Page 33 - DCAP516_COMPUTER_SECURITY
P. 33

Unit 3: Assurance and Operational Issues




          Penetration Testing                                                                   Notes

          Penetration testing can use many methods to attempt a system break-in. In addition to using
          active automated tools as described above, penetration testing can be done “manually.” The
          most useful type of penetration testing is to use methods that might really be used against the
          system.
          For hosts on the Internet, this would certainly include automated tools. For many systems, lax
          procedures or a lack of internal controls on applications are common vulnerabilities that
          penetration testing can target. Another method is “social engineering,” which involves getting
          users or administrators to divulge information about systems, including their passwords.

          3.5.2 Monitoring Methods and Tools

          Security monitoring is an ongoing activity that looks for vulnerabilities and security problems.
          Many of the methods are similar to those used for audits, but are done more regularly or, for
          some automated tools, in real time.

          Review of System Logs

          A periodic review of system-generated logs can detect security problems, including attempts to
          exceed access authority or gain system access during unusual hours.


          Automated Tools
          Several types of automated tools monitor a system for security problems. Some examples
          follow:
          1.   Virus scanners are a popular means of checking for virus infections. These programs test
               for the presence of viruses in executable program files.
          2.   Checksumming presumes that program files should not change between updates. They
               work by generating a mathematical value based on the contents of a particular file. When
               the integrity of the file is to be verified, the checksum is generated on the current file and
               compared with the previously generated value. If the two values are equal, the integrity
               of the file is verified. Program checksumming can detect viruses, Trojan horses, accidental
               changes to files caused by hardware failures, and other changes to files. However, they
               may be subject to covert replacement by a system intruder. Digital signatures can also be
               used.

          3.   Password crackers check passwords against a dictionary (either a “regular” dictionary or a
               specialized one with easy-to-guess passwords) and also check if passwords are common
               permutations of the user ID. Examples of special dictionary entries could be the names of
               regional sports teams and stars; common permutations could be the user ID spelled
               backwards.
          4.   Integrity verification programs can be used by such applications to look for evidence of data
               tampering, errors, and omissions. Techniques include consistency and reasonableness
               checks and validation during data entry and processing. These techniques can check data
               elements, as input or as processed, against expected values or ranges of values; analyze
               transactions for proper flow, sequencing, and authorization; or examine data elements for
               expected relationships. These programs comprise a very important set of processes because
               they can be used to convince people that, if they do what they should not do, accidentally
               or intentionally, they will be caught. Many of these programs rely upon logging of
               individual user activities.



                                           LOVELY PROFESSIONAL UNIVERSITY                                   27
   28   29   30   31   32   33   34   35   36   37   38