileged info

####ActiveX
- Extremely unsafe
- No sandbox, can even have admin privileges when IE has such settings
- Disable from IE browser, outdated

####XSS (Cross-site scripting)
- Attacker Injects script into main server via unvalidated and unchecked user input
- Cause user to see part of the attackers HTML instead of the correct one
- Attacker keys in passwords, bank info etc, gets sent to the attacker instead.