Exam Essentials: Chapter 9

Chapter 9: Security Vulnerabilities, Threats & Countermeasures (WIP)

Be able to explain the differences between multitasking, multithreading, multiprocessing & multiprogramming

• Multitasking is the simultaneous execution of more than one application on one computer, and is managed by the OS.
• Multithreading permits multiple concurrent tasks to be performed within a single process.
• Multiprocessing is the use of more than one processor to increase computing power.
  • In symmetric multiprocessing (SMP), processors share a common OS, data bus & memory resources
  • Massively parallel processing (MPP) systems house hundreds or thousands of processors, each with its own OS and memory/bus resources. This is a type of asymmetric multiprocessing.
• Multiprogramming is similar to multitasking but takes place on mainframe systems and requires specific programming.

Understand the difference between single-state and multi-state processors

• Single-state processors are capable of operating at only one security level at a time.
• Multi-state processors can simultaneously operate at multiple security levels.
  • Relatively uncommon due to the expense of implementing the necessary additional controls, versus simply having multiple single-state processors/systems.

Describe the four security modes approved by federal government for processing classified information

• Dedicated systems require that all users have appropriate clearance, access permissions, and need-to-know for all information stored on the system.
• System high mode removes the need-to-know requirement.
• Compartmented mode removes the need-to-know and access permission requirements.
• Multilevel mode removes all three requirements.

Explain the two layered operating modes

• User applications operate in a limited instruction set environment known as ‘user mode’.
  • In the ring model, ring 3 runs in user mode.
• The OS performs controlled operations in privileged mode, also known as system mode, kernel mode & supervisory mode.
  • Rings 0-2 run in supervisory or privileged mode.
  • Rings 1 & 2 run device drivers but are not normally implemented in practice – most OSes use only rings 0 and 3.

Describe the different types of memory used by a computer

• ROM is non-volatile and can’t be written to by the end user.
• The end user can write to PROM chips only once.
• EPROM/UVEPROM chips may be erases through the use of ultraviolet light and can then have new data written to them.
• EEPROM chips may be erased with electrical current and then have new data written to them.
• RAM chips are volatile and lose their contents when the computer is powered off
  • DRAM is based on capacitors and requires constant refreshing
  • SRAM is based on “flip flops” and do not need refreshing (but is more costly)

Describe the different characteristics of devices used by computers

• Primary storage is the same as memory.
• Secondary storage consists of magnetic, flash & optical media, that must first be read into primary memory before the CPU can use the data.
• Random access storage devices can be read at any point.
• Sequential access devices require physically scanning through all the data before the desired location.

Know the security issues surrounding secondary storage devices

• There are three main issues:
  • Removable media can be used to steal data.
  • Access controls & encryption must be applied to protect data.
  • Data can remain on the media even after file deletion or media formatting.

Understand security risks than I/O devices can pose

• Input/output devices can be:
  • subject to eavesdropping & tapping
  • used to smuggle data out of an organisation
  • used to create unauthorised, insecure points of entry into an organisation’s systems & networks
• Be prepare to recognise & mitigate such vulnerabilities.

Know the purpose of firmware

• Firmware is software stored on ROM chip.
• At the computer level, it contains the basic instructions needed to start a computer. Firmware is also used to provide operating instructions in peripheral devices such as printers.

Be able to describe process isolation, layering, abstraction, data hiding & hardware segmentation

• Process isolation ensures that individual processes can access only their own data.
• Layering creates different realms of security within a process and limits communication between them
• Abstraction creates “black box” interfaces for programmers to use without requiring knowledge of an algorithm’s or device’s inner workings.
• Data hiding prevents information from being read from a different security level.
• Hardware segmentation enforces process isolation with physical controls.

Understand how a security policy drives system design, implementation, testing & deployment.

• The role of a security policy is to inform & guide the design, development, testing & maintenance of some particular system.

Understand cloud computing

• Cloud computing is the popular term referring to a concept of computing where processing & storage are performed elsewhere over a network connection rather than locally.
• Cloud computing is often thought of as Internet-based computing.

Understand the risks associated with cloud computing & virtualisation

• Cloud computing & virtualisation, especially when combined, have serious risks associated.
• Once sensitive, confidential or proprietary data leaves the confines of the organisation, it also leaves the protections imposed by the organisational security policy and resultant infrastructure.
• Cloud services and their personnel might not adhere to the same security standards as your organisation.

Understand hypervisors

• The hypervisor, also known as the virtual machine monitor (VMM), is the component of virtualisation that creates, manages & operates the virtual machines
  • In a Type I hypervisor (native or bare-metal) configuration, there is no host OS; instead the hypervisor installs directly onto the hardware where the host OS would normally reside.
  • In a Type II hypervisor (hosted hypervisor) configuration, a standard OS is present on the hardware, and the hypervisor is then installed as another software application.

Define CASB

• A cloud access security broker (CASB) is a security policy enforcement solution that may be installed on-premise or be cloud-based.

Understand SECaaS

• Security as a service (SECaaS) is a cloud provider concept in which security is provided to an organisation through or by an online entity.

Understand smart devices

• A smart device is a range of mobile devices that offer the user a plethora of customisation options, typically through installing apps, and may take advantage of on-device or in-the-cloud artificial intelligence (AI) processing.

Comprehend IoT

• The Internet of Things (IoT) is a new subcategory or maybe even a new class of devices connected to the Internet in order to provide automation, remote control or AI processing to traditional or new appliances/devices in a home or office setting.

Understand mobile device security

• Device security involves the range of potential security options/features that may be available for a mobile device.
• PED (portable electronic device) security features include:
  • Full device encryption
  • Remote wiping
  • Lockout
  • Screen locks
  • GPS
  • Application control
  • Storage segmentation
  • Asset tracking
  • Inventory control
  • Mobile device management (MDM)
  • Device access control
  • Removable storage
  • Disabling of unused features
• Not all PEDs have good security features.

Understand mobile application security

• The apps & functions used on a mobile device need to be secured. Related concepts include:
  • Key management
  • Credential management
  • Authentication
  • Geotagging
  • Encryption
  • Application whitelisting
  • Transitive trust/authentication

Understand BYOD

• Bring your own device (BYOD) is a policy that allows employees to bring their own personal mobile devices to work, and use them to connect to (or through) the company to business resources and/or the Internet.
• Although BYOD may improve employee morale & job satisfaction, it increases security risks to the organisation.
• Related issues include:
  • Data ownership
  • Support ownership
  • Patch management
  • Anti-virus management
  • Forensics
  • Privacy
  • On-boarding/off-boarding
  • Aderence to corporate policies
  • User acceptance
  • Architecture/infrastructure considerations
  • Legal concerns
  • Acceptable use policies
  • On-board cameras/video.

Understand embedded systems and static environments

• An embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component.
• Static environments are applications, OSes, hardware sets or networks that are configured for a specific need, capability or function, and then set to remain unaltered.
• Static environments, embedded systems and other limited or single-purpose computing environments need security management. Techniques may include:
  • Network segmentation
  • Security layers
  • Application firewalls
  • Manual updates
  • Firmware version control
  • Wrappers
  • Control redundancy & diversity.

Understand how the principles of least privilege, separation of privilege & accountability apply to computer architecture

• The principle of least privilege ensures that only a minimum number of processes are authorised to run in supervisory mode.
• Spearation of privilege increases the granularity of secure operations.
• Accountability ensures that an audit trail exists to trace operations back to their source.

Be able to explain what covert channels are

• A covert channel is any method thta is used to pass information, but that is not normally used for information
  • Covert storage channel
  • Covert timing channel

Understand what buffer overflows & input checking are

• A buffer overflow occurs when the programmer fails to check the size of input data prior to writing the data into a memory location.
• In fact, any failure to valid input data could result in a securtiy violation.

Describe common flaws in security architectures

• In addition to buffer overflows, programmers can leave back doors and privileged programs on a system after it is deployed
• Even well-written systems can be susceptible to time-of-check to time-of-use (TOCTTOU) attacks.
• Any state change could be a potential window of opportunity for an attacker to compromise a system.