Grid Computing
Grid computing harnesses the computational power of a large number of dissimilar devices. It typically leverages the spare CPU cycles of devices.
Large Scale Parallel Data Systems
The purpose is to leverage increase performance through economies of scale. The security challenge is to ensure data integrity throughout processing is maintained. Parallel systems will leverage shared memory. This shared memory, can expose potential race conditions that introduce integrity challenges.
Peer to Peer
A model that any system may act as a server, client or both. P2P networks are often used to download commercial music or movies in violation of intellectual property rights. Napster was a P2P network with central index servers used for searching. Later variations such as Gnutella or BiTorrent are decentralized and are much more resilient. Maintaining integrity could be a challenge as users have no assurance they are receiving legitimate data.
Thin Clients
Hardware or software based systems that are used to access a centralized server that serves applications and store associated data. Benefits include associated security costs of upgrades, patching and data storage etc.
Diskless Workstation
Contains CPU, memory but no disk ie PCs, routers, embedded devices, and others. The Kernel and OS are typically loaded via the network, via PXE Boot, BOOTP and DHCP.
Thin Client Applications
Thin client applications normally run on a system with a full OS but use a web browser as a universal client, providing access to robust applications that are downloaded from the thin client server an run in the client’s browser.
Advantages: Simplify client/server and network architecture design, improve performance, and lowers cost.
All data is stored on the server and typically run over HTTP/HTTPS. Examples: Citrix ICA, 2X ThinClientServer and OpenThinCient.
Internet of Things IOT
Small internet connected devices such as baby monitors, cash registers, appliances, light bulbs, smart meters, fitness monitors, cars, etc which is directly accessible via the internet. These devices pose significant security risks: default credentials are common, enterprise management tools are lacking, patching can be difficult. Vendors often release base OS and patch slowly and end support for devices that are still in widespread use.
System Vulnerabilities, Threats, and Countermeasures
Emanations
Energy that escapes an electronic system, which may be remotely monitored under certain circumstances such as electromagnetic interference – shielding should be used to mitigate such risks.
Covert Channels
Any communication that violates security policy. The opposite is called overt channel.
- Covert Storage Channels – uses shared storage such as temporary directory to allow two subjects to signal each other
- Covert Timing Channels – uses system clock to infer sensitive information. Ex. An insecure system prints “bad username or password” immediately when a user types a base username/bad password, but there is a small delay when a user types a good username with a bad password. This timing delay allows attackers to infer which usernames are good or bad
Backdoors
Shortcut in a system that allows a user to bypass security checks to login. Maintenance hooks are a type of backdoor; they are shortcuts installed by the system designers and programmers to allow developers to bypass normal system checks during development.
Malicious Code (Malware)
A generic term for any type of software that attacks an application or system.
Computer Viruses
Malware that does not spread automatically; they require a carrier.
- Macro virus – virus written in macro language that targets word preccessors or spreadsheets
- Boot Sector Virus – virus that infects the boot sector which loads during PC startup
- Stealth Virus – A virus that hides itself from the OS and other protective software, such as AV
- Polymorphic Virus – A virus that changes its signature upon infection of a new system, attempting to evade signature-based AV software
- Multipartite Virus – A virus that spreads via multiple vectors AKA multipart virus
Worms
A malware that self-propagates. Worms can cause damage by two ways: first by the malicious code that it carries and second by the loss of network availability due to aggressive self-propagation. Ex, Blaster, Sasser, Conficker.
Trojans
A malware that performs two functions; one benign and one malicious.
Rootkits
A malware that replaces portions of the kernel and/or OS. A user-mode rootkit operates in ring 3 on most systems, replacing the OS components in userland. Ex. OS binaries, ls, ps, commands on Linux/Unix. Kernel mode root kit replaces the kernel or loads malicious loadable kernel modules and operate in ring 0.
Packers
Provide runtime compression of executables. Upon execution the decompressor unpacks the compressed executable machine code and runs it. Often used to evade signature-based malware detection.
Logic Bombs
Malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on specific data (time bomb). Malware such as worms contain logic bombs, behaving in one manner, and then changing tactics on a specific date and time.
Antivirus Software
AV is designed to prevent and detect malware infections. Signature based AV use signatures of known malware. Heuristic based antivirus use anomaly based detection to attempt to identify behavioural characteristics of malware such as altering the boot sector.
