HARDWARE, SOFTWARE AND COMMUNICATION IN WEB
APPLICATIONS• Internet and Hardware Structure,
• Wireless and Mobile Internet, Software and Technology Connections
• Internet Security
2.1- Internet & Hardware Structure
How Networks Function• Networking Fundamentals
• Network Architectures and Components
• Connecting to the Internet
Copyright © 2016 Pearson Education, Inc. 7-2
Networking Fundamentals
Objective
1. What is a network, and what are a network’s advantages and disadvantages?
Copyright © 2016 Pearson Education, Inc. 7-3
Network Architecturesand Components
Objectives
2. What are the different ways to classify networks?
3. Which type of network is most commonly found in the home?
4. What are the main components of every network?
Copyright © 2016 Pearson Education, Inc. 7-4
Connecting to the Internet
Objective
5. What are my options for connecting to the Internet?
Copyright © 2016 Pearson Education, Inc. 7-5
Networking Fundamentals
• Computer network
• Node
• Computer
• Peripheral
• Network device
Copyright © 2016 Pearson Education, Inc. 7-6
Networking Fundamentals
• Computer network resource sharing benefits:
• High-speed Internet connection
• Peripheral devices
• Files
• Common communications
Copyright © 2016 Pearson Education, Inc. 7-7
Network Architectures
• Classified by:
• Distance
• How managed
• Rules to exchange data
• Communications medium used
Copyright © 2016 Pearson Education, Inc. 7-8
Network Components
Copyright © 2016 Pearson Education, Inc. 7-9
Network ComponentsTransmission Media
• Communications channel between nodes
• Wireless networks
• Wired networks
Copyright © 2016 Pearson Education, Inc. 7-10
Network ComponentsTransmission Media
• UTP cable
• Types of UTP cable
• Cat 5E
• Cat 6
• Cat 6a
• Decreased throughput in wireless networks
Copyright © 2016 Pearson Education, Inc. 7-11
Unshielded Twisted Pair cable(UTP)
Network ComponentsBasic Network Hardware
• Network adapter
• Network interface card (NIC)
• Broadband modem
• Packets
• Router
• Switch
Copyright © 2016 Pearson Education, Inc. 7-12
Internet Communication Paradigms
Internet supports two basic communication paradigms:
• stream paradigm
• message paradigm
Internet Communication Paradigms
Network ComponentsNetwork Software
• Operating software for P2P networking
• Client/server network
• Communicate through centralized server
• Specialized network operating system (NOS) software
Copyright © 2016 Pearson Education, Inc. 7-15
Connecting to the Internet
• Home network
• Share an Internet connection
• Must purchase Internet access from ISP
• Specialized providers
• Companies that provide other services
• Broadband
• Dial-up
Copyright © 2016 Pearson Education, Inc. 7-16
Connecting to the InternetBroadband Internet Connections
• Broadband
• Standard broadband technologies
• Satellite broadband
• Mobile broadband
Copyright © 2016 Pearson Education, Inc. 7-17
Connecting to the InternetWired Broadband Internet Connections
• Cable Internet• DSL (digital subscriber line)• Fiber optic service
Copyright © 2016 Pearson Education, Inc. 7-18
Connecting to the InternetWireless Internet Access
• Wireless Internet at home
• WiFi hotspot
• Wireless in-flight Internet
• Mobile Broadband 3G
• 4G LTE
Copyright © 2016 Pearson Education, Inc. 7-19
Your Home Network• Installing and Configuring Home Networks
• Securing Wireless Networks
Copyright © 2016 Pearson Education, Inc. 7-20
EXTRA READING
Installing and ConfiguringHome Networks
Objectives
6. How do I tell if my home network is up to date, and how do I identify the devices on the network?
7. Besides computers, what other devices can I connect to a home network?
8. How do I configure the software on my computer and set up other devices to get my network up and running?
9. What problems might I encounter when setting up a wireless network?
Copyright © 2016 Pearson Education, Inc. 7-21
Securing Wireless Networks
Objective
10.Why are wireless networks more vulnerable to security risks than wired networks, and what special precautions are required to ensure my wireless network is secure?
Copyright © 2016 Pearson Education, Inc. 7-22
Installing and Configuring Home Networks
• Devices connecting to home networks
• Smartphones
• Gaming consoles
• Tablets
• Smart TVs
• Computers
• Printers
Copyright © 2016 Pearson Education, Inc. 7-23
Installing and Configuring Home NetworksConnecting Devices to a Router
• Routers for Windows computers
• 802.11n
• 802.11ac
• Routers for Apple computers
• AirPort Extreme router
• AirPort Express
Copyright © 2016 Pearson Education, Inc. 7-24
Installing and Configuring Home NetworksNetwork-Attached Storage Devices
• NAS devices
• AirPort Time Capsule
Copyright © 2016 Pearson Education, Inc. 7-25
Installing and Configuring Home NetworksSpecialized Home-Networking Devices
• New digital picture frames
• Built-in wireless
• Access network and online photos
• Receive pictures via e-mail
• Security
• Wireless monitoring cameras
Copyright © 2016 Pearson Education, Inc. 7-26
Installing and Configuring Home NetworksTroubleshooting Wireless Network Problems
• 802.11n or 801.11ac added performance options:
• Dual-band N router
• Wireless range extender
Copyright © 2016 Pearson Education, Inc. 7-27
Securing Wireless Networks
• Use a firewall to secure Internet connections
• Wired networks more secure than wireless
• Added vulnerabilities for wireless:
• Signal range can extend to neighbors
• Extra precautions required to secure wireless
Copyright © 2016 Pearson Education, Inc. 7-28
Check Your Understanding
1. What is a network, and what are a network’s advantages and disadvantages?
2. What are the different ways to classify networks?
3. Which type of network is most commonly found in the home?
4. What are the main components of every network?
5. What are my options for connecting to the Internet?
Copyright © 2016 Pearson Education, Inc. 7-29
Check Your Understanding
6. How do I tell if my home network is up to date, and how do I identify the devices on the network?
7. Besides computers, what other devices can I connect to a home network?
8. How do I configure the software on my computer and set up the devices required to get my network up and running?
Copyright © 2016 Pearson Education, Inc. 7-30
Check Your Understanding
9. What problems might I encounter when setting up a wireless network?
10.Why are wireless networks more vulnerable to security risks than wired networks, and what special precautions are required to ensure my wireless network is secure?
Copyright © 2016 Pearson Education, Inc. 7-31
Wireless, Mobile Networks 6-33
2.2 - Wireless and Mobile Internet
Introduction
Wireless
Wireless links, characteristics
o CDMA
IEEE 802.11 wireless LANs (“Wi-Fi”)
Cellular Internet access
o architecture
o standards (e.g., GSM)
Mobility
Principles: addressing and routing to mobile users
Mobile IP
Handling mobility in cellular networks
Mobility and higher-layer protocols
Wireless, Mobile Networks 6-34
Mobile
Switching
Center
Public telephone
network
Mobile
Switching
Center
Components of cellular network architecture
connects cells to wired tel. net.
manages call setup (more later!)
handles mobility (more later!)
MSC
covers geographical
region
base station (BS)
analogous to 802.11 AP
mobile users attach to
network through BS
air-interface: physical
and link layer protocol
between mobile and BS
cell (BSS)
wired network
Wireless, Mobile Networks 6-35
Cellular networks: the first hop
Two techniques for sharing mobile-to-BS radio spectrum
combined FDMA/TDMA: divide spectrum in frequency channels, divide each channel into time slots
CDMA: code division multiple access
frequency
bands
time slots
Wireless phones at different time
Wireless, Mobile Networks 6-36
http://www.design-laorosa.com/2012_04_22_archive.html
Wireless, Mobile Networks 6-37
http://commons.wikimedia.org/wiki/File:Celulares.JPG
Wireless, Mobile Networks 6-38
http://blogs.uoregon.edu/terryzone/files/2012/12/cell-phone-urxr5m.jpg
1G mobile network (wikipedia)• Wireless telephone and mobile communication technology.
• Digital signaling to communicate with towers, the phone signals after establishing the connection is analog.
• The first commercially automated cellular network (the 1G generation) was launched in Japan by NTT (Nippon Telegraph and Telephone) in 1979.
• In 1981, this was followed by the simultaneous launch of the Nordic Mobile Telephone (NMT) system in Denmark, Finland, Norway and Sweden. NMT was the first mobile phone network featuring international roaming.
• The first 1G network launched in the USA was Chicago-based Ameritechin 1983 using the Motorola DynaTAC mobile phone. Several countries then followed in the early-to-mid 1980s including the UK, Mexico and Canada.
Wireless, Mobile Networks 6-39
Wireless, Mobile Networks 6-40
BSCBTS
Base transceiver station (BTS)
Base station controller (BSC)
Mobile Switching Center (MSC)
Mobile subscribers
Base station system (BSS)
Legend
2G (voice) network architecture
MSC
Public
telephone
network
GatewayMSC
G
2G mobile network (wikipedia)• 2G cellular telecom networks were commercially
launched on the GSM standard in Finland (1991)
• Conversation digitally encrypted
• Significantly more efficient in spectrum use
• Mobile data service (SMS, text message)
• 2G network can be divided into two categories: TDMA and CDMA
• GSM: Global Systems for Mobile communication (TDMA based)
• Digital, circuit switched network system supporting both voice and digital data (900 MHz or 1800 MHz)
Wireless, Mobile Networks 6-41
2.5G mobile network (wikipedia)
• Evolving from circuit switching in 2G to packet switching
• The first major step in the evolution of GSM networks to 3G occurred with the introduction of General Packet Radio Service (GPRS).
• CDMA2000 networks similarly evolved through the introduction of 1xRTT (1 Times Radio Transmission Technology).
• The combination of the two (GPRS and CDMA) is called 2.5G mobile network.
Wireless, Mobile Networks 6-42
Wireless, Mobile Networks 6-43
3G (voice+data) network architecture
radionetwork controller
MSC(mobile switching center)
SGSN
Public
telephone
network
GatewayMSC
G
Serving GPRS Support Node (SGSN)
Gateway GPRS Support Node (GGSN)
Public
Internet
GGSN
G
Key insight: new cellular data
network operates in parallel
(except at edge) with existing
cellular voice network
voice network unchanged in core
data network operates in parallel
Wireless, Mobile Networks 6-44
radionetwork controller
MSC
SGSN
Public
telephone
network
GatewayMSC
G
Public
Internet
GGSN
G
radio access networkUniversal Terrestrial Radio
Access Network (UTRAN)
core networkGeneral Packet Radio Service
(GPRS) Core Network
public
Internet
radio interface(WCDMA, HSPA)
3G (voice+data) network architecture
4G network
• 4G network: 4th generation mobile communication technology that provides high speed access to phone and data services
• Two competing standards
• 4G LTE (Long Term Evolution)
• WiMAX (IEEE 802.16)
Wireless, Mobile Networks 6-45
4G LTE General• 4G LTE is a mobile communications standard that provides
access for mobile devices to core network.
• It is an evolution of the GSM/UMTS standards (from phones to Internet).
• The goal of LTE was to increase the capacity and speed of wireless data networks using new DSP techniques and modulations that were developed around the turn of the millennium.
• A further goal was the redesign and simplification of the network architecture to an IP-based system.
• The LTE wireless interface is incompatible with 2G and 3G networks.
Wireless, Mobile Networks 6-46
http://en.wikipedia.org/wiki/LTE_(telecommunication)
WiMAX: (IEEE 802.16) Overview• An 802.16 wireless service provides a communications path
between a subscriber site and a core network (the network to which 802.16 is providing access).
• Examples of a core network are the public telephone network and the Internet.
• IEEE 802.16 standards are concerned with the air interface between a subscriber's transceiver station and a base transceiver station.
• Time line: ~2001 first version, 2009 wide deployment of IEEE 802.16e-2005, current 802.16m-2011
Wireless, Mobile Networks 6-47
http://www.networkworld.com/news/tech/2001/0903tech.html
http://en.wikipedia.org/wiki/IEEE_802.16
WiMAX: How it works
Wireless, Mobile Networks 6-48
http://www.networkworld.com/news/tech/2001/0903tech.html
WiMAX Protocol stack
Wireless, Mobile Networks 6-49
http://www.javvin.com/protocolWiMAX.html
IEEE 802.11, 15, 16 compared
Parameters EEE802.16d
(802.16-2004
Fixed
WiMAX)
IEEE802.16e
(802.16-2005
Mobile WiMAX)
802.11
(WLAN, aka
WiFi)
802.15.1
(Bluetooth)
Frequency
Band:
2-66 GHz 2-11 GHz 2.4-5.8 GHz 2.4GHz
Range: ~31 miles ~31 miles ~100 meters ~10 meters
Maximum
Data rate:
~134 Mbps ~15 Mbps ~55 Mbps ~3Mbps
Number of
users:
Thousands Thousands Dozens Dozens
Wireless, Mobile Networks 6-50
http://www.javvin.com/protocolWiMAX.html
Wireless, Mobile Networks 6-51
http://techtectology.blogspot.com/2011/11/4g-vs-3g-vs-25g-vs-2g-vs-1g.html
A brief comparison of different G’s
What is mobility?
• spectrum of mobility, from the network perspective:
no mobility high mobility
mobile wireless user,
using same access
point
mobile user, passing
through multiple
access points while
maintaining ongoing
connections (like cell
phone)
mobile user,
connecting/
disconnecting from
network using
DHCP.
7-54Wireless and Mobile Networks
wide area
network
Mobility: vocabularyhome network: permanent
“home” of mobile(e.g., 128.119.40/24)
permanent address:
address in home
network, can always be
used to reach mobilee.g., 128.119.40.186
home agent: entity that will
perform mobility functions on
behalf of mobile, when mobile is
remote
7-55Wireless and Mobile Networks
Mobility: more vocabulary
wide area
network
care-of-address: address
in visited network.(e.g., 79,129.13.2)
visited network: network in
which mobile currently
resides (e.g., 79.129.13/24)
permanent address: remains
constant (e.g., 128.119.40.186)
foreign agent: entity in
visited network that
performs mobility
functions on behalf of
mobile.
correspondent: wants
to communicate with
mobile
7-56Wireless and Mobile Networks
How do you contact a mobile friend:
• search all phone books?
• call her parents?
• expect her to let you know where he/she is?
• Facebook!
I wonder where
Alice moved to?
Consider friend frequently changing
addresses, how do you find her?
7-57Wireless and Mobile Networks
Mobility: approaches
• let routing handle it: routers advertise permanent address of mobile-nodes-in-residence via usual routing table exchange.
• routing tables indicate where each mobile located
• no changes to end-systems
• What do Packet Headers look like???…
• let end-systems handle it:
• indirect routing: communication from correspondent to mobile goes through home agent, then forwarded to remote
• direct routing: correspondent gets foreign address of mobile, sends directly to mobile
7-58Wireless and Mobile Networks
2.3 - Internet Security
• Internet security consists of a range of security tactics for protecting activities andtransactions conducted online over the internet. These tactics are meant tosafeguard users from threats such as hacking into computer systems, emailaddresses, or websites; malicious software that can infect and inherently damagesystems; and identity theft by hackers who steal personal data such as bankaccount information and credit card numbers. Internet security is a specific aspectof broader concepts such as cybersecurity and computer security, being focused onthe specific threats and vulnerabilities of online access and use of the internet.
• In today's digital landscape, many of our daily activities rely on the internet.Various forms of communication, entertainment, and financial and work-relatedtasks are accomplished online. This means that tons of data and sensitiveinformation are constantly being shared over the internet. The internet is mostlyprivate and secure, but it can also be an insecure channel for exchanginginformation. With a high risk of intrusion by hackers and cybercriminals, internetsecurity is a top priority for individuals and businesses alike.
Source: https://www.mcafee.com/what-is-internet-security.html
Types of internet security threatsWhile the web presents users with lots of information and services, it alsoincludes several risks. Cyberattacks are only increasing in sophisticationand volume, with many cybercriminals using a combination of differenttypes of attacks to accomplish a single goal. Though the list of potentialthreats is extensive, here are some of the most common internet securitythreats:
• Malware: Short for "malicious software," malware comes in severalforms, including computer viruses, worms, Trojans, and dishonestspyware.
• Computer worm: A computer worm is a software program that copies itself from one computer to the next. It does not require human interaction to create these copies and can spread rapidly and in great volume.
• Spam: Spam refers to unwanted messages in your email inbox. In some cases, spam can simply include junk mail that advertises goods or services you aren't interested in. These are usually considered harmless, but some can include links that will install malicious software on your computer if they're clicked on.
• Phishing: Phishing scams are created by cybercriminals attempting to solicit private or sensitive information. They can pose as your bank or web service and lure you into clicking links to verify details like account information or passwords.
• Botnet: A botnet is a network of private computers that have been compromised. Infected with malicious software, these computers are controlled by a single user and are often prompted to engage in nefarious activities, such as sending spam messages or denial-of-service (DoS) attacks.
Sources: 2016 Internet Security Threat Report
Threat Landscape
Far-reaching vulnerabilities, faster attacks, files held for ransom and more malicious code than ever.
Real Names 78%
Home Addresses 44%
Birth Dates 41%
Gov. IDs 38%
Medical Records 36%
Top 10 Types of Information Exposed
Financial Info 33%
Email Addresses 21%
Phone Numbers 19%
Insurance 13%
Login Credentials 11%
76% social media scams manually shared—6% increase from
previous year.
SCAMS & SOCIAL MEDIA
Half a Billion records stolen or lost. 89% had financial or espionage
motive.
PRIVACY BREACHES
3x more Android apps contained malware--230% increase from
previous year.
MOBILE DEVICES
65% of targeted attacks struck small- and-
medium-sized Orgs.
TARGETED ATTACKS
Cybercrime cost the global economy up to $575 billion annually
WEB THREATS
62HCA - Public
Financial Sector Details
Privacy Breaches: 2,260 1 Total Records Lost: 429m 1 Avg. Cost Per Record: $221 2
Sources: 1. http://breachlevelindex.com. (Database based on publicly-available breach disclosure information. Statistics based on number of breaches, not number of records lost)2. 2016 Cost of Data Breach Study: United States” by Ponemon Institute
FINANCIAL INDUSTRY
BY RECORD LOST 1
151175 189
0
50
100
150
200
2014 2015 2016
25% over the last 3 years
$236
$259 $264
$220
$230
$240
$250
$260
$270
2014 2015 2016
BY COST 2
12% over the last 3 years
BY SOURCE 2
Malicious or Criminal
50% 50%InsiderThreat
Financial Healthcare Retail
Education Government Other
30.1%
10.3%
11.9%
12.5%
10.3%
BY INDUSTRY 1
*24.8%
*(Unknown, Insurance, Hospitality, Non-profit, etc.)
63HCA - Public
Threat Actors and Motives
THR
EATS
• Hacktivists use computer network exploitation to advance their political or social causes.
HACKTIVISM
• Individuals and sophisticated criminal enterprises steal personal information and extort victims for financial gain.
CRIME
• Trusted insiders steal proprietary information for personal, financial, and ideological reasons.
INSIDER
• Nation-state actors conduct computer intrusions to steal sensitive state secrets and proprietary information from private companies.
ESPIONAGE
• Terrorist groups sabotage the computer systems that operate our critical infrastructure, such as the electric grid.
TERRORISM
• Nation-state actors sabotage military and critical infrastructure systems to gain an advantage in the even of conflict.
WARFARE
Who would target us and why?
64HCA - Public
Maintain Presence
Establish Foothold
Move Laterally
Recon
Initial Compromise
Escalate Privileges
Internal Recon
Expand Presence
Exfiltrate Data
Common Attack Vectors
• Known Vulnerabilities
• SQL Injection
• Phishing, Spear-phishing, Whaling
• Weak Authentication
• Viruses/Malware attacks
• Social engineering
Targeted Information Types
• Corporate finances
• Internal corporate information
• Customer/Employee PII
• Proprietary technology
• IT infrastructure
• Bandwidth (DDoS)
Anatomy of an Attack
65HCA - Public
What We are Trying to Protect
Sources: 1. AllClear ID2. ID Experts, LifeLock3. FTC, Consumer Sentinel Network Data Book4. Underground Hacker Markets by Dell SecureWorks5. “What your information is worth on the black market” by Bankrate
Driver’s License4
$100 - $150
• First / last name• ID #• Address, DOB
Social Security Card4
$250 - $400
• First / last name• SSN• DOB
Health Insurance Info1
$250
• First / last name• Login credentials• Plan provider • ID #
Bank Info4
$300 - $4200
• First / last name, bank, acct #• Login credentials
*Based on account balance
Identity Profile5
$1200 - $1300
• Name, SSN, DOB• Address, phone #• Email credentials• Credit card # or bank info
Identity Theft
• 7% report harm post breach1
• 0.3% suffer actual harm2
• 2nd highest complaint at the FTC3
Credit Card with PIN4
$17 - $35
• First / last name• Card #• PIN• Expiration date
HCA Credit Card (CC)4
$1 - $8
• First and last name• Card #
o Active Users: 601o Credit Range $1K – $25K
Intellectual Property (IP) Proprietary Information (PI) Personally Identifiable Information (PII)
66HCA - Public
Electronic Black Market
Black Market sites can be found in several locations, many of which are challenging to locate. Payment is often through digital currency, such as Bitcoin.
67HCA - Public
Data Lost…Reportable Breach
Information Protection
A risk management discipline that serves the objectives of Confidentiality, Integrity, Availability, and Privacy of information by applying a risk management framework and yielding confidence that risks are adequately managed.
Data lost due to disasters is devastating, but losing it to hackers, malicious insiders or from malware infections can have far greater concerns
Associated Costs of a Privacy Breach1
Direct Costs
Risk Vectors
Sources: 1. “2016 Cost of Data Breach Study: United States” by Ponemon Institute
34% $90
Legal liability and sanctions
Charges of deceptive business practices
Liability from identity theft
Cyber Insurance deductible
Outside counsel
Credit monitoring services
Indirect Costs
66% $174
OEM marketing to acquire new customers
Damage to the reputation, brand, or business relationships
Customer and / or employee distrust
Lost revenues
Financial
• Direct + Indirect costs
• Cyber insurance costs
Reputational
• Brand damage
• Lost business opportunities
Regulatory
• Monitoring
• Fines
Operational
• Decreased productivity
1
2
3
4
68HCA - Public
Customer Justice Dept. FTC CFPBState Attorneys
General
GLBA
Class Action
$11k + RAM1
Varies
Varies
FACTA
Private Suit / Class-Action
FCRA
ECOA
Red Flags $11k + RequiredAnnual
Monitoring (RAM)
1
UDTP
TCPA
CAN-SPAM
Fed
era
l
Regulatory Stakeholders
Sources: 1. Morrison & Foerster LLP2. White & Case: Cybersecurity Requirements for Financial Services Companies
Examples of the range of complexity of Federal, State and Local privacy regulatory requirements.
Stat
e &
Lo
cal
Civil Penalty Variations1,2
Florida Stat. 507.171: • Up to $500k per breach• PII also includes name and online account credentials
Texas Bus. & Comm. Code Ann. § 521.001 et seq:• Civil penalties up to $300k per violation
Massachusetts Gen. Bus. Law § 899aa: • Actual costs
New York State Gen. Bus. Law § 899aa: • Actual costs or up to $150k per incident
New York City N.Y. State Tech. Law SS 208: • $500 per person and $100 per violation
California Civ. Code § 1798.80: • $3k per customer, per violation
New York 23 NYCRR 5002: NYDFS Cyber Security Reg.
69HCA - Public
• Number of targeted cyber attacks to increase
• Cyber attacks will continue to evolve
• Phishing attempts to rise
• Dedicated Information Security & Privacy program investments to grow
• Mobile platforms to be targeted more
• Rise in the threat of Organized Crime and State Sponsored Attacks
• Compromises related to Internet of Things (IoT) intensifies
Future Trends
Expectations
70HCA - Public
Next Steps
Recommended Actions
Establish network segmentation to reduce desktops/laptops being compromised
Ensure applicable software patches are installed timely
Implement email filtering capabilities
Implement strong authentication capabilities
COMPANY
Identify threats reinforced from your adaptive training & awareness program
Ensure compliance with Information Protection standards & practices
Apply risk management practices to safeguard assets
Evangelize best practices with collages across the company
EMPLOYEES
71HCA - Public
Web protection strategiesAn effective combination of web management practices and internet security technologies can help protect an organization from many types of web security attacks. These are primary web protection strategies:
• Encrypt sensitive data in transit and at restClassify data based on its sensitivity and regulatory requirements and encrypt all sensitive data at rest and in transit.
• Properly implement access controlsWeb administrators sometimes incorrectly implement authentication and session management functions, allowing attackers to compromise passwords, keys, or session tokens. Likewise, flaws in access control settings may enable hackers to access accounts, view sensitive files, modify data, and change access rights. A variety of best practices and access control technologies can enhance web security, including regular auditing and updating of user access rights and credentials, role-based access policies to restrict user privileges to the applications and data needed for their jobs, and vulnerability scanning and analysis software.
• Employ patch management and updatingComponents, such as libraries, frameworks, and other software modules, are particularly vulnerable, as they run with the same privileges as their underlying application. If a component is outdated or originates from an unsecure source, the attacker can exploit vulnerabilities to assume control of a server or steal data. Regular patch management and updating both help ensure that web applications and components are secure. A subscription or virtual patching service can help ensure rapid, effective patching of vulnerabilities.
• Implement multi-factor authenticationHackers can steal or guess passwords. Two-factor authentication requires the user to provide additional information besides a password, such as a code sent to their smartphone or a PIN they remember.
• Implement state-of-the-art web firewalls and gatewaysA web application firewall protects the website from incoming attacks, while a web gateway protects the network and internal systems from malicious web traffic, which can then infect a website. These web security technologies may employ similar methods of detecting and blocking threats, and they may be integrated into a single product. Primary effective methods of defense include:
• Filtering based on signatures, reputation, and category. Major gateway providers such as McAfee employ real-time filtering and classification engines. These techniques analyze and identify incoming attacks, suspicious behavior patterns, and potential malware, and then apply rules to block, quarantine, or conduct further testing.
• Behavioral analysis. This approach simulates the behavior of suspect files and components such as JavaScript or Flash files, or activates them in a sandbox (a separate, restricted environment) to identify their behavior and actions. This technique can evaluate components in milliseconds, which is fast enough that the user is unaware of the intervention. Behavioral analysis is especially useful for zero-day attacks, like when the malware signature is not yet known.
• Use managed security servicesMany organizations rely on managed security service providers for web protection. Security companies like McAfee apply the expertise and signature databases of cybersecurity threats needed to provide secure web protection. Security solution providers use their clients’ collective traffic to continually enhance their ability to accurately identify exploits and cyberattacks before they can disrupt their customers’ systems.
END Chapter 2