Week 1 Assignment

Due Sunday, September 10, 2006

  1. The CIA of a website can be breached maliciously or by accident. Web developers need to know how to protect their web applications and the data behind web applications - both web application hacks and poor code/application design can create CIA problems. For example:
    1. Confidentiality - unauthorized access to a company's intellectual property can be accomplished through unauthorized access of a database (SQL injection or weak authentication), or by reading sensitive data that was transmitted over an unencrypted session.
    2. Integrity - user input needs to be validated to ensure that information sent to a database via a web application was not modified in transit and is well formed and a valid format and type.
    3. Accessibility - a web server can crash due to Denial of Service or a web application's performance/availability can unintentionally be disrupted due to code bugs, memory leaks, or its inability to handle a legitimate number of transactions.

    Secure code can be summarized as "Never trust user input and always check data as it moves from an untrusted to a trusted domain. Then test, test, test!"

  2. Privacy is a central element of the FTC's consumer protection mission. Both federal and state law govern online privacy in these areas - children's privacy, CRM/profiling, data protection, electronic communications privacy, financial privacy, healthcare privacy, and international privacy.

    The two privacy regulated industries of healthcare and financial institutions pose significant challenges when developing policies and systems that also comply with relevant privacy legislation. The HIPAA (Health Insurance Portability and Accountability Act ) Privacy Rule (implemented and enforced by the Department of Health and Human Services) regulates 3 types of covered entities - Health Plans, Health Care Clearinghouses, and Health Care Providers. It can also impact their vendors and financial institutions. Thus, it applies to essentially every employer that provides health care benefits to their employees.

  3. Most IDS used today are Signature-Based, which compares current system activity with a database of known (previously established) attack signatures. It would watch for patterns of traffic or application data that conform to malicious characteristics.

    An Anomaly-Based or Knowledge-Based IDS is a system that compares current activity with "normal performance profile" that is built up over time and it looks for anomalies to detect intrusion.

    Both systems can detect malicious activity such as:

    • Port-scans
    • Adware
    • Malware (viruses, trojan horses, and worms)
    • Attacks against vulnerable services
    • Host based attacks such as privilege escalation
    • Unauthorized logins and access to sensitive files
    • Denial of service attacks

    The one difference is an Anomaly-Based IDS could detect unknown "zero day" attacks and worms.

    Major IDSs:

    eTrust Intrusion Detection
    CA, www.ca.com
    Signature-Based IDS

    Intruder Alert
    Symantec, www.symantec.com
    Both Signature-based and Anomoly-Based

    RealSecure Network
    Internet Security Systems, www.iss.net
    Anamoly based

    Dragon Intrusion Defense System
    Enterasys Networks, www.enterasys.com
    Both Signature & Anomoly-Based

    Cisco IDS
    Cisco Systems, www.cisco.com
    Signature-Based