There is no rulebook for hackers to break into a system. However an organization must ensure they follow a security and monitoring framework which ensures all the boundaries and threat areas a covered. It is a challenge today not only to detect and remediate advanced persistent threat, but also to effectively address the issue in a timely manner.

There are three basic areas which need to be monitored and analysed to detect an Advanced Persistent Threat:
1. Network Traffic Analysis
2. Payload Analysis
3. Endpoint Behaviour Analysis

Network Traffic Analysis:
Network traffic is one of most important data the organization needs to analyse to detect any threat or a break in. By analysing the inbound and outbound traffic, any compromised system or network should be detected. This can include for example traffic patterns. Based on usage a baseline should be created of all the activities, and these can be compared to real time events to detect any anomaly.

To further strengthen this network forensics is an important activity that an organization should look into. Forensics would capture, store and analyse network traffic and provide data analytics to improve detection and remediation.

Payload Analysis
It is often very difficult to detect the actual extent of damage even when the compromise has been detected. Payload analysis helps in further analysing a malware or a compromised system to study its behaviour and detect the extent of damage it could have caused. It also helps in reducing false positive and also increases the effectiveness of detection. This is very effective in detecting malwares which bypass signature based verification.

However payload analysis is a time taking process. Moreoever sandboxing and replicating the exact environment is also a common challenge which all organisations face.

Endpoint Behaviour Analysis:
Endpoint Behaviour Analysis aims to detect any unwanted or suspicious activity within the endpoints. It can be a network related activity originating from the end point or an application behaviour anomaly.

One of the interesting technology is Application Containment. In this a suspicious application or a compromised application is allowed to function in a container (thus isolating it from accessing from any other data in the system). Its behavior is monitored and it is fed with some similar data to simulate its activity. However this is a resource consuming process and often not very user friendly.

As the threat scenario is changing, information security is no longer the work of individuals. An enterprise wide approach needs to be undertaken, taking into all key stakeholders, management, business and IT to achieve a collective goal to securing an organization.

Rahul Das
Consultant | Cyber Security
PwC, India
(IIITA, MS-CLIS 2011-2013)

1. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. Why is it called Heartbleed?, because the bug is in the OpenSSL’s implementation of the Transport Layer Security (TLS) protocols heartbeat extension (RFC6520). The attacker can grab memory from a server, without leaving any traces. This gives attacker a copy of information in memory including keys, usernames and passwords, etc. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. The vulnerability is classified as a buffer over-read.

2. The ShellShock is a vulnerability in widely used bash command shell. Since bash is used in many systems and in many different forms, this can be exploited in various ways. This bug causes bash to execute commands when they are concatenated to the end of function definitions in values of environment variables. A remote attackers utilizes this bug to execute arbitrary code and commands without having proper privileges. To test whether a system is vulnerable, you can try popping open a shell/terminal and running this command :
env X=”() { :;} ; echo you might be vulnerable” /bin/bash -c “echo hello”
If “you might be vulnerable” pops up, your system has an exploitable version of Bash installed. Exploitable bash are also used in MacOS X, android and Windows Cygwin. Attackers exploited Shellshock using botnets to carry out distributed denial of service attacks. Shellshock also has the potential to be turned into a worm — a self-replicating piece of code that automatically propagates to all Shellshock-vulnerable systems, potentially causing untold damage. Shellshock was compared to Heartbleed in its severity.

3. POODLE attack, Padding Oracle On Downgraded Legacy Encryption attack, is a name given to exploit that takes advantage of way some browsers deal with encryption. Most of the browsers use TLS protocol for secure communication, but revert back to SSL 3.0 when TLS connection is not available for interoperability. An attacker takes advantage of this, using Man-in-the-middle attack, forcing use of SSL 3.0. POODLE is used to target browsers that uses SSL 3.0 protocol for encryption and authentication. Attacker exploits a design flaw in SSL 3.0, that allows the padding data at the end of a block cipher to be changed so that the encryption cipher become less secure each time it is passed.

POODLE is an example of a vulnerability that succeeds thanks to a mechanism designed for reducing security for the sake of interoperability. Such flaws call for extra care when designing systems in domains with high levels of fragmentation. In such domains graceful security degradation may become common.

Google researchers Bodo Moller, Thai Duong and Krzysztof Kotowicz discovered (and named) the POODLE vulnerability and warned the IT community that the only way to prevent POODLE attacks is to stop using SSL 3.0.

Out of the above three, Heartbleed was rated most serious vulnerability which affected systems for nearly 2 years. It resulted from improper input validation (due to a missing bound check) in the implementation of the TLS heartbeat extension. This shows that it was an implementation issue and not a design issue. POODLE as already mention resulted because of reducing security for interoperability. Since this was done intentionally, it can be mentioned in the category of design flaw. To avoid such incidents in future, we should think like both an implementer and an attacker while designing and implementing protocols and software.

The only solution to be protected against these and against many more unidentified vulnerabilities is to keep system updated and remain yourself updated about new vulnerabilities.

Anurag Shandilya
M.Tech (CLIS)
IIIT Allahabad

Hacking is legal, but cracking not. Crackers break into the system with some malicious intent for some personal gain. These personal gain may be for fame, profit or even revenge. They can modify, delete and steal critical and confidential information from the victim system. Hackers have quite advanced knowledge of operating systems and programming languages. They know different security holes within the system and the reasons for such holes. They are keen to seek further knowledge, share their discoveries without having intentions for damaging or stealing data. On the other hand, Crackers gain unauthorized access, destroy important data, or in short cause problems for their targets. Whatever the case may be, people give hacker a negative outline. A person can be a hacker regardless of age, gender or religion. It just depends on the technical skill of the person which vary from one hacker to other. Some of the hackers barely know to surf the internet, whereas other writes such software on which other hackers depend.

Types Of Hackers

Broadly speaking, hackers can be classified on the basis of their skills and knowledge or on the basis of type of work they perform. If we speak about the former one, we can rename hackers as Coders, Admins and Script Kiddies, while the latter one can rename a hacker into three more specific terms White Hat hacker, Black Hat Hacker and Grey Hat Hacker.

Coders: They are the real hackers, the one who revise the methods and the write the codes for the tools available in the market. They can find security holes in the software to create their own exploits.

Admins: They are the guys who use the tools developed by the coders. They don’t write their own code and techniques but explores the tools at their best to find different tricks and techniques.

Script Kiddies: They are the persons who reads out something on Internet, find few scripts online and apply them exactly in the same manner as it is specified on the Internet. They are the most dangerous categories. They can cause more harm because they don’t know what those codes and script means, they are simply applying it. They take advantage of the hackers’ tools and documentations available freely on the Internet, but they don’t have knowledge of what is going behind the scene.

White Hat hackers: In simple language, you can call them as good guy or Ethical Hacker. They focus on securing and protecting IT systems. They use their knowledge to locate braches in the system and find counter measures in the resource.

Black Hat Hackers: They are the second type of hackers which I stated earlier as Crackers or criminal hackers. They use their skills for malicious purpose and illegal activities. They break into others’ system for some malicious intent and focus on data stealing and security breaching.

Grey Hat Hacker: They are intermediate of White hat and Black hat hackers. They can act sometimes legally, for the goodwill, while sometimes not. They might not have malicious intent, but sometimes can commit crime during the course of their technical exploits.

Hactivist: They are another type of hackers who generally broadcasts political or social message through their work on the web. Recent example includes “the photo of Modi on website of AAP”. We can cover such persons under grey hat hackers.

Cyber Terrorists: They are the black hat hackers who generally attack govt. computers. They crash critical systems and steal confidential information from different specialized system specially govt. website.

Why Hackers Hack??

This is a quite good question for the argument, but we can’t specify the reason for the hackers to hack the system. It varies from one type of hacker to other.
Some of the reasons may include:

• Exploring additional knowledge
• Hacking for the hobby
• Information stealing
• Software cracking
• And many more endless reasons…

Prevention from Hackers

Ethical hacking in not illegal, it’s performed by the permission of the victim to explore something to the deeper level. If you ask me the way to prevent yourself from hackers then I’ll suggest only one thing: “don’t ever fight with any hacker. If you do, then please unplug your computer system and lock them away, so that no-one can touch your system, not even you!” But this is not the right way for the Information security, but this is important for you to protect your system from known vulnerabilities. You don’t have to protect your system from everything, In fact, you can’t even do so. However, we may adopt some techniques to prevent ourselves to a much better extent:

• Never share password with anyone, no matter how much he / she is close to you
• Never click on any unknown / unwanted link that is sent to you through chats or emails
• Avoid use of public computers
• Avoid use of public networks, especially free wifi. Free may be dangerous.
• Never use your personal online accounts such as emails or social accounts like facebook in any public network, NOT even in your office. Sniffers are all around.
• Don’t hit open to any unknown software programs
• Never let your PC be in touch with any of your friend who lies in any of the hacker categories mentioned earlier.
• Use any good antivirus and spyware program

Different Phases in Hacking

Here are the different steps that are performed by the hackers sequentially in order to attack the target.

• Information Gathering: Hackers seek to find out as much information about the victim as possible. They locate, identify and record information about their targets.
• Scanning: In this phase, attackers scan the networks and ports to find out the vulnerable port.
• Gaining access: This is the phase of real hacking. Once the hacker identifies about the vulnerable port, then they tries different methodologies to gain the access of that system.
• Maintaining access: After gaining the access, it is very mandatory to maintain the access for at least the time being in which hacking is being performed. Interrupt in access will cause loss of data or even loss in the connection.
• Performing required tasks: Once hacker gains access on the target system, they perform the required task on the target.
• Clearing the logs and footprints: Last but not the least, hackers need to clear the footprints and all the logs from the victim system, so that it’s not easy for anyone to trace the hacker. This is the reason for which hackers are called as Anonymous.

Methods of Hacking

Although there are countless methods for the hackers to hack into a system, and increasing day by day, major one includes the following, we are not going into the details as of now:

• Footprinting
• Social Engineering
• Denial of Service attack
• Keyloggers
• SQL Injection
• XSS (Cross Site Scripting)
• Spoofing
• DNS Attack
• Steganography
• Reverse Engineering
• Cryptography
• Trojans and bombs

Laws in India for Hacking

According to Pavan Duggal, Supreme Court advocate, First cyber law of India makes all cybercrimes punishable. These cybercrimes may include hacking, cracking, and publishing of information in the electronic form, damage to the computer source code, violation of confidentiality and privacy, and publication of false digital signature certificate. Different cases that gets covered in the laws include:

• Social media fake profile case
• Email account hacking
• Credit card fraud
• Online share trading fraud
• Tax evasion and money laundering
• Source code theft
• Theft of confidential information
• Software piracy
• Music piracy
• Email scam
• Phishing
• Cyber Pornography
• Online Sale of Illegal Articles
• Virus attacks
• And many others…

Kamal Nayan
Blogger at http://tipstricksandhacking.blogspot.in

Data being the most important and vulnerable asset for organizations is critical to kept secure. All the organizations are growing in terms of data they handle. From the inventory stocks to target and existing customer base, from social media content to web locks, each and every bit is adding to data to be stored and analyzed. Thus, leaving them with an only option of switching to Big Data. But, Big Data breaches will be big too, with the chances for even more serious reputational and legal damage than at present.

Big data is often characterized by 3Vs, Volume, Velocity and Variety of data. All the three attributes have their own challenges associated with them. Massive size of data is off course most prominent and coherent one. Velocity signifies both, rate at which data arrives and needs to be acted upon. Variety denotes the heterogeneous data, unstructured data and the issues related to it.The concept of Data has been highly evolved than the traditional times and so are the techniques to handle them. There has been a paradigm shift from traditional Relational databases where data was put into processor to BIG DATA where multiple processors are brought to the data. A technological shift has supported this change to happen. Platforms like Hadoop and frameworks like MapReduce and Storm. Several others technologies for real time analytics and graph computation are emerging as Hadoop has already proved unsuitable for many existing problems.
Big data has resolved several issues like processing of adhoc queries and enormously flooding data through its parallel and powerful computational frameworks .Its distribution across variant silos and ability to tackle unstructured data makes it way superior than traditional analytic techniques. These scalabilities in turn lead to several bottlenecks for the analysts to handle. Following are certain vulnerable areas of BIG DATA which might lead to challenging situations if not tackled well.

Heterogeneous Sources
End Point Input Validation is important to ensure integrity of data sources. Due to massive amount of data to be dealt, it becomes more challenging and increases the vulnerability.

Insecure Data Storage
Data being stored at thousands of nodes, secure storage ensuring Confidentiality, Integrity and Availability of stored data itself becomes challenge.

Insecure Data Processing and Computation
Untrusted computation programs can be submitted and used by the attacker to extract critical information from data sources or to manipulate the sensitive data. Several attacks like denial of service can also be initiated by the attacker.

Data Mining and Analytics leading to Privacy Breeches
Monetizing of big data needs data mining, analyzing and ultimately sharing of results. This might lead to privacy breeches, invasive marketing and disclosure of sensitive information.

Cloud Adoption
Switching to Cloud for storing enormous data proves to be a boon but at the same time it outsources the security of the owners’ critical data to a third party and hence becomes vulnerable.

Insecure Access Controls
Big data implementations include open source code leading to unrecognized back doors, intruders and default credentials. Also, authentication and access from various sources may not be secure enough.

Auto- tiering
It creates two repositories of data ‘Hot data’ and ‘Cold data’. The data which is accessed less frequently is moved to Cold Data which is lesser secure medium. This might be risky if the cold data is sensitive one.

Compliance Monitoring
Real time monitoring of compliance is a big time issue that should be taken care of due to the excessive amount of data and alerts generated by big data.

Audits
Regular audits and governance become even more necessary yet challenging due to highly distributed and unstructured nature. Timely audits in conformation with universal compliances are indispensible to ensure that the data is not yet compromised.

Big data was initially thought and designed with a concept of scalability i.e. accommodating huge volume and variety of data and responding to the queries at earliest. Security issue was not much thought of, which is lacking and need to be made scalable with the amount of data being accommodated.

Sonika Singhal
MBA-IT
IIIT Allahabad

With the changing business dynamics and the alignment of the business goals with the information technology to have a single integrated holistic governance and management structure, it is vital to have controls to safeguard IT related systems. Information technology has proved to be a goal enabler for businesses.Enterprise boards, executives and management have to embrace IT like any other significant part of the business. External, internalrequirements related to enterprise use of information and technology is significantly increasing and if breached, proves to be fatal.

Information has become a key asset for any organization. Information technology plays a vital role in the information management cycle. Safeguarding information technology related systems from internal and external threats should be in line for any business strategy in order to have continuity of services and stakeholder satisfaction. Infrastructure and costs can be retrieved but lost reputation due to security failures and breaches of confidentiality, integrity and availability prove to be threatening for any enterprise striving for long term business relationships and industry reputation. As proposed, a layered architecture to information technology security with control checks on internal and external threats mitigates the risk of security breaches.

Information technology assests pertaining to the enterprise need to be identified and controls to safeguard them must be cost efficient .Safety and precaution complement each other, in order to attain safety, precautionarymeasures are adhered to with the identification of the system and its transactions. Information technology security scope has been diversified extensively .Human intervention isthe foremost security vulnerability within an enterprise. Employees turnout to be the biggest threat to any IT related system, though the intervention may or may not be a conscious one, it still directs the system to a fatal security threat .With the people, process and technology sitting at heartof any layered architecture security model it’s obvious and threatening that the biggest vulnerability, “people”, rest backs safely unguarded at the core. Social engineering, downloading malicious content, data misuse and the lack of information put the system to a scenario of unknown exposed risk of impounding security threats. The employees are not even aware about the security policies and instill the critical information systems to a threat level which is maximum and fatal in nature. Much has to be done to establish cost effective controls to minimize and monitor this internal threat .Information Technology is vital for any business goal attainment along with realization of customer satisfaction delivery and if left unguarded-its threatening to the value both in monetary and reputational foregrounds.

Ashutosh Joshi
MBA-IT
IIIT Allahabad