Lesson 01 – Introduction to Basic Website Security
Step 1 – Register an account with MVA (Microsoft Virtual Academy)
Understanding Security Layers
Step 2 – Complete Module 1 – Understanding Security Layers
- Participate in group discussions (with teacher and other students). Done
- Review the Slide Presentation (or watch the video later at home) to reinforce your understanding. Done
- (Optional) Sign in to MVA and attempt the online Assessment.
Step 3 – Briefly define the terms below. For each definition include an example to demonstrate your understanding:
- Confidentiality, Integrity, Availability, Principle of Least Privilege, Social engineering.
- Viruses, Worms, SpyBots, Spam, Denial of Service (DoS), Distributed DoS (DDoS), Phishing, Website Defacement, Keylogger.
Definition of Confidentiality
Confidentiality refers to the concept that a set of protocols exist, to ensure network or system data is hidden and thereby protected from unauthorised access but without limiting information access to individuals or processes with appropriate privileges. 1,2
Data classification is integral to the concept of confidentiality. Based on its importance and sensitivity, data needs to be classified before appropriate protection criteria, such as access control, encryption or authentication, can be established to maintain confidentiality.3
Online banking constitutes a daily example of the need to maintain data confidentiality, with respect to client account numbers. Client IDs and encrypted passwords form the standard method of maintaining confidentiality although as the ability of unauthorised individuals and processes to breach network security has increased, two-stage authentication has become more commonly used and may include elite validation procedure such as biometric confirmation or security token devices.3
References:
1.http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm
2. http://resources.infosecinstitute.com/guiding-principles-in-information-security/#gref
3. http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
Definition of Integrity
In simplest terms “integrity”, of data and network security, refers to the certainty that the validity and consistency of stored information is accurate and can only be changed or viewed by those with the correct permissions. Data integrity is maintained by using an array of error-checking and validation procedures or by the hashing of data.1
Example of maintaining data integrity may include:
- Check Integrity Constraints require all entries in a database to have a specified condition be true or unknown in order to be accessed. If the condition of the constraint evaluates to be false, then data access is disallowed.2
- Unique Key Integrity Constraints which requires the use of a unique variable. For example the database should not permit the duplication or allocation of identical ID numbers to different employees.2
References:
1. https://www.techopedia.com/definition/811/data-integrity-databases
2. https://docs.oracle.com/cd/B14117_01/server.101/b10743/data_int.htm
Definition of Data Availability
The term “Data availability” describes the concepts involved in ensuring that data is available to users and other applications on demand and at an efficient level of performance. It defines the extent that data is readily usable together with the required hardware, administrative procedures and tools necessary to provide and handle continuous data availability 1,2. Examples of factors which may influence data availability include:3
- Protocols for the prioritization of requested data
- Service Agreements between service and affected entities to ensure continuity of data availability in times of failure
- Technical system considerations including type of file system used, efficiency of hardware and software used for storing and retrieving data, bandwidth available between the network(s) and devices, etc.
References
1. https://www.techopedia.com/definition/14678/data-availability
2. http://searchstorage.techtarget.com/definition/data-availability
3. https://msdn.microsoft.com/en-au/library/cc722918.aspx
Principle of Least Privilege
The principle of least privilege is the practice of only allowing minimal level of user privileges on computers, based on a user’s needs to fulfil specific functions. This reduces the “attack surface” of the computer by eliminating unnecessary privileges that can result in network violation. 1, 2 Examples include:
- Guests browsing a website
- Employees having the lowest level of user rights that allows fulfillment of duties
References:
1. https://www.techopedia.com/definition/13676/principle-of-least-privilege-polp
Social Engineering.
Social engineering is the practice of deceiving a person into providing personal/confidential information either directly or by allowing access to their computer and hence secretly installing malicious software that seeks confidential information such as passwords, bank details, etc and returns this information to unauthorised personal for use in fraudulent activity. 1
Examples of social engineering methods include 2 :
- Phishing: is the practice of emailing fake requests from a known or reputable sources with the intention of gaining personal or confidential information.
- Impersonation: is pretending to be an official or other relevant person with the aim of obtaining information or access to personal or corporate computer systems.
- Vishing: is the practice trying to influence an action or obtaining information via the telephone and often includes “phone spoofing“ (the principal of caller ID spoofing is to change the information displayed on the caller ID display to deceive the call recipient and hide the caller’s real identity.)
References:
1. http://www.social-engineer.org/framework/general-discussion/social-engineering-defined/
2. http://searchsecurity.techtarget.com/definition/social-engineering
Viruses
A computer virus is malicious software that infects a computer and reproduces itself by duplicating its code onto another program, document or the computer boot’s sector. Once active, the virus can affect the performance of the computer’s core functions, modify or disable software or alter, encrypt or delete data depending on the purpose of the malware.1
Viruses are spread in numerous ways including accessing an .exe file, visiting an infected website, viewing an infected email or attachment, using an infected removable storage device and so on. Examples of computer viruses include:
- The Storm Virus in 2007, under the pretence of a severe weather alert about to affect Europe, globally infected computers. Huge numbers of infected computers were hijacked to steal identities and disseminate spam.2
- The Stuxnet Virus was an example of malware created for use in cyber warfare, disrupting Iran’s nuclear program by ruining an estimated 20% of Iran’s nuclear centrifuges.3
References
1. http://searchsecurity.techtarget.com/definition/virus
2. http://www.telegraph.co.uk/technology/5012057/Top-10-worst-computer-viruses-of-all-time.html
3. http://www.hongkiat.com/blog/famous-malicious-computer-viruses/
Worms
Computer worms are self-replicating malware that enter a computer’s operating system and then use it as the vector by which to spread themselves. Worms use host network(s) to forward copies of their malware code to other computers, thereby affecting their ability to perform their core functions by consuming bandwidth (that reduces computer speed), data deletion, browser redirections, random email generation, etc depending on their purpose.
Worms and computer viruses are often confused, but are differentiated by the method by which they disseminate. Computer worms self-replicate and spread across networks, automatically exploiting system vulnerabilities without any further intervention from the hacker or the need to attach to another computer program to become active. Worms can also install “backdoors” on computers. A backdoor is clandestine software code that allows a computer’s normal security protocols to be undetectably breached by its installation and accessed by unauthorised personnel.
Examples of worm infections include:
- The Code Red Worm (2001) – Web sites affected by the Code Red worm were defaced by the phrase “Hacked By Chinese!” At its peak, the number of infected hosts reached 359,000.
- The Blaster Worm, (2003), initiated a denial of service attack against Microsoft’s website “windowsupdate.com”, which included the message “billy gates why do you make this possible? Stop making money and fix your software!!”. Globally the Blaster Worm infected millions of computers by exploiting a security hole in Microsoft’s software.2
References:
1. http:// http://www.pctools.com/security-news/what-is-a-computer-worm/
2. http:// abcnews.go.com/Technology/top-computer-viruses-worms-internet-history/story?id=8480794
3. http:// http://www.hongkiat.com/blog/famous-malicious-computer-viruses/
SpyBots
Covert computer code which operates in the capacity of a proxy on behalf of another user, other software programs or assumes a human activity is known as a “bot”. For example:
- Surfbots, used to facilitate Internet use, by hackers.
- Spyware programs are sometimes known as spybots.
- Spambots are used to search and find e-mails address for spamming.
A spybot is also a general term for most types of malware including spyware, viruses, Trojans, worms and rootkits.
References:
1. http://www.toptenreviews.com/software/articles/what-are-spybots
2. http://whatis.techtarget.com/definition/Spyware-glossary
Spam
Spam is the mass e-mailing of unsolicited material sent to recipients with known e-mail addresses, without the recipients consent. Spam is sent for various intentions including advertising, marketing, spreading malware, social engineering. etc.
References:
1. http://searchsecurity.techtarget.com/definition/spam
Denial of Service (DoS)
A Denial-of-service (DoS) attacks involves the inundation of a website with internet traffic in order to make it unavailable to intended users.
An example of this occurred last year on Census night, when due to the volume of traffic, whether legitimate or superfluous, trying to access the ABS site caused it to crash and become unavailable to users.
References:
1. http://searchsecurity.techtarget.com/definition/denial-of-service
Distributed DoS (DDoS)
A distributed denial-of-service (DDoS) attack occurs when multiple computer systems, often infected with malware, initiate a flood of incoming connection requests and messages to a targeted internet server or website. The flood of internet traffic to the targeted system causes it to slow, crash or shut down, resulting in a denial of service for legitimate users.
The Dyn cyber-attack (2016), is an example of numerous distributed denial-of-service attacks targeting systems operated by Domain Name System provider Dyn, and resulted in several Internet platforms and many services being unavailable to large numbers of users in the USA and Europe. 2, 3
References:
1. http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack
2. Etherington, Darrell; Conger, Kate. “Many sites including Twitter, Shopify and Spotify suffering outage”. TechCrunch. Retrieved 2016-10-21.
3. Jump up “The Possible Vendetta Behind the East Coast Web Slowdown”. Bloomberg.com. Retrieved 2016-10-21.
Phishing
Phishing is a component of social engineering. It involves the sending of fake e-mails pretending to be from a reputable source or company to induce individuals to reveal personal information including passwords, site login details, account numbers, etc.
Reference:
1. http://searchsecurity.techtarget.com/definition/phishing
Website Defacement
The attack of a website altering its visual appearance is known as website defacement. Such attacks are generally perpetrated by system crackers, who after gaining access into a web server either replace the hosted website with one of their own or graffiti and tag various pages.
Defacement usually occurs on high traffic websites. Such attacks have also been used to mask a more serious attack being committed elsewhere on the site or server.
Many examples of website defacement are given on the web. From international organisations ( eg the United Nations), governments or large corporates (such as Lenovo) many have had their website security breached and their sites altered.
References:
1. https://cybercrime.org.za/website-defacement
2. https://www.techopedia.com/definition/4870/defacement
Keylogger
A keylogger (or keystroke logger) is either a small malware program or a hardware device that records keystrokes entered on a specific computer’s keyboard for later use in a fraudulent act. Some keyloggers will record all keystrokes made on a specific keyboard and others may be sophisticated enough to monitor for a specific activity like opening an online banking site. When the specific behaviour occurs, the keylogger begins recording to capture login, username and password details.
As a hardware device, a keylogger is a small battery-sized plug that resembles a connector between the keyboard and computer. As such can be easily installed without being noticed. Keylogger hardware must be physically removed and analysed to access the information stored on a miniature hard drive.
Several keyloggers are available on for purchase and are sold for legitimate purposes and security functions.
References:
1. http://searchmidmarketsecurity.techtarget.com/definition/keylogger
dsjboiancertiv2017technicaljournal.wordpress.com 