V. Preventing Vulnerability Exploitation i. Continuous updates and product patches Assumed that if you are patching your Windows computers on your SCADA or ICS system (using some variation of Microsoft Windows Update), then any vulnerable services that can be patched will be patched. Well guess again – you may still have a number of open vulnerabilities that are happily being missed by the Windows update service. And scariest of all, you can’t do much about it. Welcome to the Wild World of Windows Common Controls To understand why this is possible, it helps to know a little about something called Windows Common Controls. Common Controls are executable routines that Microsoft supplies to give applications from different developers for a unified look and feel. For example, the Tool Tip Control creates those small rectangular windows that display help text when you place the cursor over some button or tab and wait for few milliseconds. Common Controls have been in use from the early days of Windows. Applications like Word or SQL Server use them extensively, but so do many developers of 3rd party applications. In the SCADA and ICS world, it is a fair guess that the bulk of the software developed for industrial server or client applications on Windows machines use them. You Can Have the Patch IF… The problem started when Microsoft announced the existence of two serious vulnerabilities (MS12-027 and MS12-060) in the ActiveX controls contained in the file MSCOMCTL.OCX. According to the Common Vulnerabilities and Exposures (CVE) database, these flaws were being exploited as targeted attacks in April 2012 using specially crafted malicious RTF files sent via email. Microsoft soon provided patches to fix these vulnerabilities in their... ... middle of paper ... ... have to analyze so that we can say that the process which is running is the valid one or not. To make this conclusion we can have the list of processes which are allow to run on the system. If any other process (not listed) is running we can list it out. 3. Decide: Based on the analysis we need to decide what action we have to take. Suppose there is one process which is running from a long time but it is the process which we have not listed in the list of processes which has to run on the system, So we can terminate that process or we can buzz an alarm. 4. Act: Action has to be taken for processes that are running or not running to our system. These four steps are involved in the process monitoring and controlling. To have the system without any malicious process we need to monitor the system’s processes very keenly so that we can avoid harm to our control systems.
On August 12, 2003, a computer worm was released called MSBlaster.B, which was distributed through two files “teekids.exe” ( which included code that directs compromised computers to attack the Microsoft domain name www.windowsupdate.com and a backdoor file “Lithium” ( which allows a way into a password protected system without use of a password and remote control a system). The worm itself targeted mostly Windows 2000 & Windows XP systems. If Windows NT or Windows 2003 servers do not have the appropriate patches, they too may be vulnerable. The function of the worm is to exploit the DCOM RPC vulnerability.
There are several process and challenges found during examining process. In process there is a model called “process model” which is a step to prepare, collect, examine, analysis and report the evidences.
In the operation Aurora case, the attack utilized a combination of attacks that comprised of stealth hacking, an unknown loophole in internet explorer (also known as the Zero- Day exploit), and the use of complicated encryptions. This led to companies like McAfee, Microsoft, and Symantec to resolve the breach with providing patches and updates to the browser as well as security software. As the investigation progressed, Microsoft quickly and quietly pushed out security advisories and security products. They also urged users to perform the IE patch updates. At the...
Vulnerabilities occur when corrupted code or misconfigured hardware are on a network. This is why it is important for an organization to have an effective vulnerability assessment plan that includes regular scans of the network and annual penetration tests. These scans are very important to prevent hackers from “utilizing these flaws to gain access to your machines” (Houghton, 2003). An excellent source of information to get “summaries, technical details, remediation information, and lists of affected vendors” (US-CERT) is the Vulnerability Notes Database. Please view Appendix B for current threats.
Containment is the most important role to be played in an incident respond. These are the practice of the strategies which gets followed when there is an attack like Distributed Denial of Service Attacks ("Uf it security," 2011). In our Lockheed Martin company, we prepare ourselves for any circumstances so our employees can act upon the situation. Instead of wasting time in what needs to be done now we prepare ourselves for future attacks. The way containment process needs to be followed is to first determine which part of the system contains malware viruses and detecting this issue would be the first task in incident response strategy. The time when that one system is detected then our company will be isolating that specific system to limit
Extracting and translating information in Registry is also very important in incident response. A lot of changes happen in the registry when users download or delete any sort of data. It also keeps date and time for any of those changes. There are a lot of tools which can help with that including RegRipper, Process Monitor, and WRR. These work just as well with machines with an older operating system to extract and understand registry keys and values or monitoring accesses to the Registry on a live system. The tool regslack.exe is very helpful to check if any of the registry keys and values were
The most widespread and reigning operating system, Window XP that was released on October 25, 2001 and was considered to be the most outstandingly accepted operating system platform among Consumer and Business Markets is now after April 8, 2014 will be defunct. That means , starting from April 9,2014 Microsoft will no longer provide support, market or any updates, hot fixes, any type of support options like Microsoft Security Essentials or online technical content updates. Also, there can be the scenario when great number of apps and devices don’t even work well with Window XP. Now, this will increase the hacking attacks exponentially on machine that are still continued to use Window XP. This looming sunset will have direct impact on enterprise environments, security locks on doors/buildings, automated teller machines, government computing devices, E-Commerce, military computing devices, retail industry with POS and other application running in that environment and other organizations that deals with Credit Cardholder data and those who are obliged to comply with PCI DSS requirements.
As the internet is becoming faster and faster, an operating system (OS) is needed to manage the data in computers. An Operating system can be considered to be a set of programed codes that are created to control hardware such as computers. In 1985 Windows was established as an operating system and a year earlier Mac OS was established, and they have dominated the market of the computer programs since that time. Although, many companies have provided other operating systems, most users still prefer Mac as the most secured system and windows as it provides more multiple functions. This essay will demonstrate the differences between windows
the problem could cost businesses a total of $600 billion to remedy." (p. 1)The fallacy that mainframes were the only machines to be affected was short lived as industry realized that 60 to 80 million home and small business users doing math or accounting etc. on Windows 3.1 or older software, are just as susceptible to this "bug." Can this be repaired in time? For some, it is already too late.
After any security incident, you should create an action report that includes three simple goals. Identify how the incident occurred. Identify what actions you took after identifying the incident. Identify what you've done to prevent this type of incident from reoccurring.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system 's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. (Wikipedia).
Step 3: Vulnerability Identification - list of all Weaknesses in the system that can be exploited by threats.
Monitoring, Review and Revision of Plan - ensures that it remains current. In addition, the monitoring process is backed up by full managerial accountability for the success of the plan.
The process control is a method to control, prevent and make better the process functionality of the companies. The advantage of the process control is detect early and prevent the problems and achieves goals to make the future better for customers, employees, partners, etc.