discussion board and peer responses cybersecurity

please see attachment for details

Cybersecurity discussion board

WEEK 3 Discussion Board and Peer Responses

·

The discussion assignment requires an Original Posting (main post) from you of 2-3 paragraphs answering the module’s question.

·

·
Discuss the types of common security planning organizations use to help defend against cyberattacks.

·

· In addition to your main post, you must post
three responses to other posts made by your classmates.

PEER 1

Nowadays, cyberattacks are a continuously and rapidly growing problem, and it is one of the most significant threats to organizations today. If we are not aware how to use social media, devices connecting to the internet like laptops, computers, and cellular phones we might be victims of this what we call cybercrime. These cyberattacks might put you in danger as well as the organization you are working with if we do not follow these following steps below.

Limit Employee Access to Your Data & Information

Limiting access to your valuable company data reduces the chance for human error, which is the number-one information security threat. Employees should only have access to the systems and specific information they need to do their jobs.

If an employee leaves your company, or transfers to a different company location, take protective action immediately, including deleting passwords and accounts from all systems and collecting company ID badges and entry keys.

Install Surge Protectors & Uninterruptible Power Supplies

Uninterruptible power supplies (UPS) can give you enough battery life and time to save your data in the event of a power disruption. Check to ensure the UPS type and size meets your company’s standards and requirements.

Every computer and networked device should be plugged into a UPS. For less-sensitive electronics and non-networked equipment, standard surge protectors should suffice. Be sure to test and replace each UPS and surge protector as recommended by the manufacturer.

Patch Your Operating Systems & Software Regularly

Every new app can open the door to a cyber-attack if you do not regularly patch and update all software on every device used by your employees.

Always check for updates when purchasing a new computer or installing a new software system. Be aware that software vendors are not required to provide security updates for unsupported products.

Install & Activate Software and Hardware Firewalls

Firewalls can thwart malicious hackers and stop employees from browsing inappropriate websites. Install and update security system systems on every employee computer, smartphone, and networked device.

Set up Web & Email Filters

Use email and web browser filters to deter hackers and prevent spam from clogging employee inboxes. You can also download “blacklist” services to block users from browsing risky websites that pose malware risks.

Caution your employees against visiting sites that are frequently associated with cybersecurity threats, such as pornographic websites or social media. This may seem like an easy decision; but it only takes one employee to visit the wrong website to inadvertently download malware onto your company systems.

Use Encryption for Sensitive Business Information

Use full-disk encryption to protect all your computers, tablets, and smartphones. Save a copy of your encryption password or key in a secure location separate from your stored backups.

Dispose of Old Computers & Media Safely

Before donating or trashing old computers, you need to wipe all valuable hard drive information. Delete any sensitive business or personal data on old CDs, flash drives, or other old media.

Train Your Employees

Cyber-vigilant employees are your best protection against information security threats.

Every employee should know:

· What business and personal use is permitted for emails

· How to treat business information at the office or at home

· What to do if a cybersecurity incident occurs

Now we familiarize ourselves with the steps on how to be safe, how to prevent and how to help defend ourselves as well the organization from threat or cyber-attacks. We must practice these steps and be vigilant with all actions that we are going to execute. We must think twice and be extra careful dealing with the internet.

Ausherman, Nicole. “How to Protect Your Business from Cyber Attacks.” NIST, 22 Oct. 2019,

www.nist.gov/blogs/manufacturing-innovation-blog/how-protect-your-business-cyber-attacks

.

PEER 2

D3 Ben Alberti – Computer Experience

Although vaguely related, my first real experience with more complex computer systems and coding was about 10 years ago when the Raspberry Pi was first released. My dad, being a software engineer for a large company, wanted to spark my interest in it and that was when I first started learning Javascript as well. Although I’ve all but forgotten most of the concepts directly related to them, it was still a nice bonding experience! I still have my Rapberry Pi from all those years ago.

I have always been big into computers before and since then, and faced the dillema a few years later of buying my first computer outright, or taking the time to build it. I opted to build it with the help of my dad, thinking it would be a good learning experience, as I had never really fully understood how modern PCs function, and it would be way more cost efficent as opposed to ordering a pre-built. I was right, and even though I was pretty nervous it would work after finishing the build, it did. Just this past year, as I am now living on my own I had to get a new PC, and build it all on my own this time, from which parts to order, all the way to assembly.

PEER 3

Abler- W3 Discussion Computer Experience

Good Morning!

I chose to discuss my computer experience for this week’s topic. To be honest I do not have much. I know it may be cliche but I was born in the 90s and was raised by grandparents so there was very little change with technology in my house as the wold developed. My first experience taking technology apart was with VCR’s and gaming consoles, which I am unsure if you could really classify those as computer experience. Although, I have always been the go to person in my family for setting up new consoles and making sure everything was plugged in and hooked up properly so that it was accessible (ie. DVRs/cable, game consoles, wifi etc.).

When it comes to computer software I try to start by trying to figure it out for myself; but to be honest I am a better student than I am an acute individual when it comes to technology. So, I have always relied on watching tutorial videos or DIY manuals where I have to take one step at a time while watching someone else do it. Unusually though, after learning something I am able to repeat the steps pretty easily for myself for future needs. A recent example is when I was getting everything ready for school; I had received an email about needing windows for some of my classes.I have a MacBook so it runs IOS not windows, however there was a link for how to use with an ios system. I could not for the life of me, figure out how to make it work. I watched several videos and had gone through all the steps that was necessary to allow me to install and run a virtual machine box to allow windows; it still didn’t work for me. I finally caved and took my computer to best buy to see if they could help, there I found out that there was a software program that was no longer supported for mac and that was why I was having so much difficulty. They told me that they could do it for me but I would need to install “Parallels” which requires a yearly subscription and that it would take them 24-72 hours as it will require a whole software update and install. They quoted me over $100 to complete this I said thank you, took my computer, went home and found the parallels program they were talking about. I paid the subscription and took the 10 minutes to install it myself. Now my Mac runs both IOS and Windows without problem, for the fraction of time and cost that BestBuy had quoted.

The most I have in coding experience is copy and pasting Myspace code back in the day haha.

Chapter 2
Controlling a Computer

Chapter 2 Overview
Overview of the general strategies for controlling access
Buffer overflow: a well-known technique for subverting computer software
Introduction to attack scenarios and case studies
Mechanisms typically used to control access within a computer
Security planning: describing the protections needed and how to implement them

CPU Hardware: Motherboard

Left: © iStockphoto/Thinkstock; Middle: © Péter Gudella/Dreamstime.com; Right: Courtesy of Dr. Richard Smith.

Programs
Data resides in RAM
Numbers and other coded data
Examined and modified by programs
Stored in consecutively numbered locations
Programs are lists of instructions
Instructions reside in RAM
Each is a single arithmetic operation or comparison
Stored in consecutively numbered locations

Executing a Machine Instruction

Left: Courtesy of Dr. Richard Smith; Right: © iStockphoto/Thinkstock

Organizing RAM into “Sections”
Control sections
Contain instructions to execute
Contain unchanging data
Data sections
Contain variables that change
Contain “free form” RAM
Buffers, stacks

Control and Data Sections

Functions, Procedures, Subroutines
We break programs into pieces
A piece with a particular job = function or procedure or subroutine, all roughly the same
One function can execute another function
PC is pointed to the called function’s address
We save the current function’s “state”
Saving the variables and the caller’s PC
Saved in RAM, often on a “stack”

One Function Calls Another Function
We save the program counter in the “calling function”
We execute the instructions in the “called function”
At the end of the “called function” we restore the program counter
This returns the CPU to where the “calling function” left off

Processes
A program is a group of instructions
A process is a running program
Its PC is, or can be, changing
It has some RAM with instructions and data
Windows example
Run two command shells
One program, two processes
Looking at processes with the Task Manager
List Applications; List Processes

Switching Processes
The “dispatcher” procedure in the operating system (OS) switches running processes
Stops (pauses) one process and starts another
Save the PC for the stopped process
Save other CPU data from the stopped process
Locate the “saved state” for the one to start
Load up the saved CPU data for the process
Load the PC with the starting process’s PC value

The Operating System
Dispatching and process management is only one of its many tasks.
RAM management – assigns RAM to active processes and manages free RAM
I/O management – handles external devices
File management – hard drives & mass storage
User interface management – keyboards and GUIs
Network protocols – connect to other computers

Buffer Overflow: The Morris Worm
Morris Worm – first major Internet worm
1988 – disabled about 10% of Internet computers
Used several attacks
Buffer overflow vulnerability
A program fails to keep track of its input
The input data modifies RAM that it shouldn’t
Attacker can take over the computer if the wrong RAM gets modified

The “finger” Program
Retrieved information about other users
Rarely used today
Command “finger
jsl@bu.edu”

Retrieved information about JSL at BU.EDU
If the sender typed too many letters, like:
finger jsl@bu.eduXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX and so on… the program overflowed a buffer

What Overflows?

It Overflows the Stack
When we call another procedure, we must save the PC and the current procedure’s working variables inside the CPU
We save the information on a last-in first-out block of RAM called the stack
If a storage area on the stack is overrun, the data may modify the saved PC
When the procedure is finished, it jumps back to the wrong instructions in RAM

The Stack Overflow

The Worm Connection

Why Does the Shellcode Work?
Programs execute from a control section
The stack is in the data section
If the computer has data execution prevention (DEP), it only executes instructions in a control section
Not all systems – or programs – can use DEP

The Worm Released
Released in October 1988
Promptly infected 10% of Internet computers
The worm was designed to infect each computer once
The restricting code did not work
Each computer was infected hundreds of times
Infected computers became unusable
Spread nationwide between 9pm and 11pm

Fighting the Worm
Telephone lines were not affected
Analysts shared information by phone
Many were at a meeting in Berkeley, fortunately
As sites cleaned themselves up, they shared status and defensive data via email
Site cleanup was tricky – a “clean” computer had to be hardened against the worm or it would be infected all over again

Security Alerts and Coordination
The worm incident helped create the Computer Emergency Response Team (CERT)
First nationwide, multi-organization computer security team – tracked and reported problems
Today, reports are tracked by the Common Vulnerability Enumeration (CVE)
Numerous public and private security organizations, like the “Internet Storm Center”

Studying Cyber Attacks
A systematic analysis, based on attack reports
Attack scenarios
May study potential or actual attacks
Elements are all based on recorded attacks
Attack case studies
Report actual attacks
A scenario that includes threat agent data

23

Attack Scenario
Goals – a few sentences describing the goals of the attack.
Resources required – personnel, skills, equipment, preparation, timing constraints
How it happens – describe how it takes place
Collateral results – attack results in addition to the goals noted above
Recommended mitigation – basic steps that could prevent the attack. Acts
References – authoritative sources

Attack Case Study
Overview – summarizes the attack
Perpetrator – brief description of threat agent
Attack scenario – as described previously
Risk management – how pre-attack risk management steps affected the attack’s outcome (omissions or comissions)
References – consolidated list including those from the attack scenario

Resources Required: Details
Skills and/or training – special skills required for the attack
Personnel – number and types of people required for the attack
Equipment – special equipment required for the attack
Preparation time – amount of lead time required to set up the attack
Timing constraint – is the attack tied to a particular schedule or event?

Access Control Strategies
How do we control access? Four strategies:
Islands
A process is an island
Vaults
Safe deposit box; access control on a computer
Puzzles
Cryptography; Kerckhoff/Shannon
Patterns
Photo IDs; anti-virus; biometrics

An Island
On an island, we can only touch what is there
Everything else is brought from elsewhere
A process can execute its instructions in RAM and modify variables in RAM
It can only use resources brought into its RAM
It can’t access anything else
We restrict a process by not allowing it access to resources
“Isolation and mediation”

A Vault
We can retrieve things from the vault only if allowed
Someone/something restricts access
Least privilege: we only have access to some items
A bank safe deposit box – we have the key
The banker lets us retrieve the box
We can modify the box contents
We can’t retrieve or modify any other boxes
Computer access control – a process can retrieve a file or print data if granted the right permissions

Puzzles
Protect data by presenting a puzzle
Authorized users know the puzzle’s answer
Security Through Obscurity (STO)
A weak puzzle, like protecting data by hiding it
Strong puzzles use cryptography (“crypto”)
Mathematical techniques to hide or protect data
Quality cryptography is very hard to break
Weak cryptography is simply a form of STO

Open Design: A Basic Principle
We open our systems for third-party analysis to help ensure their effectiveness
We withhold changeable, secret information
“More eyes make bugs shallow” – Eric Raymond
Kerckhoff’s Principle and crypto design
Rely on a changeable secret, but make the rest of the design public and open to review
Shannon’s Maxim: “The enemy knows the system”

Pattern Matching
Make decisions based on similarities
Photo IDs – guard compares face against poor photo
Photos are often laughably inaccurate
Anti-virus software
Searches computer for patterns found in viruses
Must be updated continuously for new viruses
Biometrics – fingerprint readers, for example
Compare reading against a stored pattern
Problems: false positives and false negatives

Chain of Control: Another Principle
We must never run programs that violate or bypass our security policy. To avoid this, we:
Start the computer using a BIOS that maintains our security policy
If the software we start (i.e., the OS) can start other software, then the other software either
Complies with the security policy, OR
Is constrained from violating the policy via access restrictions or other mechanisms

Subverting the Chain of Control
At the BIOS, we may
Boot a different OS from a CD-ROM
Boot a different OS from a USB drive
The other OS doesn’t enforce access restrictions
Inside the OS, we may
Install a privileged (administrative) program that can bypass access restrictions
Trick an authorized user into leaking sensitive files

Keeping Processes Separate
Relies on hardware and software
Hardware: two CPU features
Program modes
RAM protection
Software: Operating system features
Program dispatcher
Memory manager
User identities

Program Modes
Kernel or supervisor mode
For highly privileged operating system programs with full CPU access
Allows full access to RAM
Dangerous! Used as rarely as possible
User mode
For most programs and all applications
CPU blocks any attempt to use kernel mode instructions

Personal Computer Evolution
1970s: PCs ran one program at a time
Microprocessor CPUs didn’t support multitasking
1980s: Programs politely took turns
Allowed several windows to be open at once
Illusion of multitasking
1990s: Multitasking in desktop computers
Microprocessor CPUs support multitasking
Unix on PCs, Windows NT

Operating System Protections
Originally only available on mainframes and higher-end minicomputer OSes (Unix, VMS)
Adapted to desktop OSes during 1990s
OS security features
Processes must take turns (“dispatching”)
Processes are assigned different parts of RAM
Processes can’t damage other areas of RAM
User-oriented interface and access controls

Sharing a Program

Screenshots used with permission from Microsoft.

Access Matrix
A way to specify access permissions
Rows for resources or RAM
Columns for active entities or processes

Sharing Data
The problem: Allow two processes to share data stored in RAM
Normally we isolate processes from each other
This prevents one process from damaging the other one
OS provides a separate data section
Processes still have exclusive access to own data
All shared data resides in this separate section
Both processes have RW access to the shared section

Constructing a Security Plan
The Security Plan is a detailed assessment
A high-level analysis is an overview
The Plan contains the details
List of assets (see Chapter 1)
Full risk assessment (see Chapter 1)
Prioritized list of risks (see Chapter 1)
Security requirements (see Chapter 1)
Implementation – a list of security controls

Requirements and Controls
Requirements say what we want for protection
Controls says what we get
For each requirement, pick security controls
Each control addresses one or more policy statements

Security Plan: Process Protection
How does the OS protect processes?
Goals:
Processes share the CPU
Processes may share control sections
Processes don’t share RAM except by request
Risks:
A process monopolizes the CPU
A process reads or writes RAM that it shouldn’t

Policy and Implementation
Six policy statements (Table 2.5 in textbook)
Specifies security to be arranged by the dispatcher
Specifies when things should happen
Security controls (Table 2.5 in textbook)
All are functional controls provided by software
Some are steps in the dispatcher procedure
Others are features of how the OS ensures that the dispatcher is run or how security is applied

45

image2

image3

image4

image5

image6

image7

image8

image9

image10

image1