|
|
Security Levels
|
|
|
Security Levels
What do we mean by Security Levels?
Our attempt here is to get the readers to see our view of all the possible levels or tiers and see
how hackers can tackle them. We need to understand the structures’ views and hackers' approaches
and thinking. This would give us the ability to prevent, eliminate or lower the impacts of hackers'
attacks. The goal is not to remedy cyber-attacks, but to prevent them or reduce their impacts. Prevention
is far better than remedy.
Image #1- Internet - Information System Security Structure Hierarchy Diagram
Image #1 presents a rough draft of all possible structure for any running system. The
image represents the possible tiers client-Internet-Business interfaces. This is how the clients would be
able to access the business side using the internet. The following section is quick definitions
of such structure.
The following are quick definitions of the main hardware, software, interfaces, Operating
System, system software and device drivers. These are what we consider important part of any
running system. These are also hackers’ gates and possible security holes.
Internet:
1.
|
Domain Name System:
Domain Name System (DNS) is a network server which works like a phone book lookup for the internet.
DNS is a protocol within the set of standards for how computers exchange data on the internet
and on many private networks, known as the TCP/IP protocol suite.
Transmission Control Protocol/Internet Protocol:
What does TCP/IP stand for?
TCP/IP stands for Transmission Control Protocol/Internet Protocol. TCP/IP
is a set of standardized rules that allow computers to communicate on a network such as the internet.
Whether internet users are trying to access a website or send e-mails, the users' computers use a DNS server to look up the
domain name which they are trying to access.
DNS primary job of a domain name server (DNS server), is to resolve (translate) a domain name into an
IP address. For example, IBM IP Addresses:
Domain name = esupport.ibm.com
IP address = 129.42.21.70
Port = 443
Can DNS be hacked?
Hackers either install malware on user PCs, seize control of routers, or intercept or hack DNS connections
to carry out their attack.
As the attack enables a malicious third party to take over the DNS settings and reroute users to fraudulent
websites, this can affect a variety of different users. In order to fully understand DNS hijacking, it’s important
to have a general idea of what the DNS is and what it does.
Domain Name System (DNS) poisoning happens when fake information is entered into the cache of a domain name
server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website. DNS poisoning
also goes by the terms "DNS spoofing” and “DNS cache poisoning."
|
2.
|
Network Service Provider (NSP):
A network service provider (NSP) is a company that owns, operates and sells access to Internet
backbone infrastructure and services. The primary customers of NSPs are other service providers, including
internet service providers (ISPs), which, in turn, sell internet access to businesses and consumers.
Network service providers have a particularly good vantage point for correlating data across multiple
companies, agencies, groups, individuals, and regions. All government, business, and consumer traffic
must traverse a provider backbone at some point, so this becomes an excellent source of correlation information.
Can NSP be hacked?
The most common attack for service providers was DDoS, at 49% of reported incidents.
|
3.
|
Internet Service Provider (ISP):
An internet service provider (ISP) is a company that provides access to the internet. ISPs can
provide this access through multiple means, including dial-up, DSL, cable, wireless and fiber-optic
connections. A variety of companies serve as ISPs, including cable providers, mobile carriers, and
telephone companies.
Can ISP be hacked?
Sadly, hackers had not spare anything on the internet including internet service provider.
|
Business-Side:
1.
|
Router:
A router is a gateway that passes data between one or more local area networks (LANs). Routers
use the Internet Protocol (IP) to send IP packets containing data and IP addresses of sending
and destination devices located on separate local area networks.
Some of the most common router attacks generally include:
1. Denial of Service (DOS)
2. Packet Mistreating Attacks (PMA)
3. Routing Table Poisoning (RTP)
4. Hit and Run (HAR)
5. Persistent Attacks (PA)
|
2.
|
Network-Side Interfaces:
A network interface typically provides two different kinds of interfaces, one toward the computer (host)
side and one toward the network side. The network interface translates the protocol of the host interface
to the network protocol and vice versa, and translates between the different physical media.
The three most common network interface connections are Ethernet cards, LocalTalk connectors, and Token Ring cards.
Can Network-Side Interfaces be hacked?
Attackers can also target vulnerabilities in network infrastructure devices like switches and routers
|
3.
|
Network(s):
A network consists of two or more computers that are linked in order to share
resources (such as printers and CDs), exchange files, or allow electronic
communications. The computers on a network may be linked through cables, telephone
lines, radio waves, satellites, or infrared light beams.
|
4.
|
Network Interfaces:
A network interface is the point of interconnection between a computer and a private
or public network. A network interface is generally a network interface card (NIC), but
does not have to have a physical form.
The network interface card employs both hardware and software in connecting the device to the
network media. The TCP/IP Network Interface layer defines protocols used by the NIC to receive,
assemble, address, and transmit
|
5.
|
Applications:
An application, also referred to as an application program or application software, is a computer
software package that performs a specific function directly for an end user or, in some cases, for
another application. An application can be self-contained or a group of programs.
Application hacking or web app hacking is the act of exploiting vulnerabilities and weaknesses
in applications to gain unauthorized access, manipulate data, or perform malicious activities.
|
6.
|
Databases:
A database is an organized collection of structured information, or data, typically stored
electronically in a computer system. A database is usually controlled by a database management
system (DBMS).
The Top 10 Most Common Database Security Vulnerabilities:
1. Security Testing Before Database Deployment
2. Default, Blank, and Weak Username/passwords
3. SQL Injections
4. Extensive user and user group privileges
5. Missing Security Patches For Databases
6. Audit Trail Tracking
7. Database Backups
8. Poor Encryption and Data Breaches
9. Denial-of-service Attacks
10. Outdated Database Protection Tool And Compliance With sensitive data protection regulations
|
7.
|
System Interfaces:
An interface establishes a physical connection between two computer systems, a conversational syntax, a format for logical messages passed between the systems, and a data-encoding structure understood by both systems. Interfaces are usually implemented as software modules and consist of the following:
1. The physical layer contains the actual physical connection the hardware and firmware
2. Software that makes the connection work
3. The protocol layer ensures that the bits of data sent across the interface by the sending system
are received intact and in the correct sequence.
4. The logical layer organizes the data to be sent into a form that can be read by the other system.
5. Interfaces can be described by whether they operate in batch or real time, whether they
are unidirectional or bidirectional, and the medium used to establish the physical connection
What is system hacking definition?
System hacking is the practice of attempting to manipulate the normal behavior of a system,
usually a computer system, to gain unauthorized access or perform unauthorized actions
|
8.
|
Device-Drivers:
A device driver is a piece of software that enables communication between an operating
system or application and hardware or peripheral devices. It serves as a bridge between
the different components of a computer, allowing them to interact with each other.
A device driver is a special kind of software program that controls a specific hardware
device attached to a computer. Device drivers are essential for a computer to work properly
Hackers and Device Drivers:
Device drivers are software components that enable communication between the operating system
and hardware devices, such as printers, scanners, keyboards, or cameras. However, device drivers
can also pose security risks if they are outdated, corrupted, or maliciously modified.
|
9.
|
Supporting Software:
Support Software means systems utilities, resource management, anti-virus software or similar
software used solely for the purpose of administration, performance enhancement, and/or preventive
maintenance of the Embedded System.
System support software is software that supports, or facilitates the smooth and efficient execution
of various programs and operations of a computer. There are four major categories of systems support
software: utility programs, language translators, database management systems, and performance
statistics software.
Hackers and Supporting Software:
SolarWinds Hacking Lessons - Hidden in Plain Sight
What is SolarWinds Hack (Orion)?
Breifly, SolarWinds is a major software company which provides system management tools for network
and infrastructure monitoring, and other technical services to hundreds of thousands of organizations
around the world. Among the company's products is an IT performance monitoring system called Orion.
In early 2020, hackers secretly broke into Texas-based SolarWind's systems and added malicious code
into the company's software system. More than 30,000 public and private organizations, including
local, state and federal agencies use the Orion network management system to manage their IT
resources. As a result, the hack compromised the data, networks and systems of thousands when SolarWinds
inadvertently delivered the backdoor malware as an update to the Orion software.
|
10.
|
Operating System:
An operating system is system software that manages computer hardware and software
resources, and provides common services for computer programs.
Hackers and Operating System:
Hackers may create programs that search for unprotected pathways into network systems and
computers. Hackers may gain backdoor access by infecting a computer or system with a Trojan
horse, created by hackers to acquire and steal important data without the victim noticing.
Despite its security features, Linux can still be hacked if proper security measures are not
implemented. To reduce the likelihood of a successful hack, it is important to keep the system
and software up to date, use strong passwords, and implement a firewall and intrusion
detection/prevention systems.
|
11.
|
Hardware:
Hardware security breaches can compromise your data, your privacy, and your devices. They
can happen through physical access, malware, firmware attacks, or network intrusions. To protect
yourself and your hardware, you need to follow some best practices and use some tools.
Once malicious hardware has been built into a chip, a hardware attack can be initiated and
act in a wide variety of ways. An attack can be internally triggered, based, for example on
the arrival of a particular calendar day. Alternatively, an external trigger could be hidden
within data sent by an attacker. More complex hybrid triggers could also be used. For
example, a malicious circuit hidden within a GPS chip could be configured to attack only
when the chip is located in a specific geographical area after a certain date.
There are multiple forms of potential attacks. In an overt attack, the malicious hardware
could cause the device containing the corrupted chip to either cease functioning altogether
or to continue to operate but in an obviously impaired manner. The existence of a problem
would be clear, though its cause would not. In a personal electronics device such as a mobile
phone such an attack could be nothing more than an inconvenience. If conducted on a large
scale on thousands of chips within a critical portion of the national infrastructure, this
form of attack could be devastating.
Chip builders and hardware attack:
To carry out hardware attacks, hackers must be on-site and have undisturbed access to computers
or at least enough time to insert a tracking device and gain remote access to data. These attacks
target machines and other physical systems and include human tampering and destruction.
The term hardware security also refers to the protection of physical systems from harm. Equipment
destruction attacks, for example, focus on computing devices and networked non-computing devices,
such as those found in machine-to-machine or internet of things (IoT) environments. These
environments provide connectivity and communications to large numbers of hardware devices that
must be protected through either hardware or software-based security.
|
12.
|
Registers:
A register is basically a storage space for units of memory that are used to transfer data for
immediate use by the CPU (Central Processing Unit) for data processing. Also known as memory
registers, they can actually form part of the computer processor as a processor register.
There are 3 registers in a CPU:
1. Memory address register (MAR)
2. Memory data register (MDR)
3. Current instruction register (CIR)
Taught to hack CPU, but can CPU Meltdown be used to crash the computer?
|
13.
|
Chips:
A computer chip is a tiny wafer of semiconducting material with an embedded electronic
circuit. It contains millions of microscopic electronic components called transistors
that transmit data signals
An integrated circuit, also known as a microchip or IC, is a small electronic device
made up of multiple interconnected electronic components such as transistors, resistors,
and capacitors. These components are etched onto a small piece of semiconductor material,
usually silicon.
See Hardware section for more details.
|
14.
|
Memory:
Memory is the electronic holding place for the instructions and data a computer needs to
reach quickly. It's where information is stored for immediate use. Memory is one of the basic
functions of a computer, because without it, a computer would not be able to function properly.
Hacking and Computer Memory:
All the software including the Operating System must be loaded in computer memory so it be executed.
If the hacking code is loaded in memory and executed, there is hardly anything which can stop such executing code.
|
Client-Side:
1.
|
Modem:
The full form of Modem or modem stands for modulator–demodulator
A modem is a hardware which connects to a computer, broadband network or wireless router. Modem
converts information between analogue and digital formats in real time making seamless two-way
network communication.
Hackers can access your router and Wi-Fi remotely, especially if you have either of the following:
Remote management is enabled in your router's settings.
A weak router password that can be easily guessed.
|
2.
|
Network Interfaces:
See Business-Side definitions.
|
3.
|
Applications:
See Business-Side definitions.
|
4.
|
System Interfaces:
See Business-Side definitions.
|
5.
|
Operating System:
See Business-Side definitions.
|
6.
|
Supporting Software:
See Business-Side definitions.
|
7.
|
Hardware:
See Business-Side definitions.
|
8.
|
Registers:
See Business-Side definitions.
|
9.
|
Chips:
See Business-Side definitions.
|
10.
|
Memory:
See Business-Side definitions.
|
11.
|
Users:
Here are some other reasons why the human element is the weakest link in cybersecurity:
Humans are often trusting and can be easily tricked by cybercriminals.
Humans may not follow security best practices. Humans may click on malicious links or open
attachments from unknown senders.
|
|
|