csss5220_midterm
docx
keyboard_arrow_up
School
Webster University *
*We aren’t endorsed by this school
Course
5220
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
8
Uploaded by AdmiralGalaxy8674
QUESTION-2
ANSWER:
Confidentiality Threats:
• Data leakage is described as unauthorized access to or disclosure of sensitive customer
information such as credit card numbers, passwords, and contact information.
• Social engineering: Attackers utilize consumer information to gain access to a system.
Integrity Threats:
• Data corruption occurs when hostile actors tamper with or erase client data.
• Tampering: Attempting to change or access the data of other customers by tampering with the
reservation system.
Vulnerabilities:
• SQL Injection: Attackers change the database using malicious SQL code.
• Cross-site scripting (XSS): To steal client information, attackers introduce malicious code into
the reservation system.
• Password Cracking: To get access to the reservation system, attackers use brute force or
dictionary assaults.
Consider potential flaws in such a system that an attacker may exploit.
An attacker may attempt to gain access to the system by exploiting any known defects in
the system's software or hardware.
An attacker may attempt to overcome authentication and authorization mechanisms.
An attacker may attempt to get access to sensitive data stored on the system by exploiting
any known system faults.
1
An attacker may attempt to disrupt system operations by executing a denial-of-service •
An attacker may attempt to manipulate the system to get unauthorized access to sensitive
data.
An attacker may attempt to gain access to the system by exploiting any known
weaknesses in the system or application software.
An attacker may attempt to inject malicious code into the system to get access to
sensitive data or execute malicious code on the system.
An attacker may attempt to intercept network traffic to gain access to the system or steal
crucial information.
What countermeasures may be taken in response to these threats?
Conduct frequent vulnerability scans and penetration testing to discover and remedy any
potential security vulnerabilities.
Adopt a secure configuration management strategy to ensure that systems and
applications are correctly and securely configured.
Implement appropriate access control methods, such as user authentication and
authorization procedures.
To protect sensitive data, use strong encryption and other security measures.
Monitor network traffic for suspicious activity and unauthorized access attempts.
Educate users about security policies and processes, as well as their responsibility in data
security inside the business.
Set up an intrusion detection system to alert administrators to any suspicious activity.
Install a firewall to prevent malicious traffic from entering the network.
2
Regularly update and patch software applications to avoid exploiting known
vulnerabilities.
Make frequent backups of data to ensure that it can be recovered in the event of a
malicious attack or system failure.
QUESTION-3
ANSWER:
The principle of least privilege (PoLP) is a fundamental concept in computer security and access
management. It is founded on the idea of limiting the access and permissions granted to people,
processes, or systems to the absolute minimum essential for them to do their duties. In other
words, users and entities should only have access to the resources and information they need to
do their tasks and fulfill their duties. This concept may be applied to several levels of an
organization's IT infrastructure, including user accounts, apps, and system operations.
The principle of least privilege contributes to security in several significant ways:
Reduces the Attack Surface: By restricting access to only what is necessary, PoLP
reduces potential entry points and opportunities for attackers to exploit vulnerabilities.
Individuals or programs with excessive rights are more likely to be exploited by an
attacker to gain unauthorized access or do damaging acts.
Minimizes harm and impact: When a person or process with limited rights is
compromised, the potential harm is reduced since they only have access to a subset of
resources. In contrast, if a user with high privileges is hacked, the attacker may cause
even more havoc by obtaining access to and altering critical data or system settings.
It reduces human error: Human error is a major cause of security issues. Giving users or
administrators more access than they need increases the risk of data breaches or system
misconfigurations. PoLP implementation helps to avoid such errors by ensuring that users
only have access to what they need for their specific jobs.
Simplifies auditing and accountability: When access privileges are based on the notion of
least privilege, it is easier to track and audit user behavior. Accountability is improved
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
since it is clear which users had access to certain resources or performed tasks. This can
aid in identifying and investigating security issues.
Assists Compliance: Many regulatory standards and compliance frameworks, including
as GDPR, HIPAA, and PCI DSS, require businesses to adhere to the principle of least
privilege. Compliance with these criteria is usually necessary in order to avoid legal
consequences and financial penalties.
Adaptive Security: PoLP may be used in combination with other security mechanisms
such as RBAC and privilege escalation schemes. This enables businesses to dynamically
provide more privileges when needed (for example, during specific operations) and then
withdraw them, boosting security while maintaining operational efficiency.
Defense in Depth: Integrating PoLP into a broader security strategy is a vital component
of defense in depth. It offers another layer of protection, making it more difficult for
attackers to move laterally inside a network or system after they have gained access.
To conclude, the concept of least privilege is a critical security best practice that helps
businesses reduce the attack surface, mitigate the impact of security incidents, and
improve overall security posture. By using PoLP, organizations may strike a balance
between security and functionality, ensuring that employees and entities have the
necessary access to fulfill their tasks without exposing the business to unnecessary risks.
QUESTION-4
ANSWER:
A normal employee can take the following procedures in such a case:
Be careful of unsolicited inquiries. It's a good idea to be cautious if someone calls you out
of the blue and asks you to do anything. Don't believe them simply because they claim to
be from your company or a legitimate organization.
Confirm the identity of the caller. Inquire about the name, title, and department of the
caller. You can also request a phone number or email address to confirm their identity.
Avoid disclosing any personal or sensitive information. Examples include passwords,
credit card information, and social security numbers.
4
Never open attachments or follow links in emails from unknown senders. These URLs or
attachments might contain malware, infecting your machine. If you have any doubts,
consult your supervisor or the IT department. They will be able to assist you in
determining whether the request is valid.
Here are some techniques for strengthening normal employees' reactions to social
engineering assaults at a company:
Provide regular security awareness training. During this training, employees should be
educated about the many types of social engineering attacks and how to spot them.
Create a culture of security awareness. This involves instructing employees to be alert of
unusual conduct and to report any suspicious behavior to their supervisor or the IT
department.
Make it easy for employees to report suspicious conduct. Employees should be able to
report suspicious behavior without fear of repercussions provided a clear structure is in
place.
Use technology to protect oneself against social engineering attacks. This includes the use
of spam filters, firewalls, and intrusion detection systems.
Companies may assist in strengthening regular employees' reactions to social engineering
attempts and defend their businesses by adopting these steps.
QUESTION-5
ANSWER:
Attackers employ a variety of tactics to avoid detection, and analysts must employ
countermeasures to detect such attacks.
Explanation:
Steps Attackers Take to Avoid Detection:
5
1.
Polymorphism Code: Attackers use polymorphism techniques to change the appearance
of code every time it executes, making signature-based detection methods difficult to spot
patterns.
2.
Malware Developers Encrypt Their Code: Malware developers encrypt their code to
make it more difficult for analysts to examine and grasp how it works.
3.
Rootkit Installation: Rootkits are installed by attackers in order to hide the presence of
malware by modifying the kernel and system structures of the operating system.
4.
Anti-Virtualization Techniques: Malware may employ anti-virtualization and anti-
sandbox techniques to discover whether it is operating in a virtual environment used for
malware analysis by malware researchers.
5.
Packers and Obfuscation: Attackers use packers and obfuscation to compress and
obfuscate their code, making statically evaluating it more difficult.
6.
Dynamic Linking: Malware may employ dynamic linking to dynamically call functions
from shared libraries, making it difficult to verify functionality by studying the binary
statically.
Ways Analysts Can Detect Malicious Code Attacks:
1.
Signature-Based Detection: Analysts can use signature-based detection to find known
malware patterns by comparing code to a database of known signatures.
2.
Behavioral Analysis: Examining malware activity in a controlled environment can help
uncover anomalies and hazardous acts.
3.
Heuristic Analysis: Analysts may employ heuristic methodologies to detect aberrant
activity or code patterns that may indicate malware.
4.
Memory Forensics: Memory forensics enables analysts to examine the memory of a
hacked system to identify malicious processes and malware injected into regular
processes.
5.
Network Traffic Analysis: Examining network traffic can reveal communication between
malware and command-and-control servers, leading to malware detection.
Preventing Analysts from Seeing Code:
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
1.
Code Encryption: Attackers can encrypt their code and require a decryption key to access
the original code, making it more difficult to access for analysts.
2.
Anti-Reversing Techniques: Malware makers utilize anti-reversing techniques such as
code traps, anti-debugging checks, and self-modifying code to thwart reverse
engineering.
3.
Packing and Obfuscation: Malware may use packers and obfuscation techniques to make
code analysis more difficult.
How Analysts Obtain Code Copies for Study:
1.
Honeypots and Sandboxes: Honeypots and sandboxes allow analysts to seduce and run
malware in a controlled environment, collecting and analyzing its code.
2.
Network Traffic Analysis: Network traffic analysis can help discover malicious code that
is being carried across the network, which can then be logged and analyzed.
3.
Forensic Analysis: If a system is compromised, forensic analysis tools may be used to
gather and analyze memory and disk contents, including malicious code.
4.
Malware Repositories: Some organizations maintain repositories of known malware
samples for analysts to study and evaluate.
To summarize, attackers employ several techniques to avoid detection, but analysts may detect
and analyze malicious code attacks using a combination of signature-based, behavioral, and
heuristic analysis, as well as reverse engineering and memory analysis. Although attackers may
use encryption and obfuscation to prevent analysts from accessing the code, analysts can get
copies of the code for inspection through a variety of means, including controlled environments
and forensic analysis.
QUESTION-6
ANSWER:
It is not always clear who should be held accountable for data security on a laptop computer. It is
determined by a variety of factors, including the power of the laptop, data perceptivity, and the
programs of the organization or association that owns the laptop.
The security of the laptop is ultimately the responsibility of the person or company that owns it.
This is because they have the most control over the laptop and the data stored on it. Nonetheless,
7
the person who created the data may have some responsibility for its security. This is especially
true if the material is confidential or sensitive.
Some different perspectives on the issue:
Individual:
A laptop owner is responsible for making reasonable efforts to preserve the
data held on it. This includes employing strong passwords, keeping security upgrades
on the laptop up to date, and exercising caution when and where they use the laptop.
Corporate employee:
A corporate employee who uses a laptop for work must also
safeguard the data on it. This is because the firm owns both the laptop and the data. The
employee must follow the company's security rules and procedures and report any
security concerns to their director.
Student:
A laptop user works with other academics and is responsible for their own
data protection. This includes using strong passwords, keeping security updates on the
laptop up to date, and being mindful of what they save on the laptop. The student
should also be cautious of the academy's security strategies and methods.
Finally, the best way to safeguard data on a laptop computer is to use a layered technique.
This includes implementing several security measures, such as strong passwords, encryption,
and antivirus software. It is also vital to be aware of potential hazards and take precautions to
prevent them.
8