Question

There are a multitude of items that Cyber Security professionals view as attack vectors but none are more prevalent and exploitable than application code or as readily available as the network perimeter. There are many ways that these areas are exploited. The application side has its beginning with code which is poorly designed from a security perspective. One of the code items that is exploited by fraudsters to pivot across an organization's internal network is the Web.cfg file - in this file non security minded programmers often leave the User ID and password for connecting to the associated database in plaintext. For part one of this assignment, write a 1 page summary in APA format (Times New Roman Font, double spaced, parenthetical citations) that explains to a non IT person what this attack is, how it works and how to prevent it.

Answer 1

Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it.

Major areas covered in cyber security are:

1) Application Security

2) Information Security

3) Disaster recovery

4) Network Security

Application security encompasses measures or counter-measures that are taken during the development life-cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. Some basic techniques used for application security are: a) Input parameter validation, b) User/Role Authentication & Authorization, c) Session management, parameter manipulation & exception management, and d) Auditing and logging.

Information security protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are: a) Identification, authentication & authorization of user, b) Cryptography.

Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.

Network security includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include: a) Anti-virus and anti-spyware, b) Firewall, to block unauthorized access to your network, c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks, and d) Virtual Private Networks (VPNs), to provide secure remote access.

Some of the most common and dangerous Application security vulnerabilities that exist in which one of the code items is exploited by the fraudsters to pivot across an organization’s internal network is the Web.cfg (Web Config) file - in this file non security minded programmers often leave the user ID and password for connecting to the associated databases in plaintext. While undeniably it is convenient for development purposes, this was never intended for use in a real time environment. Storing login credentials in plaintext in a configuration file is simply not secure.

Anyone with read access to the Web.config file could access the authenticated Web application and misuse the application and its data for their own purpose.

Few ways to secure our data is by encrypting the password that is to store the SHA-1 or MD5 hash of the password value, rather than storing the password in plaintext. This is somewhat better, but it is still not a secure solution. Using this method, the user name is still not encrypted. First, providing a known user name to a potential attacker makes it easier to perform a brute force attack against the system. Second, there are many reverse-lookup databases of SHA-1 and MD5 hash values available on the Internet. If the password is simple, such as a word found in a dictionary, then it is almost guaranteed to be found in one of these hash dictionaries. The most secure way to store login credentials is to not store them in the configuration file. Remove the credentials element from your Web.config files in applications.