***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Monday, May 23, 2022

    Abuse of Privileges

    Privilege abuse is the fraudulent practice of using an account with additional privileges, also known as a privileged account, to access, exploit, or damage confidential business entities. By impersonating privileged users, attackers hide from the security defenses and maintain a persistent presence because it’s not unusual for privileged users to access your organization’s most sensitive resources.

    Privilege abuse is the direct result of poor access control:  Users have more access rights than they need to do their jobs, and the organization fails to properly monitor the activity of privileged accounts and establish appropriate controls.

    Privileged accounts are a gateway to critical systems and data. Abuse of these powerful accounts can lead to the loss of sensitive data and business intelligence, as well as downtime of systems and applications essential for business operations.

    Privilege abuse can be difficult to detect because many indicators of privilege abuse seem typical behavior for privileged accounts.

    Common Challenges Related to Privileged Accounts

    1. Proliferation of Shared IDs - Employees at some times need to be given additional privileges to perform functions beyond their normal responsibilities. In these situations, organizations might allow privileged users to share one or more common user IDs. This approach is undesirable because it leads to the proliferation of shared IDs, making it difficult to attribute a particular action to a specific individual.

    2. Third-Party Access – Third parties play an increasingly important role in an organization’s IT ecosystem. However, many third parties may not be as secure as the organizations to which they provide services, making them prime entry points for attackers. It is especially important to monitor the activities of third-party vendors if they have access to critical IT systems.

    3. Meeting Compliance Obligations - It is critical for organizations to enforce compliance to industry regulations.

    4. Privilege Creep - Privilege creep is the phenomenon by which employees accumulate high levels of access to IT infrastructure, some of which they are not entitled to have. It occurs when employees obtain login privileges for new systems while retaining access to old ones, even as they change roles and move across the organization. It is important to correlate current permissions and roles with the actual business needs of privileged users on a regular basis.

    The principles of Privileged Access Management are generally:

    • Ensure that only those users who absolutely need access to a given set of privileges on desktops and servers have those privileges, and only for those systems for which they have a need.
    • Ensure that privileged access is only used when it’s needed and “un-granted” when it’s no longer required.
    • Centrally manage privileged access such that access can be granted and revoked quickly.
    • Ensure that there is an audit trail for any privileged operation.
    at No comments:
    Labels: , ,

    Physical Theft

    An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be executed and often provides the adversary with an extended timeframe for which to perform an attack.

    Most protections put in place to secure sensitive information can be defeated when an adversary has physical access and enough time.

    To mitigate this type of attack, physical security techniques such as locks doors, alarms, and monitoring of targets should be implemented.

    Physical security is a vital part of any security plan and is fundamental to all security efforts--without it, information security, software security, user access security, and network security are considerably more difficult, if not impossible, to initiate.

    The most common physical security risks to organizations:

    1. Tailgating - Tailgating is when an unauthorized person follows an authorized person into a secure area. Tailgating can be limited with the right physical security measures. Anti-tailgating doors make tailgating virtually impossible, but installing them can prove expensive.

    Another way to reduce tailgating is by providing physical security training for your employees. It involves raising awareness among employees and providing them with a rigid physical security policy, including guidance such as not holding doors open to people they don’t recognize. 

    2. Theft of documents - Sensitive documents can easily become unaccounted for - and fall into the wrong hands.

    One of the best ways to prevent the theft or accidental revelation of documents and sensitive information is to institute a clear-desk policy. A clear-desk policy, which means ensuring that all desks are cleared and all documents are put away at the end of the workday, makes it less likely that sensitive documents are left in vulnerable locations.

    In order to prevent the theft of documents, it is also essential to institute access control and prevent unaccounted visitors from entering your workplace. 

    3. Unaccounted visitors - Unaccounted visitors pose a serious risk, as it is impossible to know if they were present if an incident occurs. Access control with swipe-card-access or ID doors is essential for business security, but you should also ensure that all visitors are accounted for by supplying them with visitor passes. Have a log of entry to later verify when a person was within your premises.

    4. Stolen identification - An access control system only works if everyone uses their own identification. If people are going in and out of your promises using someone else’s identification, the result is the same as if you had no access control at all.

    Employees need to be educated on the importance of protecting their IDs or access cards. Without training, employees will often share or lend each other their cards, making it hard to properly monitor access. Employees may also be careless with their IDs unless the importance of protecting them is demonstrated.

    5. Social engineering - Social engineering attacks rely on manipulating your employees, often using information that they have managed to gain to impersonate someone else, or abusing basic human empathy to gain access to secure areas and networks.

    Social engineering attacks can come in a huge variety of different forms. This is one of the reasons why it is so difficult to combat. 

    The first step towards combating social engineering is to make a thorough physical security risk assessment and consider how someone could get through the protections that are in place. Raising awareness about social engineering among your employees is also key, as understanding the risks that social engineering can pose will help your employees be more alert to any suspicious activity or contacts.

    at No comments:
    Labels: ,

    Intrusion

    Computer intrusions occur when someone tries to gain access to any part of your computer system.

    Computer intruders or hackers typically use automated computer programs when they try to compromise a computer’s security. There are several ways an intruder can try to gain access to your computer. They can:

    1. Access your computer to view, change, or delete information on your computer.
    2. Crash or slow down your computer.
    3. Access your private data by examining the files on your system.
    4. Use your computer to access other computers on the Internet.

    A network intrusion refers to any unauthorized activity on a digital network. Network intrusions often involve stealing valuable network resources and almost always jeopardize the security of networks and/or their data.

    An intrusion is any activity that is designed to compromise your data security. This can be through more menacing and pervasive formats like ransomware or unintentional data breaches by employees or others connected to your network.

    at No comments:
    Labels: ,

    Web Security challenges

    For security teams, the number of controls they can implement to secure a web application in production is limited while for the attackers, there is no limit on the number of attack vectors they can exploit. 

    To maintain a reasonable level of security, a comprehensive set of tools are required to protect their technical infrastructure from data breaches, malware attacks, and service disruptions. These tools must cover the server, network, storage devices, email servers, etc.

    The five most common web application security challenges:

    Code Injection

    Using code injection techniques, the attackers can exploit vulnerabilities in a web application by inserting their malicious code. Code injection vulnerabilities are often found in the text input field for users. Common types of code injection vulnerabilities include SQL injection, OS command attacks, dynamic evaluation attacks, and shell injection.

    Standard measures to avoid code injection vulnerability include avoiding vulnerable code and filtering input. One of the most effective ways to filter application input is implementing a web application firewall (WAF). 

    Data Breach 

    Some of the common causes of data breaches include misconfiguration, lost hardware, malware infection, and compromised credentials.

    In order to avoid data breaches, a wide range of good security practices are required. For example, SSL encryption, access-level privileges, regular scanning activities, and organizing regular training sessions for employees to practice good security practices such as identifying phishing attacks, setting up strong passwords, enabling two-factor authentication, etc.  

    The outcomes of a data breach are multi-fold. Apart from economic and reputational losses, many countries now mandatorily require a victim organization to report the data breach to the relevant regulatory authority. 

    Malware Infection 

    Malware includes ransomware, virus, trojan horses, worms, spyware, and adware. Email spam continues to be the primary vector of malware attacks.

    Malware can be delivered from various sources such as free downloads, fake websites, phishing websites, USB storage devices, etc. Hence, having a robust email filtering system is an essential requirement. Just like data breaches, training sessions for employees is another necessity to prevent an organization’s technical infrastructure from getting infected. 

    DDoS Attacks 

    With the size of DDoS attacks increasing every year, organizations can be affected even without being targeted. Many service providers have started offering DDoS protection services with real-time monitoring to mitigate such attacks as their infrastructure is capable of absorbing an enormous amount of incoming request, while they are being identified and filtered. 

    Malicious Insiders 

    The threat of malicious insiders is an evergreen. As a mandatory principle, an organization must follow the principle of least privilege, i.e., an employee shall have minimum access level privileges. An access control policy is a good starting point. Along with policy implementation, an organization can monitor transactions and activity logs for broader insights.  

    If a malicious insiders attack is detected and identified, access level privileges of the concerned insider must be revoked immediately.  

    at No comments:
    Labels: ,

    Web Security Considerations

    Web Security deals with the security of data over the internet/network or web while it is being transferred to the internet. Websites are always prone to security threats/risks. Hacking of Website may result in theft of important Customer Data.

    Security attacks are mainly aimed at stealing altering or destroying a piece of personal and confidential information, stealing the hard drive space, illegally accessing passwords.

    Security Consideration:

    • Updated Software: It is mandatory to keep your software updated, It plays an important role in keeping your personal data secure. Hackers may be aware of vulnerabilities in certain software, which are sometimes caused by bugs and can be used to damage your computer system and steal personal data. Older versions of software can become a gateway for hackers to enter your network. There is a need to always update software which will fix vulnerable or exposed areas.
    • Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your database by inserting a rough code into your query. One should be aware of the SQL injection attack.
    • Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web pages. It is a term used to describe a class of attacks that allow an attacker to inject client-side scripts into other users’ browsers through a website. As the injected code enters the browser from the site, the code is reliable and can do things like sending the user’s site authorization cookie to the attacker.
    • Error Messages: Error messages are generated to give the information to the users while users access the website and some error messages are generated due to one or another reason. Provider should be very careful while providing the information to the users. For example a login attempt fails the error message should not let the user know which field is incorrect: Username or Password.
    • Data Validation:  Validation of data should be performed on both server-side and client-side. Data validation should occur when data is received from an outside party, especially if the data is from untrusted sources.
    • Password: Password provides the first line of defense against unauthorized access to your device and personal information. Hackers in many cases use sophisticated software that uses brute force to crack passwords. Passwords must be complex to protect against brute force. It is good to enforce password requirements such as a minimum of eight characters long must including uppercase letters, lowercase letters, special characters, and numerals.
    at No comments:
    Labels: ,

    Identity management and web services

    Identity management (IdM), ensures that only authorized people have access to the technology resources they need to perform their job functions.

    It includes polices and technologies that encompass an organization-wide process to properly identify, authenticate, and authorize people, groups of people, or software applications through attributes including user access rights and restrictions based on their identities.

    Identity management works hand-in-hand with identity and access management (IAM) systems. Identity management is focused on authentication, while access management is aimed at authorization.

    The main goal of identity management is to ensure only authenticated users are granted access to the specific applications, systems or IT environments for which they are authorized. This includes control over user provisioning and the process of onboarding new users such as employees, partners, clients and other stakeholders.

    Identity management also includes control over the process of authorizing system or network permissions for existing users and the offboarding of users who are no longer authorized to access organization systems.

    Identity management is an important part of the enterprise security plan, as it is linked to both the security and productivity of the organization.

    Using identity management, organizations can safeguard their corporate assets against many threats including hacking, ransomware, phishing and other malware attacks.

    Identity management systems add an additional layer of protection by ensuring user access policies and rules are applied consistently across an organization.

    Web services will be the easiest and most affordable way to integrate one or more PACS (physical access control system) to an IDMS, enabling enterprise-wide, policy-driven access management. While Web services technologies and standards are still evolving, most of the challenges that remain are in the realm of Internet-based services intended for widespread general use and business-to-business e-commerce.

    A Web services “wrapper” can be used as appropriate for the various access control system interface capabilities. (A wrapper is software code that changes an existing interface to an application without substantially increasing its functionality.)

    Implementation of an enterprise-wide identity management system

    The implementation of an enterprise-wide identity management system is of great interest to corporate security for several reasons.

    • An IDMS will close IT security gaps related to enrolling and terminating employees.

    • The deployment of an IDMS is typically accompanied by a role-based access control (RBAC) scheme for the information systems. Once roles are jointly defined by human resources and business managers, and once IT security privileges are assigned to the roles, security privileges can be automatically granted upon enrollment in the IDMS. Privileges are also automatically changed when an employee's position changes, and revoked automatically upon the employee's termination.

    • Physical security can leverage the HR enrollment of employees by integrating the physical access control system (PACS) with the IDMS, so that access control privileges are managed automatically along with IT privileges as HR enrolls, re-assigns and terminates employees.

    Using an IDMS as a common point of reference, physical and IT access control can be synchronized. And using role-based access control to establish privileges based upon job functions, both physical and IT access control can be policy-driven.

    at No comments:
    Labels: ,

    SOAP services - SOAP structure - Security risks

    SOAP (Simple Object Access Protocol) is an XML (extensible markup language)-based messaging protocol for exchanging information among computers.

    • SOAP is a communication protocol designed to communicate via Internet.
    • SOAP can extend HTTP for XML messaging.
    • SOAP provides data transport for Web services.
    • SOAP can exchange complete documents or call a remote procedure.
    • SOAP can be used for broadcasting a message.
    • SOAP is platform- and language-independent.
    • SOAP is the XML way of defining what information is sent and how.
    • SOAP enables client applications to easily connect to remote services and invoke remote methods.

    Although SOAP can be used in a variety of messaging systems and can be delivered via a variety of transport protocols, the initial focus of SOAP is remote procedure calls transported via HTTP.

    SOAP provides a way to communicate between applications running on different operating systems, with different technologies and programming languages.

    SOAP is a messaging protocol, meaning that SOAP security is primarily concerned with preventing unauthorized access to these messages and to users' information.

    SOAP messages are secured through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens.

    WS (Web Standards) Security is a set of principles that regulate the confidentiality and authentication procedures for SOAP messaging.

    SOAP Message Structure:

    Whenever a client application calls a method in the web service, the web service will automatically generate a SOAP message which will have the necessary details of the data which will be sent from the web service to the client application.

    A simple SOAP Message has the following elements –

    • The Envelope element
    • The header element and
    • The body element
    • The Fault element (Optional)

    The SOAP message is nothing but a mere XML document which has the below components.

    • An Envelope element that identifies the XML document as a SOAP message –  is used to encapsulate all the details in the SOAP message. This is the root element in the SOAP message.
    • The header element can contain information such as authentication credentials which can be used by the calling application. It can also contain the definition of complex types which could be used in the SOAP message.
    • A Body element that contains call and response information - the actual data which needs to be sent between the web service and the calling application.
    • The Fault element - When a request is made to a SOAP web service, the response returned can be of either two forms which are a successful response or an error response. When a success is generated, the response from the server will always be a SOAP message. But if SOAP faults are generated, they are returned as “HTTP 500” errors.

    Common SOAP Security Risks

    There are many different kinds of cyber security vulnerabilities and attacks, and some are uniquely aimed at APIs. A few of these are code injections, DoS (Denial of Service), breached or leaked access/authorization, XSS (Cross-site Scripting) and session hijacking.

    Code Injections

    Code injections, using SQL or, in the case of SOAP, XML, introduce malicious code into the database or application itself. The only way to prevent these is with careful access control.

    Breached or Leaked Access/Authorization

    The majority of attacks, including code injections, start with breached or leaked access. Making sure SOAP messages get revealed only to the correct user is one important part of SOAP security.

    DoS

    A Denial of Service, or Distributed Denial of Service (DDoS) attack overwhelms and disrupts a web service with messages that are too many or too long. SOAP security includes measures that can make DoS attacks impossible by limiting the length and volume of messages.  

    XSS

    Cross-site scripting is another form of code injection, but more specifically it occurs when someone injects malicious browser-side script into the web site through the web application. 

    Session Hijacking

    Session hijacking is another failure of access control. It occurs when an unauthorized user obtains a session ID. The user then has full access to the application and/or another user’s account. 

    ·         Building Secure Web Services

    In order to create a secure SOAP web service, you need to add a security layer through the SOAP header. A security credential to the SOAP header is added. The username and password as variables added so that each time SOAP message is generated, these credentials are also generated as part of the header. This way, whenever the user calls the web service, it requires the password and username.

    The protections that SOAP can offer include regular testing, IAM (Identity and Access Management), request monitoring, input validation and redundant security standards.  

    Regular Testing - Various types of tests can be performed to ensure that the API will stand up to any possible threats and to find any vulnerabilities that attackers might exploit. These types of tests include fuzz testing and injection testing, among others.

    The fuzz testing can be used to determine how the API reacts to an unexpected input. The injection testing can be used to detect vulnerabilities where a hacker might introduce malicious code. 

    Identity and Access Management - It is one of the most basic and essential aspects of cyber security. It involves everything from passwords and usernames to advanced authentication techniques.

    IAM prevents unauthorized users from accessing the application at the wrong time or stealing another user’s session token and hijacking the session. 

    Request Monitoring - Monitoring requests and SOAP messaging for any abnormalities is another important part of security.

    Request monitoring makes it much more likely to be able to solve vulnerabilities or data leaks quickly. In order to monitor requests, a logging system is required that can checked on a regular basis for any irregularities. 

    Input Validation - There are two aspects of input validation for SOAP: Schema compliance validation and SOAP response validation. 

    Schema compliance validation ensures that the message is in accordance with XML schema and the WSDL (Web Service Description Language). 

    SOAP response validation ensues that the response to your message is in the correct format. 

    Redundant Security Standards

    WSDL, XML standards and SOAP standards overlap in many places. These redundant security standards give a level of insurance obtained by few other systems. 

    at No comments:
    Labels: , ,
    Subscribe to: Posts (Atom)

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...

    • Applications of cryptography
      There are various applications of cryptography which are as follows − Secrecy in Transmission  − Some existing secrecy systems for transmi...
    • Weak Authentication
      Authentication is the process of verifying the identity of a given user or client. Weak Authentication refers to any situation in which th...
    • Internet governance - Challenges and issues
      Internet governance   is ‘the development and application by governments, the private sector, and civil society, in their respective roles, ...