Security Levels

		Security Levels

Security Levels
What do we mean by Security Levels?
Our attempt here is to get the readers to see our view of all the possible levels or tiers and see how hackers can tackle them. We need to understand the structures’ views and hackers' approaches and thinking. This would give us the ability to prevent, eliminate or lower the impacts of hackers' attacks. The goal is not to remedy cyber-attacks, but to prevent them or reduce their impacts. Prevention is far better than remedy.

Image #1- Internet - Information System Security Structure Hierarchy Diagram
Image #1 presents a rough draft of all possible structure for any running system. The image represents the possible tiers client-Internet-Business interfaces. This is how the clients would be able to access the business side using the internet. The following section is quick definitions of such structure.

The following are quick definitions of the main hardware, software, interfaces, Operating System, system software and device drivers. These are what we consider important part of any running system. These are also hackers’ gates and possible security holes.

Internet:

Domain Name System:
Domain Name System (DNS) is a network server which works like a phone book lookup for the internet.
DNS is a protocol within the set of standards for how computers exchange data on the internet and on many private networks, known as the TCP/IP protocol suite.

Transmission Control Protocol/Internet Protocol:
What does TCP/IP stand for?
TCP/IP stands for Transmission Control Protocol/Internet Protocol. TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the internet.

Whether internet users are trying to access a website or send e-mails, the users' computers use a DNS server to look up the domain name which they are trying to access. DNS primary job of a domain name server (DNS server), is to resolve (translate) a domain name into an IP address. For example, IBM IP Addresses:

       Domain name = esupport.ibm.com
       IP address = 129.42.21.70
       Port = 443

Can DNS be hacked?
Hackers either install malware on user PCs, seize control of routers, or intercept or hack DNS connections to carry out their attack.

As the attack enables a malicious third party to take over the DNS settings and reroute users to fraudulent websites, this can affect a variety of different users. In order to fully understand DNS hijacking, it’s important to have a general idea of what the DNS is and what it does.

Domain Name System (DNS) poisoning happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website. DNS poisoning also goes by the terms "DNS spoofing” and “DNS cache poisoning."

Network Service Provider (NSP):
A network service provider (NSP) is a company that owns, operates and sells access to Internet backbone infrastructure and services. The primary customers of NSPs are other service providers, including internet service providers (ISPs), which, in turn, sell internet access to businesses and consumers.

Network service providers have a particularly good vantage point for correlating data across multiple companies, agencies, groups, individuals, and regions. All government, business, and consumer traffic must traverse a provider backbone at some point, so this becomes an excellent source of correlation information.

Can NSP be hacked?
The most common attack for service providers was DDoS, at 49% of reported incidents.

Internet Service Provider (ISP):
An internet service provider (ISP) is a company that provides access to the internet. ISPs can provide this access through multiple means, including dial-up, DSL, cable, wireless and fiber-optic connections. A variety of companies serve as ISPs, including cable providers, mobile carriers, and telephone companies.

Can ISP be hacked?
Sadly, hackers had not spare anything on the internet including internet service provider.

Business-Side:

1.	Router: A router is a gateway that passes data between one or more local area networks (LANs). Routers use the Internet Protocol (IP) to send IP packets containing data and IP addresses of sending and destination devices located on separate local area networks. Some of the most common router attacks generally include: 1. Denial of Service (DOS) 2. Packet Mistreating Attacks (PMA) 3. Routing Table Poisoning (RTP) 4. Hit and Run (HAR) 5. Persistent Attacks (PA)
2.	Network-Side Interfaces: A network interface typically provides two different kinds of interfaces, one toward the computer (host) side and one toward the network side. The network interface translates the protocol of the host interface to the network protocol and vice versa, and translates between the different physical media. The three most common network interface connections are Ethernet cards, LocalTalk connectors, and Token Ring cards. Can Network-Side Interfaces be hacked? Attackers can also target vulnerabilities in network infrastructure devices like switches and routers
3.	Network(s): A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams.
4.	Network Interfaces: A network interface is the point of interconnection between a computer and a private or public network. A network interface is generally a network interface card (NIC), but does not have to have a physical form. The network interface card employs both hardware and software in connecting the device to the network media. The TCP/IP Network Interface layer defines protocols used by the NIC to receive, assemble, address, and transmit
5.	Applications: An application, also referred to as an application program or application software, is a computer software package that performs a specific function directly for an end user or, in some cases, for another application. An application can be self-contained or a group of programs. Application hacking or web app hacking is the act of exploiting vulnerabilities and weaknesses in applications to gain unauthorized access, manipulate data, or perform malicious activities.
6.	Databases: A database is an organized collection of structured information, or data, typically stored electronically in a computer system. A database is usually controlled by a database management system (DBMS). The Top 10 Most Common Database Security Vulnerabilities: 1. Security Testing Before Database Deployment 2. Default, Blank, and Weak Username/passwords 3. SQL Injections 4. Extensive user and user group privileges 5. Missing Security Patches For Databases 6. Audit Trail Tracking 7. Database Backups 8. Poor Encryption and Data Breaches 9. Denial-of-service Attacks 10. Outdated Database Protection Tool And Compliance With sensitive data protection regulations
7.	System Interfaces: An interface establishes a physical connection between two computer systems, a conversational syntax, a format for logical messages passed between the systems, and a data-encoding structure understood by both systems. Interfaces are usually implemented as software modules and consist of the following: 1. The physical layer contains the actual physical connection the hardware and firmware 2. Software that makes the connection work 3. The protocol layer ensures that the bits of data sent across the interface by the sending system are received intact and in the correct sequence. 4. The logical layer organizes the data to be sent into a form that can be read by the other system. 5. Interfaces can be described by whether they operate in batch or real time, whether they are unidirectional or bidirectional, and the medium used to establish the physical connection What is system hacking definition? System hacking is the practice of attempting to manipulate the normal behavior of a system, usually a computer system, to gain unauthorized access or perform unauthorized actions
8.	Device-Drivers: A device driver is a piece of software that enables communication between an operating system or application and hardware or peripheral devices. It serves as a bridge between the different components of a computer, allowing them to interact with each other. A device driver is a special kind of software program that controls a specific hardware device attached to a computer. Device drivers are essential for a computer to work properly Hackers and Device Drivers: Device drivers are software components that enable communication between the operating system and hardware devices, such as printers, scanners, keyboards, or cameras. However, device drivers can also pose security risks if they are outdated, corrupted, or maliciously modified.
9.	Supporting Software: Support Software means systems utilities, resource management, anti-virus software or similar software used solely for the purpose of administration, performance enhancement, and/or preventive maintenance of the Embedded System. System support software is software that supports, or facilitates the smooth and efficient execution of various programs and operations of a computer. There are four major categories of systems support software: utility programs, language translators, database management systems, and performance statistics software. Hackers and Supporting Software: SolarWinds Hacking Lessons - Hidden in Plain Sight What is SolarWinds Hack (Orion)? Breifly, SolarWinds is a major software company which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. Among the company's products is an IT performance monitoring system called Orion. In early 2020, hackers secretly broke into Texas-based SolarWind's systems and added malicious code into the company's software system. More than 30,000 public and private organizations, including local, state and federal agencies use the Orion network management system to manage their IT resources. As a result, the hack compromised the data, networks and systems of thousands when SolarWinds inadvertently delivered the backdoor malware as an update to the Orion software.
10.	Operating System: An operating system is system software that manages computer hardware and software resources, and provides common services for computer programs. Hackers and Operating System: Hackers may create programs that search for unprotected pathways into network systems and computers. Hackers may gain backdoor access by infecting a computer or system with a Trojan horse, created by hackers to acquire and steal important data without the victim noticing. Despite its security features, Linux can still be hacked if proper security measures are not implemented. To reduce the likelihood of a successful hack, it is important to keep the system and software up to date, use strong passwords, and implement a firewall and intrusion detection/prevention systems.
11.	Hardware: Hardware security breaches can compromise your data, your privacy, and your devices. They can happen through physical access, malware, firmware attacks, or network intrusions. To protect yourself and your hardware, you need to follow some best practices and use some tools. Once malicious hardware has been built into a chip, a hardware attack can be initiated and act in a wide variety of ways. An attack can be internally triggered, based, for example on the arrival of a particular calendar day. Alternatively, an external trigger could be hidden within data sent by an attacker. More complex hybrid triggers could also be used. For example, a malicious circuit hidden within a GPS chip could be configured to attack only when the chip is located in a specific geographical area after a certain date. There are multiple forms of potential attacks. In an overt attack, the malicious hardware could cause the device containing the corrupted chip to either cease functioning altogether or to continue to operate but in an obviously impaired manner. The existence of a problem would be clear, though its cause would not. In a personal electronics device such as a mobile phone such an attack could be nothing more than an inconvenience. If conducted on a large scale on thousands of chips within a critical portion of the national infrastructure, this form of attack could be devastating. Chip builders and hardware attack: To carry out hardware attacks, hackers must be on-site and have undisturbed access to computers or at least enough time to insert a tracking device and gain remote access to data. These attacks target machines and other physical systems and include human tampering and destruction. The term hardware security also refers to the protection of physical systems from harm. Equipment destruction attacks, for example, focus on computing devices and networked non-computing devices, such as those found in machine-to-machine or internet of things (IoT) environments. These environments provide connectivity and communications to large numbers of hardware devices that must be protected through either hardware or software-based security.
12.	Registers: A register is basically a storage space for units of memory that are used to transfer data for immediate use by the CPU (Central Processing Unit) for data processing. Also known as memory registers, they can actually form part of the computer processor as a processor register. There are 3 registers in a CPU: 1. Memory address register (MAR) 2. Memory data register (MDR) 3. Current instruction register (CIR) Taught to hack CPU, but can CPU Meltdown be used to crash the computer?
13.	Chips: A computer chip is a tiny wafer of semiconducting material with an embedded electronic circuit. It contains millions of microscopic electronic components called transistors that transmit data signals An integrated circuit, also known as a microchip or IC, is a small electronic device made up of multiple interconnected electronic components such as transistors, resistors, and capacitors. These components are etched onto a small piece of semiconductor material, usually silicon. See Hardware section for more details.
14.	Memory: Memory is the electronic holding place for the instructions and data a computer needs to reach quickly. It's where information is stored for immediate use. Memory is one of the basic functions of a computer, because without it, a computer would not be able to function properly. Hacking and Computer Memory: All the software including the Operating System must be loaded in computer memory so it be executed. If the hacking code is loaded in memory and executed, there is hardly anything which can stop such executing code.

Client-Side:

1.	Modem: The full form of Modem or modem stands for modulator–demodulator A modem is a hardware which connects to a computer, broadband network or wireless router. Modem converts information between analogue and digital formats in real time making seamless two-way network communication. Hackers can access your router and Wi-Fi remotely, especially if you have either of the following: Remote management is enabled in your router's settings. A weak router password that can be easily guessed.
2.	Network Interfaces: See Business-Side definitions.
3.	Applications: See Business-Side definitions.
4.	System Interfaces: See Business-Side definitions.
5.	Operating System: See Business-Side definitions.
6.	Supporting Software: See Business-Side definitions.
7.	Hardware: See Business-Side definitions.
8.	Registers: See Business-Side definitions.
9.	Chips: See Business-Side definitions.
10.	Memory: See Business-Side definitions.
11.	Users: Here are some other reasons why the human element is the weakest link in cybersecurity: Humans are often trusting and can be easily tricked by cybercriminals. Humans may not follow security best practices. Humans may click on malicious links or open attachments from unknown senders.