There are a multitude of items that Cyber Security professionals view as attack vectors but none are more prevalent and exploitable than application code or as readily available as the network perimeter. There are many ways that these areas are exploited. The application side has its beginning with code which is poorly designed from a security perspective. One of the code items that is exploited by fraudsters to pivot across an organization's internal network is the Web.cfg file - in this file non security minded programmers often leave the User ID and password for connecting to the associated database in plaintext. For part one of this assignment, write a 1 page summary in APA format (Times New Roman Font, double spaced, parenthetical citations) that explains to a non IT person what this attack is, how it works and how to prevent it.
Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.
Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it.
Major areas covered in cyber security are:
1) Application Security
2) Information Security
3) Disaster
recovery
4) Network Security
Application security encompasses measures or
counter-measures that are taken during the development life-cycle
to protect applications from threats that can come through flaws in
the application design, development, deployment, upgrade or
maintenance. Some basic techniques used for application security
are: a) Input parameter validation,
b) User/Role Authentication & Authorization,
c) Session management, parameter manipulation
& exception management, and d) Auditing and
logging.
Information security protects information from
unauthorized access to avoid identity theft and to protect privacy.
Major techniques used to cover this are: a)
Identification, authentication & authorization of user,
b) Cryptography.
Disaster recovery planning is a process that
includes performing risk assessment, establishing priorities,
developing recovery strategies in case of a disaster. Any business
should have a concrete plan for disaster recovery to resume normal
business operations as quickly as possible after a disaster.
Network security includes activities to protect
the usability, reliability, integrity and safety of the network.
Effective network security targets a variety of threats and stops
them from entering or spreading on the network. Network security
components include: a) Anti-virus and
anti-spyware, b) Firewall, to block unauthorized
access to your network, c) Intrusion prevention
systems (IPS), to identify fast-spreading threats, such as zero-day
or zero-hour attacks, and d) Virtual Private
Networks (VPNs), to provide secure remote access.
Some of the most common and dangerous Application security vulnerabilities that exist in which one of the code items is exploited by the fraudsters to pivot across an organization’s internal network is the Web.cfg (Web Config) file - in this file non security minded programmers often leave the user ID and password for connecting to the associated databases in plaintext. While undeniably it is convenient for development purposes, this was never intended for use in a real time environment. Storing login credentials in plaintext in a configuration file is simply not secure.
Anyone with read access to the Web.config file could access the authenticated Web application and misuse the application and its data for their own purpose.
Few ways to secure our data is by encrypting the password that is to store the SHA-1 or MD5 hash of the password value, rather than storing the password in plaintext. This is somewhat better, but it is still not a secure solution. Using this method, the user name is still not encrypted. First, providing a known user name to a potential attacker makes it easier to perform a brute force attack against the system. Second, there are many reverse-lookup databases of SHA-1 and MD5 hash values available on the Internet. If the password is simple, such as a word found in a dictionary, then it is almost guaranteed to be found in one of these hash dictionaries. The most secure way to store login credentials is to not store them in the configuration file. Remove the credentials element from your Web.config files in applications.
There are a multitude of items that Cyber Security professionals view as attack vectors but none...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...