Current Security Trends and Assessment of Cyber Threats

Current Security Trends and Assessment of Cyber Threats

CURRENT SECURITY TRENDS AND ASSESSMENT OF CYBER THREATS by BIJITESHW AR RUDRA AA YUSH B.E in Information Technology, Bharati Vidyapeeth University, 2009 A Report Submitted in Partial Fulfillment of the Requirements for the Degree of Masters of Computer Science In the Graduate Academic Unit of Computer Science Supervisor: Rodney H. Cooper, MMath, Computer Science Examining Board: Wei Song, Ph.D., Computer Science, Chair Natalia Stakhanova, Ph.D., Computer Science This report is accepted by the Dean of Graduate Studies THE UNIVERSITY OF NEW BRUNSWICK January 2015 ©Bijiteshwar Rudra Aayush, 2015 Abstract Continuous functioning of critical infrastructure is one of the foundations for the socio economic activities and development of a country. Owing to the continuous development in technologies, computers, other computing services, software and cyber space are used for interconnection, information processing and communication. The development in technology and the use of cyber space have created new threats and vulnerabilities which could pose at least as significant a threat as a physical attack. Lately cyber criminals and terrorists are using their skills to exploit cyber space and they are committing severe crimes. The objectives of this Masters report are to explain the role of cyber space and computing technologies on critical infrastructure and highlight several cyber threats and countermeasures. This report also highlights the need of secure software development and explains how an average programmer can contribute in securing cyber space and what effect that can have on national infrastructure. 11 Acknowledgements First and foremost, I would like to express my sincere appreciation to my supervisor, Prof. Rodney H. Cooper, for his guidance, encouragement, assistance, patience, and motivation in completing this report. I also wish to express deep and smcere feelings to my family for their encouragement throughout this long endeavor of completing this report. 111 Table of Contents Abstract .............................................................................................................................. ii Acknowledgements .......................................................................................................... iii ... L1st. of F"1gures .........•....................................................................................................... v111 1.0 Introduction .................................................................................................................. l 1.1 Objective .................................................................................................................... 2 1.2 Overview of the Report .............................................................................................. 3 2.0 Introduction to Critical Infrastructure and Cybercrime ......................................... 5 2 .1 Infrastructure .............................................................................................................. 5 2.2 Critical Infrastructure ................................................................................................. 6 2.3 Cybercrime ................................................................................................................. 7 2.3.1 Offences against the confidentiality, integrity and availability of computer data and systems ............................................................................................................... I 0 2.3.1.1 Illegal Access ................................................................................................ 11 2.3 .1.2 Data Espionage ............................................................................................. 11 2.3.1.3 Data Interference ........................................................................................... 12 2.3.1.4 System Interference ...................................................................................... 12 2.3.1.5 Cyber Terrorism ............................................................................................ 13 2.3.2.1 Computer related fraud ................................................................................. 15 2.3.2.2 Computer related forgery .............................................................................. 16 lV 2.3.2.3 Identity theft .................................................................................................. 17 2.3.3 Content-related offences .................................................................................. 17 2.3.3.1 Child pornography ........................................................................................ 17 2.3.3. Libel and false information ............................................................................. 19 2.3.3.4 Other forms of illegal contents ..................................................................... 20 2.3.4 Copyright-related offences ............................................................................... 20 2.3.4.1 Piracy ............................................................................................................ 21 3.0 Cyber Security ............................................................................................................ 23 3 .1 Background .............................................................................................................. 23 3 .1.1 Information security ......................................................................................... 24 3.1.2 Mobile Security ................................................................................................ 27 3.1.3 Network Security ............................................................................................. 30 3.2 Countermeasures ...................................................................................................... 34 3.3 Critical Infrastructure Protection (CIP) ................................................................... 39 3 .3. 1 Critical Infrastructure Protection Life Cycle .............................................. 41 4.0 Coding Standards, Guidelines and Best Practices .................................................. 44 4 .1 Background .............................................................................................................. 44 4.2 Types of Standards ................................................................................................... 47 4. 3 Secure Coding .......................................................................................................... 48 4.4 Coding Techniques .................................................................................................. 49 V 4.4.1 Naming conventions ........................................................................................ 50 4.4.2 Comments ........................................................................................................ 52 4.4.3 Format .............................................................................................................. 53 4.5 Guidelines ................................................................................................................ 54 5.0 Secure Coding and Best Practices for Programmers ............................................. 58 5. l Secure Coding .......................................................................................................... 5 8 5.2 Role of Secure coding in modern society ................................................................ 61 5.3 Organizations and Popular Coding Standards ......................................................... 62 5.3. l Computer Emergency Response Team (CERT) .............................................. 63 5.3.2 Open Web Application Security Project (OWASP) ........................................ 64 5.3.3 MITRE ............................................................................................................. 64 5.3.4 Payment Card Industry (PCI) Security Standards ........................................... 65 5.3.5 Microsoft Secure Coding Guidelines ............................................................... 66 5.4 Security Vulnerability and Flaws ............................................................................. 67 5.4. l Injection attacks ............................................................................................... 67 5.4.1.2 Cross-Site Scripting (XSS) ........................................................................... 68 5.4.2 Insecure direct object references ...................................................................... 69 5.4.3 Security misconfiguration ................................................................................ 70 5.4.4 Sensitive data exposure .................................................................................... 71 5 .4. 5 Missing function level access contro 1.............................................................. 71 Vl 5.4.6 Weaknesses in authentication and authorization ............................................. 72 5.4.7 Use of hard-coded credentials .......................................................................... 73 5 .4. 8 Invalidated redirects and forwards ................................................................... 73 6.0 How Programmers Can Write Secure Code ........................................................... 75 6.1 Background .............................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    102 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us