GETIt
MoonSun20
resourceforstep3_Vulnerability.pdf
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 1/27
Vulnerability
A vulnerability is a weakness or group of weaknesses that can be exploited, causing a
security breach and/or damages to the organization.
Software vulnerabilities are communicated in various ways:
by the vendor in security bulletins (online publications)
through email alerts from the vendor to company points of contact
in hacker forums
by the United States Computer Emergency Readiness Team (US-CERT) and other
government organizations
Information Systems: Vulnerability to Cyberattack
As technology continues to grow, information systems also change and evolve.
Information systems help organizations in different ways—from increasing productivity to
reaching out to customers. There are different information systems to address different
requirements. The different types of information systems are listed in the table below. Can
you distinguish the ones that are more likely to be attacked from the ones that are less
likely to be attacked?
Information System Definition
E-commerce
system
System for buying and selling products or providing
services over the Internet
Learning Resource
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 2/27
Information
System Definition
Knowledge
management
system
Collection of systems that support the creation, storage,
and dissemination of information; the knowledge
management system has a repository of well-structured
information and a collection of tools that may be used to
quickly find answers to posed questions
Enterprise
resource planning
(ERP) system
System that supports and integrates the various
functions within the organization including planning,
manufacturing, sales, marketing, and accounting
Intelligent system System that exhibits intelligence in the sense that it is
able to learn behaviors based on past experiences, to
adapt to changing environments, and to be consistent in its responses
Transaction
processing system
System for managing data transactions of an
organization
Office automation
system
System that helps optimize and automate office
procedures
Customer-
relationship management
(CRM) system
System that manages the company's client interactions,
such as in sales, marketing, and customer service
Collaboration
system
System that supports and coordinates collaborative
activities such as e-mailing, texting, chatting, and
bookmarking
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 3/27
Information
System Definition
Supply chain
management
(SCM) system
System that automatically updates inventory values for
each item and sends reorder information to the suppliers
Functional-area
information system
System for managing different functional areas within an
organization
Data mining and
visualization
system
System that helps derive patterns from data
Management
information system (MIS)
System that provides information needed to effectively
manage an organization
Geographical
information
system (GIS)
System that captures, stores, analyzes, and presents data
related to a location
Executive
information
system
System that provides external and internal information
relevant to meeting the strategic goals of an organization
Decision support
system (DSS)
System that constitutes a set of IS to support the
decision-making process
The following systems are more likely to be attacked:
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 4/27
e-commerce system
ERP
transaction processing system
CRM
SCM
data mining and visualization system
GIS
DSS
The following systems are less likely to be attacked:
knowledge management system
intelligent system
office automation system
collaboration system
functional-area information system
MIS
executive information system
Remember, if a company's network is attacked and penetrated (even via a website), then
all internal information systems may be accessible to the hacker or other type of attacker.
Modern Information Systems
The Challenges of Securing Modern Information Systems
Today's hybrid networks comprise a combination of wired and wireless networks that
connect tens to thousands of computers running several different operating systems. Each
kind of computer, operating system, device, and network has its share of security
vulnerabilities, and securing the network poses several challenges for the IT security team.
You will learn more about these challenges and how to overcome them as you progress
through this program. However, here's a brief overview of potential security issues.
Diverse Systems: As discussed, hybrid networks are flexible in terms of connectivity
and the types of devices they support. For example, many organizational networks
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 5/27
support a variety of computer systems, such as PCs, laptops, and mobile devices.
These systems run different types of operating systems, such as Windows, Linux,
UNIX, MacOS, and mobile operating systems. Some organizations have a virtual
private network (VPN), which enables employees to securely access their intranet
from outside the network.
Organizations are also working on improving the efficiency and availability of IT
resources and a variety of applications through the use of virtual machines. Multiple
virtual machines may run on one physical machine. A virtual Linux machine, for
example, may run on a Windows machine. VMware and Xen are some examples of
virtualization software that can be used to create virtual machines. All computer
systems and operating systems have inherent vulnerabilities that need to be
managed.
Email and Text Messaging: Email and text messaging are popular communication
tools for business and social purposes. You share documents, presentations, and
other types of files with your colleagues, vendors, customers, and friends. This
makes email an attractive tool for cybercriminals, who use it to infect computers
with viruses and Trojans and to run phishing scams.
Wireless Networks and Mobile Phones: Many organizational networks today
support wireless connectivity and remote log-ons. Hackers may piggyback on
available unsecured network connections in a densely populated area and send
spam, download files from the internet, and even hack into databases and steal
confidential data. Using mobile phones or smartphones to access information via
wireless technology might pose similar security challenges.
Social Networks: Organizations often use social networks for recruitment and
publicity campaigns. Consequently, many organizations allow employees to access
social networking sites. However, it might not be such a good idea from the
perspective of network security. There have been cases of Facebook and Twitter
accounts being hijacked and usernames and passwords being sold to "underground"
networks. Hackers then use the compromised accounts to run phishing scams.
Safeguarding the network from the vulnerabilities prevalent in social networks is a
new and growing challenge in the field of cybersecurity.
Vulnerabilities of TCP/IP
The TCP/IP suite protocols have inherent vulnerabilities. Hackers exploit these
vulnerabilities to attack networks. Some common types of attacks on TCP/IP include
sniffing, session hijacking, IP address spoofing, and denial of service (DoS).
Each type of attack is explained below.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 6/27
Sniffing: In this type of attack, the attacker uses a packet sniffer such as Wireshark
or Kismet to intercept and analyze the data packets sent between the sender and
receiver. This action occurs without the knowledge of either the sender or the
receiver. Many network applications transmit data packets as clear text; therefore,
attackers may be able to collect sensitive information such as user account names
and passwords using this technique. Sniffing is a data-link layer attack because the
attacker operates at the data-link layer of the network.
Session Hijacking: Session hijacking is an active version of sniffing. In this type of
attack, the attacker intercepts network traffic and obtains the initial sequence
number (ISN) of the communication. The ISN is the sequence number of the first
packet of data being communicated and tells the attacker how many packets are
being transmitted. The attacker also obtains the IP address of the sender from the
packet. The attacker then impersonates the sender and communicates with the
receiver. The attacker may tamper with the data received from the sender before
passing it on to the receiver. For example, an attacker may collect a confidential
document, falsify it, and retransmit it to the receiver, who accepts it at face value.
Session hijacking is a transport layer attack.
IP Address Spoofing: In this type of attack, the attacker sniffs network traffic to
identify the pattern of legitimate IP addresses for that particular network. The
attacker then forges the IP address in the packet headers. If the network uses the IP
address to authenticate the user, the attacker is able to gain access to the network
through the packet with the forged IP address. The attacker can then send malicious
packets to the network. For example, an attacker may introduce a Trojan or
keylogging application to the network after gaining access to it. IP address spoofing
is a network layer attack.
Denial of Service: Using DoS, the attacker can make a critical service or resource
unavailable to legitimate users on the network. For example, an email server can be
rendered useless by the sending of hundreds of email messages with large
attachments. The email server will eventually crash under the load and become
unavailable to legitimate users. Similarly, an attacker can flood a server with TCP
requests and cause it to stop functioning normally. Attackers may also distribute the
attack—by deploying several hundreds or thousands of clients. In this situation, the
attack is referred to as a distributed DoS (DDoS) attack. DoS is a transport layer
attack.
Network Security - Vulnerabilities of LANs, WANs, and MANs
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 7/27
Consider a typical office setup and its information system needs. You might find common
security vulnerabilities such as unattended computers, a centrally located printer, access
to gaming websites, discarded CDs, and data sharing. Read about these common
vulnerabilities below.
Unattended Computers: Leaving computers unattended is the biggest risk to
network security. Easy access to computers and other devices means that the LAN
(local area network) can be compromised. All desktops should be locked when not in
use.
Centrally Located Printer: A centrally located printer is not a major vulnerability as
long as data is not compromised. Do not leave important documents lying around
the printer, and print documents only when needed.
Access to Gaming Websites: This could pose a serious threat to the LAN, as any
material downloaded from the internet can contain viruses or worms. Access to
online games, movies, and songs should be restricted. All files that are downloaded
from the internet should be scanned for malware prior to being downloaded.
Discarded CDs: Employees must ensure that confidential data is deleted before
disposing of data and physically destroying computer media. Controls must be
implemented for safeguarding confidential data.
Data Sharing: Remote log-ons allow access to applications and data on the other
computers in the network. Remote access to computers on the network must be
restricted and password-protected. The LAN connects networks, servers,
workstations, printers, and storage devices and allows users to share functionalities
and resources. Therefore, it is important that the confidentiality and integrity of the
information is maintained. This can be achieved with the implementation of policies
and procedures and the creation of awareness among employees. WANs (wide area
networks) and MANs (metropolitan area networks), which are combinations of LANs,
are exposed to the same vulnerabilities as LANs.
Network Security - Vulnerabilities of WLANs
Like their wired LAN counterparts, WLANs (wireless LANs) are prone to security
vulnerabilities. In fact, a WLAN is more susceptible to attacks because it includes both the
organization's internal network and the general public network segments. An open WLAN,
which does not require users to authenticate themselves with a user name and password,
is a security issue and a breach waiting to happen. WLANs are also susceptible to attacks
such as:
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 8/27
Traffic Analysis: Traffic analysis helps determine the load on a wireless network. This
type of analysis gathers information about the frequency and timing of network
packets in transit. The attacker can identify the websites being visited and read
messages that are sent on the network. The attacker can then alter the message in
transit or send the message to multiple users.
Eavesdropping: Sometimes referred to as sniffing, eavesdropping involves capturing
packets and reading the data content to find sensitive information. There are two
types of eavesdropping: passive and active. In passive eavesdropping, the attacker
can use the information gathered to attack the network. In active eavesdropping,
the attacker not only monitors the wireless sessions but also tries to determine the
contents of the message. For example, if a user is trying to contact a bank, the
attacker can trick the user into believing that user is communicating with the bank.
Brute-Force Attacks Against Access Point SSIDs: An access point uses a single
password for all wireless clients. In a brute-force attack, the attacker methodically
tests combinations of passwords to gain entry to the access points.
Renegade Access Points: Sometimes, employers may be unaware that their
employees have deployed wireless capabilities on the company's network. This may
lead to unauthorized attacks. In addition, attackers may also set up rogue access
points to gain access to the network via the WLAN.
Masquerading Attacks: In a masquerading attack, an illegitimate user poses as a
legitimate user to gain access to confidential information.
Threats Originating From Cyberspace
Corporate websites and portals, extranets for vendors, and e-commerce sites are just a
few tools with which organizations harness the benefits of the internet.
With the rise in cybercrime, it is critical for organizations with an internet presence to
build a robust security infrastructure to safeguard their IT resources from threats.
Contrary to popular belief, not all threats originate from the outside. Threats can and do
originate from within the organization itself—in such cases, the internet is a useful tool for
the attack.
Below, read about an external and an internal threat to Cypher X, a fictional company.
Cypher X: Security Lapses?
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 9/27
Andy Parker is a systems administrator at Cypher X, a computer hardware manufacturing
company. The company’s headquarters and research and development center are located
in Austin, Texas. Cypher X has several manufacturing plants, sales offices, and suppliers
located in the United States, Brazil, Germany, South Korea, and Malaysia.
Today, Andy Parker is visiting a sales office in Dallas. During his visit, he observes some
lapses that could lead to IT security incidents.
Incident A
Andy Parker notices an unlocked workstation with a yellow sticky note on the monitor.
The note says,
Out for lunch, Back by 1:30 p.m. Call me @ 555-455-8865 in case of emergency
Sonya
Andy: Oh, Sonya’s out for lunch. I’ll come back after I’ve met with the others. Hmm,
Sonya’s forgotten to lock her desktop. She’s also left some files open. Anyone could
access this information. Actually, anyone could access the company’s network using
her computer, leaving her ID as the only trail. I must remember to warn her about
this.
Incident B
Andy Parker then notices an employee playing games on a website.
Andy: Ah, there’s John, the new hardware engineer. Is he playing soccer on a
website? I don’t believe this! I wonder if everyone has unrestricted access to the
internet and gaming sites. Andy decides to talk to John.
Andy: Hi John, how are you?
John: Hey! Okay so far, but I will be better as soon as I win this game!
Andy: Ah, soccer! So, does everyone have access to gaming websites?
John: Well, I know everyone in the IT department has unrestricted internet access.
Don’t know about other departments, though. Oh yes, I’ve seen Sam from the
finance department playing games online a couple of times. So, maybe a select few
users do have unrestricted access.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 10/27
Andy: Hmm, I see. Unrestricted access to the internet can result in computers being
infected by viruses or malware, you know—especially from gaming websites.
Incident C
Next, Andy Parker sees another employee working with shared folders on a network.
Andy: There’s Alan. He seems to be busy looking at some data over the network. Let
me chat with him for a bit.
Andy: Hey Alan, how are you today?
Alan: Great, Andy. Good to see you again.
Andy: Thanks. So, looks like you’re having a busy day.
Alan: No, not really. I’m just updating the project tracker on my boss’s laptop. I was
working late last night from home to meet a deadline.
Andy: He’s shared his files?
Alan: Yeah.
Andy: And how do you transfer files to your home computer?
Alan: I mostly use the office email system. Access to thumb drives is restricted.
Andy: I see. Must be difficult to transfer big files, huh?
Alan: Oh, we have a secure FTP site in place to exchange large-size files.
Andy: That’s good. Ah, there’s Sonya. Let me catch her before she gets busy. I’ll see
you later, Alan.
External Threat
Last year, there was an increase in targeted attacks on large companies. CypherX was the
target of one such attack.
The attackers gathered information about CypherX from its corporate website. They
also visited social networking websites to gather information about specific
employees.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 11/27
Those employees later received carefully worded phishing email messages
containing the Hydraq Trojan, which installed itself on the employees' machines by
exploiting vulnerabilities in a commonly used web browser.
The Trojan—like all Trojans, a malicious program that appears to be legitimate—
installed a keystroke logger on each machine, which enabled the attackers to gain
remote access to the infected computers.
Eventually, the attackers were able to gain access to CypherX's LAN. Fortunately,
Cypher X's intrusion detection system (IDS) alerted the IT team in time.
Internal Threat
Cypher X also faced a couple of internal threats, one of which is described below.
Sam Moore, a CypherX accountant, was transferred to Torrington, Connecticut.
Although small, the Torrington office handles sensitive and confidential data related
to CypherX's research and development efforts. Upset at being "banished" to a small
town, Sam decided to get back at CypherX by selling some of this data.
Sam got in touch with a friend who works for CypherX's competitor. They made a
deal.
Sam uploaded design documents for the new range of laptops CypherX was
developing to an online storage site on the internet. In return, the payment for the
designs was transferred electronically to Sam's bank account.
A few weeks later, CypherX's competitor released a series of advertisements about
its new range of laptops that looked suspiciously similar to CypherX's own!
Internal Threats
Most network intrusion detection systems, firewalls, and proxy servers are configured to
keep intruders out of an organization's IT systems. What happens if the intruder is already
inside the network, for example, working as an employee or a contractor?
The 2010 CyberSecurity Watch survey found that 51 percent of respondents who
experienced a cybersecurity incident were victims of an insider attack. Insider attacks very
often involve confidential data, intellectual property, or trade secrets. Consequently, they
are more damaging and costly than external attacks (CSO et al., 2010).
Cypher X's Andy Parker and his team recently conducted a security vulnerability test and
have broken down the vulnerabilities into categories.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 12/27
Weak/
Missin
g
Passw ords
Summary of finding: Despite the detailed password policy, 11
percent of the security vulnerabilities across the various offices stem
from weak passwords among the employees and contractors.
Why the finding matters: Passwords that contain only letters or numbers are easy to uncover via password-cracking tools that use
brute force; these tools try every possible combination of keystrokes
until the right combination is found.
Recommendation: Enforce the password policy electronically.
Operat
ing System
or
Applic
ation
Summary of finding: Overall, 22 percent of the security
vulnerabilities come from the use of software with open vulnerabilities that can be exploited. Special alert: none of the
computers located in the Buenos Aires, Argentina, office had the
latest Windows security patches installed.
Why the finding matters: When operating systems and software
applications such as browsers have known vulnerabilities that
hackers can exploit, hackers use these holes to breach networks and
individual computers.
Recommendation: Install the latest security updates on all machines.
Automate this process if possible.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 13/27
Human Factors
Summary of finding: The latest employee satisfaction survey found that:
5 percent of security vulnerabilities stem from a lack of
awareness among employees of the confidentiality clause in
their contract
12 percent stem from a lack of awareness of information
security policies among employees
15 percent stem from employee unhappiness with the working
conditions at Cypher X
12 percent stem from the receipt of warnings for unacceptable
behavior
Why the finding matters: Employees who are unfamiliar with security
policies or confidentiality clauses are soft targets for phishing and social engineering scams and may unknowingly reveal sensitive
information to outsiders. Disgruntled employees are more likely to
misuse or sell information for personal gain.
Recommendation: Conduct regular training and awareness programs
about IT security. Conduct a thorough background check of
prospective candidates. Conduct regular audits of computer and
network activity to identify potential issues.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 14/27
Other Summary of finding: Finally, the survey found that 23 percent of the vulnerabilities exist because of the susceptibility of computers to
attack due to miscellaneous factors such as unlocked workstations,
shared local folders with full access granted to all users, and copies
of pirated games, music, and movie clips.
Why the finding matters: Unlocked workstations and shared folders
on the network are easy targets for attackers who want to gain access to the network. Pirated content can contain malware that can
infect the entire network. In addition, downloading and storing
pirated content is a crime in many countries.
Recommendation: Update the IT security policy and the acceptable
use policy for shared folders. Mandate password-protected
screensavers on all computers. Configure the firewall to block websites that allow users to download pirated content and peer-to-
peer file-sharing sites. Educate employees on piracy.
Sources of External Intrusions
Internet-based intrusions are not limited to hackers alone. Nor are attacks restricted to
individuals and organizations. The internet allows malicious groups such as terrorist
organizations, enemy nation-states, and organized crime groups to carry out attacks. The
main sources of internet-based intrusions include:
Hackers: Hackers are the original cybercriminals. Hackers gain unauthorized access
to individual computers or networks to steal information such as passwords, credit
card and bank account numbers, and anything else they can get. Hackers may use
the stolen information themselves—to empty a bank account, for example—or barter
it on an underground network.
Industrial Espionage: Cybercriminals have found innovative ways to elicit trade
secrets from unsuspecting employees. A virus might masquerade as an email
attachment from your colleagues or as a link on your organization's internal website
about a new HR policy. Clicking the attachment or link installs a virus on the
computer, which then spreads across the network, grabs whatever information it
can, and sends it back to the attacker's computer.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 15/27
Organized Crime Groups: Criminals and organized crime groups use the internet to
launder money. In some cases, they hire candidates who respond to ads for work-
from-home opportunities and then use them as "money mules"—people who,
knowingly or unknowingly, transfer stolen funds from one country to another.
Employees: Employees, both current and former, might use the internet to smuggle
information in and out of the organization. In general, insider attacks are more
damaging and take longer to detect than intrusions by external hackers.
Terrorist Organizations: Terrorist organizations have already been using the internet
to organize real-world attacks, recruit followers, and raise money. However,
governments also fear that terrorist organizations might launch online attacks
against critical infrastructures.
Enemy Nation-States: Some countries are suspected to have launched cyberattacks
on enemy nations. Recent examples of attacks include an attack on Estonian
government computers by Russian government hackers, and cyberattacks on the US
Department of Defense and the White House originating from Russia and China.
Database Security Vulnerabilities
Database Security Pillars
A comprehensive database security strategy is based on three pillars.
Pillar 1: A strong foundation with authentication, authorization, and access control,
discovery and classification, and patch management
Pillar 2: Preventive measures with encryption, data masking, and change
management
Pillar 3: Intrusion detection with auditing, monitoring, and vulnerability assessment
Database Access Control
Security settings can provide restricted access to data as needed based on a database
schema. A database schema can be designed to allow or deny users access to tables and
views or to execute system privileges. A three-level database schema incorporating a
security approach has proven effective by establishing permissions based on user roles
(Oracle, n.d.).
Database Schema Administration
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 16/27
When users do not need to access the database or only need to access specific
applications, a shared three-level schema can limit the damage that can be done. A three-
level schema includes the description of data at the physical, conceptual, and external
layer.
Ownership-Based Administration
The owner of the table can apply security settings to grant or deny access to data by
implementing a three-level schema security mode, one that establishes permissions at a
granular level.
Access Control Administration
The owner of the database is provided the capability of granting and revoking privileges
by applying access rules.
Database access control has proven to be an effective security strategy. Any of the
traditional access control methods can be further improved by placing more granular
controls in place. Limiting access by role, schema, table—or by column, row or field within
a table—can minimize the likelihood that data will be compromised.
Inference
An inference attack involves gaining unauthorized access to restricted data through the
combination of database manipulation, logic application, and statistical analysis (Goodrich
& Tamassia, 2011; Hylkema, 2009).
Inference Basics
Step 1
Administrator and subordinate query a classified database.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 17/27
Step 2
Administrator receives the information, but the subordinate is denied.
Step 3
Subordinate queries two unclassified databases.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 18/27
Step 4
Subordinate receives the information from the unclassified databases.
Example of Inference
Step 1
In this example, a corporate database with personnel records is accessible in a sanitized
form to employees. Employee details contained in the database are restricted to
administrators. Names and salary information are strictly confidential, and subordinates
are denied access to this information (Shieh & Juang, n.d.)
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 19/27
Step 2
The company, attempting to improve retention among its employees, publicized their
years of service and publicly posts congratulatory messages to its internal website when
an employee completes the first year of employment and every five years thereafter. An
internal report shows the average salary for each department based on service time.
Company reports also show only one person was hired in any department in a given year.
Even though subordinates cannot access another employee's salary, aggregate values are
accessible. The average salary of employees based on years with the company can be
accessed from the database.
Step 3
Jesse wants to access information about Roy's salary. He knows Roy is the only HR
assistant manager with five years of service.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 20/27
Step 4
If Jesse creates a query requesting the average salary of HR managers with five years of
service, he can derive Roy's salary. This technique is an example of inference.
Inference Countermeasures
Step 1
Inference deterrence, as part of standard database design best practice, can prevent
security breaches. When determining how to prevent inference attacks, it is essential to
consider what method is best suited for a particular situation.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 21/27
Step 2
There are multiple approaches to protect against an inference attack, including
suppression, generalization, and random data perturbation (RDP).
Suppression
Suppression aims to remove or suppress information that could be used in an inference
attack and would not be suitable for the current example. Alternatively, the company
could either refrain from commemorating employment milestones or not publish the
salary information.
Generalization
Generalization makes values less specific or general, thus making it more difficult to
reliably make inferences. Generalization would be a more acceptable method to mitigate
inference attacks for the present situation. It could be used to provide less specific details,
such as the fact that an assistant HR administrator with the company for zero to five years
makes an average of $50,000 to $58,000.
RDP
Random data perturbation, or noise addition, alters values subtly, while ensuring that the
overall average of values remains accurate. RDP would not be suitable for the current
example because it would not instill trust or confidence in employees if celebrating
employment milestones at the wrong time or listing inaccurate salaries for years of service
(Goodrich & Tamassia, 2011; Hylkema, 2009).
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 22/27
Step 3
Consider a database containing personnel information, including the names, years of
service, and salaries of employees. In this example, the employee's name, years of service,
and salary information data is available to a subordinate role, but the association of names
and salaries is restricted to a supervisor role, such as administrator.
Step 4
In this example, the employee’s name, years of service, and salary information data is
available to a subordinate role, but the association of names and salaries is restricted to a
supervisor role, such as administrator.
Step 5
By incorporating separation of duties as an integral aspect of database design, multiple
tables can be created to restrict the level of access based on a user's assigned role.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 23/27
Here, the subordinate is restricted to the Employee table and Salary table, but the
Employee-Salary table is only available to the administrator role.
Step 6
If a new attribute, such as employee join date, is added to the Salaries table, the database
is susceptible to inference attack. An employee's join date is an easily observable or
discoverable attribute.
Step 7
A user assigned a subordinate role could infer another employee's salary by the inclusion
of start date data. Recall that the company posts congratulatory messages to its internal
website when an employee completes the first year of employment and every five years
thereafter. This will compromise the relationship between employee and salary. Therefore,
the employee join date should be restricted and instead included in the Employees table.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 24/27
Database Encryption
Encryption is critically important to maintain the integrity of the database content, as well
as confidentiality. Encryption ensures data security in transit and data security at rest, and
end-to-end encryption can prevent data breaches from internal attacks. With data
encryption, controls at the source of the data are maintained at a central point (Baccam,
2009).
What Is Database Encryption?
There are multiple levels of encryption that can be applied within the database hierarchy.
This extends from encrypting the entire database down to the attribute level, record level,
or even more granular down to an individual field (Lane, 2009b).
database-level encryption
record-level encryption
attribute-level encryption
individual field-level encryption
How Are Databases Encrypted?
The various ways in which databases can be encrypted are listed below.
Encrypt the entire database.
Encrypt each individual item in the database.
Encrypt each record in the database as a block.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 25/27
Encryption of the entire database, known as transparent or external data encryption
(TDE), is provided by native encryption functions within the database engine. TDE is
invisible to applications and users that use that data and, therefore, is known as a
"transparent" database encryption. Also, changes to application logic of TDE are not
needed.
Encryption of specific columns, tables, or even data elements within the database is
known as user or data encryption. It is referred to as a "user" encryption as objects being
encrypted are owned and managed on a per-user basis (Lane, 2009a).
Table-Level Encryption
Table-level encryption is where the contents of a table or group of tables are encrypted as
one element. This protects the data within the table, and is an option when more than one
column in the table contains sensitive information. While it does not offer fine-grained
access control to specific elements, it is a more efficient option than column encryption
when multiple columns contain sensitive data, and requires fewer application and query
modification (Lane, 2009b).
Row-Level Encryption
Row-level encryption is where a single row in a table is encrypted, and field- or cell-level
encryption is where individual data elements within a database table are encrypted. They
offer fine-grained control over data access, but can result in management and
performance challenges. There might be one key used for all elements or a key for each
row. The performance challenges can be a limitation when selecting or modifying multiple
rows (Lane, 2009b).
Column-Level Encryption
Column-level encryption applies to all data in a single column in a table. This column is
encrypted using a single key that supports one or more users. New queries to examine or
modify encrypted columns must have the correct database privileges but also must
provide credentials to access the encryption/decryption key. That can be as simple as
passing a different user ID and password to the key manager, or as complicated as a full
cryptographic certificate exchange. By asking the database to encrypt all data in a column,
you focus on specific data to protect.
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 26/27
Column-level encryption is popular with PCI-DSS compliance because it restricts access to
a small group, but the downside is that the column is encrypted as a whole, so every
modification requires the whole column to be reencrypted and certified. This option is
common in relational database platforms but has the poorest performance (Lane, 2009b).
References
Baccam, T. (2009). Making database security an IT security priority.
http://www.sans.org/reading_room/analysts_program/Oracle_Nov09.pdf
CSO, US Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon
University, and Deloitte. (2010). CyberSecurity watch survey. CSO website.
Goodrich, M. T., & Tamassia, R. (2011). Introduction to computer security. Pearson
Education.
Hylkema, M. (2009). A survey of database inference attack prevention methods.
http://met-research.bu.edu/met-
ert/Internal%20Documentation/Inference%20Research/Michael_Hylkema_Resea
rch_Paper.pd
Lane, A. (2009a, June 4). Introduction to database encryption – the reboot! [Blog post].
Available under the Creative Commons Attribution-NonCommercial-ShareAlike
3.0 United States (https://creativecommons.org/licenses/by-nc-
sa/3.0/us/legalcode) license. https://securosis.com/tag/database+encryption
Lane, A. (2009b, May 14). Database encryption: Option 2, enforcing separation of duties
[Blog post]. Available under the Creative Commons Attribution-NonCommercial-
ShareAlike 3.0 United States (https://creativecommons.org/licenses/by-nc-
sa/3.0/us/legalcode) license. https://securosis.com/blog/database-encryption-
option-2-enforcing-separation-of-duties
Oracle. (n.d.). Introducing database security for application developers.
http://docs.oracle.com/cd/B12037_01/network.101/b10773/apdvntro.htm
Oracle. (n.d.). Security, roles, and privileges. http://ss64.com/ora/syntax-secure.html
Shieh, S-P., Lin, C-T., & Juang, Y-S. (n.d.). Controlling inference and information flows in
secure databases.
http://dsns.csie.nctu.edu.tw/ssp/Meeting/37.Controlling%20Inference%20and%2
0Information%20Flows%20in%20Secure%20Databases.pdf
1/17/23, 8:10 AM Vulnerability
https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/vulnerability.html?ou=722269 27/27
© 2023 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
