






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Assignment on advanced database Security
Typology: Lecture notes
1 / 12
This page cannot be seen from the preview
Don't miss anything!







STUDENT NAME: RICHARD, Rehema
REG NO: MIS / 0003 / T.
Malware
This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. There are various types of malware including spyware, keyloggers, true viruses, worms, or any type of malicious code that infiltrates a computer. Generally, software is considered malware based on the intent of the creator rather than its actual features. Malware creation is on the rise due to the sheer volume of new types created daily and the lure of money that can be made through organized internet crime. Malware was originally created as experiments and pranks, but eventually led to vandalism and destruction of targeted machines.
Computer Viruses
Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your e- mail program to spread itself to other computers, or even erase everything on your hard disk.
Computer viruses are often spread by attachments in e-mail messages or instant messaging messages. That is why it is essential that you never open e-mail attachments unless you know who it's from and you are expecting it.
Types of computer viruses and what they do:
This type of virus is a permanent which resides in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed. Examples include: Randex, CMJ, Meve, and MrKlunky.
Multipartite Viruses
Multipartite viruses are distributed through infected media and usually hide in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the hard drive and later across the computer system.
Direct Action Viruses
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.
Worms A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. Worms are often confused with computer viruses; the difference lies in how they spread. Computer worms self-replicate and spread across networks, exploiting vulnerabilities, automatically; that is, they don’t need a cybercriminal’s guidance, nor do they need to latch onto another computer program. As such, computer worms pose a significant threat due to the sheer potential of damage they might cause. A particularly notorious incident occurred in 1988. A computer worm since named the Morris worm caused hundreds of thousands, if not millions, of dollars in damage, and its creator was convicted under the Computer Fraud and Abuse Act. Types of Computer Worms Email worms
These worms are infected to a computer through email messages. It gets to them via an HTML link or attachments that navigate readers to a site that is infected. Opening of either of these leads the worm to be downloaded and it infects the computer. These worms are known to spread via emails received in applications like Windows MAPI Functions and MS Outlook Services. Worms have the ability of taking and using email addresses from program foundations such as MS Outlook address book.
Instant message worms This type of computer worms appears in instantaneous messaging applications and sends links of infected sites to your contacts. These worms function like email worms but they use the contact list of the messenger to spread infected links instead of an email address book. Internet worms.
These worms scan network resources with the use of a local running system service to find machines that are vulnerable then try connecting and gaining complete access to those machines. Besides, they scan for systems with usable exploits, a number of which allow the worm to send info packets or request to install itself.
File-sharing network worms. The kinds of computer worms that copy themselves into shared folders and appear as a safe name. Once the file starts spreading in file-sharing network, the worm also spreads, which will continue infecting other systems in a similar fashion. IRC worms. Internet Relay Chat, or IRC, targets chat channels by sending links of infected webpages or infected files to consumers. This worm is usually less effective compared to the other types because IRC recipients have to confirm file request, save and open it before the worms infect their
Trojan
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber- thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
Types of Trojan Horse
Exploit
Exploit Trojans are applications that seek security vulnerabilities of software and operating systems already installed on a computer for malicious intent.
Backdoor
These are created to give an unauthorized user remote control of a computer. Once installed on a machine, the remote user can then do anything they wish with the infected computer. This often results in uniting multiple backdoor Trojan-infected computers working together for criminal activity.
Rootkit
Programmed to conceal files and computer activities, rootkits are often created to hide further malware from being discovered. Normally, this is so malicious programs can run for an extended period of time on the infected computer.
doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.
Part 1
Describe the Kerberos Protocol
Is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography.
The Internet is an insecure place.
Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
Kerberos was created by Massachusetts Institute of Technology (MIT) as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise.
Technologies Related to Kerberos Authentication
The following diagram shows how Kerberos authentication fits with other technologies in Windows Server 2003. Depending on whether the client or server applications are user-mode or kernel-mode applications, they use either Secur32.dll or Ksecdd.sys, respectively, by means of SSPI calls to communicate with the Local Security Authority Subsystem (LSASS).
Figure :Kerberos Architecture
The following table is a description of the components that participate in Kerberos Authentication. Security Subsystem Components Used in Digest Authentication
Component Description
Kerberos.dll The SSP that implements an industry-standard protocol that is used with either a password or a smart card for interactive logon. It is also the preferred authentication method for services in Windows 2000 and Windows Server 2003. Kdcsvc.dll The Kerberos Key Distribution Center (KDC) service, which is responsible for providing ticket- granting tickets to clients.
Ksecdd.sys The Kernel Security Device Driver is used to communicate with LSASS in user mode.
Lsasrv.dll The LSA Server service, which both enforces security policies and acts as the security package manager for the LSA. Secur32.dll The Secur32.dll component is the multiple authentication providers that implements SSPI for user mode applications.
Assessment Paper
Database Assessment is the analysis of database configuration, patch status, and security settings; it is performed by examining the database system both internally and externally in relation to known threats, industry best practices, and IT operations guidelines.
My assessment strategy rests on basic requirements for database and network security at Tanzania Public Service College (TPSC) in all Six (6) Campuses. There are certain characteristics that the network should possess:
Security Policy Networks should have an associated defined security policy that specifies information security requirements (e.g., confidentiality, integrity, availability, auditing, access control, etc.) as well as what users may and may not do on the network (e.g., what constitutes unauthorized and illegal activities).
Network Management Networks should be able to control access to and detect modifications of critical components. Networks must maintain control over their configuration (e.g., hardware, software, security, etc.) and connectivity.
Identification and Authentication
Table :Identified Assets to be protected
Database Server Review of database server configuration and operation system parameters
Network Review of Network Configuration and Topology
Storage Review of Disk Storage Configuration Parameters
Workload Review of Database Workload in Peak / Non-Peak Times Automated Jobs Review of Automated Jobs –Statistics Gathering, SQL Tuning Advisor, SQL Access Advisor Backups Review of Backup Schedules and Backup Types
Threats that I must protect my Organization Database from:
Weak authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks, social engineering, and so on
Table :Risk value Assigned to each Threat
Threat Risk Value Cost of Threat to the Company Excessive privileges (^) 5 High cost
Privilege abuse (^) 4 Medium cost
Unauthorized privilege elevation (^) 2 Low cost
Platform vulnerabilities (^) 3 Low cost
SQL injection (^) 3 Low cost
Weak audit (^) 5 High cost
Denial of service (^) 3 Low cost
Database protocol vulnerabilities (^) 4 Medium cost
Weak authentication (^) 4 Medium cost
Exposure of backup data (^) 4 Medium cost
Table :Threats Prioritization based on their Risk Value
Threat Risk value Excessive privileges (^) 5
Weak audit (^) 5
Privilege abuse (^) 4