Professional Documents
Culture Documents
INFORMATION SYSTEMS
(MIS 301)
SPRING 2014-2015
ASSESSMENT 2
Introduction
However, the same businesses that need these systems also fear false positive
events that will cause a negative business impact. This fear becomes critical when
the dollar value of each Internet-based transaction is high. For large online
companies, the cost associated with one minute of legitimate traffic blocking can
range from a few thousand dollars up to a hundred thousand. These businesses
require special consideration in terms of the false-positive problem.
As in any other information security area, risk analysis is an important activity that
needs to be undertaken before any type of countermeasure action is applied to the
network. An online organization that identifies an attack against it, should analyze
the following main parameters:
The business impact of the ongoing attack on the organization; A measure of the
impact that the planned security countermeasures will have on legitimate traffic;
and A comparison between the above two parameters that would help in the
decision on whether the countermeasure is business-justified or not.
Analyzing these parameters is not an easy task. It is necessary to consider business
parameters, network traffic characteristic parameters, and false positive scenarios
that could be the result of the planned security countermeasure.
The ABC Company has many customers who use its products online. The network
security market includes businesses that deploy network intrusion prevention
systems, anti-DDoS (distributed denial of service) network devices and others
security systems that are supposed to detect and automatically block or mitigate
attacks.
Here we will cover emerging network threats and how the security
countermeasures provided by network security technologies today can block
attacks, but, at the same time, can also negatively impact business. We will
continue by presenting a few applicable solutions and technologies that can be
used to measure the business impact and thus, avoid a negative impact by changing
security countermeasures for a minimal impact on legitimate business transactions.
These technologies include network behavioral analysis systems (NBA), Geo-IP
analysis, business analytics and an expert system that when working in synch, can
potentially allow a security manager to apply security countermeasure rules only
after the rules have been carefully simulated and the expected impact is reviewed.
Finally, we will conclude with a few impact simulation cases.
In the past 20 years, attacks have evolved from exploitation of known operating
systems and application vulnerabilities into zero-day attacks, "non-vulnerability"based attacks and business-logic attacks. The fact is that financially-motivated
cybercrime organizations, activists and individual hackers are all taking advantage
of the evolved multi-dimensional attack vectors (old and new). The evolution of
attacks and attack methods presents a big challenge to attack detection. Having
said that, market demands for real-time mitigation present an even greater
challenge for the following main reasons:
Zero-day Attacks: In a zero-day attack, the vulnerability or the exploit is not yet
known and therefore cannot be detected by traditional security tools, which are
based on a pre-defined knowledge base of known attack patterns. As the attack is
unknown, the only way to try to detect and prevent it is by using generic security
filters that can identify traffic that doesn't comply with the standards of network
and application protocols.
While this approach can potentially uncover suspicious activities that may be part
of a zero-day attack to some extent, it can also create a high level of false positives
in the blocking of this activity. The main reason for this is that in many cases
protocols are not well defined, or even if they are, networking vendors simply don't
follow the protocol rules properly when developing network and application
stacks.
The result is that zero-day security filters will also identify legitimate traffic that
doesn't comply with some of the network application protocol rules as attack traffic
and will falsely block it. In general, we can say that as long the security filter is
more general, which usually typifies zero-day security filters, the chances for false
positives become higher, meaning that legitimate transactions will be dropped.
Business Logic Attacks: This attack category can be considered part of the "nonvulnerability"-based attack family but it is more focused on fraud rather than DoS
and information stealth. They abuse the functionality of the application aiming at
the business directly. As in the case of non-vulnerability-based attacks they don't
contain any malformed requests and therefore, it is even more difficult to form an
effective accurate security filter that will mitigate them without blocking legitimate
transactions at the same time.
In an OWASP (Open Web Application Security Project) article, "Testing for
Business Logic," these business logic attacks were outlined. "Business logic can
have security flaws that allow a user to do something that isn't allowed by the
business. Frequently these business logic checks simply are not present in the
application."
As can be understood from the above, as long as attackers are trying to integrate
well into legitimate forms of applications it is harder to detect them in an accurate
manner.
Security solutions are responsible for covering all types of threats, including the
more challenging ones such as the zero-day and non-vulnerability based attacks.
Mitigation of these attack types requires the solution to be able to define security
filters that include "behavior" rules, rather than just sequences of bytes in the
content. Behavior rules should typically include the rate of application requests, the
sequence in which these requests are being generated in each transaction and
request types. Behavior is harder to predict and therefore, is also harder to
accurately define. Security managers are increasingly being required to ensure that
their organization's information systems and data can survive a disaster. In order to
damage that an attack will cause on a system and the weaknesses and
vulnerabilities exploited during this attack helps in developing the proactive
strategy.
The reactive strategy or post-attack strategy helps security personnel to assess the
damage caused by the attack, repair the damage or implement the contingency plan
developed in the proactive strategy, document and learn from the experience, and
get business functions running as soon as possible.
Testing
The last element of a security strategy, testing and reviewing the test outcomes, is
carried out after the reactive and proactive strategies have been put into place.
Performing simulation attacks on a test or lab system makes it possible to assess
where the various vulnerabilities exist and adjust security policies and controls
accordingly.
These tests should not be performed on a live production system because the
outcome could be disastrous. Yet, the absence of labs and test computers due to
budget restrictions might preclude simulating attacks. In order to secure the
necessary funds for testing, it is important to make management aware of the risks
and consequences of an attack as well as the security measures that can be taken to
protect the system, including testing procedures. If possible, all attack scenarios
should be physically tested and documented to determine the best possible security
policies and controls to be implemented.
Certain attacks, such as natural disasters such as floods and lightning cannot be
tested, although a simulation will help. For example, simulate a fire in the server
room that has resulted in all the servers being damaged and lost. This scenario can
Types of Biometrics
A number of biometric methods have been introduced over the years, but few have
gained wide acceptance.
Signature dynamics. Based on an individual's signature, but considered
unforgeable because what is recorded isn't the final image but how it is produced -i.e., differences in pressure and writing speed at various points in the signature.
Typing patterns. Similar to signature dynamics but extended to the keyboard,
recognizing not just a password that is typed in but the intervals between characters
and the overall speeds and pattern. This is akin to the way World War II
intelligence analysts could recognize a specific covert agent's radio transmissions
by his "hand" -- the way he used the telegraph key.
10
Eye scans. This favorite of spy movies and novels presents its own problems. The
hardware is expensive and specialized, and using it is slow and inconvenient and
may make users uneasy.
11
The advantages of biometrics are the person is the key so you need never
remember your card or key again. Each body part is unique and Biometrics uses
your unique identity to enable a purchase activate something or unlock something.
Biometrics encompasses Voice, Vein, Eye, Fingerprint, Facial recognition and
more.
The disadvantages are numerous however: criminals have been known to remove
fingers to open biometric locks, Biometrics requires a lot of data to be kept on a
person, these systems are not always reliable as human beings change over time if
you are ill; eyes puffy, voice hoarse or your fingers are rough from laboring for
example it maybe more difficult for the machinery to identify you accurately.
Every time you use Biometrics you are being tracked by a database bringing up a
range of privacy issues. The final disadvantage is the expense and technical
complexity of such systems.
The finger print of those people working in Chemical industries are often
affected. Therefore these companies should not use the finger print mode of
authentication.
It is found that with age, the voice of a person differs. Also when the person
has flu or throat infection the voice changes or if there are too much noise in the
environment this method may not authenticate correctly. Therefore this method
of verification is not workable all the time
12
For people affected with diabetes, the eyes get affected resulting in
differences.
13
REFERENCES
http://searchsecurity.techtarget.com/definition/biometric-authentication
http://www.computerworld.com/article/2556908/security0/biometricauthentication.html
http://www.brighthub.com/computing/enterprisesecurity/articles/103266.aspx
http://www.griaulebiometrics.com/en-us/book/understandingbiometrics/introduction/authentication-technologies/comparison/adv-and-dis
14