Midterm Exam (Intro to Security) Part 2

User Mode

Basic mode used by CPU when executing user applications. CPU only allows portion of its full instruction set; to protect from damage by users/malicious users/programs

Privileged Mode

Gives OS full access to instructions supported by the CPU (aka) the nerve center (Execution privileges)

• Privileged mode

• Supervisory mode

• System mode

• Kernel mode

These are not the same as access permissions. All user applications run in user mode, with the application passing request to the OS using a system call (if approved, request is executed in privileged mode process outside of user’s control...

What are the two OS process states?

Supervisor state

• privileged all-access mode

• used when process must perform an action that requires privileges that are greater than the problem state’s set of privileges

Problem state

• user mode; with low privileges and all access requests need checked against credentials for authorization before granted or denied

What are the 4 main operating states?

Ready

• Process ready to resume or begin processing as soon as it is scheduled for execution

Waiting

• process ready for continued execution but is waiting for a device or access request to be serviced before it can continue processing

  • Blinking cursor —> not accessing any resource

Running

• Process executes on CPU and keeps going until it is finished

Stopped

• Process finished or must be terminated

What are the types of Read-Only Memory (RAM)?

ROM - Read-only Memory

PROM - Programmable Read-Only Memory

EPROM - Erasable Programmable Read-Only Memory

EEPROM - Electronically Erasable Programmable Read-Only Memory

Flash Memory

ROM - Read-only Memory

Factory provided, does not change

PROM - Programmable Read-Only Memory

Similar to ROM but has special functionality that allows end users to burn in the chip’s contents later

• Only once

• Could reprogram later

EPROM - Erasable Programmable Read-Only Memory

Can be erased/changed

• UVEPROM is erased by UV light

  • Used the UV light to rewrite it

EEPROM - Electronically Erasable Programmable Read-Only Memory

Uses electric voltages delivered to pins of chip force erasure

Flash Memory

Nonvolatile form of storage media that can be electronically erased and rewritten (in block pages)

• NAND flash, most common (used in memory cards, thumb drives, mobile devices, and SSDs)

Static RAM

Uses a logical (and more sophisticated) device known as a flip-flop

• Flip-flop = an on/off switch that must be moved from one position to another to change a 0 to 1 and vice versa

Uses flip flops, remains unaltered till the power is gone

• RAM can go to any part of the memory and use it

Tapes used to have to go through it to find a certain point

Dynamic RAM

Uses a series of capacitors, tiny electrical devices that hold a charge (a bit) or do not hold a charge (a 0 bit)

• Charge = 1

• No charge = 0

• Capacitors lose charges over time, so the CPU has to spend time refreshing the contents of [this] to ensure that 1 bits don’t unintentionally change to 0

Bit flipping = leave something sitting to long to the point it loses charge

• Not a good thing!!

Do computers us dynamic or static RAM?

Most computers contain a combination of both

What does RAM consist of?

Random access memory

• Readable and writable memory that contains information a computer uses during processing

  • Useful only for temporary storage

Real memory (Main Memory, Primary Memory)

• Largest RAM storage resource available to a computer

  • Composed of a number of dynamic RAM chips

Cache RAM

• Helps improve performance by taking slower devices and temporarily storing them in faster devices when repeated use is likely. Modern CPUs include up to 3 levels of on-chip cache (with levels 1 and 2 dedicated to a single processor core and L3 shared between cores)

  • Tabs you leave open must be reloaded since it has been pushed off but can pull up quickly without looking up again

ARM

Always a 32-bit system

• 32 registers

• More functionality

X86

32 or 64-bit system

• Very picky what you do with registers

Registers

Limited amount of onboard memory; Provide CPU with directly accessible memory locations that all ALU use when preforming calculations or processing instructions

• CPU does have storage —> move fast as CPU

• Typically CPUs have 8 to 32 [this] that are often either 32 or 64 bits in size

  • ARM

  • X86

Any data that the ALU needs to manipulate must be loaded into a register unless it is directly supplied as part of the instruction

Advantage: this memory is part of the ALU and operates along with the CPU at typical CPU speeds

• Math is done on the CPU in the register  Can not do from storage

Register Addressing

CPU uses this when it needs information from one of its registers

Memory Addressing

Determined by bit depth, can only count up so high

• Max RAM is 17 billion Gigabits

• EAX —> Hard code address

Immediate Addressing

Refers to data that is supplied to CPU as part of an instruction

• Out of RAM to you

Direct Addressing

CPU provided with actual address of memory location to access

• From memory

Indirect Addressing

Memory address contains another memory address; CPU reads indirect address to learn the address where desired data resides and retrieves the actual operand from that address

• Paging —> Look up memory address to find another

Base + Offset Addressing

Uses a value stored in one of the CPU registers as the base location from which to begin counting. CPU adds offset supplied to base address and retrieves operand from that computed memory location

• Array addressing

Secondary Memory

Magnetic, optical, flash-based media or other storage devices that contain data not immediately available to the CPU

• When we want something to last and not disappear when we shit off the computer

  • RAM is volatile

  • Secondary memory = Non-volatile

Virtual Memory

Special type of secondary memory that the operating system manages just like real memory

Two types:

• Primary Memory

• Primary Drawback

Need for virtual memory is reduced with larger banks of actual physical RAM; performance challenges can be reduced by using a flashcard or SSD to host the virtual memory paging file

Only thing loaded is the current tab you are on

There is the possibility of something on RAM leading onto secondary memory though virtual memory

Primary memory

RAM —> Dynamic = Most common since it is cheaper —> made with many tiny compensator

Primary Drawback

The paging operations that occur when data is exchanged between primary and secondary memory are relatively slow

Storage

Primary (RAM) vs secondary (magnetic/optical media)

Volatile (data lost if power goes out, primary) vs Nonvolatile (retain data)

• Nonvolatile = must be encrypted

Random (allow OS to read and write from any point using addressing – usually primary storage) vs sequential (require that you read everything; magnetic tape)

• Random uses addressing (64-bit system = 64 bit addressing)

  • Python lists

• Sequential —> magnetic tape

Cold Boot Attack

Memory compromise that freezes memory chips to delay the decay of resident data when the system is turned off or the RAM is pulled out of the motherboard

• Literally freeze the memory —> the decay of the electrons becomes much slower and the pull the RAM

Data Remanence

Data remains after it is erased

• Remaining data

• Affects the HHD

  • Do seven random drive wipes to bury it deep enough

Data retention

How long someone holds onto data

Tempest

Countermeasures and safeguards used to protect against emanation attacks

• Originally a government research study aimed at protecting electronic equipment from the electromagnetic pulse (EMP) emitted during nuclear explosions

  • EMPs commonly occur during nuclear

    • Can be from a solar storm

      • Solar flares

What are some countermeasures to Tempest?

Faraday Cage

• Push it to the ground

• CIA can’t hear you now

• Ground conductors take the electrons and take it to ground

White Noise

• Fill the air around the eminence with noise so it can be found

Control Zone

• Create a gap so that it can’t be reached

Others

• Shielding, access control, and antenna management

What are some input and output devices?

Monitors

Printers

Keyboards/Mice

Modems

Monitors

Less of an issue with modern monitors; should surfing/telephoto lenses more of concern

Printers

Physical security; local data storage; network exposure; multi-function/fax

• Hate the security of these things

Keyboards/Mice

Vulnerable to TEMPEST monitoring; keystroke logging; Bluetooth

Modems

Allow users to create uncontrolled access points into your network; only if connected to operational telephone landline

• Hate the security of these things

Firmware

Microcode

Software that is stored in a ROM or an EEPROM chip

• Changed infrequently and drives basic operation of a computing device

• Should make sure to update firmware

Hardware = can tough it

Software = zeros and ones

What does BIOS stand for?

Basic Input/Output system

Basic Input/Output system (BIOS)

Contains the operating system-independent primitive instructions that a computer needs to start up and load the operating system from disk. It is contained in the firmware device that is accessed at boot time and stored on an EEPROM chip to facilitate version updates (i.e. flashing the BIOS)

What does UEFI stand for?

Unified Extensible Firmware Interface

Most system manufacturers have replaced traditional BIOS with this; larger hard drives, faster boot times, enhanced security, use of a mouse

Flashing

Process of updating UEFI, BIOS or firmware. If hackers or malware can alter, they may be able to bypass security features or initiate otherwise prohibited activities

Phlashing

Malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a device

Boot attention/Secure Boot

Feature of UEFI that aims to protect the local OS by preventing the loading or installing of device drivers or an OS that is not signed by a preapproved digital certificate. Protects systems against a range of low-level or boot-level malware (rootkits or backdoors). Only drivers that pass attestation are allowed to be installed and loaded on the local system

Attestation

Verification and approval process accomplished through the validation of a digital signature

Measured Boot

An optional feature of UEFI that takes a hash calculation of every element involved in the booting process

• Hashes are performed by and stored in the Trusted platform model (TPM)

• If new hash does not reflect old ones then something happened

Applets

Code objects sent from the server to a client to perform some actions usually self-contained mini-programs (JAVA clients)

JAVA applets - Short JAVA programs transmitted over the internet to perform operations on a remote system

Zip Bomb

make it so that the zip file, when opened, explodes lit 4 terabit file  fills computer up

• Just takes up space and crashes  can lead to not being able to reboot computer —>there is a way to fix it

• Elephant toothpaste

Local Caches

Anything that is temporarily stored on the client for future reuse

• ARP cache poisoning —> redirect website

• DNS cache poisoning —> Go to server

• Hosts —> Pirating things (borrow)

  • Created as a way to troubleshoot

• Temporary Internet Files —> Need to purge often

• Split DNS —> Public use and internal use

  • Poison internally but becomes external

• Pirates have a cache where they store their loot

  • CSS can be bulky

What are the two server-based systems?

Data flow control

Load balancer

Data Flow Control

Movement of data between processes, between devices, across a network, or over communication channels.

• Ensures efficient transmission with minimal delays or latency; with reliable throughput using hashing and confidentiality with encryption.

• Ensures receiving systems not overloaded with traffic.

  • Ex.) Directing people  too many people = increase lanes  back down = back to two lanes

• Traffic scrubbing

Load Balancer

Used to spread or distribute network traffic load across several network links/devices.

• Used to obtain optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks.

  • Ex.) server farm or cluster

Aggregation

Comines records from one or more tables to produce useful information risk: can allow unauthorized individuals to see information

Data Aggregation

Same as aggregation

• Data is made of tables (like excel spreadsheet), has rows, tables, records (entry)

• All related thorough keys

Inference

Attacks involve combining several pieces of non-sensitives information to gain access to information that should be classified at a higher level

• Making inference of unrelated data that could actually be true and very secretive

  • Not supposed to know!!

Data Mining and Data Warehousing

Normally contain detailed historical data not normally in production databases

• Facebook give information and sells it to the highest buyer

Data Dictionary

Used for storing critical information about data, including usage, type, sources, relationships, and formations

Data mining techniques

Help predict future activities and find correlated information

Metadata

Data about data (that’s it)

Data Analytics

The science of raw data examination focusing on extracting useful information (Do a lot of aggregation)

Big Data

Collection of data so large that traditional means of analysis or processing are ineffective, inefficient, or insufficient

• Social media data!!!

Large-Scale Parallel Data Systems

Computation system designed to perform numerous calculations simultaneously and include dividing up a large task into smaller elements then distributing each sub element to a different processing subsystem for parallel computation

Parallel data systems or parallel computing

Computation system designed to perform numerous calculations simultaneously.

• Can divide large tasks into smaller elements, distribute to each subelement to a different processing subsystem for parallel computation.

• Can be accomplished using distinct CPUs or multicore CPUs, virtual systems, or combo

• Like you’re in a video card

  • Solving a lot of problems at same time

  • Take big tasks —> split to smaller tasks —> complete each one —> put them back together at the end

Large-scale parallel data systems

Must be concerned with performance, power consumption, and reliability/stability issues

• SMP

• AMP

• MPP

What does SMP stand for?

Symmetric multiprocessing

What does AMP stand for?

Asymmetric Multiprocessing

What does MPP stand for?

Massive Parallel Processing

Symmetric multiprocessing (SMP)

Processes share common OS, data bus, memory

• Synchronized, uses the same computer clock, all happens on same time

Asymmetric Multiprocessing (AMP)

Processes operate independently; each processor has its own OS, dedicated data bus, memory

• Happens when it needs happens

Massive Parallel Processing (MPP)

numerous AMP linked together to work on a single primary task across multiple processes in multiple linked systems

• Every digital entities —> websites, etc.

Grid Computing

A form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal.

• Typically join when system idle

• When system leaves, it saves its work and may upload completed or partial work elements back to the grid

• Concerning that each work packet is exposed to the world

• Grid members could also keep copies of each work packet and examine its contents

• Chunk and a connection and another chunk and a connection and so on

  • Loosely grouped nodes working together

Industrial Control System

A form of computer management device that controls industrial processes and machines (aka operational technology (OT)).

Distributed Control Systems (DCSs)

Found in industrial process plants; control over a large-scale environment (manufacturing floor/production line) from a single location (centralized monitoring command); focus on processes/state driven

• Little computers with centralized node that keeps them all synchronized

Programmable Logic Controllers (PLCs)

Single-purpose or focused-purpose digital computers. Used for management of electromechanical operations (assembly line or large-scale digital lighting system)

• Need control

• Critical infrastructure  nuclear reactor goes down…not good, etc.

• Oil wells use PLCs

• Sensors —> Input, processors (ladder circuit), output (actuators) —> actors

  • Not the best for security

    • So critical to have thus makes it less secure

      • Need to have immediate access!!!!

Supervisory Control and Data Acquisition (SCADA)

Can operate as standalone device, networked together with other SCADA systems, or networked with traditional IT; HMI (Human-machine interface) as it enables people to better understand, oversee, manage, and control complex machine and technology systems; is event-driven;

• Legacy SCADA is designed with minimal human interface. Often have mechanical buttons or simple LCDs. Often poorly secured and not frequently updated (i.e., Stuxnet)

• DCS with an interface basically

Distributed Computing Environment (DCE)

A collection of individual systems that work together to support a resource or provide a service

• Parallelism

• Makes up all WEB 2 nowadays

Interface Design Language (IDL)

Which is used to define the interface between the client and server processes or objects in a distributed system

What does MFA stand for?

Multi-factor Authorization

What does HPC stand for?

High-performance Computing systems

High-performance Computing systems (HPC)

Computing platforms designed to perform complex calculations or data manipulations at extremely high speeds.

• Limited processing

Used when real-time or near real-time processing of massive data is necessary for a particular task or application

• Ex that use HPC) mobile devices/apps, IoT devices, ICS solutions, streaming media, voice assistants, 3D modeling and rendering, AI/ML calculations

Composed of: computer resources, network capabilities, and storage capacity; each element must be able to provide equivalent capabilities in order to optimize overall performance

Edge computing

Swing back, has a centralized computing system but pushes it all out so that it is distributed

• WOW (world of warcraft) also used edge servers originally

Philosophy of network design where data and compute resources are located as close as possible in order to optimize bandwidth use while minimizing latency.

• Intelligence and processing are contained within each device/each device processes its own data locally

• Computations are performed closer to the data source, which is at/near the edge of the network

• Relies on IOT

Fog Computing

Relies on sensors, IoT devices, or edge computing devices to collect data and transfer back to a central location for processing.

• Intelligence and processing are centralized in the LAN

What does RTOS stand for?

Real-time Operating System

Real-time Operating System (RTOS)

Designed to process or handle data as it arrives on the system with minimal latency or delay

Usually stored on ROM and is designed to operate in a hard real-time or soft real-time condition

Two types:

• Hard real-time

• Soft real-time

Security Concern:

• Often focused/single-purpose; often use custom/proprietary code (which can include bugs); could be overloaded/distracted by malware-initiated process requests or false datasets

  • Security processes always add lateny

Hard Real-time (RTOS)

For mission critical operations where delay must be eliminated or minized for safety (i.e., autonomous vehicles)

• Assisted Braking systems  needs to be processed right away

Soft Real-Time (RTOS)

Used when some level of modest delay is acceptable under typical or normal conditions (i.e., consumer electronics)

• Loading screen, temperature control in a car

Event-driven RTOS

Switches between operations or tasks based on pre-assigned priorities

• Does things based on events

• When something happens it does something

Time-sharing RTOS

Switches between operations or tasks on clock interrupts or specific time intervals

• Does something for some amount of time

What does IOT stand for?

Internet of Things

Internet of Things (IOT)

Internet-connected smart devices that provide automation, remote control, or AI processing to traditional or new appliances or devices in a home or office setting.

• Fridges, thermometers, etc.

• IoT devices can be great or gimmicky

  • Computer in a refrigerator

  • A thermostat could be hacked and a smart one holds the information of when you are not at the house which gives the hackers the same information

Security is related to access and encryption – typically devices do not have a robust security setup

• Want it to be easier to use thus they are less secure

  • You personally should increase encryption and password changes

• Patching/updating firmware is also a problem

• Setting up a distinct network for IoT devices can keep them separate from the primary network (and thus provide more security)

• In organizations, it is important to consider IoT assets – as they can be ubiquitous

What does APT stand for?

Advanced Persistent threat

Embedded System

Any form of computing component added to an existing mechanical or electrical system for the purpose of providing automation, remote control, and/or monitoring

• Industrial control systems, PLC, generally do with life or death

Static systems (envirorments)

A set of conditions, events, and surroundings that don’t change; to prevent users reducing security or changing operations

• Ex) Check-in kiosk at airport; ATM; guest computer at hotel or library

• In technology – examples are: OSs, hardware sets, or networks that art configured for a specific need, capability, or function, and then set to remain unaltered.

• They do not change!!! —> Dynamic = change

Network-Enabled Devices

Any type of device (whether mobile or stationary) that has native network capabilities

• Assumes network is wireless; primarily provided by a mobile telecommunications company but could also mean Wi-Fi or wired

  • Examples of Network-enabled devices: are smartphones, mobile phones, tablets, smart TVs, set-top boxes, HDMI-stick streaming media players, network-attached printers, game systems, etc...

Embedded systems: network-attached printers, smart TVs, HVAC controls, smart appliances, smart thermostats, vehicle entertainment/driver assist/self-driving systems, and medical devices.

• Network-enabled devices may be embedded systems or used to create embedded systems

Cyber-Physical Systems

Devices that offer a computational means to control something in the physical world

• Ex. Prosthetics, robotics, collision detection, lot in military

Mainframes

High-end computer systems used to perform highly complex calculations and provide bulk data processing; considered static

Modern Mainframes

More flexible/virtual machines; could be static

Specialized Equipment

Anything designed for one specific purpose, to be used by a specific type of organization, or to perform a specific function

• Type of DCS, IoT, smart device, endpoint device, or edge computing system

• Used for one specific thin!!! Does one thing and nothing else!!!