This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Confidentiality, Integrity and Availability is a benchmark widely used for analysing the security performance of information systems. Data Confidentiality, an important concept of CIA triad, is about keeping information secure from unauthorized access. Any organization wants to limit the information access and disclosure to authorized users so as to safeguard the data from malicious actions. (Forouzan & Mosharraf, 2007)
The scope of this report focuses on the Confidentiality aspect of data security. An attack tree methodology is used to depict various threats and attacks to gain an unauthorized access to confidential information. The report also explains the access-control measures to ensure business continuity by protecting information confidentiality.
Attack trees provide a formal methodology to analyse the security of information system and categorize different ways in which a system can be attacked. Attack trees depict threat analysis using a graphical structure which is relatively simpler to understand. The attack tree has nodes which represent attack. The root node is the final target of the attacker. (Mauw & Oostdijk, 2006)
Case study to be used to develop an attack tree- Linda is currently pregnant and works from home as a project manager for a large resource company in Australia. Linda accesses her employer's files via a web site. Unfortunately, Linda is a reluctant security user yet she must protect any files she downloads from the company. Attack tree is developed based on the assumption that Linda uses login credentials to authenticate her identity on employer website and then downloads the confidential information.
In above case, Root node of the attack tree would be to gain access to confidential information of Linda's employer files that are available on website. Leaf nodes of an attack tree are means of reaching the target for the attacker. They act as a refinement which can be conjunctive or disjunctive in nature. (Dimitriadis, 2007)
Attack tree showing various attack methods is mentioned below:
Diagram: Attack Tree showing threats to access confidential information
Various methods of attack on data confidentiality and the control measure to protect information from these threats are explained in a tabular format below. There are four routes to gain access to Linda's confidential information explained below as 4 methods of attack.
Hack into the firewall and into internal network to gain information.
Develop Communication with Hacker/Attacker
In the Middle Attack
Linda's Login Credential compromise
Gain Unauthorized Access to Confidential Information Accessed by Linda via Employer Website
Social Engineering, obtaining the password through email, phone, or by asking.
Normal user authentication with specified ID
Redirect towards fraudulent Site
IP Spoofing Method
Malicious Software installation, Keystroke logger, PC Remote control
DNS Cache poisoning
Linda access Spam Email that contains compromised URLs
Vulnerability exploitation by Virus/ worm to gain access to Linda's system
Email to Linda that contain malware code/virus, Trojan horse.
Hidden Code , espionage
Virus run by admin, without notice download or send something through email
Virus / Worm gets saved on Linda's system via internet and email
Other infected programs might get involve which would be too late to stop them.
Virus infects install packages, once the new programs are installing can be infected
Linda might download a binary virus file and ruin the system security and firewall.
Login Credential compromise by Exploiting security weaknesses
In this method of attack, login credentials of Linda can be captured by running a malicious code or program on her system. Malicious program can be run by gaining access to the Linda's system by exploiting network/system's security weaknesses.
Malicious software programs are designed to allow access of confidential information to remote attackers. Malicious programs that can be installed to capture login credentials - Keystroke logger or remote screen access.
Malicious programs that resulted in allowing remote access to attacker accounted for 92% of threats to information confidentiality in 2010. 76% of threats resulted from malicious software such as keystroke loggers. (Symantec Corporation, 2010)
Malicious code called as backdoors give a total control to attacker using remote access method. Keystroke logger programs monitor the keystrokes to capture login credentials and passwords which can be used to intercept and transfer confidential information. (Rouse, snooping, 2007)
Malicious program or code can be installed on Linda's system using following methods.
Hidden Code- Hidden code can get saved on the local machine when infected files are downloaded from the internet. For example, a hidden code within a webpage accessed by Linda can exploit a known vulnerability of the web browser and install malicious program. Common targets of the exploitation are ActiveX Support, Permissions on Java runtime support and multimedia extensions. This will then lead to automatic download and installation of malicious software via web browser. (Dimitriadis, 2007)
Virus/worms/bots- Virus and worms get access to Linda's system by means of file transfer over a network or data download from internet. Worms then search vulnerabilities on the local system and exploit them automatically.
For example, In 2005, Several variants of virus named as 'serflog' spread via MSN messenger as a URL. This result in termination of anti-virus installed in the system and blocks access to security web sites by modifying the HOSTS file in the system. (Mannan & Oorschot, 2005)
Login Credential compromise by accessing infected emails
Another method of installation of malicious program codes on Linda's computer is by sending e-mails that contain malicious code which gets installed automatically when the email is opened. For example, email may contain executable files or HTML code with embedded applets. Worms and malware programs that can be used- Conficker, Flame, etc.
Example: worm called as 'Conficker' was spread in 2008 that infected millions of computers across the globe. Once the user's system was infected, Conficker downloaded and installed malicious programs from websites that were accessed and controlled by the hackers. Malicious programs that were installed by Conficker included keystroke loggers and remote PC-control. (Eric, 2010)
Conficker worm is very difficult to counter because it uses combination of advanced malware techniques. It creates a 'botnet' for its propagation using flaws in windows operating systems. This worm can be used to gain access to Linda's system.
'Flame' malware can also be used to gain access of Linda's credentials. This malware can record screenshots, keyboard activities and network traffic on the infected system. This captured data is then sent to several control servers which are accessed by attackers to get access to confidential information. (Eric, 2010)
DNS Cache Poisoning
In this method of attack, access to confidential information can be gained using method of DNS cache positioning. The aim of this attack is to develop a communication between the attacker and Linda's system to gain access to the confidential files. This is achieved using DNS cache poisoning attack method.
Cache poisoning, also called as DNS poisoning is a technique of replacing a valid internet address of an internet server's domain name system table by a fraudulent or rogue address. (Bauer, 2011)
One tactic is to send spam e-mail messages to Linda. These spam messages would contain the compromised URLs which would direct the user to servers that are compromised by cache poisoning. Once Linda's system gets infected with the nefarious code, all future access requests by her system would be redirected to the bad IP address. This will happen even when the source server resolves the problem at its site. (Rouse, cache poisoning domain name system poisoning or DNS cache poisoning, 2005)
This attack can be carried out using following steps-
- Gain access of DNS data base, replace valid URL with a rogue URL
- Linda accesses the valid URL but is directed to the fraudulent website
- Fraudulent website prompts Linda to provide sensitive information like login credentials
- Gain access to confidential files
Man in the Middle Attack using IP spoofing to hijack a login session
This method of attack is related to the intercepting a transmission. For example, Attacker would watch Linda to open a valid session with employer website over a network. Once the authentication is completed, attacker would target Linda's computer and would disable it. IP spoofing technique can then be used to authenticate and steal the session with the employer website.
IP spoofing is a method of attack in which an attacker would fake its IP address so that the target system would perceive it as sent from a valid location. (Hau, 2003)
In man in the middle attack, the intruder runs a program that allows him to impersonate another system's IP address. This fake IP address appears as a client to server machine and as a server to client machine. So the two parties appear to exchange the information routing through an intruder.
One way of carrying out this attack is to intercept the cookies that are used to authenticate the users. Once the cookie sent by Linda's employer website is intercepted, it can be used to impersonate the account holder.
Another way is to use a proxy that will intercept the traffic between an employer website and browser used by Linda's system. However, this is possible only over an unencrypted network connection. Browser will trust that the proxy is legitimate employer website and the website will authenticate the proxy as a source browser. Once this connection is established, confidential information can be accessed and transmitted. (Hutchings, 2012)
Once an attacker gains access to the confidential information, it includes risks of (Hau, 2003)-
Disclosure of sensitive and private information which can result in loss of credibility, and competitive advantage on part of Linda and her employer
Disruption of computing services that are offered to employees over a network
Financial and Legal Implication: Information that is compromised may contain transaction details, credit information, bank codes, customer and investor data which could result in severe monetary and legal implications
Countermeasures to protect confidential information from the various methods of attack are as below-
Protection from virus/worms/malwares-
Install anti-virus and anti-spyware,
Scan for malware code
In order to protect the system from the treat of malicious software installation that is caused because of an interference of Virus/Worms/Bots, Linda should opt for following countermeasures-
Operating System/Browser Patching: It is suggested to install security patches for the operating system and applications as soon as they are released by an authorized source. For example, In 2013, Apple released security patch named as 'Java for OS X 2013-001 1.0' to protect the system from Java zero day malware attack that exploited previously unknown vulnerabilities of operating system. (AppleInsider Staff , 2013)
Updated Anti-spyware and Anti-virus Installation: Determining the best suited spyware and anti-virus applications depend on the working environment. For examples, users of Microsoft's Windows NT 4.0, Windows 2000, or Windows XP operating system should opt for Microsoft Security Essential anti-virus which offers a high level of protection. Automatic update feature helps to keep the software status updated. (Emeka, 2013)
Dell also offers 'Sonic WALL' firewall solution that provides multi-layered protection. It consists of packet inspection anti-malware solution at the web gateway and mandatory anti-virus check at the endpoints. (Dell, 2013)
Protection from Emails with malicious code-
Email Policy according to COBIT and ISO/IEC 27002
Countermeasures mentioned in this section are not mutually exclusive and are required to be implemented for multiple threats.
Protection from emails that contain malicious codes and virus/worms require the counter measures mentioned above to be implemented.
In addition to the above security measures, it is advisable to install programs for code installation blocking, attachment blocking, and HTML code blocking.
Mail server accessed by Linda can be configured to block or remove the email messages that contain attachments with common file extensions that are used to spread virus. Few of the common file extensions are- .VBS, .SCR, .BAT and .EXE
Information Systems Audit and Control Association (ISACA) has created a set of policies (Control Objectives for Information and Related Technology -COBIT) which act as a guidelines for users in protecting their personal computers. Basic directions for creation of security and e-mail policy are mentioned in COBIT framework.ISO/IEC 27002framework gives information on installation of relevant security measures which includes antispyware, antivirus and personal firewalls. Linda's employer, a large resource company in Australia, needs to develop security policies in compliance with the above mentioned framework and should educate users on the usage and compliance.
Protection from DNS cache poisoning-
Install Anti-Phishing Software
Anti-phishing software's are computer programs that identify websites containing rogue phishing content. It is implemented in integration with web browsers as a toolbar. This toolbar shows the actual domain name of the websites visited by the user. This results in prevention from fraudulent websites that masquerade as legitimate web sites.
In 2006, 3Sharp LLC, a private technical services firm conducted a six week study of top eight phishing tools. As per this study, Internet Explorer and Netcraft Toolbar provide best phishing filtering to detect fraudulent websites. (Robichaux & Ganger, 2006)
Linda should install IE7 or Netcraft toolbar on her personal system. This would assist in identifying fraudulent websites and secure data from DNS cache positioning attack.
Protection from man in the middle attack/ IP spoofing-
SSL authentication method
Secure Sockets Layer (SSL) protocols protect data transfer between a client and a server. It uses cryptographic algorithms to encrypt the data exchanged between the two entities. SSL data exchange ensures the creation of legitimate SSL tunnel for data transfer. (Hassell, 2006)
Using this authentication method, based on key exchange between two systems, would reduce the risk of IP spoofing. However, these are the measures to be implemented by Linda's employer to offer a secure data exchange medium to users.
Another way of protection from session hijacking is usage of unique session IDs for each session. Unique ID generator can be used by Linda to authenticate a valid session with the server (Employer website). Rule for discarding duplicate session IDs, attaching expiration time with each session IDs, usage of time stamps for session ID validation can be implemented for additional security. (Dimitriadis, 2007)
Organizations are increasingly choosing the usage of network technology for increasing efficiency and extending reach of their business to internal and external stakeholders. Data confidentiality, stands for securing information from unauthorized access, is the most common aspect of information security. With advancement of technology, intruders are using sophisticated attack mechanisms to breach the information confidentiality. In 2010, average daily volume of web-based attacks observed was 93% higher than in 2009. (Symantec Corporation, 2010)
IP spoofing, DNS cache poisoning, malware programs installation via attacks from virus/worms are few commonly adopted data confidentiality threats. Consequence of such threats can result in severe legal and financial implications for users. Anti-spyware, anti-virus, anti-phishing software's are few of the important countermeasures for security threats. In addition to these technical measures, it is very important for companies to develop security policies in compliance with the standard protocols and educate all the stakeholders on the same.