3.6.3 Methods to detect and prevent Cyber Security Threats

• There are many methods that a company can use to identify security vulnerabilities.
• These can include:
  • Network Forensics.
  • Penetration Testing (Covered in 3.6.1 Cyber Security Threats)

What is network forensics?

• Police forensic work involves the use of scientific methods and techniques to investigate a crime.
• This term can be applied in much the same way but in the context of network forensics.
• This involves capturing, storing and analysing network events using special software.
• Network managers can monitor business transactions to verify that they are not fraudulent, or they can stop security attacks before they can cause damage a network system.
• Network forensic software can also detect data leaks, where confidential data is being transferred to an external source.
• The software can additionally reveal who communicated with whom, when, how and how often.
• After a network attack, data packets can be analysed to discover how the network was attacked and decisions can be made on how to prevent future attacks.

What is penetration testing?

• Penetration Testing is used to find any security weaknesses in a system. It is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
• Penetration testing is also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that a hacker could exploit.
• Penetration testing can be automated with software applications or performed manually.

• The strategy is to:
  • Gather information about the target of possible attacks.
  • Identify possible entry points.
  • Attempt to break in.
  • Report back the findings.

Black-box Penetration Test

• The aim of black-box pentration testing is to simulate an external hacking or cyber warfare attack.
• Testers are given very little or no information about the network prior to the test. The test could target email servers, web servers or firewalls.
• The objective is to find out:
  • Whether a hacker can get in.
  • How far they can get.
  • What they can do on the system.

White-box Penetration Test

• The aim of white-box penetration testing is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system.
• Testers are given basic information about the network in advance of the testing. This could include IP addresses, network protocols and even passwords.
• It puts the tester in the position of an insider, to determine how much damage a disgruntled or dishonest employee could cause.

• There are many methods that an organisation can use to prevent and deal with threats to network security.
• We will cover the following methods:
  • Biometric Measures.
  • Passwords and Usernames.
  • CAPTCHA.
  • Email Confirmations.
  • Anti-Malware Software and Automatic Software Updates.

Biometric Measures

Biometrics - Biometrics measures physical traits. Biometrics are measures of biological
quantities or patterns but also means measurements of an individual's features, such as
fingerprints, that can identify or authenticate a person. Used this way, a biometric is
a password that cannot be forgotten, lost or stolen.

• Biometrics covers a variety of technologies in which unique identifiable attributes of people are used for identification and authentication.
• These include, a person’s fingerprint scan, retinal (iris) scan, face scan and voice pattern sample which can be used to validate the identity of individua seeking to control access to computers, airlines, databases and other areas which may need to be restricted.
• The probability of two people having identical biological characteristics is extremely rare, and so these methods can be used to positively identify a person.
• Biometric systems are often used on mobile devices and the advantages of these methods over password entry are that it is not possible to steal or forget a biometric characteristic.
• Biometric Measures - Using some part of a person's biology to access a computer/device system, instead of using a password.
• For example:
  • Mobile phones and tablets that unlock on scanning a fingerprint.
  • Doorbells that unlock when a person's iris or retina is scanned.
  • Voice recognition.
  • Face recognition.

Passwords and Usernames

Passwords and Usernames - Is a technique of fraudulently obtaining private information,
often using email or SMS.

• Automated procedures that ensure that secure password policies are followed to ensure that users who do not follow these procedures are not allowed into a system.
• Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks.
• In its usual form, it estimates how many tries an attacker who does not have direct access to the password would need on average to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.
• Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls.
• Passwords should contain a combination of upper and lower-case letters as well as numbers and symbols. (E.G. $tROng p@s$worDs).
• Simarly, default passwords can be a problem. For example, a router's new owner might not change the default password from admin or password when they buy it. The default password is usually found in the instruction manual or on the device itself.
• Leaving a default password is one of the major factors in compromising the security of a system.

CAPTCHA

CAPTCHA - Is an acronym for Completely Automated Public Turing test to tell Computers
and Humans Apart. is a type of challenge–response test used in computing to determine
whether or not the user is human.

• A CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass, but current computer programs cannot. For example, humans can read distorted text as the one shown above, but current computer programs cannot.
• The most common type of CAPTCHA was first invented in 1997 by two groups working in parallel. This form of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen.
• Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a CAPTCHA is sometimes described as a reverse Turing test.

• CAPTCHAs have several applications for practical security, including (but not limited to):
  • Preventing Comment Spam in Blogs.
  • Protecting Website Registration.
  • Protecting Email Addresses From Scrapers.
  • Online Polls.
  • Preventing Dictionary Attacks.
  • Search Engine Bots.
  • Worms and Spam.

Password Confirmations

Email Confirmations - Often, when a password is changed, a user must verify this change
by clicking on a link sent to a registered email address. This can prevent hackers from
changing passwords un-noticed.

• When you sign up for a new web service, you will sometimes be asked to verify your details through an email verification process.
• You will not be able to complete the web service application process and activate your new account until you have verified and confirmed your email address.
• This method is considered a best practice, to confirm the email of a new user registration, so that it can be confirmed that the individual is not impersonating someone else.
• Suppose you had a discussion forum, and you wanted to prevent [email protected] from registering as [email protected]. Without email confirmation, [email protected] could receive unwanted email from your app.
• Suppose the user accidentally registered as [email protected] and had not noticed the misspelling of yli.
• They would not be able to use password recovery because the app does not have their correct email address.
• Email confirmation provides limited protection from bots. Email confirmation doesn't provide protection from malicious users with many email accounts.

Anti-Malware Software

• Anti-malware is a type of software developed to scan, identify and eliminate malware, also known as malicious software, from an infected system or network.
• It secures an individual system or an entire business network from malicious infections that can be caused by a variety of malware that includes viruses, worms, trojans, rootkits, spyware and adware.
• Anti-malware can be deployed on individual computers, a gateway server or even on a dedicated network appliance.
• An effective anti-malware tool includes multiple features like anti-spyware and phishing tools to ensure complete protection.

• Anti-Malware Software will protect a computer in three ways:
  1. It prevents harmful programs from being installed on a computer.
  2. It prevents important files, such as the operating system (OS), from being changed or deleted.
  3. If a virus does manage to install itself, the software will detect it when it performs regular virus system scans. Any viruses detected will be removed.
• New viruses are created regularly, so it's important that any anti-virus software is regularly updated.

Automatic Software Updates

• Popular software is a common target for hackers and malware. For example, browsers, pdf readers, application software and even operating systems.
• These can all be automatically updated by selecting options to automatically update and install either from the operating system or from the software.
• The top most out-of-date Windows programs installed on PCs around the world shows that in more than 94% of cases, users who have installed Adobe Shockwave, VLC Media Player, and Skype on their computers haven't updated them to the latest versions.
• Out-of-date Microsoft Office programs are another category of applications which put their users at risk, especially given that 15% of all Office installations are Enterprise 2007, an Office version Microsoft has stopped supporting since 2017 which means that it hasn't received any bug fixes or security patches for almost two years.
• Threats will often exist in combination. A username acquired via phishing could be used in collaboration with a weak, easy-to-guess password to introduce a virus that specifically seeks out unpatched software.