Exercise 0

Attack Types and Security Services Attack Interruption Interception Modification Fabrication Availability Data Confidentiality Authentication & Data Integrity Authentication and Non-Repudiation Preventative Service

Website, link to external from pqmasters for external access.

Exercise 1
High Level Assessment
1. What needs to be protected 1. The machine (portable) from theft. 2. The usability of the machine in the case that it is stolen. 3. The sensitive data and data-access mechanisms on the machine 4. The OS and other applications from attacks allowing outage, data exposure, unauthorised usage, etc. 5. Associated Memory devices (USB, Card, Etc) with varying transient data on them. 6. Other media with backups of data. 2. Who Owns It ? 1. Me 3. Who needs access ? 1. Me 2. My wife may need access if her machine fails or is not at hand. 4. Where is the information stored ? 1. On the machine ➔ data folder ➔ browser cache, cookies, form completion, history, authenticated sessions ➔ temporary folders ➔ os caches ➔ application caches 2. On backup media. 3. On a transient basis on portable memory devices such as Flash / SD / USB etc. 4. On networked devices out of my control (printer spools, mail spools, mail servers, etc) 5. Transiently on the networks themselves, again much may be out of my control but I can take time to ensure secure communications where possible. 5. Risks, Impact of Breach 1. Time Wasted (securing, restoring data from backups, restoring OS, sourcing new hw, etc, changing passwords / access codes / certs / etc) 2. Monetary loss (replacing hw, replacing data, unauthorised / excessive bandwidth usage,

potential legal costs if I have to defend myself if my hw is used in illegal activity, etc) 3. Confidentiality breach. Personal information, potentially sensitive now in the hands of whomever. Whether access to the data locally or on remote machines/services. 4. Access to those services is further a threat as they services may also be used for further attacks on myself [name, reputation, etc] and/or others [spam, defamation, their data, etc]

Specific Threats and Counter Measures
1. Access to the device (re theft and possible hw modification that could compromis security) Mind it ➔ Keep out of sight when leaving in car, house, work ➔ Secure car with alarm ➔ Secure house with alarm, keep friendly with the neighbours. 2. Usability of device if stolen

Trying to lock out usability of the device and access to data may render it so unusable that it's easier to just leave it alone, or to collect a reward as 'finder' when one realises it's useless for all but the most determined. ➔ Installation of a phone-home mechanism at the lowest possible level may help with location and retrieval of the device if it is stolen. ➔ Prevent settings access in BIOS via a system lock (pw) ➔ Secure Hard Drive via a device lock (pw). With my model, apparently this remains with HD if moved to another machine. ➔ Lock ability to Boot Up the machine via a BIOS level system lock (pw). ➔ Try to gauge effectiveness of System/BIOS and HD security mechanisms and act appropriately to findings. 3. Sensitive Data

Sensitive Data on the machine and elsewhere needs to be kept confidential or removed [wipe] at the earliest convenience [backups, secure copies remain elsewhere.] ➔ Need to consider risk associated with the varying data. ➔ Data access mechanisms such as VPN and SSH keys, passwords for e-mail, forums, and other sites/services need to be protected in this consideration. ➔ Use of encrypted FS (virtual or in a partition or on other media ?) for storing sensitive data, passwords/certs/etc, browser cache etc. ➔ Use of encryption where possible for data transfer across networks not under my control [ practically all of them :) ] and paying more attention to the security of services on the networks/web. (email, banks, govt., etc). ➔ Automate clearing of cached information and manually check at intervals for anomalies. 4. The OS and Applications.
➔ ➔ ➔ ➔ ➔

Firewall Virus Protection Service Audit with a view to intrusion prevention. [e.g. Lock down open access services such as DB installations, etc] Application research/audit prior to installation. Review application licence

agreements which are too often ignored and may contain agreement to allow exposure of potentially sensitive information. 5. Usage Access Will set up a restricted account if it becomes necessary to allow other persons to use the machine. Will not expose other security such as bios/system/hd access codes. 6. Virus Protection
➔ ✔

AVG AdWare, Spybot search and destroy Zonealarm no unsecured accounts all accounts have active idle timeout with pw protection (screen saver lock) further unuse causes power management to kick in, meaning use then requires system startup security circumvention would also be required. 1. No. I have never seen this been shown to work outside of certain narrow cases. 2. FS and/or file encryption are the only potentially workable (imo) situations I have seen, and are still prone to attack in the manner of their de/en-cryption. (memory usage, temporary storage usage, the encryption controller/application and the encryption scheme itself)

7. Spyware

8. Firewall

9. User Authentication
✔ ✔ ✔

10. OS Auth protecting files

11. Up to date-ness
✔ ✔ ✔ ✔ ✔ ✔

os firewall virus applications, at least the most commonly used ones (openOffice, browser, email) check interval is satisfactory imo. Auto-matic-ness of updates is satisfactory imo. 1. :( recent report (ms watch ?) indicates that MS may be applying updates to certain components even when auto-updating is not enabled.

12. Browser security 1. no confidence here. 2. Java and Javascript are enabled. There are plugins including flash enabled. 3. Browsers tend to store lots of info from history to form data, cookies, authed sessions, and even passwords. Even when I set it to clear this info I sometimes find during a browse information I would not have expected to be there. 4. They crash regularily, and chug lots of memory I don't see the need for, hinting imo at lots of resource leaks. One can see from a quick scan of any security alert list that resource usage (buffer overflows for e.g.) is well up there with the top [frequency] mechanisms for intrusion.

13. Unencrypted network services 1. Print to network. I must get a local printer for the top secret document I'm churning out by the dozen. A lot of printers in use nowadays are very conviently PS printers, making conversion of sniffed data to PDF trivial. 2. Email. I have some accounts with no protection. Few with good authentication but they don't have transport encryption for mail/sender/receipiant data (confidentiality). 3. IM. These are so convenient you could send the most sensitive data without realising or giving a second thought. When I looked at these briefly years ago they were by no means secure. The VOIP (V=voice and/or video) capabilitys of todays IM application raise more interesting security considerations here. 4. Browsing. This is always an interesting one. Aside from the HTTP body itself, the poor use of URI query strings (among other issues) can mean sensitive data is exposed in proxies and even in the statistical records of web sites you visit. Consider the simple and seemingly innocuous act of clicking a link in an email through web based interface to that email, you could have your email account details on the target of the link via the referrer information. 14. My Top 5 1. Lots of USB/SD/etc memory device usage. Small, easy to lose, non-encrypted. 2. Browser sync defaulted to include browser stored pw info for sites. 3. Network security at work. 4. Office (physical) security at work. 5. Location and movement of backups during house move. 6. Connecting a machine on a network after a long time off any network, specifically no access to a network with web/internet access. The machine required many updates to the OS and applications by the time it was finally re-joined to “the net”, and during this (long) time to download the updates it was obviously online and thus exposed to vunerabilities discovered during the time it was offline, and for the duration of the update the (now very vunerable) browser was open ! All bad. 7. Blaster worm protection ? 15. Sans Top 20. 1. Still reading this one ! 16. Machine Penetration testing (nmap) [ used on work pc ] 1. MsRpc, MsDs and netbios are open, though I have a personal firewall. I have not set it at full blocking as I need to use certain network services (sharing etc). Still it's interesting to see what is open. MsSql and mysql were found though noted as filtered. This i didn't intend ! 17. Online security Tips (US-CERT)

Some interesting points about posting information online, being careful about what you advertise, etc. Understanding the limits of firewall and virus protection packages Power surge recommendations are something not often at the top of ones list. I have some but not, interestingly, one that I bring with me and my portable pc. Cell phone attacks is an interesting one i hadn't considered, but which will probably

○ ○

become more of an issue as the technology improves in functionality and acceptance.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.