Chapter 10

10.1 Software development security

Usual trend of dealing with security: releasing software, finding weakness in software, posting weaknesses, developing and post patch, adding new patch and network administrators test and install them.

10.2 Software development life cycle

Initiationèacquisition/developmentèimplementationèoperation/maintenanceèdisposal

Initiation: need? Link between mission and performance; budget; security, and risk analysis.

Acquisition/ development: market search; feasibility; require analysis; cost and benefit analysis; cost analysis; RM plan; software conversion study; acquisition plan; risk analysis; security requirement analysis; evaluation.

Implementation: Installation and training how to use is; software check and test; security certification and accreditation.

Operation/maintenance: performance evaluation; operations and maintenance; contract modification; configuration and control.

Disposition: appropriateness of disposal; exchange and sale; internal screening; transfer and donation; contract closeout; information protect; media sanitization; hardware and software disposal.

10.3 Software development models and Capability maturity model integration

Build and fix model: no real plan, build and fix at same time.

Waterfall model: feasibilityè analysisè designè implementè test è maintain è feasibility.

V-shaped model: requirementsè high-level designèlow-level design è implementation è unit testing è integration testing è system testing. Requirements and system testing are system test planning; high-level design and integration testing are integration test planning; low-level design and uniting are unit test planning.

Prototyping: creating a sample or model of the code for proof-of concept purposes.

Incremental: multiple development cycle are carried out on a piece of software throughout its development stages. Each phase provides a usable version of software.

Spiral: Iterative approach that emphasizes risk analysis per iteration. Allows for customer feedback to be integrated through a flexible evolutionary.

Rapid application development: combines prototyping and iterative development procedures with the goal of accelerating the software.

Agile: iterative and incremental development process that encourage team-based collaboration. Flexibility and adaptability are used instead of a strict process structure.

Initial è repeatable è defined è managed è optimizing.

10.4 Mobile code and web security

Mobile code = the code can transport in network.

Information gathering: collection information, it always is first step in an attacker’s methodology..

SSI: server side includes is an interpreted server-side scripting language used almost exclusively for web-based communication.

Client-side validation: Input validation at client before sent to server.

Parameter validation: before accept data from server, checking values first.

10.5 Database Management:

Management’s job: decision making

Data analyst: presentation of data, data mining, exploitation of data.

Programmer, database administrator’s job: data warehouses, data marts, data sources.

Database: a place where data stored in.

DBMS: system which manage and control database.

Relational database model: using attributes and tuples to contain and organize information.

Hierarchical data model: combines records and fields that are related in a logical tree structure.

Object-oriented database: better than original database, it can process images, audio, documents and video.

ORD: object-relational database is a relational database with a software front end that is written in an object-oriented programming language.

Schema: using to describe how data will be organized.

Data dictionary: defined elements.

Primary key: the key of relational databases.

10.6 Expert system, artificial neural network (ANN), and malware

Expert systems: an expert system is a computer program containing a knowledge base and aa set of algorithms and rules used to infer new facts from data and incoming requests.

ANN: a mathematical or computational model based on the neural structure of the brain.

Virus: it is a segment of code that searches out hosts and infects them by embedding a copy of themselves.

Malware components: insertion(install itself), avoidance(avoid system checking), eradication(remove itself), replication(copy and spread to others), trigger(uses an event to initiate its payload execution), payload(processing its function).

Chapter 9

9.1 Cyber legalities overview:

Computer-assisted crime: computer was used as a tool to help carry out a crime.

Computer-targeted crime: crimes for computer and its owner.

Computer is incidental: when crime was carried out, computer is involved.

9.2 Type of legal system:

Civil law system: different locations have different civil law. (Europe, Russia, South America, Central America)

Common law system: it uses judges and juries of peers. It includes criminal, civil/tort. (North America, Oceania, England)

Customary law system: local customs

Religious law system: the law based on religious beliefs. (Middle East)

Mixed law system: two or more legal system is used together.

9.3 Intellectual property laws and privacy:

Patent grants ownership and enables that owners to legally enforce their rights.

Copyright protects expression of ideas.

Trademarks protect words, names, product shapes, symbols, colors, or a combination of these used to identify products or company.

Privacy information: full name, national id, IP address, vehicle plate number, driver license, fingerprints, handwriting, credit card information, birthday, birthplace, genetic information.

9.4 Investigations

A few different attack types:

Salamis: the attacker commits several small crimes with the hope that the overall larger crime will go unnoticed.

Data diddling: change existing data and many times it happens before data entered into application..

Password sniffing: sniffing network traffic with the hope of capturing passwords being sent between computers.

IP spoofing: change IP address within a packet and spoofing others.

Chapter 8

8.1 DRP and BCP

Disaster recovery plan (DEP) is carried out when everything is still in emergency mode, and everyone is scrambling to get all critical systems back online. Business continuity plan (BCP) takes a broader approach to the problems.

Continuity policy ==> BIA (business impact analysis) ==> identify preventive controls ==> develop recovery strategies ==> develop BCP ==> exercise ==> maintain BCP

8.2 BCP project components

  At lease following departments:
business units, senior management, IT department,security department, communications department, legal department.

BCP need include following information:
objective to task map, resource to task map, workflows, milestones, deliverables, budget estimates, success factors, deadlines

8.3 Preventive measures and Data backup

Define business function and supporting department;define function and department; discover possible disruption that affect the mechanisms necessary to allow these departments to function together; identify threats; grater quantitative and qualitative information pertaining to threats; provide alternative methods of restoring functionality and communication; provide a brief statement of rationale for each threat and corresponding information.

full backup ==> different process ==> incremental process

8.4 Recovery restoration

Construct(teams):
damage assessment, legal, media relation, recovery relocation, restoration, salvage, security.

damage assessment steps:
reason of the disaster,  further damage,  affected business functions and areas,  functionality for the critical resources,resources replacing, how long take back, if longer than estimated MTD values, then public BCP.

Chapter 7

7.1 History, definitions and concepts of Cryptography

Start around 2000 B.C.in Egypt:"atbash" ("security" is encrypted into "hvxfurgb")

Cryptography: plain-text ==> encryption ==> cipher-text ==> decryption ==> plaint-text

Cryptography-system includes software, protocols, algorithms,and keys at least.

Services of Cryptography-system: confidentiality, integrity, authentication, authorization, and non-repudiation.


7.2 Ciphers and encryption methods

Ciphers: One-time pad (message + one-time key = cipher text), running key cipher (has long running key), concealment cipher (hides a secret message in open message), transposition (shifts values), Caesar cipher (shifts 3 values)

Encryption: Symmetric (same key both side) and asymmetric (different key, one is public and other one is private); block cipher (encrypts one piece of date at a time) and stream cipher (using key-team); hybrid (mix above methods)



7.3 Types of symmetric and asymmetric systems

Symmetric: DES (65-bit true key, 64-bit block, and 16 round computation), ECB (64-bit data block is entered into algorithm with key), CBC (cipher block chaining), CFB (Cipher feedback mode), OFB (output feedback mode), CTR (counter mode), Tripe-DES (3 keys, 48 round computation, double-DES security =  DES security), AES (128-bit block sizes and various key lengths), IDEA (128-bit key and 64-bit block sizes, international), RC4~6.

Asymmetric: Diffie-Hellman(first, based upon logarithms in finite fields);RSA, El Gamal, Elliptic curve ecosystem, Knapsack


7.4 Internet security and attacks

Online transaction: 1. customers online shopping 2. customers completes order form 3. order summary sent to customers 4. customer reviews order and submits 5. credit card information is sent to merchant bank through payment gateway 6. merchant bank sends credit card info to customer bank through payment gateway 7.customer bank verifies credit card and clears request 8. customer bank verifies credit card and clears request 9. notification of order is sent to merchant 10. customer receives confirmation of order.

HTTPS: combination of HTTP and SSL\TLS that use to secure internet connections and e-commerce standard developed.

coolie: protect web information

IPSec: protect IP

Attacks: passive, active, cipher-text-only, known-plain-text, chosen-plain-text, chosen-cipher-text, side-channel, replay, algebraic, analytic, statistical, social engineering, meet-in-the-middle.

Chapter 6

6.1 OSI and TCP/IP:

OSI model (application, presentation, session ≈ TCP/IP model (Application)

OSI model (transport) ≈ TCP/IP model (host-to-host)

OSI model (network) ≈ TCP/IP model (internet)

OSI model (data link, physical) ≈ TCP/IP model (network access)

OSI layer work with OSI layer, every layer will add its own information in the data.

People can read application and presentation layers information, other layers are computer’s job.

TCP: safety, reliability, high system cost (handshake first)

UDP: fast, low cost, but unsafety

0~1023 well-know ports, 1024~49151 registered ports, 49152~65535 dynamic ports.

6.2 Types of Transmission:

Long distance, digital is better than analog. If using analog, you need a model to transfer analog to digital, because computers only can read “0” and “1”.

Synchronous: robust error checking, timing component, high-speed and high-volume, low cost

Asynchronous: no timing component, processing every byte, error controlling every byte (three steps: start, stop, parity)

Baseband: every time only transport one information

Broadband: can transport several information at same time.

6.3 Cabling, Networking Foundations and Media Sharing:

Attenuation: gradual loss in intensity of any kind of flux through a medium.

Crosstalk: the signal from one cable goes to other cable.

Ring topology: each system connect to two other system, forming a single, unidirectional network pathway for signals, thus forming a ring.

Bus topology: systems are connects to a single transmission channel, forming a linear construct.

Star topology: network consists of one central device, which acts as a conduit to transmit messages.

Mesh topology: network where each system must not only capture and disseminate its own data, but also serve as a relay for other system.

Ethernet: 802.3 and using 48-bit MAC addressing

Token ring: controls network communication traffic through the use of token frames. It replaced by Ethernet.

6.4 Transmission Methods, Network Protocols, and Domain Name Service (DNS):

Internet group management protocol (IGMP): the protocol between rout and system on the IP network.

Media access control (MAC): data communication protocol sub-layer of the data link layer specified in the OSI model.

Address resolution protocol (ARP): a networking protocol used for resolution of network layer IP addresses into link layer MAC addresses.

DNS: a hierarchical distributed naming system for computers, sevices, or any resource connected to an IP based network.

6.5 Network Devices and firewalls:

Repeaters: it repeats electrical signals between cable segments which enable is to extend a network.

Bridges: LAN device used to connect LAN segments.

Routers: checking routing data, finding IP address, sending requested destination IP, Check destination IP is right or wrong, fragments the datagram, changing header information and making packet, sending the packet to its output queue for the necessary interface

Dual-homed firewall: two interfaces and sits between an untrusted network and trusted network to provide secure access.

Virtual firewall: running in the virtualized environment, control and monitor data in virtual machines.

Cloud computing: sharing resources, software, and information

6.6 Network Type:

Electronic data interchange: structured transmission of data between organizations.

Value-added network: a hosted EDI service

Metropolitan area network: such as campus network

Metro Ethernet: it used to connect larger network service or internet

Wide area network: a telecommunication network that covers abroad area

6.7 Wireless Technology:

First generation: analog services, voice service only

2G: primarily voice, some low-speed data, phones were smaller in size, added functionality of e-mail, paging and caller ID

2.5G: 2G + email and web pages

3G: integration of voice and data, packet-switched technology

3.5G: OFDMA (Orthogonal Frequency-Division Multiple Access is a multi-user version of the popular orthogonal frequency-division multiplexing (OFDM) digital modulation scheme)

4G: based on an all-IP packet-switched network, data exchange at 100mbps – 1Gbps