IBM ICE (Innovation Centre for Education)

Welcome to:
Understanding Security and Risk Management

9.1
Unit objectives IBM ICE (Innovation Centre for Education)
IBM Power Systems

After completing this unit, you should be able to:

• Learn the concept of security and risk management (ITIL Topics)

• Understand the concept of threats and exploits

• Gain knowledge on different malware types

• Gain insight into threats on a network and types

• Understand the threats related to the Windows, Linux & Mac Operating System

• Learn about Phases in Hacking

Introduction to security and risk
management (1 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Securing of sensitive data linked to the organization.

• Implementation, monitoring, reviewing and enhancing the information security for the
organization.

• Subset of governance along with information technology.

Introduction to security and risk
management (2 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Figure: A framework of information security management based on ITIL

Introduction to security and risk
management (3 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• ISO 27000 Series:

– The ISO along with the international electrotechnical commission joined hands to form a technical
committee.
– Committee has the subcommittees with the aligned working groups.
– Requirements of planning, implementing and operating along with the enhancing of an information
security management system. The main standard concerning the information security management
system.
– Security management system utilizes the integrated model linked to the PDCA or the plan–do–check–
act.

Figure: PDCA model

Introduction to security and risk
management (4 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Iso 27007:
– The guidelines linked to auditing of isms are laid.

• Iso 27009:
– Provisions the guidance for auditors on several controls of information security management systems.

• Iso 27030:
– The respective technical controls along with the guidance.

• The ITIL standard:

– Known as the information technology infrastructure library.
• Contains the best practice framework associated with it service management.
– Primary objective, that of the service management is to ensure that the alignment of business needs.
– Being developed by the office of government commerce.
– Service strategy does ensure that the management of risks.
• Along with the costs in the service portfolio are being well focused on.
Introduction to security and risk
management (5 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Service transition:
– Information associated with the development along with the improvement of capabilities.
• Service operation:
– Emphasizes the operation of services linked to information technology services.
• Continual service improvement:
– Contain the instructions concerning the recurring enhancement of design along with the
implementation.
Introduction to security and risk
management (6 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• ISO/IEC 20000:
– International standards linked to service management.
– Requirements for the service management system.

• COBIT:
– Control objectives for information and related technology is a framework which is being created by the
information systems audit and control association.
– Aim of the use of COBIT is as a reference model for the core processes.
– Output of this assessment aids in the documentation of processes and the evaluated risks.
Introduction to security and risk
management (7 of 7) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• COBIT:
– Changes in case of the information security change management
– Running of the information security management systems processes that were identified and
allocated.
– Output of such a resource management process tend to be well planned.
– Categorization concerning the controls in regard to the funding done for the control.
– Reports prepared on the usage of such core processes of isms along with the information security
CRM.
– Change focusing on the element of the information security management system.
Understanding and identifying threats IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Significant understanding of the threats is present.

• Protection from the threats to the assets in the system and as part of the network.

• Regular updates and reviews along with rigorous monitoring can be helpful in the
understanding of these thefts.

• Insider threats pose to be a challenge for the organizations.

• Data can entail the personal data of users or consumers.

• IT security poses to be crucial in the case of the organizations.

Understanding and identifying exploits IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Identification of vulnerabilities and risks on a network is crucial.

• Risks are the consequences of a potential nature which impacts unaddressed vulnerabilities.

• Example: Failing to update windows on web server can well pose to be a vulnerability.

• Weak spots present in the network need to be well-identified.

• Key actions:
– Understanding common attacks.
– Establishing the list of potential vulnerabilities.
– Using the vulnerability to scan the tools in the network.
– Assessment of the risk based on the presence of vulnerabilities.
Different types of malware: Worms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Worms:
– Difference that lies between the worm and the virus is that the worm does not require a host
document.
– Worm does not require to attach itself to another program.
– Worm has the capabilities to send copies of self to other computers falling part of a network.
– Anti-virus is the best source to catch a worm in the system.
Different types of malware: Rabaworm.pl IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Rabaworm.pl
Different types of malware: Virus IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Virus:
– An executable code which tends to propagate.
– Host document would be the executable file.
– Host is ideally being identified with an IP address.
– Hosts for the several computer viruses can be the:
• Boot sectors.
– Boot sectors that are on the disks along with other storage media.
– Execution of instructions that are at a designated memory address.
– Instructions well indicate the system as to what would be the device utilized for booting.
– Sector has the partition table associated with the disk - contains the bootstrap code.
– Requisite is to pull the operating system at the time of booting.
– Volume boot record.
> 1st sector by default serves to be boot sector for the partition.
> Boot sector gets executed automatically.
> Code that is present in the boot sector contains the partition tables which are executed automatically.
Different types of malware: Trojan horse IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Trojan horse:
– Program which appears to be useful and at the same time, it has a benign purpose.
– Masking of hidden malicious functionality.
– Referred to as the trojans.
– Allow the army to sneak even in case of a fortified.
– Attempts to sneak past any of the computer security and these can be in the form of a firewall.
– Goals of a trojan horse.
• Duping for the system administrator is carried out by having the installation of trojan horse.
• Blending of trojan horse with other programs of normal nature.
Different types of malware: Bots IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Bots:
– Referred to as web robots.
– Software applications that are automated to perform the specific tasks.
– Done through the scripts or otherwise the coding that is done over the net.
– Internet bot.
– Bot, web crawler, botnets perform the task.
• Structural repetition is performed at a considerably faster rate.
• Simple tasks are being performed at a fast pace.
– Companies analyze the content along with the indexing done for the web.
– Use for bots in such case is to well categorize the sites and perform a repetitive task.
– History backs to the 19th century in the year of 1964, the first Bo was being introduced at MIT
laboratory.
– Recent bots by companies being Siri by apple and Alexa by amazon are significant examples of bots.
Different types of malware: Spyware IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Spyware:
– Undisclosed subroutines which enable tracking the internet activity of the host.
– Malicious virus can well capture the screenshots.
– Credentials and email addresses.
– Webform data too along with the internet habits and the information of personal nature.
– Data gets delivered to the attackers online who generally sell this data.
– Financial crimes and identity thefts form part of the exercise.
– End User License agreements (EULA) to describe the data collection activities of the software.
Different types of malware: Adware IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Adware:
– Software which helps make banners and pop-ups to appear on the screen.
– Downloaded and are also present as free programs.
– Example of adverts is in case of skype messenger and yahoo messenger.
– Adverts sneak into the computer and interfere with the software.
– Adware can even be in the user interface of any software.
– Display of the advertisements is based on the preference of the users of the system.
– Software failed to be on the radar for the security corporations and they failed to take notice of it for
more than 15 years.
– Adverts in the form of adware are presented in form of banner adverts and the banner adverts.
Different types of malware: Floating
adverts & Pushdown banner IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Floating adverts:
– Design of floating adverts is within the web site.
– Adverts prevent the user from having to see the windows appropriately. The floating adverts can be
hard to skip as they float while you move the position.
• Pushdown banner:
– Adverts do not have the content hidden.
– Alteration associated with the point of view of the user.
– Advert is pushed out of the way and the enlargement for such an advert has to be activated by the
user.

Figure: Yahoo home page – push down banner

Different types of malware:
Pop up advert IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Pop Up Advert:

Figure: Pop Up advert

Prevention of ransomware IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Prevention of ransomware can be well done by adopting countermeasures:

– Backups:
• Advised that backup of all data and crucial information is made and the same is being stored offline.
– Risk analysis:
• Pertains to the cybersecurity risk.
– Staff training:
• Staff in any organization must be trained enough to ensure that the cybersecurity practices are being well
adhered to.
– Vulnerability patching:
• Implementation of vulnerability patching.
– Business continuity:
• Organization needs to have the capabilities to sustain the operations linked to the business.
– Application whitelisting:
• Approved programs should be only allowed to work on our networks.
– Incident response:
• Plan for the incident response should be well executed for the organizations.
– Penetration testing;
• Hacking into our systems to test the security levels and to check the capability and the ability to defend ourselves.
Different types of malware: Effective plan
for ransomware IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Effective plan ready in case if infected with ransomware:

– Isolation of network system and removing the infected computer immediately.
– Powering off affected devices which would have been corrupted.
– Immediately securing back up data or taking these systems offline.
– Contacting law enforcement with immediate effect in case of discovery of any ransomware event.
– Collecting and securing partial portions of ransomed data can exist too.
– Altering all the online passwords along with the network passwords.
– Deleting the registry files and the registry values.
Different types Of Malware: Rootkits IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Rootkits:
– Software which acquires and maintains the privileged access to the operating system.
– Done by hiding its presence by subverting a normal behavior of an operating system.
– Goal of the rootkit is to run hide and act.
– ACL - mechanism that prevents the application from being accessed.
Different types of malware: Subverts IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Subverts:
– Occur while the rootkit hides while lying to other software on the system. The software does rely on
the operating system.
– Aid in providing information for the environment in which it would be operational and running.
– Application would have files that would be required to run.
– Application asks operating system about these files along with the registry keys.
– Examples of it would include the FindFirstFile, RegOpenKeyEx to get access to the registry files.
– The rootkits intercept these questions before it would get to the operating system and replies.
Different types of malware: Tidserv IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Bundling with other threats and the social engineering attack.

– Tidserv can hide well in the unused place.
– known to infect the drivers that are commonly in use.
– Tidserv threat begins to direct the victims to the websites of malicious software.
– Detection & Removal of Rootkit.

Figure: Detection and removal

Different types of malware: Backdoors IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Backdoors:
– Example: Burglary case can be considered. Most of the houses have the "protected" sign hanging on
the main gate.
– Backdoor if unlocked has access to the house.
– Backdoor refers to the methodology wherein the authorized or unauthorized users can well able to get
around the normal measures associated with the security.
– Hijacking of the device is carried out by them.

Figure: Backdoor
Different types of malware: Threats IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Web applications and databases threats.

– Vulnerabilities include several software bugs along with the missing of the operating system.

• Network threats.
– Trojan horse, adware and spyware are significant network threats.
– Rogue security software is a new system and is prevalent as an internet fraud. It is a malicious virus
installed on the computer systems of users.
– Spyware, malware along with the adware companies and the disgruntled employees.

• Social engineering.
– Perpetrator tends to investigate the victim with the essential background information.
Threats on a network and types IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Record-breaking prevention needs to be well in place.

• Constant improvements in computer network technology - with the rapidly advanced hacker
attacks.

• The network threats are of 2 types:

– Passive network threats.
• Threats are the activities which can be well associated with idle scans and the wiretapping.

– Active network threats.

• Encompass the activities such as the denial of services (dos) attacks along with the sql injection attacks.
Threats: Windows OS IBM ICE (Innovation Centre for Education)
IBM Power Systems

Figure: Windows OS
Linux OS threats IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Threats related to the Linux operating system:

– Linux trojans:
• Can self-distribute along with sending of spam emails.
• The DDOS attacks along with the target for specific content available online is a threat posed for Linux.
– Backdoors:
• Refers to the methodology wherein the authorized or unauthorized users can well able to get around the normal
measures.
– Ransomware:
• Ransomware would otherwise require special privileges to be installed and have encryption done for the data.
• Linux.Encoder.1 ransomware attack in the year 2015 was a target for the Linux operating system.
• Fatal flaw for the developers and the implementation linked to the encryption being done.
– Physical thefts:
• Stolen laptops or personal computers being accessed by thieves are exposed to the risk of reformat done for the
hard disk drive and the data can be completely lost.
– Dual booting with windows:
• Linux machine, if the dual-booting arrangement is done with windows, the risk is enhanced with the intruder being
allowed to have access to the personal computer.
Threats related to the Mac operating
system IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Threats to trojans, worms, malware and ransomware are less in case of mac.
– WannaCrypt ransomware that was responsible for getting down the companies to knees with the
compromised network security.
• Crescent core or OSX:
– Malware was found to be operating on several websites. This included a comic book download too for
a website in the year 2019.
– CrescentCore was well disguised as dmg file for adobe installation. It was well able to bypass the
gatekeeper of apple.
• Linker:
– Linker/OSX also came into limelight in the year 2019. It is a vulnerability with the extent to have the
gatekeeper to have the installation of malware.
• Loudminer:
– Cryptocurrency miner was cracked installer for the Ableton live.
– Mining software attempts to utilize the mac power of processing to make money.
• Mac downloader:
– Researchers found two years back that the software MacDowlader did not have a genuine adobe
flash.
– While the installer is being run, the alert claims the presence of adware on the mac.
Five phases of hacking IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Reconnaissance.

• Scanning.

• Gaining access.

• Maintaining access.

• Covering tracks.

Figure: Five phases of hacking

Environment creation for VAPT IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Understanding vulnerability and penetration testing (VAPT) is crucial and the combination of
tests.
– Relevant tools to discover vulnerabilities that can be exploited.
– Building own pen-testing environment involves the VMware workstation.
– Virtual environment is to practice in a virtual environment. Such an environment can be well created in
virtual machines.
– Virtualization systems.
• Oracle virtual box.
• VMware workstation player.
• VMware workstation.
VAPT: Installing and setting up
tools (1 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Installation and set-up tools

– Running of the trial version of the Windows Operating System in the VMWare W/S
– downloading and installation of VMware w/s, a VMware image is to be downloaded off the Windows

Figure: Installation and set-up tools

VAPT: Installing and setting up
tools (2 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The .iso file is to be downloaded.

– Open VMWare Workstation.

Figure: VMWare Workstation home page

VAPT: Installing and setting up
tools (3 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Click on the "Customize Hardware”.

Figure: VMWare Workstation- Customize Hardware

VAPT: Installing and setting up
tools (4 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Figure: VMWare: Power on virtual machine

Checkpoint (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Multiple choice questions:

1. What can be posed due to natural means:
a) Threat
b) Hacking
c) Vulnerability
d) Both A and B

2. How to check of several updates along with the common configuration?

a) Security Analyzer
b) Networking Tool
c) Microsoft Baseline Security Analyzer
d) Scanning Tool

3. Find the examples of Exploits:

a) SQL Injection, XSS, DoS, Vulnerability
b) SQL Injection, XSS, DoS, Buffer Overflow
c) SQL Injection, XSS, DoS, Attack
d) SQL Injection, XSS, DoS, Passive Attack
Checkpoint solutions (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Multiple choice questions:

1. What can be posed due to natural means:
a) Threat
b) Hacking
c) Vulnerability
d) Both A and B

2. How to check of several updates along with the common configuration?

a) Security Analyzer
b) Networking Tool
c) Microsoft Baseline Security Analyzer
d) Scanning Tool

3. Find the examples of Exploits:

a) SQL Injection, XSS, DoS, Vulnerability
b) SQL Injection, XSS, DoS, Buffer Overflow
c) SQL Injection, XSS, DoS, Attack
d) SQL Injection, XSS, DoS, Passive Attack
Checkpoint (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Fill in the blanks:

1. The computer ________ executable code which tends to propagate and does attach itself to
the host document.
2. ___________are on the disks along with other storage media.
3. The __________ is a malicious software cyber actor.
4. The __________ rootkit hides while lying to other software on the system.

True or False:

1. The pop-up adverts open another browser for the same window. True/False
2. Spyware is a software that manages to gather information from other scanners. True/False
3. The Bots are Also referred to as Web Robots. True/False
Checkpoint solutions (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Fill in the blanks:

1. The computer Virus executable code which tends to propagate and does attach itself to the
host document.
2. Boot Sectors are on the disks along with other storage media.
3. The Ransomware is a malicious software cyber actor.
4. The Subverts rootkit hides while lying to other software on the system.

True or False:

1. The pop-up adverts open another browser for the same window. True
2. Spyware is a software that manages to gather information from other scanners. False
3. The Bots are Also referred to as Web Robots. True
Question bank IBM ICE (Innovation Centre for Education)
IBM Power Systems

Two-mark questions:

1. List significance of Bots?

2. Describe how trojan horse can attack?
3. What are Boot Sectors?
4. Explain any worm?

Four-mark questions:

1. Explain about ISO/IEC 20000 ?

2. How does COBIT function?
3. Describe 3 ITIL Standards?
4. Summarize the Good and Bad Bots?

Eight-mark questions:

1. Explain VAPT with the steps for installation?

2. Explain threats related to MAC Operating System?
Unit summary IBM ICE (Innovation Centre for Education)
IBM Power Systems

Having completed this unit, you should be able to:

• Learn the concept of security and risk management (ITIL Topics)

• Understand the concept of threats and exploits

• Gain knowledge on different malware types

• Gain insight into threats on a network and types

• Understand the threats related to the Windows, Linux & Mac Operating System

• Learn about Phases in Hacking