Thursday, October 30, 2014

Chapter 9: Complexities in Cybercrime

  • Most hackers never get caught because there aren't enough investigators to investigate the attack and the individuals who actually investigate the crime are behind in their abilities and expertise compare to the hacker. 
    • Within the United States, local law enforcement departments, the FBI, and the Secret Service investigate computer crimes.
  • Also, hackers hide their identity by using innocent people's computers to cary out the brimes for them. The attacker install malicious software on a computer that stays dormant until the attacker tells it what system to attack and when.
  • Zombies are the compromised systems.
  • Bots are the software installed on the zombies.
  • Botnet is a term to describe several compromised systems.
  • You can visit www.cybercrime.gov to find all the current and pass prosecuted cyber crimes that have taken place int he United States. 

Posted by at No comments:
Chapter 9: Legal, Regulations, Investigations, and Compliance
  • The Crux of Computer Crime Laws:
    • Also referred to as cyberlaw
    • Deals with core issues of unauthorized modification or destruction, disclosure of sensitive information, unauthorized modification or destruction, disclosure of sensitive information, unauthorized access, and the user of malware (malicious software).
    • Laws were created to combat three categories of crime:
      • Computer-Assisted Crime
      • Computer-Targeted Crime
      • Computer is incidental
    • Computer-assisted crime:
      • This is where the computers are used as a tool to help in carrying out a crime.
      • Examples:
        • Attacking financial systems to carry out theft of funds and/or sensitive information
        • Obtaining military and intelligence material by attacking military systems
        • Carrying out industrial spying by attacking competitors and gathering confidential business data
        • Carrying out information warfare activities by attacking critical national infrastructure systems
        • Carrying out hactivism, which is protesting a government or company’s activities by attacking their systems and/or defacing their web sites
    • Computer-targeted crime:
      • Computer-targeted crimes are where a computer was the victim of an attack that was meant to harm it (and its owners) specifically.
      • Example:
        • Distributed Denial-of-Service (DDoS) attacks
        • Capturing passwords or other sensitive data
        • Installing malware with the intent to cause destruction
        • Installing rootkits and sniffers for malicious purposes
        • Carrying out a buffer overflow to take control of a system 
    • Computer-targeted crime:
      • A computer is not necessarily the attacher or the attackee, but a computer was involved when the crime was carried out. 
Posted by at No comments:

Tuesday, October 28, 2014

Chapter 8: Risk Assessment
  • The assessment takes into account the organization's tolerance for continuity risks.
  • The assessment should identify, evaluate, and record all relevant items, which include the following:
    • Vulnerabilities for all of the organization's most time-sensitive resources and activities
    • Threats and hazards to the organization's most urgent resources and actives
    • Measures that cut the possiblity, length, or effect of a disruption or critical services and products
    • Single points of failure, that is, concentrations of risk that threaten business continuity
    • Continuity risks from concentrations of critical skills or critical shortages of skills
    • Continuity risks due to outsourced vendors and suppliers
    • Continuity risks that the BCP program has accepted, that are handled elsewhere, or the the BCP program does not address
  • The end results of a risk assessment include:
    • Identifying and documenting single points of failure
    • Making a prioritized list of threats to the particular business processes of the organization
    • Putting together information for developing a management strategy for risk control, and for developing action plans for addressing risk
    • Documenting acceptance of identified risks, or documenting acknowledgement of risks that will not be addressed
  • Risk assessment equation:
    • Risk = Threat x Impact xProbability
Posted by at No comments:

Saturday, October 25, 2014

Chapter 8: BCP Policy
  • The BCP policy is the framework for and governance of designing and building the BCP effort. 
  • The policy outlines the BCP purpose and provides an overview of principles of the organization and those behind BCP. 
  • The policy includes its scope, mission statement, principles, guidelines, and standards. 
  • Steps to drawing up a policy:
    • Identify and document the components of the policy.
    • Identify and define policies of the organization that the BCP might effect.
    • Identify pertinent legislation, laws, regulations, and standards.
    • Identify "good industry practice" guidelines by consulting with industry experts.
    • Perform a gap analysis. Find out where the company is in terms of continuity planning, and spell out where it wants to be at the end of the BCP process.
    • Compose a draft of the new policy.
    • Have different departments within the organization review the draft.
    • Put the feedback from the department into a revised draft.
    • Get the approval of top management on the new policy.
    • Publish a final draft, and distribute the publicized it throughout the organization. 
  • Business Impact Analysis (BIA):
    • BIA is a functional analysis
    • A team collects data through interviews and documentary sources
    • BIA is used to document business functions, activities, and transactions
    • BIA develops a hierarchy of business functions
    • BIA steps:
      • Select individuals to interview for data gathering
      • Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches)
      • Identify the company's critical business functions
      • Identify the resources these functions depend upon
      • Calculate how long these functions can survive without these resources
      • Identify vulnerabilities and threats to these functions
      • Calculate the risk for each different business function
      • Document findings and report them to management
Posted by at No comments:
Chapter 8: BCP Project Components

  • Initiation Phase:
    • The initiation phase is where the company has to figure out what it is doing and why. 
    • A business continuity coordinator must be identified. 
      • A business continuity coordinator will be the leader for the Business Continuity Plan (BCP).
      • They will oversee the development, implementation, and testing of the continuity and disaster recovery plan. 
      • They will need to coordinate with a lot of different departments.
      • A business continuity coordinator will have to have direct access to management and have the credibility and authority to carry out leadership tasks. 
    • A BCP committee has to be put together.
      • The committee should be made up of representatives from at least the following departments:
        • Business units
        • Senior management
        • IT department
        • Security department
        • Communications department
        • Legal department
Posted by at No comments:
Chapter 8: Business Continuity and Disaster Recovery

Disaster Recovery Plan (DRP):
  • The DRP is in effect when everything is still in emergency mode and critical systems need to be back online.
  • Goal of disaster recovery is to minimize the effects of a disaster or disruption.
  • Taking necessary steps to ensure resources, personnel, and business processes are able to resume operations in a timely manner.

Business Continuity Plan (BCP):
  • BRP involves getting critical systems to another environment while repair of the original families is under day.
  • Getting the right people to the right place during the disaster times.
  • Performing business in a different mode until regular conditions are back in place.
  • Dealing with customers, partners, and shareholders through different channels until everything returns to normal.

Business Continuity Management (BCM):
  • BCM is a general management process that should cover both BRP and DRP.
  • Main objective is to allow the organization to continue to perform business operations under various conditions.  

Standards and Best Practices:
Special Publication 800-34, Continuity Planning Guide for Information Technology System is what the US government organizations must have and “good to have” for other nongovernment entities.
  • Develop the continuity planning policy statement
  • Conduct the business impact analysis (BIA)
  •  Identify preventive controls
  • Develop recovery strategies
  • Develop the contingency plan
  • Test the plan and conduct training and exercise
  • Maintain the plan


Posted by at No comments:

Wednesday, October 22, 2014

Chapter 7: Key Management         

  • Keys must be distributed securely to the right entities and updated continuously.
  • Keys must be protected as they are transmitted and while they are being stored on each workstation and server.
  • Keys must be generated, destroyed, and recovered properly.
  • Key management can be handled through manual or automatic processes.
  • Keys are stored before and after distribution.
  • The key, algorithm that will use the key, configurations, and parameters are stored in a module that also needs to be protected.

Chapter 7: Key Management Principles
  • Keys should not be available in cleartext.
  • All key distribution and maintenance should be automated and hidden from the user and these processes should be integrated into software or the operating system.
  • Backup copies of the key should be available and easily accessible when required.
  • The key recovery process could require two or more other individuals to present their private keys or authentication information and these individuals should not all be members of the IT department.
  • Rules for Keys and Key Management
    • The key length should be long enough to provide the necessary level of protection.
    • Keys should be stored and transmitted by secure means.
    • Keys should be extremely random, and the algorithms should use the full spectrum of the keyspace.
    • The Key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.)
    • The more the key is used, the shorter its lifetime should be
    • Keys should be backed up or escrowed in case of emergencies.
    • Keys should be properly destroyed when their lifetime comes to an end. 

Posted by at No comments:
Chapter 7: Types of Symmetric Systems
  •  Data Encryption Standard (DES)
  • 3DES (Triple DES)
  • Blowfish
  • Twofish
  •  International Data Encryption Algorithm (IDEA)
  •  RC4, RC5, and RC6
  • Advanced Encryption Standard (AES)
  •  Secure and Fast Encryption Routine (SAFER)
  •  Serpent

Data Encryption Standard:
History:
  • 1974, IBM’s 128-bit algorithm (Lucifer) that was modified by the NSA (National Institute of Standards and Technology) to 64-bits which became a national cryptographic standard in 1977 and an American National Standards Institute (ANSI) standard in 1978.
  • NSA announced that it would no longer endorse DES and DES-based products would no longer fall under compliance with Federal standard 1027 starting January 1988. This was not accepted well and eventually NSA extended the life of DES another 5 years.
  • DES was eventually broken by Electronic Frontier Foundation who built a computer system that broke DES in 3 days and lead to the creation of 3DES and DES was later replaced by Rijndael algorithm as the Advanced Encryption Standard (AES) by NIST. 

How does DES work?
DES is a symmetric block encryption algorithm. This means that when 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext comes out. Since it’s symmetric, the same key is used for encryption and decryption. When DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are then put into 16 rounds of transposition and substitution functions.

What does it mean to be “broken”?

Algorithms are considered to be broken if someone uncovers a key that is used during an encryption process. You can break an algorithm by brute force attack of by identifying weaknesses in the algorithm itself.
Posted by at No comments:

Tuesday, October 14, 2014


Chapter 7: Running and Concealment Ciphers:
  • Running Key Cipher:
    • Can use a key that does not require an electronic algorithm and bit alternation.
    • Uses components in the physical world.
    • Example:
      •  An algorithm that is a set of books agreed upon by the sender and receiver. The key in this cipher could be a book page, line number, and column count.
  • Concealment Cipher:
    • This type of cipher is a message within a message.
    • Example:
      • Suppose it was agreed upon to have a key with every third word within a message. If a secret message was sent that read, “The saying, ‘The time is right’ is now cow language, so is not a dead subject.” Because the key is every third word, the secret message within the message would be “The right cow is dead.”

Posted by at No comments:

Chapter 7: One-Time Pad or “Vernam Cipher”:
  • Invented by Gilbert Vernam in 1917, considered a perfect encryption scheme because it is considered unbreakable if implemented properly.
  • This cipher uses a pad made up of random values, the plaintext message that needs to be encrypted get converted into bits, and the one-time pad is made up of random bits.
  • The encryption process uses a binary mathematical function called exclusive-OR (XOR).
    •  XOR is an operation that is applied to two bits and is a function commonly used in binary mathematics and encryption methods.
    • When combining the bits, if both values are the same, the results is 0 ( 1 XOR 1 = 0), but if the bits are different from each other, the result is 1 (1 XOR 0 = 1).
      •  Example:

                                    Message stream 1001010111
                                    Keystream 0011101010
                                    Ciphertext stream 1010111101
  • For the one-time pad encryption scheme to be unbreakable the follow has to be true about the implementation process:
    • The pad must be used only one time, if not it can introduce patterns.
    • The pad must be as long as the message, if it’s not as long as the message the pad will be reused to cover the whole message and that would be the same as using the pad more than once.
    • The pad must be securely distributed and protected as its destination, the pads are usually individual pieces of paper that need to be delivered by a secure courier and properly guarded at each destination.
    • The pad must be made up of truly random values.

Posted by at No comments:
Chapter 7: Services of Cryptosystems:

  • Cryptosystems provide the following services:
    • Confidentiality: Renders the information unintelligible except by authorized entities.
    • Integrity: Ensure that data has not been altered by an unauthorized manner since it was created, transmitted, or stored.
    • Authentication: After identification has been proven, the individual is then provided with the key or password that will allow access to some resources.
    • Nonrepudiation: Ensures the sender cannot deny sending the message. 

Posted by at No comments:

Chapter 7: The Strength of the Cryptosystem
  • The algorithm, the secrecy of the key, the length of the key, the initialization vectors, and how they all work together within the cryptosystem provides the strength of an encryption method.
  • Strength is how hard it is to figure out the algorithm or key and the goal on designing an encryption method is to make compromising it too expensive or time-consuming.
  • Work factor is another name for cryptography strength and it estimates the effort and resources it would take an attacker to penetrate a cryptosystem.
  • Important element of encryption are to use an algorithm without flaws, use a large key size, use all possible values within the keyspace, and protect the key and if one element is weak, it can be the causing factor for the process to fail. 

Posted by at No comments:

Chapter 7: Cryptography Definitions and Concepts:
  • Encryption is a method for transforming readable data (plaintext), into a form that appears to be random and unreadable (ciphertext).
  • Cryptosystem is a system or product that provides encryption and decryption and it created through hardware components or program code in an application.
  • The cryptosystem uses an encryption algorithm (which determines how simple or complex the encryption process will be), keys, and the necessary software components and protocols.
  •  Most encryption methods use a secret value called key, which is a long string of bits, and works together with the algorithm to encrypt and decrypt the text.
  • A Cryptosystems is made up of at least the following:
    •  Software
    • Protocols
    •  Algorithms
    • Keys
  • Algorithm is a set of rules also known as the cipher, dictates how enciphering and deciphering takes place.
  • The Key (cryptovariable) is a value that can comprises a large sequence of random bits.
  • The Keyspace is a range of values that can be used to construct a key.
  • The larger the keyspace, the more available values can be used to represent different keys, this will provide for a more random set of keys and it will be harder for intruders to figure them out.
Kerckhoff’s Principle
Auguste Kerckhoff, published a paper in 1883
  • States that only secrecy involved with cryptography systems should be the key and the algorithms should be publicly known.
  • Argument:
    • If an algorithm is publicly known more people can view the source code, test it, and uncover any type of flaws or weaknesses, then the developers can fix it.
  • Government's Argument:
    • If smaller number of people know how the algorithm actually works, then a smaller number of people will know how to possibly break it. 



 
Posted by at No comments:

Chapter 7: Cryptography

What is Cryptography?
  • Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process (Harris, 759).
  • Cryptography is considered the science of protecting information by encoding it into a unreadable format.
  • It is an effective way of protecting sensitive information because cryptography is stored in media or transmitted through entrusted network communication paths.
  • The goal is to hide information from unauthorized individuals, but it is unattainable because with enough time, resources, and motivations hackers will break most algorithms and revel the encoded information.
  • A realistic goal of Cryptography is to make obtaining information too work-intensive or time-consuming to be worthwhile to the attacker.

Posted by at No comments:

Sunday, October 12, 2014

Chapter 6: Physical Layer
  •  Layer 1
  • Converts bits into voltage for transmission because signals and voltage schemes have different meanings for different LAN and WAN technologies.
  • This layer controls synchronization, data rates, line noise, and transmission techniques.
  • Specifications for the physical layer include that timing of voltage changes, voltage levels, and the physical connectors for electrical, optical, and mechanical transmissions.

Posted by at No comments:
Subscribe to: Comments (Atom)