Download answer-sheet-7540-040-7630-345-b_

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Cryptanalysis wikipedia , lookup

Information privacy law wikipedia , lookup

Cryptography wikipedia , lookup

Trusted Computing wikipedia , lookup

Malware wikipedia , lookup

Security-focused operating system wikipedia , lookup

Web of trust wikipedia , lookup

History of cryptography wikipedia , lookup

Access control wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cyberattack wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Wireless security wikipedia , lookup

Data remanence wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Computer security wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
Answer Sheet – Level 3 Principles of ICT Systems and Data Security
(7540-040/7630-345) Assignment B
Task A1: Identify and describe the consequences of ten common physical threats to ICT systems and data including hardware damage, loss and theft eg
 deliberate damage to hardware or equipment
 inadequate physical security
 loss or theft due to size or portability of devices
 Accidental damage to hardware or equipment.
Improper storage environment – If an ICT system is kept in improper storage environments it could lead to hardware malfunction and failure, an example of this would be keeping a server in a
server room that does not have air-conditioning. This would lead in servers overheating and the motherboard melting, or frazzling. This would also cause a threat to data as severs hold a lot of
data.
Overuse – If an ICT system is being overused, for example not switching it off at the end of the day, or if the system is used more for its intended use, this could decrease the life span of the
system and potentially cause faults and failure.
Inadequate security– This is threat to ICT systems as if systems are not being protected they are at risk of theft and vandalism. Security such as locks and CCTV should be present in server
rooms and office’s where there is a lot of ICT equipment and a network set up.
Human error – Human error is also a big threat to ICT systems. Human error could occur if a person installs a wrong computer part in a computer, or if when opening up a PC to change cards
they could accidentally damage parts of the PC. This also effects data as if they manage to damage the hard drive they could lose a lot of data.
Sabotage – Sabotage means vandalism that’s been intended. This is a risk to ICT systems as the sabotage could be a broken screen, or even a whole broken system, that would cost to repair
or replace, and if something like the SQL server was damaged on purpose there is a lot of data that could be lost.
Theft – this is a risk to ICT systems and data as if a system is stolen it is possible that a lot of important data can be accessed even if the system has passwords. For example at a business
with remote workers, they could have a company laptop and if that was stolen there may be a lot of important company and customer information on the laptop that would put the company at
risk.
Inadequate hardware maintenance – This is a risk to ICT systems and data as if hardware is not correctly maintained it will lead to faults, failures and a shorted life span. This can risk data loss
if any important data is on the system. For example storage hardware must be maintained to reduce the risk of data loss.
Hardware malfunction – This is always a risk to ICT systems as you never know when a computer, server or mobile phone could break because of a fault with the hardware. This also effects
data as the data can be lost, or if there is a hardware failure with a backup server it could be collecting data incorrectly.
Natural disaster – This is a threat to ICT systems as it is not preventable and could happen at any time and damage and break ICT systems, data storage and even a wired network structure,
effecting all ICT systems. For a example an earthquake could destroy a school, then the entire network as well as ICT systems and data will be lost.
Task A2: Identify and describe the consequences of the following types of malicious code:
 Virus
 Malware
 Spyware
 Adware
 Trojan
 Logic bomb
 Worm
 Rootkits
 Keylogger.
Virus – a virus is a type of programme that is designed to copy itself over, and over again, and it will attach itself to other programmes. Most of the time a virus can be annoying but harmless.
The consequence of a virus is that it can cause a great amount of time wastage, financial loss for companies and home users. Although there can be some severe viruses that can corrupt and
delete files.
Malware – This is malicious software that is used to gather sensitive information, gain access to private computers, and disrupt computer systems. The consequences of malware are the fact
that an individual or company could lose sensitive data that could be used against them and also the fact that private computers will be able to be accessed by whoever has sent or created
the code.
Spyware – Spyware is code that aims to gather information about an individual or company without their knowledge. The consequence of this is that a person may collect data from a company
and use that information completely without the others knowledge, and can also gain control and access of the victims computer without their knowledge. Leading in spying being done, data
theft and more attacks.
Adware – This is advertising supported software, this automatically renders adverts to generate revenue. The adverts will be in the application the client has installed or shown during
installation process. This can slow down a computer and cause lag across a network. Slowing down work rate at companies.
Trojan – Trojans are a type of malware program that contains code that carries out actions determined by the creator of the Trojan. The consequence of these are that they typically cause loss
and theft of data, and possible system harm. A Trojan acts as a backdoor that can give unortherised access to the affected computer
Logic bomb – a logic bomb is code that is intentionally put into a software system. This includes code that will start deleting files, this may be added by programmers into company code, for if
they are ever terminated from the company. Most virus and worms often contain logic bombs to execute commands when conditions are met.
Worm – this is a standalone computer program that replicates itself in order to spread to other computers. It will use a computer network to spread itself and spread to other computers. It
relies on security failures and does not need to attach itself to an existing program. The consequences of this are that it will corrupt systems, modify, change or delete files on the attacked
computers.
Rootkits – A rootkit is a stealthy software that is designed to hide the existence of processes’ or programmes from detection methods. This will also enable continued unortherised access to
the targeted computer. The consequences of this is that it may be undetectable and can happen without the victim even knowing that someone has access to their system.
Key logger – Software key loggers have features that capture information without needed keyboard key presses as the input. This is because it records the keys stuck on a keyboard, this is so
the person being attacked is unaware that they have been recording the person. This is a risk as attackers will be able to record what IP addresses people have used, and once an IP is known
they will also be able to attack the IP address.
Task A3: Identify and describe the consequences of seven other common types of electronic threats to ICT systems and data.
Spamming – This is where someone will repeatedly email people with emails again and again. This will clog up your email, and slow down whatever email system you are using. A lot of the
time spam emails will look like they are from a company or a legit source and they will send emails claiming that you owe them money. This is bad because it will slow down rate of work at a
workplace if employees keep getting spam, also it slows down your email system.
Phishing – this is where someone will send lots of emails pretending to be an important company, such as a bank, and tell people that they need information, usually sensitive information such
as passwords, meaning that they can steal money from the persons account. A lot of people can fall for this as it looks like a legit email from the bank, however banks will never email asking
you for your password. This is a threat because people may actually give out sensitive data because they have been fooled.
Hackers- Hacks and application-specific hacks have become smarter. The treats here include buffer overflows where web servers are overloaded causing a denial of service attack. Also SQL
injection is another threat, this forces a database to give away secure information by causing it to confuse classified data. The consequence of this is that if this hack reaches a company or
organisation, sensitive data could be released by the SQL server.
Malicious insiders – These are employee’s with malicious intent, usually to steal data or release sensitive data. These are a big threat to organisations and ICT systems and data. The
consequence of a malicious insider inside your organisation and ICT systems is that commonly when a data security breach occurs from an employee more records and data is compromised
than any other types of breach, including hackers.
Social engineering – Instead of hacking people have turned to social engineering, this means that instead of hacking, and using illegal software plus risking getting caught, people will use
social engineering to trick people into giving them their username and passwords. These people will use texts, instant messaging, social networks and telephones to communicate with people
in organisations and try and trick them into giving out there passwords. The consequences if someone in an organisation falls for this is that then this person can bypass IT security defences
and gather sensitive data and leave viruses.
Pharming – This is a common type of online fraud and can be a threat to ICT systems and data as someone is frauding your organisation they may be collecting information from the
organisation that is sensitive and you may not even be aware.
Ransomware – this is a type of malware that restricts access to your computer and files and displays a message that demands a payment for the restriction to be removed. These tend to
come from email spam and pop up adverts, This is a threat to ICT systems as if you get this attack then some people may be fooled into paying this money and can give away important
information.
Task A4: Explain five security vulnerabilities associated with remote access technologies, including wireless.
Hackers: Hackers can intercept a remote user’s access to gain entry into an office network. A lot of the time users have no idea that there remote access identity has been
compromised, and a lot of home computers do not have all the latest updates and security that computers on a network do. So therefore home remote users could risk being
hacked as hackers will use security vulnerabilities to steal the remote identity. Therefore it is best for remote users to only use company issued or company approved computers
and laptops so that they have all the latest security updates and fixes.
Unwanted Applications: This is a security concern as remote users could use an office networks bandwidth for their own personal use. This is because if a user connects remotely
to the network they could have other applications running in the background which can use up the networks bandwidth. Another example is peer to peer file sharing such as
downloading movies will greatly affect a networks bandwidth. Therefore a security policy should be in place to prevent unwanted applications from running when a user is remotely
connected to the network
Stealing information: A security risk here is that users who remote access to the network could potentially access sensitive data and transfer it to their personal computers. This is a
vulnerability as it is hard to detect and protect against. To stop this from happening network admins usually limit remote users to a low level access, and this will prevent them from
accessing sensitive data.
Malware: This is another security risk as remote access usually goes through the internet to connect to the office network, therefore one of the greatest security threats is that it can
introduce malicious software into the network, including virus’, Trojans and worms can jump onto the remote connection and gain access into the network. Therefore it is important
that users who use remote access to the network have anti-virus and anti-malware software installed and configured on their computers.
Wireless - organisations who have a wireless network for virtual users to connect to using VPN, a lot of the time they don’t use WEP and a lot of wireless networks had no additional
security controls at all. This is a vulnerability because a lot of organisations don’t recognise the threat that comes with not protecting their wireless network. This means that the
network isn’t protected so when remote uses access the network it is less secure and they could bring in virus and malware, and also they are not protected when they are using
wireless at home or at the VPN, unless it is a secure Wi-Fi connection.
Task B1: Describe the methods of providing physical access control and security for ICT systems including:
 locks (hardware locks and entry locks)
 biometric controls (fingerprint, voice and retina recognition)
 CCTV
 fire control systems
 shielding (cable screening)
 Faraday Cage
 Motion detector.
Locks: Locks can physically protect ICT systems as you can lock doors to server rooms, and only people who are a server / ICT admin can have a key to the room. Therefore
servers are safe from random people in the office going in and damaging the servers. Also locking office doors at the end of the day to reduce the change of theft. Also there are
physical locks such as Kensington locks, there can go on laptops to secure them and only the owner can open them up and use the laptop.
Biometric controls: Biometric controls are security features such as voice control, fingerprint scanners and retina recognition. These will provide physical access control as instead of
having just a password you will also have scanners on the pc or laptop that will scan your finger print only letting you access into your account on your PC. This is good because
you are the only person with your fingerprint or retina, therefore no one else will be able to get access into your computer or laptop.
CCTV: CCTV are camera’s that will provide physical access control as it will protect against theft and vandalism, this is because if a PC has been damaged or stolen, an IT admin
can look through the recorded CCTV footage to get evidence on what happened and who is responsible, therefore gaining evidence to give to the police in hope of getting
compensation or catching the culprit. Also CCTV can set of an alarm when it detects movement after a certain time, alarming the owner of the building and people around the
building to call the police.
Fire control system: A fire control system is in place to protect wires, cables and PC’s from catching fire and getting damaged. This will include backup systems for if anything gets
damaged, fire alarms and extinguishers. Good fire control systems will include tidiness, the replacement of filters, the removal of packaging, and the removal of equipment that is
not in use. Also ICT rooms must not be used at storage rooms and not have anything near them that is flammable, This will help protect ICT systems from physical fire damage.
Shielding: A shielded cable is a cable that has one or more insulated conductors, enclosed in a conductive layer. They are used in security for protection against power frequency,
and radio frequency interference. This will reduce the number of false alarms being generated. Also power cables will be shielded to protect against leakage current and electrical
shock. This is because if a power cable has not been shielded and it comes into contact with a grounded object, the electrostatic field around the conductor will contact the
grounded object, this could cause hard to ICT systems or a person.
Faraday cage: A faraday cage is a cage formed by a mesh of a conductive material. This cage will block external static and non-static electrical fields. It does this by channelling
electricity along and around the cage but not through it. This can be used to protect your Wi-Fi network from surrounding buildings. Also if there is a computer network on a plane, if
the plane is acting like a faraday cage it is protected from lightning strikes, and also protects the ICTequipment.
Motion detector: Just like CCTV you could use motion detection, this is there to detect movement in a room and can be used the same as CCTV meaning in after a certain time if
motion is detected it will set of an alarm notifying surrounding people and the owner and police. This protects ICT systems from theft and damage and also from sensitive data being
stolen.
Task B2: Describe methods of providing electronic protection and security controls for any six of the following:
 firewalls
 virtual networks
 secure connection/transfer protocols
 wireless connection security




login and password protection
access rights and permissions (including limiting data access)
virus, malware and spyware protection
secure remote access
 backup and restore systems
 monitoring systems (activity logging, access logs and audit logs).
login and password protection – This can be protected by having long and complex passwords so that they are less susceptible to password attacks, configuring windows so that
passwords have to change, so that password history is enforced, a minimum password length and complexity requirements. These are security controls that must be in place to
ensure that users have strong and safe passwords.
Secure remote access – for secure remote access always have antivirus software on the remote machine, make sure that all signatures and log in detains are in place and up to
date and make sure the remote computer is scanned for virus. This will ensure that the remote machine connecting to the network will not bring over any virus or malicious software
that will threat ICT systems
Backup and restore systems – These are good to use for protection as they are backup of data, therefore if data is deleted, corrupt or lost there is always a backup with the data on
, and using restore systems means that the computer or server can be restored to a time where the data was not deleted, or to a time before a piece of malware has got onto the
machine. Meaning more protection as there is backups for if things do go wrong.
Wireless connection - Wireless connections can be protected using encryption, the best type is WPA2 as it is stronger and more secure that WEP and WPA as these can be easily
hacked into, meaning that data can be stolen or tampered with from outside users logging into the Wi-Fi network.
Virus – For this all computers and servers on a network should have anti-virus and anti-malware software installed and configured to protect everyone against viruses and malware
from entering the network. Having this on all machines will defiantly decrease the risk of malware getting onto the network. This is important for security as malware can be a threat
to data security
Monitoring systems – monitoring systems provides protection as you can monitor all of the events happening on a system or server, this means that you can detect any suspicious
activity and put an end to it before anything bad happens, such as data or more data is compromised and can stop malicious software from entering the network by keeping logs of
activity and monitoring systems for suspicious activity.
Task B3: Differentiate the following access control methods:
 mandatory
 discretionary
 role based.
Mandatory: Mandatory access control (MAC) is a type of access control that only the administrator can manage the access controls. The admin will define the usage and access
policy’s, which cannot be modified or changed by users. MAC takes a hierarchical approach to controlling access. User MAC access to files is controlled by settings defined by the
system admin, therefore all access is controlled by the operating system based on admin configured settings. This is the strictest and most secure of all of the levels of control and
is primarily used by the government.
Discretionary: Discretionary, unlike MAC allows each user to control access to their own data. Under DAC users can only set access permissions for resources that they own,
therefore user 1 could not access a file that is owned by user 2. This provides a much more flexible environment that MAC, however it also increased the risk that data could be
made accessible to users that should not be given access. DAC uses an access control list that contains a list of users that a person can change access to. For example user 1
owns a file and they can use there ACL to give user 2 read permissions and user 3 write permissions.
Role Based: Role bases access control is based on a user’s job function within the organization that the system belongs to. RBAC assigns permissions to particular roles in an
organization. Users are then assigned to that role. For example a manager in a company will be assigned to a manger role and will be given access to resources that all managers
need to have access to. This is different to groups as a user can only be assigned one role, however can be in multiple groups.
Task B4: Describe the characteristics of strong passwords and the methods of attacking password protected systems relating to any six of the following:
 complexity
 length
 duration (mandatory changing)
 password history
 storing (electronic/non-electronic)
 dictionary attack
 brute force attack
 social engineering attack
 keyboard attack
 ‘man in the middle’ attack.
Dictionary attack – This attack uses a file containing words that can be found in a dictionary. This attack will use the words found in a dictionary to try and crack people’s passwords.
This attack will systematically enter every word in a dictionary until one works or until all words are used up. This attack can also be used to find they key necessary to decrypt a
message or document.
Complexity – complexity of a password can stop your password from being attacked by a dictionary attack. This will include using numbers and symbol in your password as then
your password is defiantly not a word in the dictionary and then cannot be subject to a dictionary attack. Also It means that your password is not common and not easy to guess,
making it more secure.
Brute force attack – This attack is very similar to the dictionary attack however it has the bonus of being able to use non-dictionary words, working through all possible letter and
number combinations from a-z and 1-9. This attack can attack even complex passwords if the passwords do not have symbols in them.
Password history – this is in place so that a user must use a set number of unique passwords before an old password can be reused. The value of this password can be in-between
0 and 24. This should be in place as it created stronger password protection as you constantly have to have new passwords and cannot reuse old ones that other people may know
or be able to attack.
Social engineering attack – This type of attack does not use programmes or hacks to attack the password, this attack will be an individual contacting the user through telephone,
messages, email or social networking websites to try and trick the user into giving them their username and passwords. A lot of people can fall for this and actually give out their
passwords. Passwords should never be given out as it could be a social engineering attack.
Duration – this is how long a user can use a password before they are forces to change it to something different. This can protect against social engineering because once the
password has changed that person can no longer get access to that system unless they have already gone on and changed the password themselves. This is in place to make
passwords stronger as you constantly have to change it after a period of time meaning that anyone who knows the password who shouldn’t, no longer knows it anymore,
Task C1: Describe the following cryptographic algorithms:
 hashing
 symmetric
 Asymmetric.
Hashing – The hashing algorithm works from taking input data, often called the message and then the cryptographic hash function will digest this into a hash value. This hash value
is then considered impossible to revert back to its original input. This function is easy to computer, infeasible to generate a message from the hash, cannot have a message
modified without the hash also changing, and will never have two different messages with the same hash. For security hash functions are used for digital signatures, MAC
addresses, and many more forms of authentication. Hash function at a minimum must have pre-image resistance, second re-image resistance and collision resistance, these protect
against cryptanalytic attacks.
Symmetric – Symmetric algorithms use two symmetrical cryptographic keys for encryption of plaintext and decryption of ciphertext. These keys represent a shared secret between
two or more parties, such as a password that can be used to maintain a private network link. Therefore both parties need to have access to this secret key, and this is a drawback
compared to public key encryption. Symmetric keys can use block ciphers or stream ciphers, block ciphers take a number of bits and encrypts them all as a signal unit and pads the
plaintext, whereas stream ciphers encrypt bytes of a message one at a time.
Asymmetric – Asymmetric algorithms are a pair of keys that are used to encrypt and decrypt a message so that it arrives securely. First of a network user receives a public key and
private pair of keys from a certificate authority and any other user that wants to send an encrypted message can get the recipients public key from a public directory, they then use
this key to encrypt the message before sending. When the user receives the message they then decrypt it with their own private key, which nobody else has access to.
Task C2: Describe how cryptography can be applied to ICT systems and data security in terms of:
 confidentiality
 integrity
 authentication
 non-repudiation
 access control.
Confidentiality – confidentiality was the reason for cryptography, if data is confidential it cannot be read or understood by anyone other than the owner and those intended to read it.
Cryptography can be applied to ICT systems and data security because it used strong algorithms that cannot be easily broken, and this is really important for network
communications that are of a sensitive nature. This is also important for data, the encryption process is usually transparent to the user and is important in the network to protect data
and data security.
Integrity – Cryptography can be applied to ICT systems in terms of integrity. Common methods of protecting data integrity includes hashing data received and comparing it with the
hash of the original message, however this would mean that the hash of the original data must be provided to you in a secure way. Cryptographic algorithms provide integrity during
storage and transmission, hashes for example can safeguard data by providing checksum.
Authentication – Cryptography can be applied to ICT systems and data security because using it we can establish identity’s of remote users or systems. For example SSL
certificates of web servers. These provide proof to the user that they are connected to the correct server. The identity is the cryptographic key of the user and not the user
themselves. This makes it more secure as they key is specific to that user. The more secure key you use, the more trust you can have of the identity of the user or system.
Non-repudiation – Cryptography can be applied to ICT systems and data security to protect financial applications. Cryptography tools are often used to prove that a unique user has
made a transaction request. For example if a user requests a payment, but then later claims that she has never made the request, cryptography tools can prove through digital
signatures (and the keys attached to digital signatures) that the transaction request was in fact made and that it had been authorized.
Access control – Cryptography can be applied to ICT systems and data security top secure data by encryption with a key. Cryptographic access control ( CAC ) used this key so
that users who have the correct key are able to decrypt data and preform further encryptions. Applications of CAC will benefit companies and organisations where structured access
to data is very important. This provides security because only people with the key can have access to the data that’s encrypted.
Task C3: Explain the operation of Public Key Infrastructure (PKI).
PKI uses a key pair to encrypt and decrypt data. They key pair consists of one public key and one private key that are related. A user who intends to communicate securely with
other users can distribute the public key out to them, while keeping hold of the private key themselves. Content encrypted by one of the keys can be decrypted using the other.
However this can be a security risk because if someone is eavesdropping on the communication of the keys, they could find out what the public key is. However a PKI has evolved
to solve these problems. A PKI consists of software and hardware that a trusted third party can be used to establish the ownership of a public key. The trusted party called
certification authority (CA) accomplishes this by issuing encrypted binary certificates that confirm the identity of the person using the public key. The CA also signs the certificate by
using its private key. The CA enables the user to verify that the public key was not tampered with or corrupted during transit. A PKI consist of CA, Registration authority, certificate
database, certificate store, and a key archival server.
Task C4: Explain the concepts of Key Management and Certificate lifecycles.
Key management is the management of cryptographic keys. This includes dealing with exchange, storage, use and replacement of keys. It includes cryptographic protocol design,
key servers relevant protocols and user procedures. This management is about keys at user level, this will be in-between users and systems. Having successful key management is
important because it is critical to the security of cryptosystem. It is the most difficult because it involves system policy, user training, organization, department interactions and
coordination between all of the elements.
The certificate lifecycle follows these events, CAs installed and certificates issued to them, certificates issued by CAs, Certificated revoked, certificates renewed or expired, CAs’
certificated renewed or expired. Issued certificated expire at the end of their lifetime, however can be renewed to a new full life cycle until it is revoked or expired. Each CA can issue
certificates through renewal cycles until the CA is at the end of its lifetime. The CAs end of life is when the keys are no longer useful or if the CA is renewed with a new key pair.
This form can be handwritten or completed electronically.