D5-SeguridadAplicaciones.pdf

8/2/2019 D5-SeguridadAplicaciones.pdf

1/35

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6 A p p l i c a t i o n S e c u r i t y |1

Application Development Fundamentals

Abstract

This article explains the types of source codes and the functionality of

different program types.

Types of Source Codes

Application security is an integral part of security. There are various issues

arising from Java, ActiveX controls, malicious code, and other attack methods.

These issues result in undesirable events occurring in the application. You

need to identify these application-related issues and implement

countermeasures to eliminate or reduce them. The applications are developed

using open or closed source code programs.

The program source code, which is available to you freely for reading and

modification, is called an open source code program. You can customize the

source code per your requirements without any restrictions. Further, you can

redistribute the program to other users without paying any royalties to the

original developer. The aim of an open source code program is to improve the

performance of the program. The Linux operating system and the Apache web

server are examples of programs or applications developed using open source

code programs.

Unlike an open source code program, closed source code programs are not

available freely to users. To use closed source code programs, you need toobtain a license from the developer of the program. Further, you cannot

modify the program per your requirements. You can only use the binary

version of the source code as the executable file. To access the source code

of the closed program, you need to sign a nondisclosure agreement. The

applications developed by Microsoft are written and developed using closed

source code programs.

Types of Programs

Computers execute only programs that are written in machine language that is

also known as first-generation computer language. A machine language

program consists of binary instructions, such as 0s and 1s. The instructions

are interpreted and executed by the CPU. However, writing programs using

machine language is difficult and time-consuming. As a result, the assembly

languages, also known as second-generation computer language, were

introduced. Before the CPU executes the programs written in assembly

language, the program is converted into machine language using a program

called an assembler.


2/35

2|A p p l i c a t i o n S e c u r i t y S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

An assembler is a program that converts programs written in assembly

language to machine language, which is easily understood by the computer.

Programs written in an assembly language consist of symbols and words

instead of numbers. Before a program is executed, the assembler program

converts the symbols and words into the corresponding binary numbers.

However, writing complex programs in assembly language is difficult and time-

consuming. In addition, programs written in assembly language only work for a

specific family of CPUs.

With the introduction of high-level languages or third-generation computer

languages, such as COBOL, FORTRAN, and C, programmers started using

simple English-like statements to write their programs. Unlike programs written

in machine language, high-level language programs do not interact directly

with hardware. As a result, high-level programs need to be converted to

machine language.

Compiler and interpreter are programs that are used to convert high-level

language program into machine language. The difference between them lies

in the process of program execution. The compiler parses or analyzes the

entire program at a time for syntactical correctness and then produces an

output code. The output code is referred to as machine code, which is further

processed by the processor.

An interpreter program interprets each statement of the high-level program at

one time and stops program execution when it encounters an error. The

output code is generated only when the program is error-free. This run-time

analysis of a program is known as interpretive overhead.


3/35


Summary

Application security is an integral part of security. These security issues result

in undesirable events occurring in the application. The applications are

developed using open or closed source code programs.

The program source code that you can modify is called an open source code

program, and the program source code that you cannot modify is called a

close source code program.

Computers execute only the programs written in machine language. A

machine language program consists of binary instructions, such as 0s and 1s.

An assembler program converts programs written in assembly language to

machine language.

Compiler and interpreter are programs that are used to convert high-level

language program into machine language. A complier program analyzes the

entire program at one time while an interpreter program interprets each

statement of the program at one time.


4/35


Attack Methods

Learning objective

After completing this topic, you should be able to distinguish between the

types of attacks used in the enterprise environment and identify the

appropriate methods to counteract them.

1. Types of attackers

Before understanding the different types of attack that occur in the enterprise

environment and how to counteract them, security professional should know

about the entities that conduct the attacks.

These entities include

hacker

Hackers are individuals who attempt to access information systems and

network resources in an unauthorized manner.

cracker

Crackers are individuals who intentionally break into a computer system by

breaching computer security. A cracker's motives are usually altruistic or to

prove that a system can be breached.

phone phreak

Phone phreaks are individuals who crack the phone network to make free

long-distance calls in an unauthorized manner.

These entities are responsible for conducting attacks related to denial of

service (DoS), security architecture, and access control. They are also

responsible for sending hoax messages.

Hoaxes are false statements made with the intention of scaring users. They

aim at deliberately misleading the users and prompting them into performing

rash actions.

A hoax includes

e-mail hoax

E-mail hoaxes consist of fake and chain-letter-style documents that spread

faster than any other hoaxes.

web hoax


5/35


Web hoaxes spread through bogus web sites containing false or misleading

information.

You can consider a computer virus alert a hoax when it

is received from an unknown person asks you to visit a web site and download antivirus software

asks you to forward it to other users

2. Types of attacks

Attackers perform DoS attacks on operating systems to make resources

unavailable to valid users.

The six types of DoS attacks are

Smurf and fraggle

A smurf attack is launched using Internet Control

Message Protocol (ICMP) packets. An ICMP packet

contains the return address of the victim's computer.

The attacker broadcasts the ICMP packet to the amplifying server or network.

The amplifying server sends this ICMP packet to thousands of active

computers. All the active computers on the network reply to the victim's

computer. The reply traffic to the victim's computer overwhelms, and

sometimes crashes, the victim's computer. Further, this attack consumesmost network bandwidth and makes the entire network unusable.

A fraggle attack is similar to the smurf attack. The only difference between the

two is that the fraggle attack uses User Datagram Protocol (UDP) packets

instead of ICMP packets.

These countermeasures can be used against smurf and fraggle attacks:

set up a firewall to block all broadcast and ICMP messages

configure all computers to drop ICMP messages

turn off the directed broadcast capability of the router

implement intrusion detection system (IDS) to monitor and notify the system

administrator about the occurrence of these attacks

install the latest security patches on the system

SYN flood

A SYN flood attack is waged by not sending the final

acknowledgement (ACK) packet, which breaks the


6/35


standard three-way handshake used by TCP/IP to initiate communication

sessions.

During the attack, the attacker sends a Synchronize (SYN) message with a

fake IP address to the victim's computer. The victim acknowledges the SYN

message, sends the Synchronize-Acknowledge (SYN-ACK) message back tothe attacker, and reserves memory space for the connection. However, the

victim's computer does not receive an ACK message. This process keeps

repeating and the victim's computer runs out of the resources required for the

half-opened connection. As a result, the victim's computer crashes or stops

accepting connection requests.

These countermeasures can be used against SYN flood attacks:

set up firewall to limit the number of connection requests

implement IDS

use SYN cookies to avoid the allocation of resources to half-opened connections

install the latest security patches on the system

Teardrop

Teardrop attacks occur when an attacker exploits a bug

in an operating system. The bug exists in the routines

used to reassemble fragmented packets. An attacker

sends numerous, specially formatted, fragmented

packets to the victim, which causes the system to

freeze or crash.

These countermeasures can be used against the teardrop attack:

merge all the fragmented packets into a full packet before routing them to the target

system

implement IDS to detect all the fragmented packets

Distributed denial of service

Distributed denial of service (DDoS) attacks occur when

a large number of systems attack a single system to halt

network activity.

In DDoS attacks, the attacker installs client attack

software on computers and uses them to send service requests to the victim's

computer until it stops functioning. The computers that the attacker uses for

targeting the victim's computer are called slaves or zombies.


7/35


These countermeasures can be used against DDoS attacks:

scan the computers to identify if the attack software is installed on them

access the log files on which the client attack software is installed to determine the

location of the attacker

disable unused services on the systems

install firewall and IDS

DNS DoS

Domain Name Service (DNS) DoS attacks occur when

an attacker changes the IP address of a web site and

maps it to an incorrect host on the Internet. This

prevents users from accessing the original web site.

These countermeasures can be used against DNS DoS attacks:

implement a secure DNS

update the DNS Berkeley Internet Name Domain (BIND) version because BIND

consists of the resolver library, which has standard APIs for translating domain

names and IP addresses

configure the DNS servers for internal and public records

Cache poisoning

Cache poisoning attacks occur when an attacker is

unable to change the DNS address of a web site and

enters false data about the DNS address of the web

site in the cache. As a result, users are unable to

access the required web site.

These countermeasures can be used against cache poisoning attacks:

configure DNS servers

implement Domain Name System Security Extensions (DNSSEC), which helps

track cache poisoning attacks using cryptographic electronic signatures

use HTTPS to validate the server's digital certificate

DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS,

and cache poisoning.

The attacks related to access control are

brute force

Brute force attacks occur when an attacker tries different input combinations

to obtain the correct password.


8/35


To avoid brute force attacks

keep the password length to a minimum of eight characters

lock the account after a specified number of unsuccessful attempts

implement strict access control to reduce the occurrence of such attacks

dictionary

Dictionary attacks occur when an attacker tries a list of possible passwords,

which are located in a dictionary file or word list. The attacker uses a cracking

tool to crack the passwords.

To avoid dictionary attacks use

the one-time password authentication technique

the password renewal policy to enforce password rotation

hard-to-guess passwords

cracking tools to identify weak passwords

implement IDS

spoofing

Spoofing attacks occur when an attacker modifies data packets with false

information to trick other systems or users and hide the origin of the message.

Hackers usually do this so that their identity cannot be successfully revealed.

To avoid spoofing attacks

configure firewall to discard packets that contain Request for Comments (RFC)

1918 private addressing

avoid using reserved IP addresses because these are used by the attackers to

spoof the host and attack the system

use egress and ingress filtering systems to ensure that only required packets can

enter and exit the network

implement intrusion prevention system (IPS) to monitor network traffic

In addition to DoS and access control attacks, there are attacks related to the

security architecture. The buffer overflow attack, also known as smashing the

stack, is related to the security architecture, where an attacker causes or useserrors or bugs in code to cause system memory problems.

For example, because of bugs in code, the attacker can store more data in the

buffer than its storage capacity. As a result, the additional information in the

memory overflows. The attacker exploits this vulnerability to crash the

computer or insert certain code that allows the attacker to gain control of the

computer.


9/35


To avoid this attack, you need to

use the bound checking mechanism in program code to check the length of

the input variable

install the latest security updates, patches, and hot fixes

Further, there are other attacks trapdoor, timing, pseudo flaw, and alteration

of authorized code.

Trapdoor is an undocumented command sequence that allows software

developers to bypass normal access restrictions. During the program testing

stage, the developer needs to continuously authenticate to the system.

To speed up the development process, the developer comments the

authentication code in the program to skip the authentication process. If the

developer leaves these trapdoors open in the program, attackers can exploit

this vulnerability and gain access to the system without authenticating.

To avoid trapdoor attacks, the developer should document the command

sequences commented in the program.

Timing attacks include

between-the-lines entry

negative acknowledgment attack

line-disconnect

between-the-lines entryBetween-the-lines entry attacks occur when an attacker taps the temporarily

inactive terminal of a legitimate user in an unauthorized manner.

To avoid this attack, communication lines should be kept secured so that the

attacker cannot enter the secured communication lines.

negative acknowledgment attack

Negative acknowledgment (NAK) attacks occur when an attacker capitalizes

on an operating system's failure to suitably handle NAK packets. A NAK

packet is a response sent from a receiving device to a sending device,

indicating that the information received contained errors.

To avoid this attack, systems should be programmed properly to process

NAK packets.

line-disconnect

Line-disconnect attacks occur when an attacker accesses and uses the

communication session of the user who is trying to terminate his


10/35


communication session.

To avoid this attack, implement a secured communication line.

Pseudo flaw attacks are loopholes that are inserted into the operating system

or the program by developers to trap attackers and track the source of attack.The aim is to ensure that attackers spend more time and effort on attacking

the flaws in the program, instead of attacking the actual program.

Alteration of authorized code attacks occur when an attacker modifies the

authorized code in a program. For example, there are programs you can

execute only after entering a valid authorization code. To execute this

program, the attacker modifies the authorized code in the program.

To do this, the attacker identifies the subroutine in the program that checks for

authorization and writes a small program. This program creates patches in the

authorized code. The next time the attacker executes the program, theinstructions specified in the patch program are executed, which bypasses the

authorization subroutines in the program.


11/35


Summary

Hackers, crackers, and phone phreaks are responsible for conducting various

attacks within an organization.

DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS,

and cache poisoning. Attacks related to security architecture include buffer

overflow. Similarly, access-control-related attacks include brute force,

dictionary, and spoofing. In addition to these attacks, there are other attacks,

including trapdoor, timing, pseudo flaw, and alteration of authorized code.

Security personnel should establish countermeasures to protect the

organization from these attacks.


12/35


Malicious Code

Learning objective

After completing this topic, you should be able to recognize the different types

of malicious code that can affect a system or network and identify the methods

that can be used to mitigate them.

1. Computer attacks

Different types of attacks can affect a system. Each attack type has a

prevention mechanism or countermeasure associated with it.

There are four types of computer attacks:

TOC/TOU

Time of Check/Time of Use (TOC/TOU) is a timing

attack that occurs when a program checks access

permissions in advance of a resource request.

For example, when a user logs on to a system, the

system creates an access control list for the user. Now, if the system

administrator changes the access control of the user when the user is logged

on, the changes will not be applied. The changes will be applied only after the

user logs on again.

To avoid TOC/TOU, the access permission to a resource should be checked

when you are accessing the resource and not in advance.

Social engineering

One of the most overlooked attacks is social

engineering. This is the act of tricking a person into

providing confidential information by posing as an

individual who is authorized to receive that

information.

To avoid social engineering attacks, the user must

be aware of social engineering attacks through security awareness training

take the initiative and refrain from giving confidential information over the phone or

the Internet

follow the security guidelines laid down by the organization in handling unknown

requests for information or clearance


13/35


Threat agents

People, programs, hardware, or systems that

exploit vulnerabilities are termed threat agents. A

natural calamity that poses a risk to information

security is also termed a threat agent.

To avoid threat agents, you need to perform threat

analysis.

This involves

identifying potential threats to the information system

determining the factors responsible for the identified threats

identifying the countermeasures to be established against the identified threats

Mobile code

Mobile code is a small, executable program that is

transmitted across a network and executed on a

local system. Users can download this program

from an untrusted source and execute it on their

systems. This increases the risk of attack. In

addition, this program might consist of malicious

code, which consumes all system resources and causes the system to crash.

There are two types of mobile codes, Java applets and ActiveX.

Java is an object-oriented language that is used to write small programs,called applets, which are executed autonomously from the server that sent

them.

Poorly written applet programs

restrict access to your computer's system resources

erase confidential information from your computers

send data to an unknown location on the network

write malicious code into the processor

Java is a platform-independent programming language that creates

intermediate code called bytecode. This code is not processor specific. To

create processor-specific code, you use Java Virtual Machine (JVM), which

converts bytecode into machine code.

Java applets, which are downloaded and executed from remote computers,


14/35


are called untrusted programs. They have limited access to a computer's

memory, processor, and resources.

Java provides you with a security mechanism called sandbox, which is a

security boundary within which the untrusted Java applet is executed.

However, the applet programs you write are secured and trusted and,therefore, reside outside the sandbox. The sandbox restricts the amount of

memory and processor resources required to execute the program. If the

program exceeds these limits, the browser terminates the program.

You can also install firewall and filter the applet programs. Firewall filters the

applet programs by searching the telltale sign, "0xCAFEBABE."

In addition, you can use the cryptographic authentication technique to find the

owner of the mobile code. This technique limits the risk to a user.

ActiveX is another example of mobile code developed by Microsoft using

Component Object Model (COM). ActiveX is active code that is a reusable

and stand-alone control. These controls can be written using different

programming languages, such as C++, Visual Basic, Visual C++, or Java.

In the ActiveX model, a web page consists of a number of controls that help

users interact with a web page.

ActiveX uses a security scheme that includes digital signatures, which are

verified using the Authenticode technology. This technology ensures that the

controls are not modified before users download them. As a result, ActiveXcontrols are secured and have greater access to the resources on the

computer.

However, users can disable the Authenticode option on their systems. This

results in the downloading of unsigned controls. As a result, you need to use

firewall to filter ActiveX controls.

Computer attacks include TOC/TOU, social engineering, threat agents, and

mobile code.

2. Malicious codes

Malicious code is another form of computer attack. It

includes an extensive range of programmed computer

security threats that take advantage of various

network, operating system, physical security, and

software vulnerabilities to distribute malicious code to


15/35


computer systems.

There are various types of malicious codes, ranging from viruses to spyware.

A virus is an unwanted and unsolicited malicious program or piece of code

that can damage a computer system.

They are transferred from one system to another when you

share data

share storage devices hard disk or floppy disk without granting

appropriate access rights

download files from the Internet

open unknown e-mail messages

It is to be noted that viruses are never transferred without the help of human

intervention.

The various types of viruses are

file infector

The file infector virus attacks the executable files with the .exe and .com

extensions. When you execute the infected file, the virus attaches itself to

other program files.

boot sector or system infector

The boot sector or system infector virus plants itself in a system's boot sectorand infects the master boot record. This virus is activated when you boot up

the system. To avoid this problem, the manufacturers are now adding special

protection to the boot sectors of the storage media.

multipartite

A multipartite virus is also known as a multipart virus. This virus

simultaneously attacks the boot sector and the executable files. Accordingly,

multipartite viruses combine the characteristics of file infector and boot sector

viruses.

For example, the Marzia virus, discovered in 1993, infected the executablefiles as well as the system's master boot record by writing malicious code to

them.

script

Script viruses are written using script languages. The virus either infects other

scripts or forms a part of multicomponent viruses. This virus affects only those

applications for which it has been written. Script viruses are spread through e-


16/35


mail attachments.

For example, the Melissa virus affects systems that have the Microsoft

Outlook Windows client installed. If the Outlook client is not installed on a

system and the script virus is executed on that system, the script virus will not

spread.

encrypted

An encrypted virus consists of a virus detection routine and an encrypted

virus body. When the infected program is executed, the virus decryption

routine takes control of the computer and then decrypts the virus body.

macro

A macro virus infects Microsoft Word or Excel applications, typically disrupting

workflow by inserting unwanted words or phrases. Macro viruses use the

application's own macro programming language and infect documents and

templates. This virus does not affect program files.polymorphic

A polymorphic virus comprises of three parts, the virus body, the decryption

routine, and the mutation engine. When the infected program is executed on

the user machine, the decryption routine first decrypts the encrypted virus

body and the mutation engine and then allows the virus to search for the next

program to be infected. The decryption routine is randomly generated by the

mutation engine. After every cycle of replication, the virus changes its

signatures making it difficult for any antivirus software to detect it.

A worm is a subclass of virus. Worms spread automatically by taking control of

the system and do not require any human intervention. They replicate very

quickly and consume memory and network bandwidth, and waste CPU cycles.

Trojan horses are programs that are embedded in software programs. They

do not replicate themselves and simply execute the payload when the

program is opened. Generally, Trojan horses promote trapdoor or backdoor

attacks to access system resources.

A logic bomb is a dormant or sleeping virus that is triggered when specific

conditions are met. These conditions are known as triggers and are introduced

by programmers. Triggers might be anything, ranging from time to the total

number of times the program is executed.

A logic bomb unexpectedly destroys the data stored on the hard disk. It

becomes challenging to identify the data loss. The range of destruction is

always on the higher side. System administrators should back up data at

regular intervals to avoid any sort of data loss and install antivirus software to

detect the virus at early stages.


17/35


Spyware is code written to capture keystrokes and system information or

install a backdoor on the system. Spyware use keyloggers that help capture

the passwords, credit card information, or other, sensitive data.

These countermeasures can be put in place against viruses:

install the antivirus software on a computer or network to monitor and

identify all major types of malware and prevent or contain malware

incidents

install a host Intrusion Detection System (IDS) on a computer to monitor

the activities on that computer and identify the files and processes that

have been compromised or used by a malicious user to perform

unauthorized activities

adhere to the organization's e-mail policy and avoid opening unidentified e-

mail attachments

3. Covert channel types and DCOM

A covert channel is a communication path that enables a process to transmit

information in a way that violates the system's security policy.

A covert channel includes

storage channels

A storage channel is a covert channel that involves one process writing to a

storage location and another process directly or indirectly reading the storage

location. Covert storage channels typically involve a resource, for example

sectors on a disk, which is shared by two subjects at different security levels.

timing channels

A timing channel is a covert channel in which one process modulates its

system resource, for example CPU cycles, which is interpreted by a second

process as some type of communication.

Distributed Component Object Model (DCOM), developed by Microsoft, is anextension of Component Object Model (COM), and is created to support

distributed computing. DCOM consists of various prebuilt objects software

modules that reside on separate computers on the distributed network.

These objects are reusable, self-contained objects and can perform specific

business functions.


18/35


Programmers are now creating applications using DCOM objects. The

software components can gain access to these distributed objects and can be

integrated in the application.

DCOM provides the authentication, integrity, and

confidentiality of data through a single property called

authentication level.

The authentication level can only be applied to

objects that are residing on the server. However, you can decide the level of

authentication you want to apply to an object.


19/35


Summary

There are four types of computer attacks. These include TOC/TOU, social

engineering, threat agents, and mobile code.

Malicious code is an extensive range of programmed computer security

threats that take advantage of various network, operating system, physical

security, and software vulnerabilities to distribute malicious code to computer

systems. Malicious code includes viruses, worm, Trojan horses, logic bombs,

and spyware.

A convert channel is a communication path that enables a process to transmit

information in a way that violates the system's security policy. DCOM is an

extension of COM and is created to support distributed computing.


20/35


Knowledge-Based Systems and the Development Life

Cycle

Learning objective

After completing this topic, you should be able to recognize the characteristics

of various knowledge-based systems and identify the activities involved in the

different phases of the information systems development life cycle.

1. Knowledge-based systems

Several data retrieval techniques can be used to retrieve data. However,

because of the large volume of data stored in databases, it has become

difficult for employees to retrieve the right information at the right time.

This hampers the decision-making process of the management. You can solve

this problem by using knowledge-based systems.

A knowledge-based system consists of knowledge stored in a knowledge base

on a specific domain, such as accounting, production, and medicine. The

information stored in the knowledge base is collected from experts who have

in-depth knowledge of their respective domains.

A knowledge-based system uses artificial intelligence (AI), which enables the

system to think and behave like a human and solve complex problems,

identify hidden patterns, draw inferences, andhelp forecast and diagnose issues.

An expert system is a knowledge-based system

that uses AI to solve complex problems. An expert

system is based on

rule-based programming

Rule-based programming refers to the set of rules and algorithms that are

based on if-then statements. Based on user input, these rules define what

action needs to be taken in a particular situation by matching the user input

with the rules stored in the knowledge base.

For example, an expert system can be designed to help people decide what

to do in the event of an earthquake. The knowledge base might contain these

statements:


21/35


if the earthquake is between 3.5 and 5.4 on the Richter scale, people should not

stand under trees and stay away from any heavy objects placed at a height

if the earthquake is between 5.5 and 6.0 on the Richter scale, people should move

out of their homes because the homes might collapse

inference engine

Inference engine searches the rules based on user input in the knowledge

base and decides which rules are applicable to the situation. The inference

engine acts like the human brain that takes decisions in all situations.

Continuing with the example of the earthquake, a user might inform the expert

system that an earthquake measuring 5.8 on the Richter scale has occurred.

The inference engine analyzes the information stored in the knowledge base

and makes a recommendation.

The main aim of creating an expert system is to aid decision makers and

technicians by providing them with the expertise to arrive at a conclusionquickly.

An artificial neural network is another type of knowledge-based system, which

processes information based on the neuron structure of the human brain. A

conventional system can perform complex mathematical tasks but fails to

remember the logic of the program. This can be achieved by using artificial

neural networks.

An artificial neural network system uses highly interconnected processing

elements, which are capable of learning, remembering, and solving a problem

from the acquired knowledge or tasks that have been already performed.

Neural systems can be implemented in various applications, such as voice

recognition and face identification.

Unlike other systems where processing is done sequentially, neural networks

process information in parallel, which makes them robust. The failure of a

single node does not lead to system failure.

The advantages of neural networks are

adaptive learning

Adaptive learning is the ability of the system to learn tasks that have been

performed already or for which training has been imparted.

self-organization

Self-organization is a characteristic of neural networks by virtue of which the

networks organize the information they receive during the learning period.


22/35


real-time operation

Real-time operation refers to the ability of neural networks to enable the

parallel processing of tasks.

fault tolerance via redundant information coding

Fault tolerance via redundant information coding refers to the ability of thenetwork to function even when one or more nodes on the network are not

functioning.

Conventional computers use algorithms to solve problems. This means the

instructions are processed sequentially. But neural networks function

depending on the input provided during training in the form of content,

guidelines, and examples. These networks compute logic in parallel and, as a

result, the outcome is based on the input provided.

The only disadvantage of the neural networks is that their operations are

unpredictable because problems are solved through adaptive learning.

2. System development life cycle

When designing a system, the system analyst should follow these guidelines

for designing controls:

the controls should ensure that all the data is processed

the controls should avoid error-prone situations in the application

the controls should be able to track and fix errors as early as possible

the controls should not hamper data flow within the application

the controls should be cost effective

the controls should follow the organization's overall security strategy

The system analyst should follow these guidelines to control the development

process:

testing includes program testing, system testing, and acceptance testing

file conversion includes planning, following up errors, and checking old files

controls change requests

provide training to users on how to operate the application and prepare

documentation

There are three approaches to develop software:

Ad-hoc

Waterfall


23/35


Iterative

Ad-hoc

The ad-hoc approach is followed when there is no fixed

development plan for a project. The team members

involved in the project work according to their own

understanding. As a result, the performance of the team

members is monitored on an individual basis.

The benefit of this approach is that no prework is required for creating plans

and the individual team members can work on their own.

The disadvantage of this approach is that the entire organizational capability

cannot be measured because every individual works according to his own

understanding. Various parameters, such as schedules, budgets, and

functionality, remain inconsistent.

Waterfall

The waterfall approach structures the different phases of

the system development life cycle (SDLC), such as

analysis, design, programming, and testing. All the

activities listed for a particular phase have to be

completed before the next phase begins. The output of one phase acts as

input for the next phase.

The advantage of this approach is that every step is planned and

documented. This prevents discrepancies from creeping into the process.

The disadvantage of this approach is that it is not suited for large projects or

for projects that have a short delivery span. The reason is that the team

cannot perform various tasks concurrently because the completion of one

phase denotes the beginning of the next phase.

Iterative

The iterative approach divides a project into small

modules for flexibility. Each module then follows the

waterfall model for development.

The main advantage of this approach is that each

module is documented, and the entire team can work simultaneously on

various modules. If any changes need to be made, this can be conveyed at

the early stages and feedback during the development process helps enhance

the project.


24/35


Various models have been developed based on the iterative approach. The

prototyping model is one of them.

The prototyping model helps a user view the elementary working model of the

project. This prototype can be worked on for further changes, depending on

user feedback. The entire process of refining the prototype continues till theuser is satisfied by it.

The different forms of the prototyping model include

Rapid Application Development (RAD) strictly adheres to the timelines set.

This enables the quick development of the project.

Joint Analysis Development (JAD) allows developers to work with users. This

enables a better understanding of user requirements and ultimately user

satisfaction. In addition, JAD promotes teamwork, which combines the

expertise of all individual team members.

Modified Prototype Model (MPM) allows the quick implementation of the

projects' prototype. The maintenance phase remains a continuous phase after

the initial installation. The project has scope for improvement, depending on

requirements.

Apart from the prototyping model, the other models include

The exploratory model relies on assumptions for the project to be developed.

This model is followed for projects for which requirements cannot be identifiedat the initial stages. Project development begins with whatever raw data is

available at the early stages. As a result, this model is followed for projects

where requirements are not precisely mentioned.

The spiral model is a combination of both the prototype model and the

waterfall model. Apart from this, an additional feature of risk assessment is

included in this model. The initial prototype is developed using the waterfall

model and then risk assessment is conducted to evaluate the feasibility of the

project because of increased costs or lengthened timeframes, if any.

The object-oriented programming model concentrates on objects that are the

building blocks of this model. Each object is a self-contained module of

preassembled programming code. The advantage of using this model is that

the object can be reused later. Object-oriented programming can be based on

either the reuse model or the component-based development model.

The extreme programming model follows the ethics of working in a team. It

incorporates moral values, such as simplicity, communication, feedback, and


25/35


courage. This enables the entire team to work as one unit, deliver the software

in a series of small, integrated releases, and meet user expectations.

The cleanroom model saves time in the testing phase by working vigorously

during the design phase. This strategy aims at preventing defects rather than

removing them. The user receives a high-quality product in a comparativelyless amount of time.

Based on user requirements, the development team selects the best software

development approach suited to develop software. The aim is to provide

quality products and meet all user expectations.

After deciding the software development approach, you need to follow the

various development phases of SDLC to protect the system. Security is one of

the major concerns in the SDLC. It should be implemented throughout the life

cycle of the system.

The development phases include

project initiation

The project initiation phase aims at identifying business needs (functional

requirements) with the proposed solution, project objectives, scope,

strategies, cost, and other, related factors.

The security tasks involved in this phase are

checking whether the application requires protection

checking whether there are any potential risks of exposure of sensitive information

because of the application

checking whether any output requires special measures

checking whether the application will be accessed remotely

functional requirements definition

The functional requirements definition phase includes a comprehensive

analysis of all the present and future functional requirements of the new

system to satisfy users. Apart from this, the output of the project initiation

phase is also reviewed and required changes are made.

The security tasks related to this phase are similar to the project initiation

phase.

system design specifications

The system design specifications phase talks about all the designing issues

related to the system. In this phase, system architecture, expected system

output, and system interfaces are designed. Security issues have to be kept


26/35


in mind when inputting data, enabling data flow, and specifying data output

requirements.

build/development and documentation

The build/development and documentation phase involves the generation of

the source code of programs, test scenarios, and test cases. The system andprogram are documented for maintenance and turnover after unit testing is

conducted. The final output goes for acceptance testing and production.

Continuing with the various phases of the SDLC, there are a few more

phases. These include

acceptance

The acceptance phase involves a third party

creating the test data and testing the code to

ensure that the system developed is working

per the specifications and meets all the

functional and security requirements.

These security tasks are involved during this phase:

security testing should be performed to ensure no design and implementation flaws

creep into the system and allow the user to violate any of the policies

simulating the production environment to test the validity of the system

creating a security certification package and user documentation

testing and evaluation controls

The testing and evaluation controls phase ensures that the management

team confirms all the changes per the system requirements. The program

librarian should retain all the test data and a duplicate copy of the production

data should be used for similar types of data. The data also has to be

evaluated to ensure it has checked the system thoroughly for all parameters.


testing all changes and then validating the data

acknowledging the results of the test

retaining implementation test data to test modifications maintaining a separate copy of production data for parallel execution

certification and accreditation

Certification and accreditation is a two-step process. Certification is the

process of evaluating the security parameters of the new system against the

standard, predefined standards. This is done for both the technical as well as

the nontechnical parameters. The output of this process is to be sent to an


27/35


accreditation officer who reviews and certifies the document and further

authorizes the software to be implemented for production for a specific period

of time.

installation

In the installation phase, the system is moved from the acceptance phase intothe live production environment. During this phase, the system is

implemented after obtaining security accreditation and the end user is trained

on how to use the system.


controlling data entry and data conversion

restricting access to the system

validating the accuracy of information flow

post installation

The post installation phase is for monitoring system performance and

ensuring the continuity of the system.


testing the backup and recovery procedures

ensuring adequate controls for data and report handling

determining the effectiveness of security processes


28/35


Summary

A knowledge-based system consists of the knowledge stored in a knowledge

base on a specific domain. These systems use artificial intelligence (AI). There

are two types of knowledge-based systems, expert systems and neural

networks.

There are three approaches ad-hoc, waterfall, and iterative that you can

use to develop software. The development team has to select the best

software development approach. The software life cycle is typically broken into

phases. Security should be implemented during each phase of the SDLC.


29/35


Databases and Data Warehousing

Learning objective

After completing this topic, you should be able to distinguish between various

database models and technologies, and define basic concepts associated with

databases and data warehousing.

1. Database models

A database is a collection of information stored and organized in tables. A table

consists of rows and columns.

An organization uses databases to store their business

data related to customers, vendors, products, or orders.

The dependency of the organization on the usage of

databases is increasing because of its capability of

providing the right data at the right time. This helps the

management in its decision-making process. As a result,

the security personnel should implement appropriate controls to protect the

databases from unauthorized access, tampering, and destruction of data.

The storage and retrieval of data to and from a database seems transparent but the

data actually travels through a number of levels view, physical, and logical

within a database. To effectively secure the database, security personnel should

understand the flow of the data stored in the database.

To store, retrieve, and manage data, you use the Database Management System

(DBMS).

Further, the DBMS provides data integrity and removes data redundancy and

inconsistency when viewing the data.

The elements of the DBMS include database, hardware, software, and end users.

Before creating a database, you need to define the database structure, keeping in

mind the organizational requirements. For example, an architect develops the

structure of a building before constructing it.

You need to define the relationships between the data stored in the database. To

achieve this, you need to create a database model. This model defines the structure

of the database.


30/35


A database model should provide

transaction persistence

Transaction persistence is a feature of database models that keeps the state of the

database the same as it was before any transaction occurred.

fault tolerance and recovery

Fault tolerance and recovery is a feature of database models that keeps data in its

original state. There are two ways of data recovery, rollback, and shadow.

Rollback cancels the last incomplete or invalid transaction and retrieves data.

Shadow reapplies the transaction to the previous state of the database.

sharing by multiple users

Sharing by multiple users is a feature of database models that allows multiple

users to share data without corrupting the data.

security controls

Security controls is a feature of database models that defines access permissions

for data and checks for data integrity.

There are six types of database models:

Hierarchical

The hierarchical model merges records and fields into a

logical tree structure that represents the database structure.

The data stored in this model is linked in a way that each

record (child) has only one owner (parent). This model is

useful for mapping one-to-many relationships.

These are the features of the hierarchical model:

a tree is the starting node of the database structure

the tree consists of a root node, subtrees, and leaf nodes

the nodes below a node are the child nodes of that node

each node in the tree has its parent node and child nodes

Suppose you have two tables, Students and Schools. The Students table contains

StudentNames and StudentIDs and the Schools table contains SchoolName and

SchoolCode. Each student can be enrolled in only one school, but that school can

have multiple students. Here, school is the parent and student is the child.


31/35


Network

The network database model is similar to the hierarchical database model but

offers more flexibility with respect to the relationships among

records. This model overcomes the limitation of the

hierarchical model by establishing a multiple child-parent

relationship.

For example, there are two types of loan categories (parent), housing and vehicle.

The borrower (child) can apply for both categories of loan. Here, the borrowers can

take a loan for housing and vehicle. The multiple child-parent relationship is

established.

Relational

The relational database model simplifies the database

structure by storing data in tables in the row-column format.

Each row is known as a tuple or a record and each column is

known as an attribute or field of the record. This model is

useful for mapping many-to-many relationships.

Suppose you have two tables, Customer and Product. The Customer table consists

of CustomerID and ProductID. The Product table consists of ProductID and

ProductName. The relationship between the tables is established by using the

common field, ProductID. A customer can buy many products and one product can

be sold to many customers.

This model is capable of handling ad-hoc queries using a query language called

Structured Query Language (SQL). SQL is a declarative programming languagethat helps retrieve data from relational databases.

SQL uses query statements to retrieve information from databases. Using these

queries, you can specify

what data you want to retrieve

the tables from where you want to retrieve the data

how you want to display the data

Spreadsheet

The spreadsheet database model represents a databasestructure created using a spreadsheet program, for example,

Excel, Lotus 123, Quattro Pro, and Monte Carlo simulations.

This database model provides mathematical functions that

help in computing.

The format for organizing and storing data remains the same as in the relational


32/35


model by using tables.

Suppose a company deals with a large number of products. To estimate the

average return and identify the risk of the new products, the company uses the

spreadsheet database model.

Object-oriented

The object-oriented data model organizes data using object-

oriented programming features.

These are the features of the object-oriented database model:

represents information in the form of objects

objects are reusable in programming languages, such as Visual Basic and C#

enables you to create object copies and allows you to make changes to the copies

Distributed

In the distributed database model, the data is stored in

multiple databases but remains logically associated. The user

believes that there is only one database even though it is

spread across different parts of the network.

For example, the market research group of an organization consists of ten

databases located in different parts of the world. These databases are logically

connected to each other. The market research group can query all the databases

to view the likes, dislikes, and preferences of customers all over the world. This

helps the organization when launching new products.

Depending on the user requirement, data can be arranged according to any of the

models. These include hierarchical, network, relational, spreadsheet, object-

oriented, and distributed.

2. Database access technologies

Retrieving data is the most essential part of database

management. For this, you can use various

technologies that allow users and applications to access

the data by establishing a communication mechanism

and a specific interface type.

Open Database Connectivity (ODBC) is an interface

that allows an application to communicate with a local or remote database. To

access data, ODBC translates the application requests into database commands

and tracks the required database driver for the application. The goal of ODBC is to

make it possible to access data from any application.


33/35


Object Linking and Embedding (OLE) is a Microsoft technology used to link data

objects into or from multiple files or sources on a computer.

OLE provides access to data, regardless of format, type, or location. For example,

the organization's critical data stored in the database might come from other

applications, such as Microsoft Excel, Microsoft Access, or web applications.

OLE is based on Component Object Model (COM), which allows one application

(source) to access data from another application (destination). OLE segregates the

data into interoperable components, which are executed as middleware at the

application (source) end.

Linking creates a link to the actual object. Embedding inserts the copy of the object

into a document. When the actual object is updated, the embedded object is also

updated when you open the document.

For example, you can embed an Excel chart in Word. When you change the Excel

chart, the chart inserted in Word is also updated when you open Word.

A few more database access technologies help to connect end-user applications to

the databases. These are

eXtensible Markup Language

eXtensible Markup Language (XML) is a standards-based format of the World

Wide Web Consortium (W3C) that facilitates data interchange between different

applications. W3C has created a text file that consists of the data structure. This

data structure defines the format in which the data can be displayed. This helps

represent data in a structured and standardized format independent of the

database and application.

Java Database Connectivity

Java Database Connectivity (JDBC) is an application programming interface (API)

that connects Java programs and databases, directly or indirectly. If the database

vendor provides the JDBC drivers, the connection between the Java program and

the database is established directly. Otherwise, the connection is established

indirectly through ODBC to provide a standardized database interface for Java.

ActiveX Data Objects

ActiveX Data Objects (ADO) is an API offered by Microsoft that enables users towrite programs. This program helps access relational and nonrelational databases

from Microsoft and other database providers.

Online Transaction Processing

Online Transaction Processing (OLTP) is a data processing system designed to

record all the business transactions of an organization as they occur. OLTP helps

in the real-time processing of the SQL transactions.


34/35


OLTP ensures that two users are not simultaneously modifying data, or one user

cannot change the data if the other user is using that data.

OLTP consists of a transaction log, which records all information about the

transactions. If the system fails during the transaction, it is recorded in thetransaction log. The next time that the system starts, the transaction log is

reviewed and the transaction starts from where it stopped the last time.

3. Basic database concepts

Data mining is a procedure or tool that allows analysts to examine a data

warehouse and look for possible correlated information among historical data. It

helps find hidden data patterns, trends, and data relationships that exist in

databases.

Data mining is useful for

analyzing credit risk

frauds detection

monitoring competition

asset evaluation

Inference is an attack that uses a combination of several instances of nonsensitive

information to achieve access to information that ought to be classified at a higher

level.

Suppose that, in an organization, a user reads all records of the technical

complaints made in a day. He would get an idea about what resources are present

in the organization and who owns the resources. This information might be used for

undesirable activities that might prove to be a risk.

Polyinstantiation refers to an event that occurs

when multiple rows in the same table have

identical primary key elements but with each being

distinguished by a different security level.

Polyinstantiation ensures the integrity of all copies of the information in the

database. In addition, polyinstantiation ensures the storing of confidential data at

multiple locations within the database.

Polyinstantiation is often used as a defense against some types of inference

attacks.


35/35


Summary

Database models represent the database structure and define the correlations

between the data. The different types of database models are hierarchical, network,

spreadsheet, object-oriented, relational, and distributed.

The database access technologies include ODBC, OLE, XML, JDBC, ADO, and

OLTP.

Some important database concepts include data mining, data warehouse,

inference, and polyinstantiation.

D5-SeguridadAplicaciones.pdf

Documents

Transcript of D5-SeguridadAplicaciones.pdf