Nava, Prince Cxedrick B.

BSIT -3 (Irreg)
Information Assurance and Security 2

Trust Defined

Trust In the world of IT systems and today’s Internet of Everything (IoE), communication is the most
popular use of the Internet. When communicating on the Internet, we must be aware of the risks
involved in engaging with people we cannot see and may never meet in person because security threats
can popup anywhere.

New Technologies, New Threats, and New Defenses

A new generation of technology is posing new security risks on all sides. Cloud computing, big data, and
especially mobile devices pose complex and growing challenges. The Bring-Your-Own-Device (BYOD)
trend is filling workplaces with mobile devices that IT security teams cannot directly control and that
often have serious security gaps.

Password Security

The following are not the only ways to keep your password secure, but they are a good start:

• Use passphrases.

• Do not keep your password in open and public spaces.

• Change your password periodically.

• Do not use the same password for everything.

• If you think your password may have been compromised, change it immediately.

• Never tell anyone your password.

Security Objectives

Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of
your data. Identification of security objectives is the first step you can take to help ensure your security,
and it is also one of the most important steps.

Confidentiality O
Integrity O
Availability O
TCP/IP

Transmission Control Protocol/ Internet Protocol

TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the
internet.

IP Address Spoofing

Spoofing Attack

Happens when an attacker impersonates another device or computing system in order to steal data or
confidential information, spread malware, bypass access controls, and even launch an attack against
network hosts.

IP Address Spoofing

Is a method of attack, where by network attackers/intruders pretend to be a trusted user to defeat

network security measures of the corporate network.

• IP Address Spoofing is classified into:

Non-Blind Spoofing – This takes place when an attacker who happens to be on the same
subnet as the target is able to see the sequencing numbers and acknowledgements
easily

• Blind Spoofing – This takes place when an attacker outside the perimeter of the local
network sends multiple packets to the target to receive a series of sequence numbers.

• Man in the Middle Attack (Connection Hijacking) – This takes place when an attacker
gets between the sender and receiver of information and control the flow of
communication and to eliminate or alter the information sent by one of the original
participants without their knowledge.

Countermeasures

Network administrators are tasked to understand the vulnerabilities that exist in the network in order to
anticipate possible attacks and implement effective countermeasures.

• These are countermeasures that can be implemented in defense against IP Address Spoofing
such as:
Packet Filtering – It analyses the incoming and outgoing packets and inspects them based on
the IP addresses of the source and destination with conflicting address information.

• Avoid IP Address-Based Authentication as much as possible – It makes the system more

vulnerable if it relies on IP addresses for authentication in securing the system since it can easily
be spoofed
 • Use Spoofing Detection Software – These are software that inspect and certify data before it is
transmitted, and block data if it appears to be spoofed.

• Use Cryptographic Network Protocols – It reinforces spoofing attack prevention attempts by

encrypting data before it is sent and authenticating data as it is received.

Buffer Overflows

Buffer Overflow occurs when a program or process tries to store more data in a buffer, which is the
temporary data storage area, usually in RAM, that it was set to hold.

• Countermeasures
Understanding buffer overflow is important because the majority of all the existing remote
penetration issues in today’s internetworking infrastructure uses buffer overflow attacks
because the vulnerabilities are common and easy to exploit.
Countermeasures to help prevent buffer overflows include:
Perform thorough input validation

• When possible, limit your application’s use of unmanaged code, and thoroughly inspect the
unmanaged Application Program Interface (APIs).

• Inspect the managed code that calls the unmanaged API to endure that only appropriate values
can be passed as parameters to the unmanaged API.

• Use the /GS flag to compile code developed with the Microsoft Visual C++® development
system.

• What is Social Engineering?

Is an attack that preys on the “Human Factor”.

• It takes advantage of people’s weaknesses and vulnerabilities.

• It is the art of manipulating people or playing tricks to give up confidential information mostly
for financial gain or self-interest such as passwords or bank information.

• Three (3) classic social engineering tricks:

Reverse Social Engineering- A type of attack that the user is put in the position wherein the user
needs to ask help from the attacker.

Example: A hacker brings down a target network, and then contacts the target pretending to
be a technician, in order to get a user to give information.

• Email and Phone Calls- Are described as a direct social engineering approach, but have less
probability of success since the person targeted can simply ignore the email and the phone call.

Example: Phishing

• Authority Abuse- Attackers can pose to be a member of the organization with higher authority
and request for usernames and passwords, may use meeting a deadline as an excuse.

Countermeasures
 1. Slow Down. Spammers want you to act first and think later.

2. Research the facts. Be suspicious of any unsolicited message.

3. Delete requests for help or offers of help. Legitimate companies and organizations do not
contact you to provide help.

4. Curiosity leads to careless clicking – if you don’t know what the email is about, clicking links is a
poor choice.

5. Don’t let a link in control where you land. Stay in control by finding the website yourself using a
search engine to be sure you land where you intend to land.

More Countermeasures…
Email Hijacking is rampant. Hackers, spammers, and social engineers taking over control of
people’s email accounts has become rampant.

6. Beware of any download.

7. Foreign offers are fake.

8. Set your spam filters to high.

9. Secure your computing devices.

Advantages of knowing how Social Engineering Techniques are effective includes:

• Prevents unauthorized access from occurring.

• Prevents possible information theft.

• Prevents the possibility of downloading malicious software on unsuspecting user systems.

• Preserves the integrity of Information Systems.

• Disadvantages of being uninformed with respect to Social Engineering Techniques are

effective includes:
Possible data theft.

• Possible identity theft.

• Possible corruption of data.

• Possible unplanned system downtime.

• Possible (physical) Security Threat.

Digital IDs

A digital ID, or digital identity, is a means by which an entity (individual/company) proves their
attributes in a specific domain. This implies that one have been granted permission to access
information on network devices or services. There are different types of digital identities that,
depending on the use and the level of security required, can be divided into two (2) categories:

 Soft Identities are used for sending personal information over the internet to a website, whereby the
web server requires verification of the user’s identity. Examples

o Email account (private and corporate)

o Social Network Accounts (i.e. Facebook, Twitter, Google+, Instagram)

o E-commerce identities (i.e. Amazon, eBay, Lazada, Zalora)

 Strong Identities are released with registration and authentication procedures that guarantee the
encryption of any information that passes between the web server and the individual user.

o Registration – It involves the following processes that make known entity in a given domain.

 Self-assertion –the user makes a self-assertion of identity and there are no checks.

 Third-party verification –the verification is left to third-party (i.e. phone number).

 Direct verification –the verification of identity is direct (i.e. background check of clients)

 Detailed direct verification –the verification of identity is direct and detailed (i.e. for e-passport) o
Authentication – It involves the following verification process of the attributes associated with identity.
 One-factor Authentication – It is the authentication done through something that you know, or you
have(i.e. password).

 Two-factor Authentication – It is the authentication done through something that you know and you
have(i.e. token and PIN).

 Three-factor Authentication – It is the authentication done through something that you know, you
are, and you have (i.e. token, PIN, biometric). Examples of strong identities include:

o Banking Identity

o Account to purchase flights or trains (i.e. Abacus, Amadeus, Apollo, Galileo, Sabre, World span)

o SIM phone E-Passport (i.e. Department of Foreign Affairs (DFA))

o Health cards (PhilHealth)

o National Service Card (i.e. SSS, GSIS)

Digital Certificate

A digital certificate is a highly signed statement that binds the identifying information of a user,
computer, or service to a public/private key pair. The different fields within a digital certificate are the
following:
 Version number – This specifies the version of the X.509 standard being used to create the certificate.
 Serial number – It contains a unique number identifying this one specific certificate issued by a
particular certificate authority (CA).

 Signature algorithm – It identifies the hashing algorithm and digital signature algorithm used to
digitally sign the certificate.

 Issuer – It identifies the name of the creator who generated and digitally signed the certificate.

 Validity – It specifies the dates and times though which the certificate is valid for use.

 Subject – It specifies the name of the owner of the digital certificate.

 Subject Public Key – It contains the public key being bound to the certified subject.

 Issuer Unique ID – It is an optional identifier for the creator of the digital certificate.

 Subject Unique ID – It is an optional identifier for the owner of the digital certificate.

 Certificate usage – It specifies the approved use of certificate, which dictates what the user can use
this public key for.

 Extensions – They allow a range of optional fields below to be encoded into the certificate to expand
the functionality of the certificate.

o A key identifier (in case owner owns more than one public key)

o Key usage information that specifies valid uses of key o The location of revocation information
o Identifier of the certificate policy o Alternative names for the owner

Three (3) types of certificates are available:

 Personal Digital ID or Personal Certificate – These are used for sending personal information over the
Internet to a website requiring verification of the user’s identity. Commonly used in e-mail exchange by
individual users.

 Server Digital ID or Website Certificate – It identifies and authenticates the web server and guarantees
the encryption of any information passed between the web server and the individual user. Also, enables
a specific web server to operate in a secure and authentic way.

 Developers Digital ID – These are used by software developers

Intrusion Detection System (IDS) is a system used to detect and prevent a set of actions that aims to
compromise the integrity, confidentiality, or availability of a computing and networking resource.
Models of intrusion detection mechanisms:
 Anomaly-based Detection – It detects any action that significantly deviates from the normal behavior
through “learning” systems that work by continuously creating “norms” or activities and compares
observed activity against expected normal usage profiles “learned”.

 Signature-based Detection (a.k.a Misuse Detection) – It catches intrusions by looking for a unique
pattern or specific signature on a system and the slight variations of the same activity that produce a
new signature. Intrusion Detection Systems are classified based on their monitoring scope.

 Network-based IDS – It is a system that monitors packets on the network wire and attempts to
discover anomalous, inappropriate, or other data that may be considered unauthorized and harmful on
a network.

 Host-based IDS – It is a system that detects malicious activities on a single computer through the use
of software that monitors security event logs and checks the changes to the system, for example
unauthorized login attempts and aberrant file accesses, on the actual target machine.

PC Card Based Solution

PC card-based solutions can be added to digital IDs and IDSs to establish a network environment that is
secured in terms of control of access, identities, software, file storing, e-mails, and so on.

Commonly used PC card-based solutions: Smart card (a.k.a Security card) – It is a credit card-sized
plastic card that contains an embedded computer chip either a memory or microprocessor type that
stores and transacts data.

 Functional examples of smart cards are the following:

o Identification cards (including biometrics)

o Medical cards

o Credit and debit cards

o Access control cards (authentication) Hardware key (a.k.a Dongle) – It is a software copy protection
device that protects a software package against unauthorized copying.

Physical Security refers to taking all necessary measures to physically safeguard the personnel,
hardware, programs, networks, and data from physical circumstances and events that could cause the
following serious losses or damage to an enterprise, agency, or institution:

 Natural Events (e.g., Floods, earthquakes, and tornados)

 Other environmental conditions (e.g., extreme temperatures, high humidity, heave rains, and
lightning)

 Intentional acts of destruction (e.g., theft, vandalism, and arson)

 Unintentionally destructive acts (e.g., spilled drinks, overloaded electrical outlets, and bad plumbing)
Internal and External Security

Internal and external security measures overlap and are also implemented in layers. Low internal
security may require only a pin code or card reader for entrance. High internal security may require card
readers in combination with biometrics. High-level areas may also be equipped with smoke,
temperature, and humidity sensors.

Biometrics in Physical Security

Biometric access methods for computer systems are gaining popularity because of governmental and
corporate businesses increased focus on security.

Physical biometrics - relies on the following physiological features for identity verification:

 Face Recognition or Facial Recognition – facial recognition software measures and recognizes various
features of the face.

 Fingerprint recognition – The basic patterns of a fingerprint are friction ridges and valleys, arch, loop,
and the whorl. Fingerprint recognition is the automated method of identifying the identity of an
individual based on the comparison of two (2) fingerprints.

 Palm print recognition – It also uses friction ridge impression such as ridge flow, ridge characteristics,
and ridge structure of the raised portion of epidermis.

 Iris Recognition – It uses mathematical pattern recognition techniques on video images of one (1) or
both irises of an individual’s eyes. Irises have complex random patterns that are unique, stable, and can
be seen from some distance.

 Human Ear Recognition or Ear Biometrics – It uses the new shape-finding algorithm called “image ray
transform”. The technology is able to identify an ear time after time with 99.6% accuracy.

 Voice Recognition – It is also referred to as speech analysis. Voice recognition is based on vocal
characteristics. Each individual voice has a unique characteristics.

 DNA Comparisons – Possible uses unique sequence of DNA for identification which will be refined in
the years to come. Behavioral Biometrics – depends upon the following behavioral features for
authentication:

 Keystroke duration/inner-keystroke latency (latency between the first and second keystroke) 
Dynamic analysis of a signature

 Acoustic features of speech Antivirus is a computer program intended to identify and eliminate
computer viruses through scanning files or one’s computer memory for certain signatures, or
fingerprints, of known viruses that may indicate an infection. The following list can be used when
making a comparison matrix for different solutions:

 Purchase price

 Ease of use

 Identification of viruses and worms: real-time scanning, manual, and scheduler

 Activity reporting mechanism

 Actions: deleting, cleaning, and quarantine

 Virus definition update mechanism: auto or manual definition updates

 Central Management

 Operating System Support

 Technical Support

10 Functions of Antivirus

1. Anti-Malware – This component of antivirus software protects your computer from infection by
malicious software, also known as malware.

2. Protection Against Browser Exploits – Browser exploits usually involve website code that is written to
take advantage of vulnerability in a web browser.

3. Anti-Virus – It guards your computer against infection by checking activity on your computer against a
database of known suspicious activity’.

4. Anti-Trojan – It is a software that performs an integrity check on programs you install on your
computer.

5. Anti-Spyware - Spyware is a type of malware that can secretly steal files and record the activity of an
infected computer.

6. Anti-Worm - A worm is a type of malware infection that spreads by duplicating itself across networks
and onto infected hard drives.

7. Anti-Rootkit - A rootkit is a type of software infection that can integrate into an operating system and
replace critical files, with corrupt and malicious versions.

8. Anti-Phishing - Anti-Phishing software typically integrates with web browser and email client software.

9. Secure Network -There are automated programs running on computers around the world whose
purpose is to find any vulnerable computer connected to Internet.

10. Email Protection - Email Protection features of antivirus software include the ability to scan inbound
and out bound email for infected attachments and URLs to malicious websites.

Firewall
A firewall works as a barrier, or a protective shield between the PC and the cyber space. Most firewalls
perform two (2) basic security functions:

 Packet filtering based on accepts or deny policy that is itself based on rules of the security policy.

 Application proxy gateways that provide services to the inside users and at the same time protect each
individual host from the “bad” outside users. Why Firewall security? Firewall stops anyone on the
outside from logging onto a computer in your private network. Without a firewall, a computer is
susceptible to hackers. Bank account information, password, credit card numbers, virtually any sensitive
information becomes available to hackers.