a.

identify assets
b. identify vulnerabilities
c. identify threats
d. identify controls

2.1 ASSETS, ATTACKS, RISKS, THREATS, VULNERABILITIES AND

COUNTERMEASURES

Now that we have already defined the main objective of this course, we will be discussing the
Common Body of Knowledge in the areas of Information Assurance and Security.

ASSETS

Crown Jewels refer to a precious ornament or jewelries worn by a sovereign on certain state
occasions. Simply, crown jewels are particularly valuable or prized possession or something we
secure to a safe place.

This analogy will give us what an ASSET is. In every Information System we develop, we treat
every data as a “crown jewels”.

In Information Security, ASSET refers to any pieces of information, device or some other parts
related to them that supports business activities. Assets are either components of a computer
and/or the data that are stored in it. Basically, assets are the stuff that should be put under strict
security measure because failure to do so may result into losses to the organization.

To put is simply, assets are the main reason why we need to secure and assure our information
system, that once these are exposed, it may lead to problems leading to the organizations’ losses.

On a detailed part, mismanagement on the assets may lead into attacks. Attacks refer to activities
that are intended to snatch assets for the intention of using them for bad interests. These attacks
are everywhere whether on public or private sectors. One example of attacks is Data Breaches.

Data Breaches is an event wherein an information is accessed without the consent of the
authorized. This data breach is widely observed on the Web-based Information Systems because
many assets exposed over the internet are attacker’s apple of the eye. In fact, victims rise at 80%
in India in 2019. The chart below shows the different types of attacks happened in the web
recorded in the Month of September, 2019.

Source: [Link]

The following are the list of Assets that Information Assurance and Security is trying to protect;

1. Customer Data
2. IT and Network Infrastructure
3. Intellectual Property
4. Finances and Financial Data
5. Service Availability and Productivity
6. Reputation

On the other hand, the person with a bad intention to attack one’s asset is a Hacker. Hackers
refer to anyone with a professional skill to access assets without any authorization. Their
intention is basically to commit crimes, mostly to steal and destroy systems. Sometimes, systems
were being hacked to hold the assets of the system in hostage wherein ransom is being collected
in condition to bringing back the assets.

However, good hackers also exist. They are the one who uses their skills in hardware and
software to bypass security of a device or a network. Their intention is to provide service to the
victims of attacks. Either public or private sectors are hiring good hackers to help them keep
their systems safe.

Computer Security Professional named hackers metaphorically using hat colors such as White,
Black and Gray. This name comes from the old spaghetti in the western country sides where
black has been worn by bad cowboys, white has been worn by the good ones and gray in neutral.

Black Hat Hackers

Black Hat Hackers basically have an advanced knowledge in destroying networks. They perform
the hacking through bypassing the security measures of the networks. This type of hacker
also has a knowledge in creating malware which intends to gain access to the systems to steal
personal and financial assets.

White Hat Hackers

Hackers who utilizes their skills to do good is referred to as White Hat Hackers. Most of the
big companies intentionally employs white hat hackers to work for them. Their main
responsibility is to check and find ditch in their systems through hacking.

The main difference of White Hat Hackers to the Black ones is that, white hat performs hacking
with the owner’s permission while the black one, doesn’[Link] fact, they are some trainings and
certifications for ethical hacking.

Grey Hat Hackers

Grey can neither be white or black. This analogy applies with the Grey Hat Hackers. They are
combinations of ethical and unethical hackers. Sometimes, they will find for a system or
organizations’ weakness without authorized access and report it to the company. Companies then
will hire them to secure the asset. However, if they do not employ the Grey Hat Hackers, they
will exploit the said assets online for the other Black Hat Hackers perform their intentions.

The term hacker always means not good to us. However, it is very important for us to understand
that our judgement to them shall always depend on their intentions.

Aside from hackers, we also have someone who violate or breaks the security of the remote
machines. They are known as Crackers. Initially, crackers get unauthorized access to the vital
data and deprive it to the original user or owner.

Crackers can be identified as fortunately few and far between—experts who discovers security
ditch and exploit them and/or the script kiddie—one who knows how to get programs and run
them legitimately.

These hackers and crackers are the one whom Information Security is trying to catch.

Every Attacker, whether a Hacker or a Cracker, uses tools to perform their attacks. The following
are the tools they utilize to do their intentions;

1. Protocol Analyzers (Sniffers). These applications put the host NIC into mode that
passes all traffic to the CPU rather than to the controller it is designed to receive.
2. Port Scanner is an application that intends to probe a host for open port.
3. Finger scanning, is a way to acquire human biometric like fingerprints.
4. Vulnerability Scanning Tools are automated tools that scans web-based applications
and finds vulnerability. Examples are Cross-site scripting, SQL Injection, Command
Injection, Path Traversal and insecure server configuration.
 5. Exploit Software is a bit of technology, a chunk of data or a series of commands
that compromises a bug or vulnerability to trigger unintended or unforeseen behavior to
occur on computer software, hardware or anything electronic.
6. Wardialers. This can be used to find backdoors into your network. This dials telephones
to check if there is a line that contains data through a modem and the like.
7. Password Cracker. This software is used to retrieve a forgotten password or other
network resources. Sometimes, these are used to access resources without permission.
8. Keystroke Loggers. Keylogger refers to a surveillance application that has the ability
to record every keystroke that is made on the system. This intends to record log file
that is usually encrypted.

Security Breach

Security breaches happen a lot — not at your house necessarily, but in large and small
organizations. Intention to destroy a company’s standing and finances is one concrete reason
why Security Breach exists.

Security and data breaches can happen on a large uncontrollable scale.

This happens when an attacker or intruder gains access without the permission of the asset’s
owner or keeper. They use bypass mechanism that typically can reach the restricted areas.
Security breach is a violation that can lead to damage and even loss of assets.

Simply, Security Breaches refers to any action that would result in a violation of any rules of the
Central Intelligence Agency. Most of these breaches disrupt services intentionally. However,
some of them are accidental but both can cause hardware or software failures.

The following are activities that cause Security Breaches;

1. Attack through Denial of Service (DoS). This refers to an attack that kills a machine
or network, resulting for a legitimate user not to use the destroyed asset.
2. Distributed denial-of-service (DDoS). This happens when an attacker floods network
traffic to the target making it impossible for a legitimate user be denied to use the
network or a node.
3. Unacceptable Web Browsing. Acceptable web browsing is defined in an Acceptable
Use Policy (AUP) like finding for a file in the directory or browsing restricted sites.
4. Wiretapping. Wiretapping refers to the practice of connecting a listening device to a
telephone line to secretly monitor a conversation.
5. Backdoors. This refers to the hidden access included by the developers. Backdoors are
used to obtain exposure to the data repositories.
6. Data Modifications. Refers to the change in data that happens purposely or
accidentally. It may also include incomplete and truncated data.

Additional Security Challenges may include:

 1. Spam and Spim. Spam refers to unsolicited email spim are spams over instant
messaging.
2. Cookies. Cookies contain little chunks of data that may include login credentials that
make it possible for a user to have a great browsing experience.
3. Hoaxes.A hoax is a message that claims to warn recipients of a (non-existent) computer
virus threat.

RISK, THREATS AND VULNERABILITIES

Risk, Threats and Vulnerabilities are some characteristic that describes something that is needs
to be taken care. Failing to do so may lead into an attack,

Risk refers to the probability that bad things will happen to a specific asset.

Threat is defined as any action that might compromise or destroy an asset.

Vulnerability is a weakness that may harm systems or networks.

There are a wide variety of threats that spread out specially in the internet. Many call the internet
as marketplace of threats.

Threats can be categorized into Three Types which includes:

1. Disclosure Threats. These threats may include sabotage and espionage.

2. Unauthorized Threats. One of the examples in relation to Unauthorized Threats is the
Unauthorized Changes—modifications made exceeding the policy that has been agreed
upon
3. Denial or Destruction Threats. DoS and/or DDoS best explain these threats.

Categories of Malicious Attacks

Malicious Attacks can be regarded according to the intent of actions. These may include the
following:

1. An interception refers to an access gained by an unauthorized party to an asset. This

may include elicit program copying and/or wiretapping.
2. Interruption happens when a system becomes lost, unavailable or unusable.
3. Modification occurs when an unauthorized attacker tampers an asset.
4. Fabrication refers to the counterfeiting of a system or network that is done by
unauthorized party.
Types of Active Threats

The following enlists types of threats that is currently active that developers or Information
Security Professional shall be aware of:

1. Birthday Attacks
2. Brute-Force Password Attacks
3. Dictionary Password Attacks
4. IP Addressing Spoofing
5. Hijacking
6. Replay Attacks
7. Man-In-The-Middle Attacks
8. Masquerading
9. Social Engineering
10. Phishing
11. Phreaking
12. Pharming

Malicious Software (Malware)

In the context of installing before, during and after installing software to our systems, we can
say that is it malicious if it;

1. Causes damage
2. Escalates security privileges
3. Divulges private data
4. Modifies or deletes data
General Classification of Malware

Virus

Like human being, our systems or assets can be infected by a virus too. In computing, virus
comes into another program or application. Basically, it contaminate a program and can cause it
to be copied to other computers themselves. Most of the time, when the user uses an infected
application, the virus triggers.

Worm

Worm refers to a program that is self-contained. This also duplicates and send itself to other hosts
without any user intervention. One scary thing about worm is that, it does not need an application
that is installed to contaminate the whole system.

Trojan Horse

Trojan Horse is a malware that hides into a useful program. This collects sensitive information,
and may open backdoors into computers. Trojan Horse can actively upload and download files.
Rootkit

A rootkit is a group of software that is malicious. Basically, these applications gets access to a
machine unauthorizedly and hides their existence on the other applications.

Spyware

Spywares are type of malwares. They target the confidential data. Mostly, they can monitor the
actions and even can do a course of actions like scanning, snooping and installing another
spyware. They can even change the default browser of a computer.

COUNTERMEASURES

As our Old English Saying states, prevention is better than cure, in information security we can
also cure, if not prevent these attacks to happen. There are suggested activities and tools so that
we, as Information Security Professional can do as an antidote or defense from the said attacks.

Countermeasures, basically is an action to detect vulnerabilities, prevent attacks and/or react

to the impacts of positive attacks. In cases of an attack, a victim can get help from the security
consultants, law enforcement offices and/ or experts.

The following are countermeasures that can help in preventing and/or curing malware:

1. Training events for users

2. Regular updates and bulletins about malwares
3. Do not transfer assets to untrusted or unknown sources.
4. Evaluate new programs or quarantine files on a computer
5. Purchase and install anti-malware software and scan your files on a regular basis
6. Use comprehensive login credentials

On the other hand, Firewall can defend your system from various forms of attacks too. Basically,
firewall is a program or a dedicated device that inspects network traffic present in a network.
It’s purpose is to deny or permit traffic depending on protocols.