Exercise 0
Attack Types and Security Services
Attack Preventative Service
Interruption Availability
Interception Data Confidentiality
Modification Authentication & Data Integrity
Fabrication Authentication and Non-Repudiation
Website, link to external from pqmasters for external access.
Exercise 1
High Level Assessment
1. What needs to be protected
1. The machine (portable) from theft.
2. The usability of the machine in the case that it is stolen.
3. The sensitive data and data-access mechanisms on the machine
4. The OS and other applications from attacks allowing outage, data exposure,
unauthorised usage, etc.
5. Associated Memory devices (USB, Card, Etc) with varying transient data on them.
6. Other media with backups of data.
2. Who Owns It ?
1. Me
3. Who needs access ?
1. Me
2. My wife may need access if her machine fails or is not at hand.
4. Where is the information stored ?
1. On the machine
➔ data folder
➔ browser cache, cookies, form completion, history, authenticated sessions
➔ temporary folders
➔ os caches
➔ application caches
2. On backup media.
3. On a transient basis on portable memory devices such as Flash / SD / USB etc.
4. On networked devices out of my control (printer spools, mail spools, mail servers, etc)
5. Transiently on the networks themselves, again much may be out of my control but I can
take time to ensure secure communications where possible.
5. Risks, Impact of Breach
1. Time Wasted (securing, restoring data from backups, restoring OS, sourcing new hw, etc,
changing passwords / access codes / certs / etc)
2. Monetary loss (replacing hw, replacing data, unauthorised / excessive bandwidth usage,
potential legal costs if I have to defend myself if my hw is used in illegal activity, etc)
3. Confidentiality breach. Personal information, potentially sensitive now in the hands of
whomever. Whether access to the data locally or on remote machines/services.
4. Access to those services is further a threat as they services may also be used for further
attacks on myself [name, reputation, etc] and/or others [spam, defamation, their data,
etc]
Specific Threats and Counter Measures
1. Access to the device (re theft and possible hw modification that could compromis security)
➔ Mind it
➔ Keep out of sight when leaving in car, house, work
➔ Secure car with alarm
➔ Secure house with alarm, keep friendly with the neighbours.
2. Usability of device if stolen
➔ Trying to lock out usability of the device and access to data may render it so
unusable that it's easier to just leave it alone, or to collect a reward as 'finder' when
one realises it's useless for all but the most determined.
➔ Installation of a phone-home mechanism at the lowest possible level may help with
location and retrieval of the device if it is stolen.
➔ Prevent settings access in BIOS via a system lock (pw)
➔ Secure Hard Drive via a device lock (pw). With my model, apparently this remains
with HD if moved to another machine.
➔ Lock ability to Boot Up the machine via a BIOS level system lock (pw).
➔ Try to gauge effectiveness of System/BIOS and HD security mechanisms and act
appropriately to findings.
3. Sensitive Data
➔ Sensitive Data on the machine and elsewhere needs to be kept confidential or
removed [wipe] at the earliest convenience [backups, secure copies remain
elsewhere.]
➔ Need to consider risk associated with the varying data.
➔ Data access mechanisms such as VPN and SSH keys, passwords for e-mail, forums,
and other sites/services need to be protected in this consideration.
➔ Use of encrypted FS (virtual or in a partition or on other media ?) for storing
sensitive data, passwords/certs/etc, browser cache etc.
➔ Use of encryption where possible for data transfer across networks not under my
control [ practically all of them :) ] and paying more attention to the security of
services on the networks/web. (email, banks, govt., etc).
➔ Automate clearing of cached information and manually check at intervals for
anomalies.
4. The OS and Applications.
➔ Firewall
➔ Virus Protection
➔ Service Audit with a view to intrusion prevention. [e.g. Lock down open access
services such as DB installations, etc]
➔ Application research/audit prior to installation. Review application licence
agreements which are too often ignored and may contain agreement to allow
exposure of potentially sensitive information.
5. Usage Access
➔ Will set up a restricted account if it becomes necessary to allow other persons to use
the machine. Will not expose other security such as bios/system/hd access codes.
6. Virus Protection
✔ AVG
7. Spyware
✔ AdWare, Spybot search and destroy
8. Firewall
✔ Zonealarm
9. User Authentication
✔ no unsecured accounts
✔ all accounts have active idle timeout with pw protection (screen saver lock)
✔ further unuse causes power management to kick in, meaning use then requires system
startup security circumvention would also be required.
10. OS Auth protecting files
1. No. I have never seen this been shown to work outside of certain narrow cases.
2. FS and/or file encryption are the only potentially workable (imo) situations I have
seen, and are still prone to attack in the manner of their de/en-cryption. (memory
usage, temporary storage usage, the encryption controller/application and the
encryption scheme itself)
11. Up to date-ness
✔ os
✔ firewall
✔ virus
✔ applications, at least the most commonly used ones (openOffice, browser, email)
✔ check interval is satisfactory imo.
✔ Auto-matic-ness of updates is satisfactory imo.
1. :( recent report (ms watch ?) indicates that MS may be applying updates to certain
components even when auto-updating is not enabled.
12. Browser security
1. no confidence here.
2. Java and Javascript are enabled. There are plugins including flash enabled.
3. Browsers tend to store lots of info from history to form data, cookies, authed
sessions, and even passwords. Even when I set it to clear this info I sometimes find
during a browse information I would not have expected to be there.
4. They crash regularily, and chug lots of memory I don't see the need for, hinting imo
at lots of resource leaks. One can see from a quick scan of any security alert list that
resource usage (buffer overflows for e.g.) is well up there with the top [frequency]
mechanisms for intrusion.
13. Unencrypted network services
1. Print to network. I must get a local printer for the top secret document I'm churning
out by the dozen. A lot of printers in use nowadays are very conviently PS printers,
making conversion of sniffed data to PDF trivial.
2. Email. I have some accounts with no protection. Few with good authentication but
they don't have transport encryption for mail/sender/receipiant data (confidentiality).
3. IM. These are so convenient you could send the most sensitive data without realising
or giving a second thought. When I looked at these briefly years ago they were by no
means secure. The VOIP (V=voice and/or video) capabilitys of todays IM
application raise more interesting security considerations here.
4. Browsing. This is always an interesting one. Aside from the HTTP body itself, the
poor use of URI query strings (among other issues) can mean sensitive data is
exposed in proxies and even in the statistical records of web sites you visit. Consider
the simple and seemingly innocuous act of clicking a link in an email through web
based interface to that email, you could have your email account details on the target
of the link via the referrer information.
14. My Top 5
1. Lots of USB/SD/etc memory device usage. Small, easy to lose, non-encrypted.
2. Browser sync defaulted to include browser stored pw info for sites.
3. Network security at work.
4. Office (physical) security at work.
5. Location and movement of backups during house move.
6. Connecting a machine on a network after a long time off any network, specifically
no access to a network with web/internet access. The machine required many
updates to the OS and applications by the time it was finally re-joined to “the net”,
and during this (long) time to download the updates it was obviously online and thus
exposed to vunerabilities discovered during the time it was offline, and for the
duration of the update the (now very vunerable) browser was open ! All bad.
7. Blaster worm protection ?
15. Sans Top 20.
1. Still reading this one !
16. Machine Penetration testing (nmap) [ used on work pc ]
1. MsRpc, MsDs and netbios are open, though I have a personal firewall. I have not set
it at full blocking as I need to use certain network services (sharing etc). Still it's
interesting to see what is open. MsSql and mysql were found though noted as
filtered. This i didn't intend !
17. Online security Tips (US-CERT)
○ Some interesting points about posting information online, being careful about what you
advertise, etc.
○ Understanding the limits of firewall and virus protection packages
○ Power surge recommendations are something not often at the top of ones list. I have
some but not, interestingly, one that I bring with me and my portable pc.
○ Cell phone attacks is an interesting one i hadn't considered, but which will probably
become more of an issue as the technology improves in functionality and acceptance.
○