E-Security System

Unit 4
Threats to the computer
System and Control
Measures
Chapter 1
⚫ A computer system threat is anything that leads to loss or
corruption of data or physical damage to the hardware and/or
infrastructure.
⚫ Knowing how to identify computer security threats is the first step in
protecting computer systems.
⚫ The threats could be intentional, accidental or caused by natural
disasters.
⚫ Types of Threat:
⚫ Security Threat
⚫ Physical Threats
⚫ Non-physical threats
 What is a Security Threat?
⚫ Security Threat is defined as a risk that which can potentially harm
computer systems and organization.
⚫ The cause could be physical such as someone stealing a computer that
contains vital data.
⚫ The cause could also be non-physical such as a virus attack.
⚫ In these area, we will define a threat as a potential attack from a hacker
that can allow them to gain unauthorized access to a computer system.
 What are Physical Threats?
⚫ A physical threat is a potential cause of an incident that may result in
loss or physical damage to the computer systems.
⚫ The following list classifies the physical threats into three (3) main
categories;
⚫ Internal: The threats include fire, unstable power supply, humidity in the
rooms housing the hardware, etc.
⚫ External: These threats include Lightning, floods, earthquakes, etc.
⚫ Human: These threats include theft, vandalism of the infrastructure and/or
hardware, disruption, accidental or intentional errors.
To protect computer systems from the above mentioned physical threats, an
organization must have physical security control measures.

The following list shows some of the possible measures that can be taken:

Internal: Fire threats could be prevented by the use of automatic fire

detectors and extinguishers that do not use water to put out a fire. The
unstable power supply can be prevented by the use of voltage controllers. An
air conditioner can be used to control the humidity in the computer room.

External: Lightning protection systems can be used to protect computer

systems against such attacks. Lightning protection systems are not 100%
perfect, but to a certain extent, they reduce the chances of Lightning causing
damage. Housing computer systems in high lands are one of the possible
ways of protecting systems against floods.

Humans: Threats such as theft can be prevented by use of locked doors and
restricted access to computer rooms.
What are Non-physical threats?
⚫ A non-physical threat is a potential cause of an incident that may
result in;
⚫ Loss or corruption of system data
⚫ Disrupt business operations that rely on computer systems
⚫ Loss of sensitive information
⚫ Illegal monitoring of activities on computer systems
⚫ Cyber Security Breaches
⚫ Others
⚫ The non-physical threats are also known as logical threats. The following
list is the common types of non-physical threats;
⚫ Virus
⚫ Trojans
⚫ Worms
⚫ Spyware
⚫ Key loggers
⚫ Adware
⚫ Backdoor
⚫ Wabbit
⚫ Exploit
⚫ Phishing
⚫ Other Computer Security Risks
⚫ To protect computer systems from the above-mentioned threats,
an organization must have logical security measures in place.
⚫ The following list shows some of the possible measures that can be
taken to protect cyber security threats :
⚫ To protect against viruses, Trojans, worms, etc. an organization
can use anti-virus software.
⚫ In additional to the anti-virus software, an organization can also have
control measures on the usage of external storage devices and visiting
the website that is most likely to download unauthorized programs onto
the user’s computer.
⚫ Unauthorized access to computer system resources can be
prevented by the use of authentication methods. The authentication
methods can be, in the form of user ids and strong passwords, smart
cards or biometric, etc.
⚫ Intrusion-detection/prevention systems can be used to protect
against denial of service attacks. There are other measures too that
can be put in place to avoid denial of service attacks.
IT Risk
Chapter 2
 IT Risk
⚫ Information technology risk, IT risk, IT-related risk, or cyber risk is
any risk related to information technology
⚫ While information has long been appreciated as a valuable and important
asset Various events or incidents that compromise IT in some way can
therefore cause adverse impacts on the organization's business processes
or mission, ranging from inconsequential to catastrophic in scale.
⚫ The following are the list of 3 definitions of IT Risks.

⚫ ISO :
⚫ IT risk: the potential that a given threat will exploit vulnerabilities of
an asset or group of assets and thereby cause harm to the organization. It
is measured in terms of a combination of the probability of occurrence of an
event and its consequence.

⚫ FAIR (Factor Analysis for Information Risk):

⚫ Risk : IT risk is the probable frequency and probable magnitude of future
loss.
⚫ NIST (The National Institute of Standards and Technology)
⚫ IT-related risk
⚫ The net mission impact considering:
1. the probability that a particular threat-source will exercise (accidentally
trigger or intentionally exploit) a particular information system
vulnerability and
2. the resulting impact if this should occur. IT-related risks arise from legal
liability or mission loss due to:
⚫ Unauthorized (malicious or accidental) disclosure,
modification, or destruction of information
⚫ Unintentional errors and omissions
⚫ IT disruptions due to natural or man-made disasters
⚫ Failure to exercise due care and diligence in the
implementation and operation of the IT system.
 IT Risk Measures
⚫ We can classify compromises in three ways: manifest risk, inherent
risk and contributory risk.
⚫ This allows us to measure the probability of security risk for events based
on associated processes and performance, and provides a method for
tracking our efforts at risk reduction.
⚫ Manifest risk is associated with an event or discrete activity that occurs in
the computing environment. The common events that we can measure are
flows, sessions, commands and transactions. From common events we get
unwanted compromises: a breach of confidentiality, integrity, availability or
liability.
⚫ Eg : A spam message compromises the integrity of email.
⚫ Inherent risk is the risk posed by an error or omission in a financial
statement due to a factor other than a failure of internal control. In a
financial audit, inherent risk is most likely to occur when transactions
are complex, or in situations that require a high degree of judgment in
regard to financial estimates.

⚫ Contributory Negligence. The concept of contributory negligence is

used to characterize conduct that creates an unreasonable risk to one's
self. The idea is that an individual has a duty to act as a reasonable
person.
Risk Mitigation and mangement
Definition:
Risk mitigation planning is the process of developing
options and actions to enhance opportunities and reduce
threats to project objectives .

Risk mitigation implementation is the process of executing

risk mitigation actions.

Risk mitigation progress monitoring includes tracking

identified risks, identifying new risks, and evaluating risk
process effectiveness throughout the project .
MITRE SE Roles & Expectations
MITRE systems engineers (SEs) working on government
programs develop actionable risk mitigation strategies
and monitoring metrics, monitor implementation of risk
mitigation plans to ensure successful project and
program completion, collaborate with the government
team in conducting risk reviews across projects and
programs, and analyze metrics to determine ongoing risk
status and identify serious risks to elevate to the sponsor
or customer .
Risk Management: Fundamental Steps [
Risk Mitigation Strategies
Risk mitigation handling options include:
● Assume/Accept: Acknowledge the existence of a particular risk,
and make a deliberate decision to accept it without engaging in
special efforts to control it. Approval of project or program
leaders is required.
● Avoid: Adjust program requirements or constraints to eliminate
or reduce the risk. This adjustment could be accommodated by
a change in funding, schedule, or technical requirements.
● Control: Implement actions to minimize the impact or likelihood
of the risk.
● Transfer: Reassign organizational accountability, responsibility,
and authority to another stakeholder willing to accept the risk.
● Watch/Monitor: Monitor the environment for changes that affect
the nature and/or the impact of the risk.
 There are 4 types of risk mitigation strategies that hold
unique to Business Continuity and Disaster Recovery

1. Risk Acceptance
2. Risk Avoidance
3. Risk Limitations
4. Risk Tranference
Security On the Internet
Chapter 3
 Network and Website Security Risks
1. Viruses and Worms
2. Trojan Horses
3. SPAM
4. Phishing
5. Packet Sniffer
6. Maliciously Coded Website
7. Password Attacks
8. Hardware Loss and Residual Data Fragments
9. Shared Computers
10. Zombie Computers and Botnets
Website Hacking and issues Therein

Websites get hacked because of three

things:
1. Access Control
2. Software Vulnerabilities
3. Third-Party Integrations
 1. Access Control
Access control speaks specifically to the process of authentication and authorization;
simply put, how you log in. When I say log in, I mean more than just your website.
Here are a few areas to think about when assessing access control:

How do you log into your hosting panel?

How do you log into your server? (i.e., FTP, SFTP, SSH)
How do you log into your website? (i.e., WordPress, Dreamweaver,
Joomla!)
How do you log into your computer?

The reality is that access control is much more important than most give credit. It is like the person
that locks their front door but leaves every window unlatched and the alarm system turned off. This
begs the question, why did you even lock the door?

Exploitation of access control often comes in the form of a brute force attack, in which the attacker
attempts to guess the possible username and password combinations in an effort to log in as the user.
2. Software Vulnerabilities :

Exploitation of software vulnerabilities come in various forms , we will target a

website’s and not the various supporting elements.

When it comes to websites, exploitation of a software vulnerability is

achieved through a cleverly malformed Uniform Resource Locator (URL)
or POST Headers. Via these two methods, an attacker is able to enact a
number of attacks; things like Remote Code Execution (RCE), Remote / Local
File Inclusion (R/LFI), and SQL Injection (SQLi) attacks.

3. Third-Party Integrations / Services :

Third-party integrations/services are increasingly becoming a problem. The most

prominent form are ads via ad networks leading to malvertising attacks

Third-party integrations and services have become commonplace in today’s website ecosystem,
and are especially popular in the highly extensible Content Management Systems (CMS) like
WordPress, Joomla! and Drupal.
The problem with the exploitation of third-party integrations and services is that
it is beyond the website owner’s ability to control. We assume when we
integrate third-party providers that they are ensuring the service you consume
is safe, but like everything else there is always the chance of compromise.

How to Protect Your Website :

1. Keep software up to date

2. SQL Injections
3. XSS
4. Error Messages
5. Server Side Validation /Form Validation
6. Passwords
7. File Uploads
8. HTTPS
9. Website Security Tools :
10. Some Tools : Netsparker , open VAS , Security Headers , Xenotix XSS
Exploit Framework
 Here are the tips I tend to offer everyone when it comes
to managing website security:
1. Employ Defense in Depth Principles – layers like an onion.
2. Leverage best practices like Least Privileged – not everyone needs
administrative privileges.
3. Place emphasis on how people access your website, leveraging
things like Multi-Factor and Two-Factor Authentication.
4. Protect yourself against the exploitation of software vulnerabilities
through use of a Website Firewall – focus on Known and Unknown
Attacks.
5. Backups are your friends – your safety net – try to have at least 60
days available.
6. Register your website with Search Engines – Google and Bing
have Webmaster Tools, leverage their infrastructure to tell you the
health of your website.
E-Business Risk Management
Issues
Chapter 4
Types of Network Attack

● IP Spoofing Attacks
● Denial of service attacks ( DoS Attacks)
● Sniffer Attacks
● Man in the Middle

To prevent such attacks a computer or network should implement a

firewall to the company’s specifications. So that the firewall will
protect the network without been a problem for the employee of the
company.
Firewalls
A firewall is a hardware or software system that prevents unauthorised access
to or from a network.
Firewalls can be implemented in both hardware and software, or a combination of
both.
Firewalls are frequently used to prevent unauthorised Internet users from accessing
private networks connected to the Internet.
All data entering or leaving the Intranet pass through the firewall, which examines
each packet and blocks those that do not meet the specified security criteria.
Generally, firewalls are configured to protect against unauthenticated interactive
logins from the outside world. This helps prevent "hackers" from logging into
machines on your network.
More sophisticated firewalls block traffic from the outside to the inside, but permit
users on the inside to communicate a little more freely with the outside.
Firewalls are also essential since they can provide a single block point where
security and audit can be imposed.
Firewalls provide an important logging and auditing function;
They provide summaries to the admin about what type/volume of traffic that has been processed
through it.
 History And Types of Firewall
Computer security borrowed the term firewall from firefighting and fire
prevention, where a firewall is a barrier established to prevent the
spread of fire.

The national Institute Of Standars and Techonology (NIST) 800 -10 divides
Firewalls Into three basic types:
1. Packet Filters
2. Stateful Inspection
3. Proxys
Other Firewalls :
1. Network Layer
2. Application layer
3. Circuit Level Gateways
4. Application Level Gateways
5. Software firewall
6. Hardware Firewall
Firewall Implentation
Step 1: Secure your firewall
If an attacker is able to gain administrative access to your firewall it is “game over”
for your network security. Therefore, securing your firewall is the first and most
important step of this process.

Step 2: Architect your firewall zones and IP addresses

In order to protect the valuable assets on your network, you should first identify
what the assets (for example, payment card data or patient data) are. Then plan out
your network structure so that these assets can be grouped together and placed
into networks (or zones) based on similar sensitivity level and function.

Step 3: Configure access control lists

Now that you have established your network zones and assigned them to
interfaces, you should determine exactly which traffic needs to be able to flow into
and out of each zone.
Step 4: Configure your other firewall services and logging
If your firewall is also capable of acting as a dynamic host configuration protocol (DHCP)
server, network time protocol (NTP) server, intrusion prevention system (IPS), etc., then
go ahead and configure the services you wish to use

Step 5: Test your firewall configuration

In a test environment, verify that your firewall works as intended. Don’t forget to verify
that your firewall is blocking traffic that should be blocked according to your ACL
configurations. Testing your firewall should include both vulnerability scanning and
penetration testing.

Once you have finished testing your firewall, your firewall should be ready for production.
 Real Time Applications in Business
Real Time System : A real-time system is a type of hardware or software that operates
with a time constraint.

Real time: It is the time span taken by the system to complete all its tasks and
provides an output for an input. This time span should be the same for computation of
all its tasks.

Real time system: Real time systems are those which must produce the correct
response within the specified or defined time limit. If it exceeds these time bonds it
results in performance degradation and/or malfunction of system.

For example in aircraft engine control system, the real time control system should
perform its task within a specified time as the operator/pilot intended and failure of this
can cause the loss of control and possibly the loss of many lives.

Real time program: A program for which the correctness of operation depends upon
the logical output of the computation and the time at which the results are produced.
Every real time system must be having real time clock which specifies the time of the
execution of the task or interruption of the task.
 Types of real time system:
As per the clock and execution procedure of task the real time systems are
divided as follows

● Clock based systems

● Event based systems
● Interactive systems

Clock based real time system:

In this system the computation of its task has to be completed in the specified time
interval called real time clock. Most of plant control systems are in this category.
The clock can be in hours for some chemical process or it may be in milli seconds for
some control systems.

For example of feedback control of tank level, the real time system should read the
level of the tank, process it with control algorithm and actuate the valve accordingly
to maintain the level. These three tasks should perform in the specified time
interval i.e sampling of input, processing and output response.
This clock can be continuous or discrete. In continuous the system
will perform the task continuously within a specified time. This is
same as above tank level controller where it is a continuous control
process. In some chemical industries, The chemicals should be
added with some specified intervals these are called discrete
control systems.
Event based real time system:
In plants there are some systems where actions have to be performed in response of
some events instead of some particular time intervals.

For example the control system has to close the value if the liquid level in the tank
reaches its high level. Here this action is not time based, its an event based and these
are used extensively to indicate the alarm conditions and initiate alarm actions, for
example indicating the liquid level in the tank high or temperature of the liquid high etc.

The specification of event based systems usually indicates that the system must
respond within specified maximum time to a particular event.

These systems uses interrupts to indicate the real time system that the action is
required. Some small system uses Polling i.e the system periodically asks the various
sensors to see whether the action is required.

These systems are basically aperiodic tasks and may have deadlines expressed in terms
of start up time or finish time.

For example after sensing of level of liquid the the valve closer should start after some
interval.
 Interactive systems:
The combination of Clock based system and Event based system
which gives the importance of average execution time of the
task is called interactive systems.
This covers the systems like Automatic teller machine,
reservation system for hotels, Airlines booking etc.
This systems receive the input from the plant or operator and
initiate the task and executes within the average response time.
For an example if you want draw cash from ATM when u put your
card then it process the task of giving the money out.
In this case the response time depends on the network traffic
and internal processing time and it does not bother about other
atmospheric changes.
 Classification Of Real-Time Systems
Real-Time systems can be classified from different perspectives

The first two classifications, hard real-time versus soft real-time, and fail-safe
versus fail-operational, depend on the characteristics of the application, i.e., on
factors outside the computer system.

The second three classifications, guaranteed-timeliness versus best-effort,

resource-adequate versus resource-inadequate, and event-triggered versus
time-triggered, depend on the design and implementation, i.e., on factors inside
the computer system
 Hard Real-Time versus Soft Real-Time
1. The response time requirements of hard real-time systems are in the order of
milliseconds or less and can result in a catastrophe if not met.
In contrast, the response time requirements of soft real-time systems are higher and
not very stringent.
2, In a hard real-time system, the peak-load performance must be predictable and
should not violate the predefined deadlines.
In a soft real-time system, a degraded operation in a rarely occurring peak load can
be tolerated.
3. A hard real-time system must remain synchronous with the state of the
environment in all cases.
On the other hand soft real-time systems will slow down their response time if the
load is very high. Hard real-time systems are often safety critical.
4. Hard real-time systems have small data files and real-time databases. Temporal
accuracy is often the concern here.
Soft real-time systems for example, on-line reservation systems have larger
databases and require long-term integrity of real-time systems.
5. If an error occurs in a soft real-time system, the computation is rolled back to a
previously established checkpoint to initiate a recovery action.
In hard real-time systems, roll-back/recovery is of limited use.
 Real Time Application
A real-time application (RTA) is an application program that functions within a
time frame that the user senses as immediate or current. The latency must be
less than a defined value, usually measured in seconds.

Regardless of whether a given application qualifies as an RTA relies upon the

worst case execution time (WCET), the maximum length of time a defined task or
set of tasks requires on a given hardware platform.
The use of RTA is called as real time computing.
Examples of RTAs include:
• Video Conference applications
• VoIP (voice over Internet Protocol)
• Online gaming
• Community storage solutions
• Some e-commerce transactions
• Chatting
• IM (instant messaging)
 Difference Between Real Time Processing &
Batch Processing
Real-time processing is data processing that occurs as the user enters
in the data or a command.
Batch processing involves the execution of jobs at the same time.
The main difference is that administrators can postpone batch
processes, while real-time processes must occur as soon as possible.

Time Frame

The time between when the user inputs the data into the computer and when
the computer performs the expected output is called the response time.
Real-time systems have predictable response times.
Batch processing does not have a specific moment at which tasks are
completed,
Deadlines

A hard real-time system is one in which the failure to meet even one deadline
indicates a complete system failure. With soft real-time, missing a deadline
indicates that the system is not working at its peak.
In batch processing, missed deadlines might mean that the computer needs more
processing capacity to finish tasks.

Embedded

Real-time processors are usually embedded, meaning they do not have an operating
system interface and are used only to control hardware devices.
For example, a digital thermometer might have a real-time processor embedded in
the thermometer that gives a continuously correct temperature.
Batch processes are usually a part of a larger computer system.
Predictability Vs. Flexibility

Real-time systems have specific and predictable outputs that occur in

response to an input. The number of outputs that a real-time system can
have is usually fixed
For example, on the thermometer, the number of readings the thermometer
has is fixed and the thermometer will not perform unique actions
Administrators can usually adjust batch processes to serve different
purposes.

Postponing

With batch processing, processes are saved for when the computer is not executing
very many tasks, such as in the evening when a business is not very busy.
For example, a company can refrain from running antivirus scans when the
company is busy, since the scans use up computer processing power.
Administrators often start antivirus scans at night, when most of the workers have
gone home.
Real-time processing usually occurs whenever the processor receives an input.
Outside Computing

Batch processing also occurs outside computers.

For example, instead of sending a bill to a customer every time the
customer pays for a service, a company might send a bill every month so
that the company doesn't have to spend as much on postage.
Real-time processing usually only refers to computers and microcontrollers.
 Difference between Real time and
Online
Online Means the visitor of website is able to use the functions that are offered
through the same website

A real time web environment is said to be transactional . Every action through

the website is managed as transaction in there are always two sides ; the user
or visitior enters the data and the system responds with immediate feedback.

The main difference between online and real-time is the interference of a person
behind the web application to check for a certain situation.
In a real-time environment there is no human interference.

Another difference is the required level of investments to cater a real-time

application. Online functions are relatively less expensive but at the same time
block large amounts of traffic too.
There is a situation where there is (nearly) no difference between
real-time and online.
This is with chat functionality when you are to address your question
about a product or service to a service agent who is currently 'online'.
Nearly, because it might take some time before the agent will
respond to your question. Again depending on the amount of traffic
and the capacity (availability) of the agents.

● Real Time in Indian Railways

● Real Time in Airways
● Real Time in Hotel Reservation sytem
● ATM
● E-payments
Threat Hunting
Cyber Threat Hunting refers to proactively and iteratively searching
through networks or datasets to detect and respond to threats that
evade traditional rule- or signature-based security solutions.

It includes using both manual and machine-assisted techniques, and

aims to find the Tactics, Techniques and Procedures (TTPs) of
advanced adversaries.

Cyber Hunting is an iterative process that should be carried out in a

loop to continuously look for adversaries hidden in vast datasets.

Hunting begins with a hypothesis and should be carried out based on

questions that the analysts wants to answer .
There are three types of hypotheses:
● Analytics-driven: "Machine-learning and UEBA, used to
develop aggregated risk scores that can also serve as hunting
hypotheses”
● Situational-awareness driven: "Crown Jewel analysis,
enterprise risk assessments, company- or employee-level
trends"
● Intelligence-driven: "Threat intelligence reports, threat
intelligence feeds, malware analysis, vulnerability scans"
 Cyber Hunting Softwares
1. Carbon Black
2. Cybereason
3. Sqrrl
4. Extrahop Networks