D5-SeguridadAplicaciones.pdf
-
Upload
nandourias -
Category
Documents
-
view
221 -
download
0
Transcript of D5-SeguridadAplicaciones.pdf
-
8/2/2019 D5-SeguridadAplicaciones.pdf
1/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |1
Application Development Fundamentals
Abstract
This article explains the types of source codes and the functionality of
different program types.
Types of Source Codes
Application security is an integral part of security. There are various issues
arising from Java, ActiveX controls, malicious code, and other attack methods.
These issues result in undesirable events occurring in the application. You
need to identify these application-related issues and implement
countermeasures to eliminate or reduce them. The applications are developed
using open or closed source code programs.
The program source code, which is available to you freely for reading and
modification, is called an open source code program. You can customize the
source code per your requirements without any restrictions. Further, you can
redistribute the program to other users without paying any royalties to the
original developer. The aim of an open source code program is to improve the
performance of the program. The Linux operating system and the Apache web
server are examples of programs or applications developed using open source
code programs.
Unlike an open source code program, closed source code programs are not
available freely to users. To use closed source code programs, you need toobtain a license from the developer of the program. Further, you cannot
modify the program per your requirements. You can only use the binary
version of the source code as the executable file. To access the source code
of the closed program, you need to sign a nondisclosure agreement. The
applications developed by Microsoft are written and developed using closed
source code programs.
Types of Programs
Computers execute only programs that are written in machine language that is
also known as first-generation computer language. A machine language
program consists of binary instructions, such as 0s and 1s. The instructions
are interpreted and executed by the CPU. However, writing programs using
machine language is difficult and time-consuming. As a result, the assembly
languages, also known as second-generation computer language, were
introduced. Before the CPU executes the programs written in assembly
language, the program is converted into machine language using a program
called an assembler.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
2/35
2|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
An assembler is a program that converts programs written in assembly
language to machine language, which is easily understood by the computer.
Programs written in an assembly language consist of symbols and words
instead of numbers. Before a program is executed, the assembler program
converts the symbols and words into the corresponding binary numbers.
However, writing complex programs in assembly language is difficult and time-
consuming. In addition, programs written in assembly language only work for a
specific family of CPUs.
With the introduction of high-level languages or third-generation computer
languages, such as COBOL, FORTRAN, and C, programmers started using
simple English-like statements to write their programs. Unlike programs written
in machine language, high-level language programs do not interact directly
with hardware. As a result, high-level programs need to be converted to
machine language.
Compiler and interpreter are programs that are used to convert high-level
language program into machine language. The difference between them lies
in the process of program execution. The compiler parses or analyzes the
entire program at a time for syntactical correctness and then produces an
output code. The output code is referred to as machine code, which is further
processed by the processor.
An interpreter program interprets each statement of the high-level program at
one time and stops program execution when it encounters an error. The
output code is generated only when the program is error-free. This run-time
analysis of a program is known as interpretive overhead.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
3/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |3
Summary
Application security is an integral part of security. These security issues result
in undesirable events occurring in the application. The applications are
developed using open or closed source code programs.
The program source code that you can modify is called an open source code
program, and the program source code that you cannot modify is called a
close source code program.
Computers execute only the programs written in machine language. A
machine language program consists of binary instructions, such as 0s and 1s.
An assembler program converts programs written in assembly language to
machine language.
Compiler and interpreter are programs that are used to convert high-level
language program into machine language. A complier program analyzes the
entire program at one time while an interpreter program interprets each
statement of the program at one time.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
4/35
4|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Attack Methods
Learning objective
After completing this topic, you should be able to distinguish between the
types of attacks used in the enterprise environment and identify the
appropriate methods to counteract them.
1. Types of attackers
Before understanding the different types of attack that occur in the enterprise
environment and how to counteract them, security professional should know
about the entities that conduct the attacks.
These entities include
hacker
Hackers are individuals who attempt to access information systems and
network resources in an unauthorized manner.
cracker
Crackers are individuals who intentionally break into a computer system by
breaching computer security. A cracker's motives are usually altruistic or to
prove that a system can be breached.
phone phreak
Phone phreaks are individuals who crack the phone network to make free
long-distance calls in an unauthorized manner.
These entities are responsible for conducting attacks related to denial of
service (DoS), security architecture, and access control. They are also
responsible for sending hoax messages.
Hoaxes are false statements made with the intention of scaring users. They
aim at deliberately misleading the users and prompting them into performing
rash actions.
A hoax includes
e-mail hoax
E-mail hoaxes consist of fake and chain-letter-style documents that spread
faster than any other hoaxes.
web hoax
-
8/2/2019 D5-SeguridadAplicaciones.pdf
5/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |5
Web hoaxes spread through bogus web sites containing false or misleading
information.
You can consider a computer virus alert a hoax when it
is received from an unknown person asks you to visit a web site and download antivirus software
asks you to forward it to other users
2. Types of attacks
Attackers perform DoS attacks on operating systems to make resources
unavailable to valid users.
The six types of DoS attacks are
Smurf and fraggle
A smurf attack is launched using Internet Control
Message Protocol (ICMP) packets. An ICMP packet
contains the return address of the victim's computer.
The attacker broadcasts the ICMP packet to the amplifying server or network.
The amplifying server sends this ICMP packet to thousands of active
computers. All the active computers on the network reply to the victim's
computer. The reply traffic to the victim's computer overwhelms, and
sometimes crashes, the victim's computer. Further, this attack consumesmost network bandwidth and makes the entire network unusable.
A fraggle attack is similar to the smurf attack. The only difference between the
two is that the fraggle attack uses User Datagram Protocol (UDP) packets
instead of ICMP packets.
These countermeasures can be used against smurf and fraggle attacks:
set up a firewall to block all broadcast and ICMP messages
configure all computers to drop ICMP messages
turn off the directed broadcast capability of the router
implement intrusion detection system (IDS) to monitor and notify the system
administrator about the occurrence of these attacks
install the latest security patches on the system
SYN flood
A SYN flood attack is waged by not sending the final
acknowledgement (ACK) packet, which breaks the
-
8/2/2019 D5-SeguridadAplicaciones.pdf
6/35
6|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
standard three-way handshake used by TCP/IP to initiate communication
sessions.
During the attack, the attacker sends a Synchronize (SYN) message with a
fake IP address to the victim's computer. The victim acknowledges the SYN
message, sends the Synchronize-Acknowledge (SYN-ACK) message back tothe attacker, and reserves memory space for the connection. However, the
victim's computer does not receive an ACK message. This process keeps
repeating and the victim's computer runs out of the resources required for the
half-opened connection. As a result, the victim's computer crashes or stops
accepting connection requests.
These countermeasures can be used against SYN flood attacks:
set up firewall to limit the number of connection requests
implement IDS
use SYN cookies to avoid the allocation of resources to half-opened connections
install the latest security patches on the system
Teardrop
Teardrop attacks occur when an attacker exploits a bug
in an operating system. The bug exists in the routines
used to reassemble fragmented packets. An attacker
sends numerous, specially formatted, fragmented
packets to the victim, which causes the system to
freeze or crash.
These countermeasures can be used against the teardrop attack:
merge all the fragmented packets into a full packet before routing them to the target
system
implement IDS to detect all the fragmented packets
Distributed denial of service
Distributed denial of service (DDoS) attacks occur when
a large number of systems attack a single system to halt
network activity.
In DDoS attacks, the attacker installs client attack
software on computers and uses them to send service requests to the victim's
computer until it stops functioning. The computers that the attacker uses for
targeting the victim's computer are called slaves or zombies.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
7/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |7
These countermeasures can be used against DDoS attacks:
scan the computers to identify if the attack software is installed on them
access the log files on which the client attack software is installed to determine the
location of the attacker
disable unused services on the systems
install firewall and IDS
DNS DoS
Domain Name Service (DNS) DoS attacks occur when
an attacker changes the IP address of a web site and
maps it to an incorrect host on the Internet. This
prevents users from accessing the original web site.
These countermeasures can be used against DNS DoS attacks:
implement a secure DNS
update the DNS Berkeley Internet Name Domain (BIND) version because BIND
consists of the resolver library, which has standard APIs for translating domain
names and IP addresses
configure the DNS servers for internal and public records
Cache poisoning
Cache poisoning attacks occur when an attacker is
unable to change the DNS address of a web site and
enters false data about the DNS address of the web
site in the cache. As a result, users are unable to
access the required web site.
These countermeasures can be used against cache poisoning attacks:
configure DNS servers
implement Domain Name System Security Extensions (DNSSEC), which helps
track cache poisoning attacks using cryptographic electronic signatures
use HTTPS to validate the server's digital certificate
DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS,
and cache poisoning.
The attacks related to access control are
brute force
Brute force attacks occur when an attacker tries different input combinations
to obtain the correct password.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
8/35
8|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
To avoid brute force attacks
keep the password length to a minimum of eight characters
lock the account after a specified number of unsuccessful attempts
implement strict access control to reduce the occurrence of such attacks
dictionary
Dictionary attacks occur when an attacker tries a list of possible passwords,
which are located in a dictionary file or word list. The attacker uses a cracking
tool to crack the passwords.
To avoid dictionary attacks use
the one-time password authentication technique
the password renewal policy to enforce password rotation
hard-to-guess passwords
cracking tools to identify weak passwords
implement IDS
spoofing
Spoofing attacks occur when an attacker modifies data packets with false
information to trick other systems or users and hide the origin of the message.
Hackers usually do this so that their identity cannot be successfully revealed.
To avoid spoofing attacks
configure firewall to discard packets that contain Request for Comments (RFC)
1918 private addressing
avoid using reserved IP addresses because these are used by the attackers to
spoof the host and attack the system
use egress and ingress filtering systems to ensure that only required packets can
enter and exit the network
implement intrusion prevention system (IPS) to monitor network traffic
In addition to DoS and access control attacks, there are attacks related to the
security architecture. The buffer overflow attack, also known as smashing the
stack, is related to the security architecture, where an attacker causes or useserrors or bugs in code to cause system memory problems.
For example, because of bugs in code, the attacker can store more data in the
buffer than its storage capacity. As a result, the additional information in the
memory overflows. The attacker exploits this vulnerability to crash the
computer or insert certain code that allows the attacker to gain control of the
computer.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
9/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |9
To avoid this attack, you need to
use the bound checking mechanism in program code to check the length of
the input variable
install the latest security updates, patches, and hot fixes
Further, there are other attacks trapdoor, timing, pseudo flaw, and alteration
of authorized code.
Trapdoor is an undocumented command sequence that allows software
developers to bypass normal access restrictions. During the program testing
stage, the developer needs to continuously authenticate to the system.
To speed up the development process, the developer comments the
authentication code in the program to skip the authentication process. If the
developer leaves these trapdoors open in the program, attackers can exploit
this vulnerability and gain access to the system without authenticating.
To avoid trapdoor attacks, the developer should document the command
sequences commented in the program.
Timing attacks include
between-the-lines entry
negative acknowledgment attack
line-disconnect
between-the-lines entryBetween-the-lines entry attacks occur when an attacker taps the temporarily
inactive terminal of a legitimate user in an unauthorized manner.
To avoid this attack, communication lines should be kept secured so that the
attacker cannot enter the secured communication lines.
negative acknowledgment attack
Negative acknowledgment (NAK) attacks occur when an attacker capitalizes
on an operating system's failure to suitably handle NAK packets. A NAK
packet is a response sent from a receiving device to a sending device,
indicating that the information received contained errors.
To avoid this attack, systems should be programmed properly to process
NAK packets.
line-disconnect
Line-disconnect attacks occur when an attacker accesses and uses the
communication session of the user who is trying to terminate his
-
8/2/2019 D5-SeguridadAplicaciones.pdf
10/35
10|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
communication session.
To avoid this attack, implement a secured communication line.
Pseudo flaw attacks are loopholes that are inserted into the operating system
or the program by developers to trap attackers and track the source of attack.The aim is to ensure that attackers spend more time and effort on attacking
the flaws in the program, instead of attacking the actual program.
Alteration of authorized code attacks occur when an attacker modifies the
authorized code in a program. For example, there are programs you can
execute only after entering a valid authorization code. To execute this
program, the attacker modifies the authorized code in the program.
To do this, the attacker identifies the subroutine in the program that checks for
authorization and writes a small program. This program creates patches in the
authorized code. The next time the attacker executes the program, theinstructions specified in the patch program are executed, which bypasses the
authorization subroutines in the program.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
11/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |11
Summary
Hackers, crackers, and phone phreaks are responsible for conducting various
attacks within an organization.
DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS,
and cache poisoning. Attacks related to security architecture include buffer
overflow. Similarly, access-control-related attacks include brute force,
dictionary, and spoofing. In addition to these attacks, there are other attacks,
including trapdoor, timing, pseudo flaw, and alteration of authorized code.
Security personnel should establish countermeasures to protect the
organization from these attacks.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
12/35
12|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Malicious Code
Learning objective
After completing this topic, you should be able to recognize the different types
of malicious code that can affect a system or network and identify the methods
that can be used to mitigate them.
1. Computer attacks
Different types of attacks can affect a system. Each attack type has a
prevention mechanism or countermeasure associated with it.
There are four types of computer attacks:
TOC/TOU
Time of Check/Time of Use (TOC/TOU) is a timing
attack that occurs when a program checks access
permissions in advance of a resource request.
For example, when a user logs on to a system, the
system creates an access control list for the user. Now, if the system
administrator changes the access control of the user when the user is logged
on, the changes will not be applied. The changes will be applied only after the
user logs on again.
To avoid TOC/TOU, the access permission to a resource should be checked
when you are accessing the resource and not in advance.
Social engineering
One of the most overlooked attacks is social
engineering. This is the act of tricking a person into
providing confidential information by posing as an
individual who is authorized to receive that
information.
To avoid social engineering attacks, the user must
be aware of social engineering attacks through security awareness training
take the initiative and refrain from giving confidential information over the phone or
the Internet
follow the security guidelines laid down by the organization in handling unknown
requests for information or clearance
-
8/2/2019 D5-SeguridadAplicaciones.pdf
13/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |13
Threat agents
People, programs, hardware, or systems that
exploit vulnerabilities are termed threat agents. A
natural calamity that poses a risk to information
security is also termed a threat agent.
To avoid threat agents, you need to perform threat
analysis.
This involves
identifying potential threats to the information system
determining the factors responsible for the identified threats
identifying the countermeasures to be established against the identified threats
Mobile code
Mobile code is a small, executable program that is
transmitted across a network and executed on a
local system. Users can download this program
from an untrusted source and execute it on their
systems. This increases the risk of attack. In
addition, this program might consist of malicious
code, which consumes all system resources and causes the system to crash.
There are two types of mobile codes, Java applets and ActiveX.
Java is an object-oriented language that is used to write small programs,called applets, which are executed autonomously from the server that sent
them.
Poorly written applet programs
restrict access to your computer's system resources
erase confidential information from your computers
send data to an unknown location on the network
write malicious code into the processor
Java is a platform-independent programming language that creates
intermediate code called bytecode. This code is not processor specific. To
create processor-specific code, you use Java Virtual Machine (JVM), which
converts bytecode into machine code.
Java applets, which are downloaded and executed from remote computers,
-
8/2/2019 D5-SeguridadAplicaciones.pdf
14/35
14|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
are called untrusted programs. They have limited access to a computer's
memory, processor, and resources.
Java provides you with a security mechanism called sandbox, which is a
security boundary within which the untrusted Java applet is executed.
However, the applet programs you write are secured and trusted and,therefore, reside outside the sandbox. The sandbox restricts the amount of
memory and processor resources required to execute the program. If the
program exceeds these limits, the browser terminates the program.
You can also install firewall and filter the applet programs. Firewall filters the
applet programs by searching the telltale sign, "0xCAFEBABE."
In addition, you can use the cryptographic authentication technique to find the
owner of the mobile code. This technique limits the risk to a user.
ActiveX is another example of mobile code developed by Microsoft using
Component Object Model (COM). ActiveX is active code that is a reusable
and stand-alone control. These controls can be written using different
programming languages, such as C++, Visual Basic, Visual C++, or Java.
In the ActiveX model, a web page consists of a number of controls that help
users interact with a web page.
ActiveX uses a security scheme that includes digital signatures, which are
verified using the Authenticode technology. This technology ensures that the
controls are not modified before users download them. As a result, ActiveXcontrols are secured and have greater access to the resources on the
computer.
However, users can disable the Authenticode option on their systems. This
results in the downloading of unsigned controls. As a result, you need to use
firewall to filter ActiveX controls.
Computer attacks include TOC/TOU, social engineering, threat agents, and
mobile code.
2. Malicious codes
Malicious code is another form of computer attack. It
includes an extensive range of programmed computer
security threats that take advantage of various
network, operating system, physical security, and
software vulnerabilities to distribute malicious code to
-
8/2/2019 D5-SeguridadAplicaciones.pdf
15/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |15
computer systems.
There are various types of malicious codes, ranging from viruses to spyware.
A virus is an unwanted and unsolicited malicious program or piece of code
that can damage a computer system.
They are transferred from one system to another when you
share data
share storage devices hard disk or floppy disk without granting
appropriate access rights
download files from the Internet
open unknown e-mail messages
It is to be noted that viruses are never transferred without the help of human
intervention.
The various types of viruses are
file infector
The file infector virus attacks the executable files with the .exe and .com
extensions. When you execute the infected file, the virus attaches itself to
other program files.
boot sector or system infector
The boot sector or system infector virus plants itself in a system's boot sectorand infects the master boot record. This virus is activated when you boot up
the system. To avoid this problem, the manufacturers are now adding special
protection to the boot sectors of the storage media.
multipartite
A multipartite virus is also known as a multipart virus. This virus
simultaneously attacks the boot sector and the executable files. Accordingly,
multipartite viruses combine the characteristics of file infector and boot sector
viruses.
For example, the Marzia virus, discovered in 1993, infected the executablefiles as well as the system's master boot record by writing malicious code to
them.
script
Script viruses are written using script languages. The virus either infects other
scripts or forms a part of multicomponent viruses. This virus affects only those
applications for which it has been written. Script viruses are spread through e-
-
8/2/2019 D5-SeguridadAplicaciones.pdf
16/35
16|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
mail attachments.
For example, the Melissa virus affects systems that have the Microsoft
Outlook Windows client installed. If the Outlook client is not installed on a
system and the script virus is executed on that system, the script virus will not
spread.
encrypted
An encrypted virus consists of a virus detection routine and an encrypted
virus body. When the infected program is executed, the virus decryption
routine takes control of the computer and then decrypts the virus body.
macro
A macro virus infects Microsoft Word or Excel applications, typically disrupting
workflow by inserting unwanted words or phrases. Macro viruses use the
application's own macro programming language and infect documents and
templates. This virus does not affect program files.polymorphic
A polymorphic virus comprises of three parts, the virus body, the decryption
routine, and the mutation engine. When the infected program is executed on
the user machine, the decryption routine first decrypts the encrypted virus
body and the mutation engine and then allows the virus to search for the next
program to be infected. The decryption routine is randomly generated by the
mutation engine. After every cycle of replication, the virus changes its
signatures making it difficult for any antivirus software to detect it.
A worm is a subclass of virus. Worms spread automatically by taking control of
the system and do not require any human intervention. They replicate very
quickly and consume memory and network bandwidth, and waste CPU cycles.
Trojan horses are programs that are embedded in software programs. They
do not replicate themselves and simply execute the payload when the
program is opened. Generally, Trojan horses promote trapdoor or backdoor
attacks to access system resources.
A logic bomb is a dormant or sleeping virus that is triggered when specific
conditions are met. These conditions are known as triggers and are introduced
by programmers. Triggers might be anything, ranging from time to the total
number of times the program is executed.
A logic bomb unexpectedly destroys the data stored on the hard disk. It
becomes challenging to identify the data loss. The range of destruction is
always on the higher side. System administrators should back up data at
regular intervals to avoid any sort of data loss and install antivirus software to
detect the virus at early stages.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
17/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |17
Spyware is code written to capture keystrokes and system information or
install a backdoor on the system. Spyware use keyloggers that help capture
the passwords, credit card information, or other, sensitive data.
These countermeasures can be put in place against viruses:
install the antivirus software on a computer or network to monitor and
identify all major types of malware and prevent or contain malware
incidents
install a host Intrusion Detection System (IDS) on a computer to monitor
the activities on that computer and identify the files and processes that
have been compromised or used by a malicious user to perform
unauthorized activities
adhere to the organization's e-mail policy and avoid opening unidentified e-
mail attachments
3. Covert channel types and DCOM
A covert channel is a communication path that enables a process to transmit
information in a way that violates the system's security policy.
A covert channel includes
storage channels
A storage channel is a covert channel that involves one process writing to a
storage location and another process directly or indirectly reading the storage
location. Covert storage channels typically involve a resource, for example
sectors on a disk, which is shared by two subjects at different security levels.
timing channels
A timing channel is a covert channel in which one process modulates its
system resource, for example CPU cycles, which is interpreted by a second
process as some type of communication.
Distributed Component Object Model (DCOM), developed by Microsoft, is anextension of Component Object Model (COM), and is created to support
distributed computing. DCOM consists of various prebuilt objects software
modules that reside on separate computers on the distributed network.
These objects are reusable, self-contained objects and can perform specific
business functions.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
18/35
18|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Programmers are now creating applications using DCOM objects. The
software components can gain access to these distributed objects and can be
integrated in the application.
DCOM provides the authentication, integrity, and
confidentiality of data through a single property called
authentication level.
The authentication level can only be applied to
objects that are residing on the server. However, you can decide the level of
authentication you want to apply to an object.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
19/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |19
Summary
There are four types of computer attacks. These include TOC/TOU, social
engineering, threat agents, and mobile code.
Malicious code is an extensive range of programmed computer security
threats that take advantage of various network, operating system, physical
security, and software vulnerabilities to distribute malicious code to computer
systems. Malicious code includes viruses, worm, Trojan horses, logic bombs,
and spyware.
A convert channel is a communication path that enables a process to transmit
information in a way that violates the system's security policy. DCOM is an
extension of COM and is created to support distributed computing.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
20/35
20|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Knowledge-Based Systems and the Development Life
Cycle
Learning objective
After completing this topic, you should be able to recognize the characteristics
of various knowledge-based systems and identify the activities involved in the
different phases of the information systems development life cycle.
1. Knowledge-based systems
Several data retrieval techniques can be used to retrieve data. However,
because of the large volume of data stored in databases, it has become
difficult for employees to retrieve the right information at the right time.
This hampers the decision-making process of the management. You can solve
this problem by using knowledge-based systems.
A knowledge-based system consists of knowledge stored in a knowledge base
on a specific domain, such as accounting, production, and medicine. The
information stored in the knowledge base is collected from experts who have
in-depth knowledge of their respective domains.
A knowledge-based system uses artificial intelligence (AI), which enables the
system to think and behave like a human and solve complex problems,
identify hidden patterns, draw inferences, andhelp forecast and diagnose issues.
An expert system is a knowledge-based system
that uses AI to solve complex problems. An expert
system is based on
rule-based programming
Rule-based programming refers to the set of rules and algorithms that are
based on if-then statements. Based on user input, these rules define what
action needs to be taken in a particular situation by matching the user input
with the rules stored in the knowledge base.
For example, an expert system can be designed to help people decide what
to do in the event of an earthquake. The knowledge base might contain these
statements:
-
8/2/2019 D5-SeguridadAplicaciones.pdf
21/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |21
if the earthquake is between 3.5 and 5.4 on the Richter scale, people should not
stand under trees and stay away from any heavy objects placed at a height
if the earthquake is between 5.5 and 6.0 on the Richter scale, people should move
out of their homes because the homes might collapse
inference engine
Inference engine searches the rules based on user input in the knowledge
base and decides which rules are applicable to the situation. The inference
engine acts like the human brain that takes decisions in all situations.
Continuing with the example of the earthquake, a user might inform the expert
system that an earthquake measuring 5.8 on the Richter scale has occurred.
The inference engine analyzes the information stored in the knowledge base
and makes a recommendation.
The main aim of creating an expert system is to aid decision makers and
technicians by providing them with the expertise to arrive at a conclusionquickly.
An artificial neural network is another type of knowledge-based system, which
processes information based on the neuron structure of the human brain. A
conventional system can perform complex mathematical tasks but fails to
remember the logic of the program. This can be achieved by using artificial
neural networks.
An artificial neural network system uses highly interconnected processing
elements, which are capable of learning, remembering, and solving a problem
from the acquired knowledge or tasks that have been already performed.
Neural systems can be implemented in various applications, such as voice
recognition and face identification.
Unlike other systems where processing is done sequentially, neural networks
process information in parallel, which makes them robust. The failure of a
single node does not lead to system failure.
The advantages of neural networks are
adaptive learning
Adaptive learning is the ability of the system to learn tasks that have been
performed already or for which training has been imparted.
self-organization
Self-organization is a characteristic of neural networks by virtue of which the
networks organize the information they receive during the learning period.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
22/35
22|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
real-time operation
Real-time operation refers to the ability of neural networks to enable the
parallel processing of tasks.
fault tolerance via redundant information coding
Fault tolerance via redundant information coding refers to the ability of thenetwork to function even when one or more nodes on the network are not
functioning.
Conventional computers use algorithms to solve problems. This means the
instructions are processed sequentially. But neural networks function
depending on the input provided during training in the form of content,
guidelines, and examples. These networks compute logic in parallel and, as a
result, the outcome is based on the input provided.
The only disadvantage of the neural networks is that their operations are
unpredictable because problems are solved through adaptive learning.
2. System development life cycle
When designing a system, the system analyst should follow these guidelines
for designing controls:
the controls should ensure that all the data is processed
the controls should avoid error-prone situations in the application
the controls should be able to track and fix errors as early as possible
the controls should not hamper data flow within the application
the controls should be cost effective
the controls should follow the organization's overall security strategy
The system analyst should follow these guidelines to control the development
process:
testing includes program testing, system testing, and acceptance testing
file conversion includes planning, following up errors, and checking old files
controls change requests
provide training to users on how to operate the application and prepare
documentation
There are three approaches to develop software:
Ad-hoc
Waterfall
-
8/2/2019 D5-SeguridadAplicaciones.pdf
23/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |23
Iterative
Ad-hoc
The ad-hoc approach is followed when there is no fixed
development plan for a project. The team members
involved in the project work according to their own
understanding. As a result, the performance of the team
members is monitored on an individual basis.
The benefit of this approach is that no prework is required for creating plans
and the individual team members can work on their own.
The disadvantage of this approach is that the entire organizational capability
cannot be measured because every individual works according to his own
understanding. Various parameters, such as schedules, budgets, and
functionality, remain inconsistent.
Waterfall
The waterfall approach structures the different phases of
the system development life cycle (SDLC), such as
analysis, design, programming, and testing. All the
activities listed for a particular phase have to be
completed before the next phase begins. The output of one phase acts as
input for the next phase.
The advantage of this approach is that every step is planned and
documented. This prevents discrepancies from creeping into the process.
The disadvantage of this approach is that it is not suited for large projects or
for projects that have a short delivery span. The reason is that the team
cannot perform various tasks concurrently because the completion of one
phase denotes the beginning of the next phase.
Iterative
The iterative approach divides a project into small
modules for flexibility. Each module then follows the
waterfall model for development.
The main advantage of this approach is that each
module is documented, and the entire team can work simultaneously on
various modules. If any changes need to be made, this can be conveyed at
the early stages and feedback during the development process helps enhance
the project.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
24/35
24|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Various models have been developed based on the iterative approach. The
prototyping model is one of them.
The prototyping model helps a user view the elementary working model of the
project. This prototype can be worked on for further changes, depending on
user feedback. The entire process of refining the prototype continues till theuser is satisfied by it.
The different forms of the prototyping model include
Rapid Application Development (RAD) strictly adheres to the timelines set.
This enables the quick development of the project.
Joint Analysis Development (JAD) allows developers to work with users. This
enables a better understanding of user requirements and ultimately user
satisfaction. In addition, JAD promotes teamwork, which combines the
expertise of all individual team members.
Modified Prototype Model (MPM) allows the quick implementation of the
projects' prototype. The maintenance phase remains a continuous phase after
the initial installation. The project has scope for improvement, depending on
requirements.
Apart from the prototyping model, the other models include
The exploratory model relies on assumptions for the project to be developed.
This model is followed for projects for which requirements cannot be identifiedat the initial stages. Project development begins with whatever raw data is
available at the early stages. As a result, this model is followed for projects
where requirements are not precisely mentioned.
The spiral model is a combination of both the prototype model and the
waterfall model. Apart from this, an additional feature of risk assessment is
included in this model. The initial prototype is developed using the waterfall
model and then risk assessment is conducted to evaluate the feasibility of the
project because of increased costs or lengthened timeframes, if any.
The object-oriented programming model concentrates on objects that are the
building blocks of this model. Each object is a self-contained module of
preassembled programming code. The advantage of using this model is that
the object can be reused later. Object-oriented programming can be based on
either the reuse model or the component-based development model.
The extreme programming model follows the ethics of working in a team. It
incorporates moral values, such as simplicity, communication, feedback, and
-
8/2/2019 D5-SeguridadAplicaciones.pdf
25/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |25
courage. This enables the entire team to work as one unit, deliver the software
in a series of small, integrated releases, and meet user expectations.
The cleanroom model saves time in the testing phase by working vigorously
during the design phase. This strategy aims at preventing defects rather than
removing them. The user receives a high-quality product in a comparativelyless amount of time.
Based on user requirements, the development team selects the best software
development approach suited to develop software. The aim is to provide
quality products and meet all user expectations.
After deciding the software development approach, you need to follow the
various development phases of SDLC to protect the system. Security is one of
the major concerns in the SDLC. It should be implemented throughout the life
cycle of the system.
The development phases include
project initiation
The project initiation phase aims at identifying business needs (functional
requirements) with the proposed solution, project objectives, scope,
strategies, cost, and other, related factors.
The security tasks involved in this phase are
checking whether the application requires protection
checking whether there are any potential risks of exposure of sensitive information
because of the application
checking whether any output requires special measures
checking whether the application will be accessed remotely
functional requirements definition
The functional requirements definition phase includes a comprehensive
analysis of all the present and future functional requirements of the new
system to satisfy users. Apart from this, the output of the project initiation
phase is also reviewed and required changes are made.
The security tasks related to this phase are similar to the project initiation
phase.
system design specifications
The system design specifications phase talks about all the designing issues
related to the system. In this phase, system architecture, expected system
output, and system interfaces are designed. Security issues have to be kept
-
8/2/2019 D5-SeguridadAplicaciones.pdf
26/35
26|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
in mind when inputting data, enabling data flow, and specifying data output
requirements.
build/development and documentation
The build/development and documentation phase involves the generation of
the source code of programs, test scenarios, and test cases. The system andprogram are documented for maintenance and turnover after unit testing is
conducted. The final output goes for acceptance testing and production.
Continuing with the various phases of the SDLC, there are a few more
phases. These include
acceptance
The acceptance phase involves a third party
creating the test data and testing the code to
ensure that the system developed is working
per the specifications and meets all the
functional and security requirements.
These security tasks are involved during this phase:
security testing should be performed to ensure no design and implementation flaws
creep into the system and allow the user to violate any of the policies
simulating the production environment to test the validity of the system
creating a security certification package and user documentation
testing and evaluation controls
The testing and evaluation controls phase ensures that the management
team confirms all the changes per the system requirements. The program
librarian should retain all the test data and a duplicate copy of the production
data should be used for similar types of data. The data also has to be
evaluated to ensure it has checked the system thoroughly for all parameters.
These security tasks are involved during this phase:
testing all changes and then validating the data
acknowledging the results of the test
retaining implementation test data to test modifications maintaining a separate copy of production data for parallel execution
certification and accreditation
Certification and accreditation is a two-step process. Certification is the
process of evaluating the security parameters of the new system against the
standard, predefined standards. This is done for both the technical as well as
the nontechnical parameters. The output of this process is to be sent to an
-
8/2/2019 D5-SeguridadAplicaciones.pdf
27/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |27
accreditation officer who reviews and certifies the document and further
authorizes the software to be implemented for production for a specific period
of time.
installation
In the installation phase, the system is moved from the acceptance phase intothe live production environment. During this phase, the system is
implemented after obtaining security accreditation and the end user is trained
on how to use the system.
These security tasks are involved during this phase:
controlling data entry and data conversion
restricting access to the system
validating the accuracy of information flow
post installation
The post installation phase is for monitoring system performance and
ensuring the continuity of the system.
These security tasks are involved during this phase:
testing the backup and recovery procedures
ensuring adequate controls for data and report handling
determining the effectiveness of security processes
-
8/2/2019 D5-SeguridadAplicaciones.pdf
28/35
28|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
Summary
A knowledge-based system consists of the knowledge stored in a knowledge
base on a specific domain. These systems use artificial intelligence (AI). There
are two types of knowledge-based systems, expert systems and neural
networks.
There are three approaches ad-hoc, waterfall, and iterative that you can
use to develop software. The development team has to select the best
software development approach. The software life cycle is typically broken into
phases. Security should be implemented during each phase of the SDLC.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
29/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |29
Databases and Data Warehousing
Learning objective
After completing this topic, you should be able to distinguish between various
database models and technologies, and define basic concepts associated with
databases and data warehousing.
1. Database models
A database is a collection of information stored and organized in tables. A table
consists of rows and columns.
An organization uses databases to store their business
data related to customers, vendors, products, or orders.
The dependency of the organization on the usage of
databases is increasing because of its capability of
providing the right data at the right time. This helps the
management in its decision-making process. As a result,
the security personnel should implement appropriate controls to protect the
databases from unauthorized access, tampering, and destruction of data.
The storage and retrieval of data to and from a database seems transparent but the
data actually travels through a number of levels view, physical, and logical
within a database. To effectively secure the database, security personnel should
understand the flow of the data stored in the database.
To store, retrieve, and manage data, you use the Database Management System
(DBMS).
Further, the DBMS provides data integrity and removes data redundancy and
inconsistency when viewing the data.
The elements of the DBMS include database, hardware, software, and end users.
Before creating a database, you need to define the database structure, keeping in
mind the organizational requirements. For example, an architect develops the
structure of a building before constructing it.
You need to define the relationships between the data stored in the database. To
achieve this, you need to create a database model. This model defines the structure
of the database.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
30/35
30|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
A database model should provide
transaction persistence
Transaction persistence is a feature of database models that keeps the state of the
database the same as it was before any transaction occurred.
fault tolerance and recovery
Fault tolerance and recovery is a feature of database models that keeps data in its
original state. There are two ways of data recovery, rollback, and shadow.
Rollback cancels the last incomplete or invalid transaction and retrieves data.
Shadow reapplies the transaction to the previous state of the database.
sharing by multiple users
Sharing by multiple users is a feature of database models that allows multiple
users to share data without corrupting the data.
security controls
Security controls is a feature of database models that defines access permissions
for data and checks for data integrity.
There are six types of database models:
Hierarchical
The hierarchical model merges records and fields into a
logical tree structure that represents the database structure.
The data stored in this model is linked in a way that each
record (child) has only one owner (parent). This model is
useful for mapping one-to-many relationships.
These are the features of the hierarchical model:
a tree is the starting node of the database structure
the tree consists of a root node, subtrees, and leaf nodes
the nodes below a node are the child nodes of that node
each node in the tree has its parent node and child nodes
Suppose you have two tables, Students and Schools. The Students table contains
StudentNames and StudentIDs and the Schools table contains SchoolName and
SchoolCode. Each student can be enrolled in only one school, but that school can
have multiple students. Here, school is the parent and student is the child.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
31/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |31
Network
The network database model is similar to the hierarchical database model but
offers more flexibility with respect to the relationships among
records. This model overcomes the limitation of the
hierarchical model by establishing a multiple child-parent
relationship.
For example, there are two types of loan categories (parent), housing and vehicle.
The borrower (child) can apply for both categories of loan. Here, the borrowers can
take a loan for housing and vehicle. The multiple child-parent relationship is
established.
Relational
The relational database model simplifies the database
structure by storing data in tables in the row-column format.
Each row is known as a tuple or a record and each column is
known as an attribute or field of the record. This model is
useful for mapping many-to-many relationships.
Suppose you have two tables, Customer and Product. The Customer table consists
of CustomerID and ProductID. The Product table consists of ProductID and
ProductName. The relationship between the tables is established by using the
common field, ProductID. A customer can buy many products and one product can
be sold to many customers.
This model is capable of handling ad-hoc queries using a query language called
Structured Query Language (SQL). SQL is a declarative programming languagethat helps retrieve data from relational databases.
SQL uses query statements to retrieve information from databases. Using these
queries, you can specify
what data you want to retrieve
the tables from where you want to retrieve the data
how you want to display the data
Spreadsheet
The spreadsheet database model represents a databasestructure created using a spreadsheet program, for example,
Excel, Lotus 123, Quattro Pro, and Monte Carlo simulations.
This database model provides mathematical functions that
help in computing.
The format for organizing and storing data remains the same as in the relational
-
8/2/2019 D5-SeguridadAplicaciones.pdf
32/35
32|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
model by using tables.
Suppose a company deals with a large number of products. To estimate the
average return and identify the risk of the new products, the company uses the
spreadsheet database model.
Object-oriented
The object-oriented data model organizes data using object-
oriented programming features.
These are the features of the object-oriented database model:
represents information in the form of objects
objects are reusable in programming languages, such as Visual Basic and C#
enables you to create object copies and allows you to make changes to the copies
Distributed
In the distributed database model, the data is stored in
multiple databases but remains logically associated. The user
believes that there is only one database even though it is
spread across different parts of the network.
For example, the market research group of an organization consists of ten
databases located in different parts of the world. These databases are logically
connected to each other. The market research group can query all the databases
to view the likes, dislikes, and preferences of customers all over the world. This
helps the organization when launching new products.
Depending on the user requirement, data can be arranged according to any of the
models. These include hierarchical, network, relational, spreadsheet, object-
oriented, and distributed.
2. Database access technologies
Retrieving data is the most essential part of database
management. For this, you can use various
technologies that allow users and applications to access
the data by establishing a communication mechanism
and a specific interface type.
Open Database Connectivity (ODBC) is an interface
that allows an application to communicate with a local or remote database. To
access data, ODBC translates the application requests into database commands
and tracks the required database driver for the application. The goal of ODBC is to
make it possible to access data from any application.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
33/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |33
Object Linking and Embedding (OLE) is a Microsoft technology used to link data
objects into or from multiple files or sources on a computer.
OLE provides access to data, regardless of format, type, or location. For example,
the organization's critical data stored in the database might come from other
applications, such as Microsoft Excel, Microsoft Access, or web applications.
OLE is based on Component Object Model (COM), which allows one application
(source) to access data from another application (destination). OLE segregates the
data into interoperable components, which are executed as middleware at the
application (source) end.
Linking creates a link to the actual object. Embedding inserts the copy of the object
into a document. When the actual object is updated, the embedded object is also
updated when you open the document.
For example, you can embed an Excel chart in Word. When you change the Excel
chart, the chart inserted in Word is also updated when you open Word.
A few more database access technologies help to connect end-user applications to
the databases. These are
eXtensible Markup Language
eXtensible Markup Language (XML) is a standards-based format of the World
Wide Web Consortium (W3C) that facilitates data interchange between different
applications. W3C has created a text file that consists of the data structure. This
data structure defines the format in which the data can be displayed. This helps
represent data in a structured and standardized format independent of the
database and application.
Java Database Connectivity
Java Database Connectivity (JDBC) is an application programming interface (API)
that connects Java programs and databases, directly or indirectly. If the database
vendor provides the JDBC drivers, the connection between the Java program and
the database is established directly. Otherwise, the connection is established
indirectly through ODBC to provide a standardized database interface for Java.
ActiveX Data Objects
ActiveX Data Objects (ADO) is an API offered by Microsoft that enables users towrite programs. This program helps access relational and nonrelational databases
from Microsoft and other database providers.
Online Transaction Processing
Online Transaction Processing (OLTP) is a data processing system designed to
record all the business transactions of an organization as they occur. OLTP helps
in the real-time processing of the SQL transactions.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
34/35
34|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6
OLTP ensures that two users are not simultaneously modifying data, or one user
cannot change the data if the other user is using that data.
OLTP consists of a transaction log, which records all information about the
transactions. If the system fails during the transaction, it is recorded in thetransaction log. The next time that the system starts, the transaction log is
reviewed and the transaction starts from where it stopped the last time.
3. Basic database concepts
Data mining is a procedure or tool that allows analysts to examine a data
warehouse and look for possible correlated information among historical data. It
helps find hidden data patterns, trends, and data relationships that exist in
databases.
Data mining is useful for
analyzing credit risk
frauds detection
monitoring competition
asset evaluation
Inference is an attack that uses a combination of several instances of nonsensitive
information to achieve access to information that ought to be classified at a higher
level.
Suppose that, in an organization, a user reads all records of the technical
complaints made in a day. He would get an idea about what resources are present
in the organization and who owns the resources. This information might be used for
undesirable activities that might prove to be a risk.
Polyinstantiation refers to an event that occurs
when multiple rows in the same table have
identical primary key elements but with each being
distinguished by a different security level.
Polyinstantiation ensures the integrity of all copies of the information in the
database. In addition, polyinstantiation ensures the storing of confidential data at
multiple locations within the database.
Polyinstantiation is often used as a defense against some types of inference
attacks.
-
8/2/2019 D5-SeguridadAplicaciones.pdf
35/35
S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |35
Summary
Database models represent the database structure and define the correlations
between the data. The different types of database models are hierarchical, network,
spreadsheet, object-oriented, relational, and distributed.
The database access technologies include ODBC, OLE, XML, JDBC, ADO, and
OLTP.
Some important database concepts include data mining, data warehouse,
inference, and polyinstantiation.