Lesson 05–Server and Client Security
Briefly define the terms below. For each definition include an example to demonstrate your understanding:
Malware, Viruses,Worms, Spyware, Trojan horses, Rootkits, Backdoor, Dishonest Adware, Clickbait , Ransomware, Zero-day exploit? Describe (briefly) how to enhance security against the above attacks.
Briefly describe how to enhance security against the above attacks.
Explain the reasons for regular updating / patching of Operating Systems & Application software.
Describe at least three strategies to protect your client’s email.
List at least three necessary actions to protect the Server.
Submit a practical list (at least three items) of how to secure the Internet browser for everyday use
Definition of Malware
Malware is an acronym for “malicious software” and is used as a single term to refer to any software programs intended to damage or perform an unwanted action to a computer system. Examples of malware include worms, Trojan Horses, spyware and viruses.
References:
1. https://techterms.com/definition/malware
Definition of Viruses and Worms
The definition of Viruses and Worms has been previously provided in Lesson 1
Definition of Spyware
Spyware is a type of software that is generally installed without permission on a personal computer to secretly collect user data, track and record browsing habits, e-mail information or any other actions performed on the computer and forward it to remote user.
References:
1. https://techterms.com/definition/spyware
Definition of Trojan Horses
The term Trojan Horse refers to malware, disguised as user desirable software, used to gain unauthorised computer access once downloaded and installed. Trojan’s are commonly disguised as freeware, games or distributed in e-mail attachments. In contrast to worms and viruses, Trojans do not attach themselves to other files or replicate once installed.
Trojan Horse malware can cause almost any type of computer damage, but most act to create clandestine (backdoor) access to hardware that provides an attacker with remote access to a user’s personal data (including passwords, bank details, identity information, etc) to use for future fraudulent purposes.
References:
1. https://usa.kaspersky.com/internet-security-center/threats/trojans#.WNXfNm-GM4g
2. https://techterms.com/definition/trojanhorse
Definition of Rootkit
A rootkit is a collection of spyware programs or hardware device that enables administrator access to a computer by discovering the password or exploiting a system flaw. Once installed, the rootkit allows the attacker access to the computer’s to the network’s, operating system enabling software modification to prevent its detection and removal.
A rootkit can create a “backdoor” into the system, attack other network computers, monitor keystrokes and computer traffic and change log files.
References:
1. http://searchmidmarketsecurity.techtarget.com/definition/rootkit
2. http://www.webopedia.com/TERM/R/rootkit.html
Definition of Backdoor.
A backdoor is an method of unauthorised or undocumented computer access, based on bypassing the hardware’s established security protocols. Backdoors may be legitimately installed as a system tool to allow software troubleshooting. Acting as malware, backdoors provide an attacker with remote access to data and the ability to execute unauthroised tasks.
References:
1. https://www.techopedia.com/definition/3743/backdoor
2. https://www.wired.com/2014/12/hacker-lexicon-backdoor/
Definition of Dishonest Adware.
Dishonest Adware is malware that installs itself covertly on a computer and subsequently displays unsolicited advertisements. Similar to Spyware, Adware often comes secretly bundled with other software and like spyware functions to secretly monitors user data and habits that, after analysis, is used to advertise products or services to the user in which a previous interest has been noted.
Although the Adware itself may not be damaging to the computer or its resources, the covert installation, secret monitoring of user data and the ability of the Adware to redirect browser requests to other websites for sales purposes defines it as malware.
References:
Johnson .Mark: “Cyber Crime, Security and Digital Intelligence” Routledge London, 2016, p.55
ISBN 1317155343, 9781317155348
Definition of Clickbait
The term Clickbait ( also known as link bait) describes content whose purpose is to attract attention and encourage user activation (“clicking”) of a webpage hyperlink to continue reading an article. These links usually have an sensationalised title often unrelated to the actual webpage’s contents. If the Clickbait headline is too enticing to disregard increased page views for the site or forwarding of content over social media can be achieved. For example consider the example Clickbate links below, directing users to the same webpage:
The Clickbait headline link:
Is Donald Trump overweight because he doesn’t use keyboard shortcuts on his phone?
Katy Perry’s favorite phone keyboard shortcuts
The Non-Clickbait headline link:
Phone keyboard shortcuts
Clickbait links generally forward the user to a page that requires registration, payment or that is used to increase page views for the website.
References:
1. https://en.wikipedia.org/wiki/Clickbait
Definition of Ransomware
Ransomware is a form of malware that either prevents or limits a user from accessing their data or system files. The attacker generally encrypts the user’s data and demands a ransom in exchange for the data’s decryption and accessibility.
Due to the anonymity offered by digital currencies, attackers commonly request payments in bitcoins of various values depending on the type of malware involved and the prevailing digital currency exchange rate.
References:
1. https://en.wikipedia.org/wiki/Ransomware
2. http://whatis.techtarget.com/definition/ransomware-cryptovirus-cryptotrojan-or-cryptoworm
Definition of Zero-Day Exploit
A Zero-Day Exploit refers to an attack targeting a previously unknown software security flaw, on the same day that the flaw is discovered. Hence zero days expire between the first attack and when the flaw becomes commonly known.
References:
1. http://www.pctools.com/security-news/zero-day-vulnerability/
2. http://searchsecurity.techtarget.com/definition/zero-day-exploit
Briefly describe how to enhance security against the above attacks.
The above assignment primarily focuses on various malware types. To protect against malware attacks and enhance malware-defense capability, fundamental proactive security protocols need to be developed, implemented, maintained and audited in accordance with the user’s needs and risk perception.
Every user/network device needs to meet a baseline security standard underpinned by a user education and awareness program regarding possible security risks and preventative policies together with the use of physical devices and software options.
The list of possible security hardware and software options and permutations is very extensive. It includes but is not limited to the use firewalls, routers, proxy servers, DMZ servers, anti-spam filters, implementation of Windows Group Policies, anti-malware programs, security communication protocols (SSL or SSH), regular updating of application software, the adoption of strong authiorisation, authentication and authorisation protocols (multi-step techniques, PKI, etc), use of WP2 protocols to better secure WiFi transmission, etc. All the above possibilities combine to minimise the attack surface and ensure devices have been hardened to the maximum extent to malware attack without reducing functionality.
References:
1. Abernathy R., McMillan T., Advanced Security Practitioner (CASP) CAS-002 Cert Guide. Education, Inc., Indiana USA, 2015
ISBN 13:978-0-7897-5401-1, ISBN-10: 0-7897-5401-0.
2. http://searchsecurity.techtarget.com/tip/Proactive-security-measures-How-to-prevent-malware-attacks
Explain the reasons for regular updating / patching of Operating Systems & Application software.
Software updates (also known as patches) are regularly released to fulfill any of several functions including the upgrading, to the latest version and features, of system or application software, improving software performance or stability, addressing a security vulnerability, fixing a program glitch as well as installing drivers for future devices to be added.
Regular updating of system software also provides good security against the newest variants of malware, particularly for computers utilising the Microsoft Windows operating environment.
References:
1. https://en.wikipedia.org/wiki/Patch_(computing)
2. http://www.centrered.com/2015/04/29/the-importance-of-updating-your-operating-system/
Describe at least three strategies to protect your client’s email.
Use of an Encrypted Protocol
Implement the use of an encrypted protocol when transmitting personal data to prevent the information being accessed without authorisation whilst in transit.
Install both a software and hardware firewall
Although most anti-viral software offers firewall protection, they only protect the computer running the software. Simultaneous use of a software and a hardware firewall will further reduce the risk of malware infection as a hardware firewall such as a broadband router can protect all clients on a shared network and offers an extra protection layer against malware infection.
Ensure the Use of a Strong and Confidential Passwords
As email addresses are readily available they are no longer private information and hence a principal protection for an e-mail account against misuse becomes the user’s password. Using a weak password that can be easily cracked, allows full control of an email account by an attacker. Ensure creative passwords, comprised of a mixture of numbers, case sensitive letters and special charterers, are used to increase their resilience against dictionary and brute force attacks, especially if e a Web-based email provider (Gmail, Yahoo, etc) is used to forward mail.
Password’s should be maintained confidential and changed regularly as a further security precaution.
References:
1. http://www. smallbusiness.chron.com/list-strategies-avoiding-virus-infections-67408.html
2. https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure#online
List at least three necessary actions to protect the Server.
Implementation of Physical Security
The initial requirement in securing a server is to locate the server away from general access achieved by implementing barriers or layers of physical protection to exclude unauthorised entry. Four layers are established to provide an outer and inner secure perimeter around a outer secured area that surrounds the inner secure area within which the server is housed.
External perimeter defenses may include security cameras, perimeter fencing, guard patrols, gate with access badge readers. Internal perimeter defenses may include security cameras, security desks at which to sign-in, badge readers on elevators and doors and smoke detectors
The secured area access may include access by badge readers or keypads, Biometric authentication technologies, security doors, alarms, etc. Servers are Locked in data racks with security doors in the inner secured area.
Implement Attack Surface Reduction (ASR) and Server Hardening
To further secure the server, a process to reduce the attack surface and the server’s vulnerabilities must be implemented beginning with applying available patches to system and application software to minimise known vulnerabilities.
Expired protocols and unused channels provide a portal for malware access. Hence the closure of unnecessary ports, application interfaces, links to file systems or services should be undertaken to further reduce system vulnerability. Installation of the appropriate server role protocols will automatically limit the servers’s exposure to the minimum required.
The server may be further shielded by being in its own subnet and virtual LAN to reduce server traffic and threat exposure.
Implement System Trust Boundaries
Before sensitive data can pass between two systems, a trust relationship is necessary to verify and authenticate identity and user privileges. Both internal and external trust boundaries must be established to prevent possible threats from reaching vulnerabilities. The implementation of host-based firewalls, anti-virus software and other local security controls help monitor the trustworthiness of each system.
References:
1. https:// mva.microsoft.com/en-us/training-courses/security-fundamentals-8283?l=6l3Q89Wy_6604984382
2. Abernathy R., McMillan T., Advanced Security Practitioner (CASP) CAS-002 Cert Guide. Education, Inc., Indiana USA, 2015
ISBN 13:978-0-7897-5401-1, ISBN-10: 0-7897-5401-0.
3. http:// www.cisco.com/c/en/us/support/docs/lan-switching/vlan-access-lists-vacls/89962-vacl-capture.html
dsjboiancertiv2017technicaljournal.wordpress.com 