App security
Sairag 
winsec3e_ppt_ch01.pptxSecurity Strategies in Windows Platforms and Applications
Lesson 1
Microsoft Windows and the Threat Landscape
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Cover image © Sharpshot/Dreamstime.com
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objective(s)
Describe information systems security and the inherent security features of the Microsoft Windows operating system.
Describe threats to Microsoft Windows and applications.
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
2
Key Concepts
Information systems security and the C-I-A triad
Microsoft Windows and a typical IT infrastructure
Vulnerabilities of Microsoft Windows systems and their applications
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
3
Information Systems Security
Defense in depth
A collection of strategies to make a computer environment safe
Information security
Main goal is to prevent loss
Most decisions require balance between security and usability
Security controls are mechanisms used to protect information
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
4
Security Controls
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5
Type of Control
Administrative
Type of Function
Preventive
Detective
Corrective
Technical
Physical
C-I-A Triad
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The practice of securing information involves ensuring three tenets of information security: confidentiality, integrity, and availability
Known as the C-I-A triad
Also known as the availability, integrity, and confidentiality (A-I-C) triad
Each tenet interacts with the other two and, in some cases, may conflict
6
Confidentiality
The assurance that the information cannot be accessed or viewed by unauthorized users
Examples of confidential information:
Financial information
Medical information
Secret military plans
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A successful attack against confidential information enables the attacker to use the information to gain an inappropriate advantage or to extort compensation through threats to divulge the information.
7
Integrity
The assurance that the information cannot be changed by unauthorized users
Ensuring integrity means applying controls that prohibit unauthorized changes to information
Examples of integrity controls:
Security classification
User clearance
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
8
Availability
The assurance that the information is available to authorized users in an acceptable time frame when the information is requested is availability
Examples of attacks that affect availability:
Denial of service (DoS)
Hacktivist
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
9
Microsoft Windows and Applications in a Typical IT Infrastructure
IT infrastructure
Collection of computers, devices, and network components that make up an IT environment
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
10
Microsoft Windows and Applications in a Typical IT Infrastructure
Common infrastructure components:
Client platforms
Network segments
Network devices
Server instances (often listed by function)
Cloud-based offerings, such as Microsoft Office 365 and Microsoft Azure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
11
A Sample IT Infrastructure
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Windows Clients
Client systems provide functionality to end users; customer-facing systems
Include desktops, laptops, and mobile devices
Each application can be deployed on client systems as either a thin or a thick client
Windows 10
Newest and most popular Windows client operating system
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
13
Windows Servers
Server computers provide services to client applications
Common server applications:
Web servers, application servers, and database servers
Windows Server 2019
Essentials, for small businesses
Standard, for most server functions
Datacenter, for large-scale deployments
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
14
Microsoft’s End-User License Agreement (EULA)
Software license agreement that contains the Microsoft Software License Terms
Must be accepted prior to installation of any Microsoft Windows product
Located in the Windows install folder or on the Microsoft website
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
15
Microsoft EULA Sections
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Updates
Additional Notices—Networks, Data, and Internet Usage
Limited Warranty
Exclusions from Limited Warranty
Windows Threats and Vulnerabilities
Successful attack: One that realizes, or carries out, a threat against vulnerabilities
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
17
Risk
Any exposure to a threat
Threat
Any action that could lead to damage, disruption, or loss
Vulnerability
Weakness in an operating system or application software
Windows Threats and Vulnerabilities
A threat is not necessarily dangerous
Fire in fireplace = desirable
Fire in data center = dangerous
For damage to occur, there has to be a threat
Attackers look for vulnerabilities, then devise an attack that will exploit the weakness
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
18
Anatomy of Microsoft Windows Vulnerabilities
Ransomware
Malicious software that renders files or volumes inaccessible through encryption
Attacker demands payment using cryptocurrency for the decryption key
Well-known ransomware attacks
CryptoLocker
Locky
WannaCry
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Most ransomware encrypts data and demands a payment using cryptocurrency in exchange for the decryption key.
19
Discovery-Analysis-Remediation Cycle
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A recurring three-step process for addressing attacks
20
Discovery
Once an attack starts, attackers become as inconspicuous as possible
Need to compare suspect activity baseline (normal activity) to detect anomalies
Common method of accomplishing this is to use activity and monitoring logs
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
21
Analysis
Security information and event management (SIEM) tools
Collect and aggregate security-related information from multiple sources and devices
Help prepare data for correlation and analysis
Current vulnerability and security bulletin databases
Help you determine if others are experiencing same activity
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
SIEM tools can often cross-reference known vulnerability databases to help identify suspect behavior.
The analysis phase includes validating suspect activity as abnormal and then figuring out what is causing it.
22
Remediation
Contain any damage that has occurred, recover from any loss, and implement controls to prevent a recurrence
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
23
Common Forms of Attack
| Threat | Description |
| Phishing | Generally start with a message that contains a link or image to click, or a file to open; taking these actions launches malware attacks |
| Malware | Malicious software designed to carry out tasks that the user would not normally allow |
| Denial of service (DoS) | Any action that dramatically slows down or blocks access to one or more resources |
| Injection attack | Depends on ability to send instructions to an application that causes the application to carry out unintended actions; SQL injection is common |
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
24
Common Forms of Attack (Cont.)
| Threat | Description |
| Unprotected Windows Share | A situation that allows attackers to install tools, including malicious software |
| Session hijacking and credential reuse | Attempts by attackers to take over valid sessions or capture credentials to impersonate valid users |
| Cross-site scripting | Specially crafted malicious code used to attack web applications |
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
25
Common Forms of Attack (Cont.)
| Threat | Description |
| Packet sniffing | The process of collecting network messages as they travel across a network in hopes of divulging sensitive information, such as passwords |
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
26
Summary
Information systems security and the C-I-A triad
Microsoft Windows and a typical IT infrastructure
Vulnerabilities of Microsoft Windows systems and their applications
Page ‹#›
Security Strategies in Windows Platforms and Applications
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
27
