IT System Security-BCSC-0603

UNIT-I
 Introduction to IT system
security
• IT system security covers everything from prevention, detection and
response to improper access from within and outside an organization,
to protect information and systems.
• As the critical importance of IT systems grows daily, so does the
volume of targeted attacks, internal fraud and other security risks
from which IT systems need to be defended.
• Elements of IT system security
Vulnerability
Threat
Risk
Exposure
Countermeasure or Safeguard
The Relation Between the Security Elements
 Goals of IT System Security
• IT security generally is comprised of five main goals:
Integrity: guaranteeing that the data are those that they
are believed to be
Confidentiality: ensuring that only authorized individuals
have access to the resources being exchanged
Availability: guaranteeing the system's proper operation
Non-repudiation: guaranteeing that an operation cannot
be denied
Authentication: ensuring that only authorized individuals
have access to the resources
 Elements of IT System Security
• Vulnerability
• Threat
• Risk
• Exposure
Threats to IT systems
Threats to IT systems
Threats to IT systems
Technical controls in IT system security
Technical controls in IT system security
Technical controls in IT system security
System security coverage
System security risk management
The process of risk assessment involves following activities:
– determining the assessment's scope and methodology
– collecting and analyzing data
– interpreting the risk analysis results

System security risk management

 Chapter-2

Operating System Security

 Introduction of Changing Threats
– Basics of Operating Systems & changing threats
• Operating systems are the software that provides access to the various
hardware resources (e.g. CPU, memory, and devices) that comprise a
computer system.
• Any program that is being run on a computer system has instructions
executed by that computer’s CPU, but these programs may also
require the use of other peripheral resources of these complex systems.
– Formal security mechanisms in operating system
• With the developments in technology and the advent of cloud, there
have been increasing trends of operating systems being deployed
onto storage resources and shared public computation in cloud data
centers.
• This, in turn, has attracted attacks against collocated operating
systems and their hosting platforms and hence rendering the
 Why OS is Hard to Secure?
– OS not able to find themselves prone attacks
• The software required to interface these peripheral devices and
network of devices could operate in privileged mode within the
operating system.
• This way, they could access resources, such as processor memory,
directly. An attacker is able to gain full control of the operating
system, via a crafted USB device, owing to the vulnerabilities within
USB device drivers in the operating system.
– Multiple peripherals can be externally connected through interfaces,
such as integral devices
– Unlike USB driver and hardware devices developed by the hardware
manufacturers, etc.
 Securing Operating Systems
How to secure operating system and its models:
– Trust Model
– Threat Model
There have been consistent goals for a secure operating system
established for almost every community:
• Ensuring that the operating system is able to separate users and
access to resources by following a defined policy.
• Ensuring that a trusted execution path is followed. “Trusted” means
that there are no vulnerabilities that might affect the operating
system’s ability to separate users and access to resources, such as
memory, files, I/O and processes.
 Trust Model
• For an operating system, its trust model is synonymous with the
system’s trusted computing base (TCB).
• Ideally, a system TCB should consist of the minimal amount of
software necessary to enforce the security goals correctly.
• The software that must be trusted includes the software that
defines the security goals and the software that enforces the
security goals (i.e., the operating system’s security mechanism).
• Further, software that bootstraps this software must also be
trusted.
• Thus, an ideal TCB would consist of a bootstrapping mechanism
that enables the security goals to be loaded and subsequently
enforced for lifetime of the system.
 Trust Model
• The secure operating system developer must prove that their
systems have a viable trust model. This requires that:

1. The system TCB must mediate all security-sensitive operations.

2. Verification of the correctness of the TCB software and its data.

3. Verification that the software’s execution cannot be tampered by

processes outside the TCB.
 Threat Model
• A threat model defines a set of operations that an attacker may use
to compromise a system.
• In this threat model, we assume a powerful attacker who is
capable of injecting operations from the network and maybe in
control of some of the running software on the system.
• Key Security Features
• – Access control
• – Network protection
• There are principles that are well established to ensure secure
control access and its proper practical implementation:
• It has to be ensured that there exists a trusted mechanism to first
decide and then enforce the rights of the user (requesting access to
a resource) along with designated rights of the resource requested.
 Threat Model
• When these rights are being enforced, it has to be made sure
that there are no vulnerabilities present in the enforcement
capability. It must be free from any modifications or tampering
done beforehand. This concept is referred to as the Trusted
Computing Base.
• A trusted path must be followed while the enforcement
happens. This minimizes the possibility of interruption of
execution path by malicious processes or users. This concept
is known as the Trusted Path.
 Key Security Features
• Access control
• Operating system, at its core, has the ability to admin control over
access to system information and resources.
• This is done in order to mitigate threats as well as minimize the
possibility of any accidental damage by the users.
• The need to prevent a poorly implemented application, that can
access the private data of users stored in the memory, is as
important as the need to prevent inadvertent download of malware
through a browser and installing unwanted spying software.
• In layman’s terms, access is the ability to read from, write to, or
execute a file, operating systems, such as Microsoft Windows,
provide richer access operations that provides the option to acquire
ownership of or even delete a data type.
 Network protection
• With most users finding it mandatory to communicate with each
other and while accessing applications and data, most of the
operating systems are deployed in highly networked
environments.
• Before the advent of the more sophisticated operating systems,
network that connected the users were believed to be trustworthy
as the files that were being shared.
• These networks connected organizations on trusted or in-house
networks. Nowadays, we have devices that are highly mobile
being connected over untrusted and public networks (for e.g., the
Internet).
• So, to counter this problem, operating systems adapted and the
developers started to embed security features (such as firewalls,
network encryption and network access protection) onto their
operating systems.
 Malware protection
• Users’ requirements to access and exchange application and files
have been increasing.
• This has led to an increase in the means of exchange including
social media platforms, web portals and messaging systems.
• Most of the cyber security attacks have had been a result of a
malicious file being received from an email or a website.
• Application Verification and Control
• For example, this mechanism is implemented by Apple iOS.
Apple’s operating system enforces all applications from the app
store.
• There is no provision to install applications from external
sources. The application on the Apple app store are signed by
Apple after verifying their integrity from a security perspective.
 Application Separation: Sandboxing
• The technique of sandboxing is used to provide a form of isolation to
an application to ensure that the functionality of the application is
“boxed-in” (limited), such that the ability of the application to access
other running applications, or the memory or network resources of
other applications.
• This method can be applied using different approaches.
• A hypervisor is sought which provides a “container” to separate out
and execute multiple operating systems on a common platform.
• Whole operating system is virtualized and run on a hypervisor which
summaries the hardware environment for the platform.
• While this approach protects applications on the same hardware
irrespective of the operating system, it does not offer any protection
to other applications in the same operating system.
 Application Execution
• There is a possibility of application being exploited by attackers
using the user supplied input.
• Buffer overrun is the most common form of attacks in the which
the input supplied by user end up to be written directly to the
operating systems and application memory (normally used to store
application execution code, temporary and global data) without
any prior verification of its integrity. \
• The attacker, using this vulnerability of data going in without any
check, takes control of the application execution by supplying
sufficient data and manipulating the stack pointer.
• The attacker, rather than simply execute the application, executes
the data and code they have written to the memory within the
application context.
 Physical Theft
• Operating systems have found protection using following ways:
• Operating systems can now encrypt individual data files and
also the data stored in the memory.
• Applications and data can be protected from other users and
processes in case an individual gains
• access to device for a short period.
• Data on devices is protected against subsequent copying in
case the device gets stolen. This is done by
• encrypting all the data present on the device.
Server Operating System Security
Guidelines
 Server Operating System Security
Guidelines
– Installation & Configuration
• System Administrators verify that already installed Servers & guidance
for new server setup and general topics required for setting up a server in
secure environment. The installation should be carried out from the
original media, supplied by the vendor.
– OS Hardening
Patches: One of the most important tasks of the System Administrator
(SA) is to keep the most current patches for the OS and application
software installed on a server. Many of these patches fix security
vulnerabilities that are well known to intruders.
• Service packs are used to patch a wide range of vulnerabilities and bugs.
• The latest service pack that has been tested to work in one’s environment
should always be applied after installing the operating system.
 Server Operating System Security
Guidelines
• Hotfixes are released more frequently than service packs and
are meant to patch a more specific problem.
• Not all hotfixes may be needed for a particular system. Before
installing these fixes on critical systems or installing them on a
large number of devices, hotfixes should be tested to ensure that
there is no conflict with other third party drivers.
• Disabling unwanted services and protocols
• Only required network services should be installed in the server.
• There are many default services with the standard OS software.
Depending upon the role of server one should load only
required network services, like on a mail server DNS service is
not required.
 Server Operating System Security
Guidelines
• Each network protocol should be configured for security settings,
like in case of TCP/IP protocol only essential ports should be
enabled.
• For example, on MS Windows NT Server disable inbound and
outbound traffic to the external connections for TCP and UDP ports
135, 137, 139 and UDP port 138.
• Blocking these ports prevents potential intruders from gathering
useful information such as computer names, usernames, and
services running on those computers.
• Security scanner tools like NMAP, NESSUS should be run to know
which ports or services are currently open or running on the server.
 Workstation Operating System
Security Guidelines
• The word "workstation" is used in this module to mean the
combination of the hardware, operating system, application
software, and network connection.
• Planning and executing the deployment of workstation.
• Configuring workstation to help make them less vulnerable to attack.
• Maintaining the integrity of deployed workstation.
• Improving user awareness of security issues.
 OS and Application S/W Hardening
• OS media should be procured only from an authorised vendor of the
manufacturer.
• To patch up the vulnerabilities and loopholes of the OS, install all the
latest service packs, security patches, hot-fixes, OS updates, etc. as
available and applicable for this version at the time of installation.
• These patches/updates etc. are available from the vendors as well as
from their websites.
• Initially, all the ports should be closed/disabled and may be
enabled/opened as and when required.
• Turn off all network services that are not needed.
• Define how long the computer or application can be used. Create a
mandatory automated logoff policy based on inactivity or time of day.
• Disable application features that expose vulnerability through
configuration changes.
• Control access to settings, control panels and run functions. Define who
has access to applications by location, time of day or time period.
Mobile Operating Systems
 Threats of Mobile Operating Systems
• Some major threats & vulnerabilities of mobile OS
• – Malware
Trojans
Virus
Worm
Spyware
• – Vulnerabilities
Device-Hardware Vulnerabilities
Software Vulnerabilities
Threats of Mobile Operating Systems
 Threats of Mobile Operating Systems
• • Some major attacks of mobile OS
• – Hardware-based attacks
• – Device-independent attacks
• – Software-based attacks
• – User-based attacks
• JTAG (Joint Test Action Group) Attacks
• Forensic Analysis
• Phishing Attacks
• QR Code Based Attacks
• SSL Proxy Attacks
Endpoint Security

Chapter-3
 What is Endpoint Security
• Security is top of mind for today’s CIO/CISO and endpoints are the new
target.
• Criminals are targeting employees and using their devices to gain access to
networks.
• Compromise is inevitable but a breach can be prevented. Anti-virus
solutions are important but they no longer offer complete protection to the
organization.
• The terms Endpoint Security or Endpoint Protection are generally used to
refer to corporate products that include a range of security features. These
typically include:
• Malware removal based on existing signature files and heuristic algorithms
• Built-in antispyware protection
• Ingress/Egress firewall
• IPS/IDS sensors and warning systems
• Application control and user management
 Endpoint Security
• Endpoint security products may contain features and
functionality such as:
• Data loss prevention
• Insider threat protection
• Disk, endpoint, and email encryption
• Application whitelisting or control
• Network access control
• Data classification
• Endpoint detection and response
• Privileged user control
Critical Components of Endpoint Security
• Endpoint encryption fully encrypts your enterprise data on
endpoints, including laptops, mobile devices, and other
endpoints, as well as in individual folders, files, and removable
storage devices like CDs and USB drives.
• Application control prevents the execution of unauthorized
applications on endpoints, a core component of comprehensive
endpoint security measures.
• Application control solves the challenge of employees
downloading unauthorized or dangerous applications on
mobile devices, which could create network vulnerabilities and
lead to unauthorized access.
Endpoint security perspectives: Consumer
versus corporate
there is no central administration:
• Signature and application updates are received from the
developer's control servers via the Internet.
• Endpoint security apps are configured on each computer.
• Alert and log entries are only available on the affected computer.
Centralized administration allows:
• Single sign-on web interface for configuring endpoints.
• All log entries and alerts to be sent to one location, the controlling
server.
• Downloading of signature and application updates once, then the
server application pushes the files out to all endpoints.
 Pillars of Endpoint Security
• Four Pillars of Endpoint Security include:
• Endpoint hardening - protect the endpoint from attack
• Endpoint resiliency - make the endpoint auto-healing
• Network prioritization - guard network bandwidth
• Network resiliency - make the network auto-healing
There are four tenets of security: identity, authentication, access control, and
authorization.
• Identity - how principals, such as users, are represented.
• Authentication - how identity is established. For example, a user in
possession of a smartcard provisioned with a trusted X.509 certificate,
plus knowledge of the smartcard PIN, will use the card to authenticate,
thereby establishing his or her identity within the system.
• Access control - the ability of the system to selectively allow or deny
principals to perform actions on protected objects. Access control
enforces authorization rules.
• Authorization - the process by which access control rules are expressed.
• Endpoint Hardening: The goal of the first pillar - endpoint
hardening - is to ensure that network assets are using the latest
technologies to defend against threats. Typical threats include
unsafe email attachments, worm-like viruses that propagate over
the network, and related threats to your web browsers.
• Objective: Reduce the attack surface and minimize
vulnerabilities on individual devices.
The following technologies can aid in endpoint hardening:
• Antivirus and anti-malware software
• Mandatory integrity levels: Least Privilege Principle
• Auditing of network resource access: Helps detecting and
responding to unauthorized access
Endpoint Resiliency
• The goal of endpoint resiliency is to ensure that health information on devices
and applications is continuously gathered and monitored. That way failed
devices or applications can be automatically repaired, thus allowing operations to
continue.
• Objective: Ensure that endpoints can resist, recover from, and adapt to security
incidents effectively.
The following technologies can make endpoints more resilient:
• Network access control (NAC): NAC enhances endpoint resilience by
preventing unauthorized or compromised devices from accessing the
network, reducing the risk of attacks and limiting the potential impact of security
incidents
• Configuration baselining: Configuration baselining enhances endpoint
resilience by maintaining a consistent and secure configuration, reducing the
attack surface and vulnerabilities.
• Patching: Patching contributes to endpoint resilience by proactively addressing
vulnerabilities and reducing the likelihood of successful attacks.
• Antivirus and anti-malware software: Detect and mitigate threats
• Centralized policy and confirmation management: Ensuring uniform security
Network Prioritization
• The goal of network prioritization is to ensure that the available
infrastructure can always meet application bandwidth needs.
This consideration applies not only at well-known peak demand
times, but also when there are unexpected surges on network loads
and distributed external and internal attacks.
• Objective: Optimize network resources, enhance performance, and
prioritize critical activities.
Network Resiliency
• The goal of network resiliency is to allow for seamless asset
failover. Techniques in this area ideally afford reconfiguring the
network in real-time as performance degrades.
• This pillar is similar to endpoint resiliency in that the goal is to
facilitate network self-healing in order to minimize the
management burden.
• Objective: Ensure the network can resist disruptions, adapt to
changes, and maintain continuous operation.
 Endpoint Security in BYOD
• Four Pillars of Endpoint Security in Bring your own device (BYOD)
• Endpoint hardening - Technologies like platform attestation allow server-
side resources to extract high-assurance security claims from mobile
devices.
• This helps to keep sensitive data off malware and rootkit infested devices
and can also be used to enforce client attributes, such as the use of
hardware-based disk encryption.
• The latest generation of mobile devices supports a variety of high-
integrity security features, including TPMs (Trusted Platform Module, a
secure cryptoprocessor), SIMs (Subscriber Identity Modules, a smart
cards that store cryptographic identifiable information of subscribers ),
and other hardened cryptographic and data protection features.
• Endpoint reliability -Enforcing patching and platform updates is key to
maintaining endpoint reliability; technologies exist to do this across all
platforms.
 Endpoint Security in BYOD
• Network prioritization
• link encryption is a must-have.
• All web applications should enforce Transport Layer Security (TLS);
all clients support it.
• Bandwidth waste is on unencrypted or untrusted requests is avoided.
• Network Resiliency –
• Implementing advanced threat protection measures to detect and
mitigate security threats arising from various devices.
• Segmenting the network to isolate BYOD devices from critical
infrastructure, reducing the potential impact of a security incident.
 Endpoint Encryption
Defining endpoint encryption and its difference modes
Disk Encryption: Endpoint encryption (which typically includes disk
encryption and removable media encryption) protects this data,
rendering it unreadable to unauthorized users. Endpoint encryption
describes the differences between disk encryption and file
encryption, details how disk encryption and removable media
encryption work, and addresses recovery mechanisms.
– Removable Media Encryption: Removable media encryption
software provides the ability to encrypt files on removable storage
devices. When a user copies files of a system onto a removable
storage device, each file is encrypted to a password, a shared key or
a certificate. At the same time, utilities for Windows or Mac systems
can be copied (if permitted by policy) allowing authorized access to
data without the endpoint client installed on a machine.
 Driver influence endpoint security
• Explaining the business drivers that influence the
endpoint security
Correct and reliable operation
Service-level agreements
IT asset value
Protection of the business asset value or brand image
Legal and regulatory compliance
Contractual obligation
Financial loss and liability
Critical infrastructure
Safety and survival
Driver influence endpoint security
• Explaining the IT drivers that influence the endpoint security
– Internal threats and threat agents
– External threats and threat agents
– IT service management commitments
– IT environment complexity
– Business environment complexity
– Audit and traceability
– IT vulnerabilities: Configuration
– IT vulnerabilities: Flaws
– IT vulnerabilities: Exploits
– End User Complexity
– Fast-Growing Web Threats
– VPN Security Challenges
 Challenges of Endpoint Security
– Complacency and Risk: Complacency among users and
organizations regarding security practices can lead to increased
risk. Users may neglect security protocols, such as updating
software or avoiding risky behavior, assuming that security
measures are foolproof.
• IT management bandwidth: IT teams are often overwhelmed by
the sheer volume of endpoints they need to manage
• More flexible and mobile workforce: Endpoints can connect from
various locations and networks, making it challenging to enforce
consistent security measures.
• Lack of integration: Security solutions may not be fully integrated
across the organization's IT infrastructure.
• Fast moving security threats: Cyber threats evolve rapidly, with
attackers constantly developing new techniques and exploiting
vulnerabilities.
 Challenges of Endpoint Security
– Business Challenges: The business challenges of endpoint security reflect
the difficulties organizations face in adequately securing their endpoints
due to various constraints.
• Lack of IT resources: May lack the necessary IT resources, including
personnel, budget, and infrastructure, to implement and maintain robust
endpoint security measures.
• No in-house expertise: May not have dedicated cybersecurity experts or
professionals with specialized knowledge in endpoint security on their
staff.
• Ad-hoc PC management: Ad-hoc PC management refers to an approach
where the management and maintenance of personal computers (PCs)
are carried out in an unplanned, reactive, and often inconsistent manner.
• Focus on more important tasks: Endpoint security may not be prioritized
adequately due to competing demands for other tasks.
• – The Threats Keep Coming
 Endpoint Security Solutions
General aspects covered by an Endpoint Solution
 Personal Firewall: Monitors and controls incoming and outgoing network traffic on the
endpoint device.
 Wireless Security: Guards against unauthorized access to Wi-Fi networks and protects
data transmitted over wireless connections.
 Port Control: Prevents unauthorized devices or data transfers through specific ports.
 Data Encryption: Protects sensitive information from being intercepted or accessed by
unauthorized individuals.
 USB and Storage Device Security: Controls and monitors the use of USB and other storage
devices.
 Application Control: Prevents the execution of malicious or unauthorized applications,
enhancing overall system security.
 Integrity and Remediation: Detects and addresses unauthorized changes to system files or
settings, ensuring the system's integrity.
 Client Self-Defense: Enhances the resilience of the endpoint security solution against
tampering or disabling attempts.
 Alerts Monitoring: Monitors security events and issues alerts in response to potential
threats.
Endpoint Security Solutions
 Gartner’s Magic Quadrant
Endpoint protection platforms capabilities & things include in EPP
Antimalware
Personal firewall
Port and device control
EPP solutions also often include:
• Vulnerability assessment
• Application control and application sandboxing
• Memory protection
• Behavioral monitoring of application code
• Endpoint detection and remediation technology
• Full-disk and file encryption, also known as mobile data protection
• Endpoint data loss prevention (DLP)
• Enterprise mobility management (EMM), typically in a parallel non -
integrated product
 Quadrant Descriptions
Explaining the quadrant descriptions
 Leaders: Leaders demonstrate balanced progress and effort in all
execution and vision categories.
• Challengers: Challengers are good at competing on basic functions,
rather than on advanced features.
• Visionaries: Visionaries can affect the course of technological
developments in the market, but they haven't yet demonstrated
execution.
• Niche Players: Niche Players have not demonstrated sufficient
focus on the core needs of buyers, despite long tenures in this
market.
 Evaluation Criteria Definitions
 Ability to Execute
 Product/Service, Overall Viability, Sales Execution/Pricing
 Market Responsiveness/Record
 Marketing Execution
 Customer Experience
 Operations
 Completeness of Vision Market Understanding
 Marketing Strategy
 Sales Strategy
 Offering (Product) Strategy
 Business Model
 Innovation
 Vendor Strengths and Limitations
• Bitdefender: Bitdefender still generates the majority of its revenue from
consumer sales, but the gap between consumer sales and enterprise sales
narrowed in 2015.
• The company is investing heavily into its sales operations in Europe and the
U.S. Updates to the enterprise offering included improvements in security
event feeds from endpoints to the management console, formulating better
insights into the presence of malware, unwanted applications, advanced
threats and remediation.
Strengths
• Bitdefender provides very good malware detection capabilities, including a
sandboxed application emulation environment, automatic unknown file
analysis and continuous behavior monitoring, resulting in very good public
test scores.
Limitations
Bitdefender does not offer full feature parity between Windows, OS X and
Linux. The Windows offering supports anti-malware, firewall, content control
and device control. OS X and Linux have only anti-malware capabilities.
 Vendor Strengths and Limitations
Check Point Software Technologies
• Check Point Software Technologies is a well-known network
security company. Its venture into the EPP market, starting with
the 2004 acquisition of ZoneAlarm, continues to suffer from poor
marketing and channel execution.
Strengths
• Endpoint's URL filtering capability enables an off-LAN URL
filtering security policy synchronized with a firewall blade policy.
Limitations
• Check Point's application control capabilities (which it calls
"program control") remain largely unchanged for this year.
Application control capabilities continue to rely on URL filtering,
anti-bot and anti-malware for restricting unapproved and
suspicious applications.
Application Server Security

Chapter-4
Application Server Security Overview
 Application Server Security Overview

Security is a system issue, not a single-product issue. Each

component of system application affects the security of the entire
system. Proper security requires careful configuration of all system
components, including the following third-party components:
• Web Browsers: Must support specific communication
protocols and security technologies.
• Firewalls: A firewall is only as secure as its maintenance.
• Load Balancers: Moving an SSL session from one server to
another is complicated.
• Virtual Private Networks (VPNs): A VPN prevents a third
party from monitoring or altering communications but
cannot prevent the transmission of viruses.
 SSL Keys and Certificates
• When an SSL session is negotiated, the following steps take place:
• The server sends the client its public key.
• The client creates a bulk encryption key, often a 128 bit RC4
(symmetric key encryption) key, using a specified encryption
suite.
• The client encrypts the bulk key with the server's public key, and
sends the encrypted bulk key to the server.
• The server decrypts the bulk encryption key using the server’s
private key.
• This set of operations is called key exchange. After key exchange
has taken place, the client and the server use the bulk encryption
key to encrypt all exchanged data.
 Web Traffic Security Approaches

IPSec: Transparent to end user, have filtering capabilities

SSL or TLS Security: Provide encryption and decryption, most web servers have
implemented
Application specific security services: Application level security
Kerberos: Authenticate service request between two or more host
S/MIME: Secure multipurpose internet mail extensions, encrypt emails
 SSL (Secure Socket Layer)
• transport layer security service
• originally developed by Netscape
• version 3 designed with public input
• subsequently became Internet standard
known as TLS (Transport Layer Security)
• uses TCP to provide a reliable end-to-end
service
• SSL has two layers of protocols
SSL Architecture
 SSL Architecture
 SSL connection
 a transient, peer-to-peer, communications link
 associated with 1 SSL session
 SSL session
 an association between client & server
 created by the Handshake Protocol
 define a set of cryptographic parameters
 may be shared by multiple SSL connections
 SSL Architecture
 Session state is defined by
 Session Identifier
 Peer Certificate
 Compression methods
 Cipher Spec
 Master Secret
 Is Resumable
 Connection state is defined by
 Server and Client Random
 Server write MAC secret
 Client write MAC secret
 Server write key
 Client write key
 Initialization vectors
 Sequence numbers
SSL Record Protocol Operation
 SSL Change Cipher Spec Protocol

• one of 3 SSL specific protocols which use the

SSL Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use
 SSL Alert Protocol
 conveys SSL-related alerts to peer entity
 severity
• warning or fatal
 specific alert
• fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
• warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked, certificate
expired, certificate unknown
 compressed & encrypted like all SSL data
 SSL Handshake Protocol
 allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms
 to negotiate cryptographic keys to be used
 comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
SSL Handshake Protocol

7-73
 Need of Security
• Application Server Threats and Countermeasures
– Network Eavesdropping:
– Unauthorized Access
– Viruses, Worms, and Trojan Horses
 Introduction to Oracle Application Server
Introduction to Oracle Application Server and security objectives
 Providing Basic Security Services
 Supporting Standards
 Ensuring Deployment and Configuration Flexibility
 Minimizing Application Development and Deployment Cost
 Providing Security in Depth
Security architecture of oracle
application server
 Oracle Application Server Security Best
Practices
Best practices for HTTPS Use
Best Practices for Cookie Security
Best Practices for Certificates Use
Review Code and Content Against Already Known Attack
Follow Common Sense Firewall Practices
Leverage Declarative Security
Use Switched Connections in DMZ
Place Application Server in the DMZ
Secure Sockets Layer
 Web Application Server Security best
practices
– Use separate servers for internal and external applications
– Use Separate Development Server for Testing and Debugging Apps
– Audit Website activity and store logs in a secure location
– Education of developers on sound security coding practices
– Patching Operating System and Web Server
– Use of Application Scanners
 Introduction to OWASP
The Open Worldwide Application Security Project (OWASP) is a
nonprofit foundation dedicated to improving software security. It
operates under an “open community” model, which means that
anyone can participate in and contribute to OWASP-related
online chats, projects, and more.
 Top 10 OWASP
 Insecure Data Storage: Leading to unauthorized access or data compromise.
 Weak Server-Side Controls: May allow unauthorized access and manipulation of sensitive data.
 Insufficient Transport Layer Protection: May expose information to interception and
manipulation.
 Client-Side Injection: May enable attacks like Cross-Site Scripting (XSS) and compromising user
data.
 Poor Authorization and Authentication: May potentially lead to unauthorized access and data
breaches.
 Improper Session Handling: May potentially allow unauthorized users to gain access to sensitive
information.
 Security Decisions via Untrusted Inputs: May lead to security decisions based on unreliable or
manipulated data.
 Side Channel Data Leakage: Data Is Obtained from Web caches, Keystroke logging, Screenshots,
Logs, Temp directories
 Broken Cryptography: May risk confidentiality and integrity of sensitive data.
 Sensitive Information Disclosure: May potentially expose critical data to unauthorized
individuals or entities.
Mobile Application Security Testing
 Dynamic Analysis: Involves testing an application while it's running
to assess its behavior, performance, and security.
 Black Box Security Testing: Evaluates the security of an application
without knowledge of its internal code or structure. The tester
feeds the application with inputs and observes the response.
 Static Analysis & Code Review: Examines the source code and its
structure without executing the program. With static analysis, the
business logic and the security of the application are covered.
 Identifying and protecting
Every piece of data is sensitive. Data cannot be classified as sensitive and non-
sensitive. Users enter data into an application under the assumption that security
will not be compromised. Considering the importance users give to data,
applications should be designed to treat every little piece of user data as sensitive.

Examples of personal data users prefer to keep private:

• Their location
• Contacts
• Unique device and customer identifiers
• Identity of the data subject
• Identity of the phone (make of the phone)
• Credit card and payment data
• Phone call logs, SMS or instant messaging
• Browsing history
• Email
 Protecting Data
• The data handled by an application should be protected from storage to transit
• Access to data being stored in another field is to be taken into consideration
while handling data
• An important location where data leak can occur is the side channel data
leakage
• Data should be logged or shown in error logs
• Each piece of code that handles data needs to be crafted carefully
• User data should be encrypted using smart algorithms before being stored on
the device
• The encryption method should use a strong key
• The data stored on the device should be accessible only to the application that
stores the data
• The data should not be given global read privileges leading to other
applications residing on the device
• Whenever the data is transferred to other locations, such as a server, the
application should use https
 Formidable App
• Developers creating mobile applications need to realize that the mobile
application is only a part of the system that attackers target.
• When an application is built, every piece of information that enters the
application needs to be validated.
• User input should be considered, but not enforced while making
security decisions
• The data stored on the device should be handled carefully to ensure
that none of the information is accessible even when the device
changes hands
• The permissions set to the files and databases should ensure that
application use is unique and should be accessible only to the owner
• The user may install a malicious application accidentally. Such
applications should not be able to access the files and database of the
developed application
 Steps to Create a Secure and Powerful
Application
• The first step is to identify the data that is most critical to an
application or a device – this can be done by threat modeling the
data before development.
• Consider all the data that the application uses, analyze the data
and identify the threat level associated with the data.
• Once the threat modeling is done, decide the level of security
that is required to protect the data.
• During the coding phase the developer writes necessary
protection methods for the data.
• This includes validations on both client and server sides to
hashing and encryption of data. Security is embedded into the
application without disturbing the business logic of the
application.
 Security Testing Tools
Qasat: The application helps code reviewers decompose an
Android Package File (APK) and understand the application better.
HashQ: HashQ is a tool used to list out difference between two
applications of the same type (JAR/APK).
Android Emulator: Android Emulator is an application that
emulates and tests virtual android devices.
WebScarab: WebScarab is an intercepting proxy used to monitor
conversations between a client and server.
WebSlayer: Webslayer is a tool to perform brute force attacks on
web applications. Helps a tester to test a large number of
parameters at a time.
Database Server Security

Chapter-5
 Introduction to Database Server Security

• A database can be defined as a collection of data that is saved on

a computer system’s hard drive.
• Databases allow any authorized user to access, enter and analyse
data quickly and easily. It’s a collection of queries, tables and
views.
• The data stored in the databases are usually organised to model
aspects that support processes that require information storage
and retrieval.
• These layers are: database administrator system administrator,
security officer, developers and employee and security can be
breached at any of these layers by an attacker.
 Importance of Database Server Security
• Database servers are the foundation of virtually every Electronic
Business, Financial, and Enterprise Resource Planning (ERP) system,
and frequently include sensitive information from business partners
and customers.
• Data integrity and improper access can be compromised by many
factors, including complexity, insecure password usage,
misconfigurations, and unrecognized system backdoors, making
imperative regular use of an adaptive database server security solution.
• Database security concerns the use of a broad range of information
security controls to protect databases (potentially including the data,
the database applications or stored functions, the database systems, the
database servers and the associated network links) against
compromises of their confidentiality, integrity and availability.
 Architecture for Database Systems
• Explaining the Architecture for Database Systems and it provide:
Independence of data and programs
Ease of system design
Ease of programming
Powerful query facilities
Protection of data
Architecture for Database Systems
• As new computing methods have evolved, different methods of
transferring the data between the database systems and the end users
have been also evolved. For database-backed up systems, there are
three most common architectures as follows:
• A direct link to the computer which performs all the work
• A client/server (two-tier) architecture
• A thin client (three-tier) architecture
In general, the goals of database security are:
• Confidentiality and secrecy: Data should not ever be revealed to anyone
who is not authorized to access it
• Authentication, accuracy and integrity: It means that data cannot be
modified maliciously or corrupted intentionally.
• Recoverable and availability: Systems should continue working, and the
lost data could be recovered easily, efficiently and in the original form
 Database attacks, security & lifecycle
• Attacks on Database
• Two kinds of attack can be made to the databases; physical attack
and the logical attack. Physical attacks can include forced
disclosure of sensitive information like passwords, demolition of
storage devices in system, complete power failure, and theft of
secured information. While logical threats are intentionally or
unauthorized access to sensitive information.
– Insider Threat
– Login Attacks
 Need of Database Server Security
• Following are the database vulnerabilities
– Lack of security feature maturity Login Attacks
– Database Password Management
– Oracle Internal Password
– Oracle Listener Process password
– Oracle Internal Password - “orapw” File Permission Control
– Operating system back doors
– Auditing
– TrojanHorses
Database Vulnerabilities
• Risks associated with vendor-supplied software
• Risks associated with administration
• Risks associated with user activity
Database security lifecycle
 Database Server threats &
countermeasures
• Following are the database vulnerabilities
SQL Injection – Network Eavesdropping
Unauthorized Server Access Password Cracking

•
 Acquiring Database and Server Security

• Explaining the database acquiring and server security

mechanisms
– NAT and PAT A demilitarised zone (DMZ)
– Content-based firewalls – SSL connections IPSec security
 Securing Open Source Databases
• How to secure open source
database and its methodology
Patches and Updates
Services
Protocols
Accounts
Files and Directories
Shares
Ports
Registry
Auditing and Logging
SQL Server Security
SQL Server Logins, Users, and Roles
SQL Server Database Objects
Steps for Securing Database Server
Best Practices to secure database server
• Database server secure practices and planning
Strong Password Policy Execution
Discard all Default Users and Demo-test Databases
Change the Admin User Name
User Privileges Need to be Restricted
Disable Public Network Access to Database Servers
Enforce SSL/TLS on Remote Connections and Restrict IP
Check for Database Dumps in Public Locations
Encrypt Your Application Files and Backups
Web Application Firewall and Malware Scanner Should be used
Always keep the Software Updated
 Security Checklist for a Database
Administrator
• Ensure that the database RDBMS version is a vendor supported
product version.
• Monitor the RDBMS software on a regular basis to detect
unauthorized modifications.
• Ensure that all directories and file permissions created by the
installation of a RDBMS are protected in accordance with
security evaluation specifications if available or, if not, vendor
recommendations.
• Ensure that end user accounts are not granted permissions to
change directory or file permissions associated with the database
software.
Security checklist
Database Security Program Design
Database Security Program Design
IT System Security Processes

Chapter-6
Identification of risk
Organizational Assets Used in Systems
Threat Identification
Prioritizing System Vulnerabilities
Prepare for Selecting Security Controls
Initial Security Control Baseline
Apply Scoping Guidance
 Apply Scoping Guidance
The application of appropriate scoping guidance to the initial
baseline
• – Apply Security Objective-related Considerations
• – Apply Common Control-related Considerations
• – System Component Allocation-related Considerations
• – Apply Scalability-related Considerations
• – Document the Decisions in the Security Plan
 Analyzing System Environment
A brief description of the technical system is provided which
includes any environmental or technical factors that raise special
security concerns, such as:
The system is connected to the Internet;
It is located in a harsh or overseas environment;
Software is rapidly implemented;
The software resides on an open network used by the general
public or with overseas access;
The application is processed at a facility outside of the
organization's control; or
The general support mainframe has dial-up lines.
 Planning for security in the system
lifecycle
Few basic phases of IT system lifecycle
Initiation Phase
Development/Acquisition Phase
Implementation Phase
Operation/Maintenance Phase
 Applying Operational Controls
• Personnel Security
• Physical and Environmental Protection