CISSP Vulnerabilities of Security Architectures, Designs, and Solution Elements – Bk2D3T5P1

Module Objectives

  1. Identify vulnerabilities and mitigations in client-based systems.
  2. Identify vulnerabilities and mitigations in server-based systems.
  3. Identify vulnerabilities and mitigations in database systems.
  4. Identify vulnerabilities and mitigations in Industrial Control Systems (ICS).
  5. Identify vulnerabilities and mitigations in cloud-based systems.
  6. Identify vulnerabilities and mitigations in distributed systems.
  7. Identify vulnerabilities and mitigations in Internet of Things (IoT).
  8. Assess and mitigate vulnerabilities in web-based systems.
  9. Assess and mitigate vulnerabilities in mobile systems.
  10. Assess and mitigate vulnerabilities in embedded systems.

Vulnerabilities of Security Architectures, Designs, and Solution Elements

This module introduces some common vulnerabilities and mitigation approaches that are common among most system types. It then presents typical vulnerabilities and mitigation approaches for various system types. The vulnerabilities and mitigations are not intended to be comprehensive for each system type and represent the most common issues and solutions associated with the system type. For each system type, consider which common vulnerabilities might exist in the various system components in addition to the system specific vulnerabilities.

In particular consider how common vulnerabilities might exist in the following:
  • System hardware
  • System code
  • System misuse opportunities
  • System communications

Top Threats and Mitigations

The following threat action categories are common to most system types but may exist in various forms.

Top Threat Actions
  • Hacking: Human action attempting various permutations of actions to defeat or bypass system protections or system security.
  • Social engineering: Attempting to gain information or access by impacting human behavior or process. Generally implemented through human interaction but may be message or communication based.
  • Malware distribution: Manual or automated distribution of malware. May be targeted, untargeted, or the result of self- replicating malware moving autonomously.
  • Phishing: Attempting to gain information or access by sending messages (e.g., email) that seem to be legitimate but are not. May be combined with types of social engineering or malware distribution.

The following top mitigations are general approaches applied on the enterprise level. They should be considered the basics of mitigations and must always be combined with other, more specific, mitigations at the system level.

Top Mitigations

  • Know what you have: Maintain a good inventory of all IT operating in the environment and understand the operational status. While this sounds simple, it is one of the most difficult things to accomplish for most large organizations.
  • Patch and manage what you have: Keep hardware, firmware, and software up to date and manage system configurations to ensure they are kept in a secure and well-maintained This is a basic security function but is also commonly neglected and not well implemented in many organizations.
  • Assess/monitor/log: Assess system security status, monitor the status continuously, and log system, user, and process actions to the greatest extent possible. At the enterprise level, this includes collecting and aggregating individual system logs with automated and manual reviews.
  • Educate users: At the enterprise level, this is critical to address human-based attacks (social engineering, phishing, ) that technology alone cannot defend against.

Common System Vulnerabilities

The following are common system vulnerability types that exist to some degree in most systems. For each of the specific system types in this module, the common system vulnerabilities should be considered applicable to some degree. The impact of the common vulnerabilities may be different based on system type.

Hardware vulnerabilities are most typically associated with loss of availability when components fail. However, supply chain concerns over inappropriate modification or counterfeit hardware components are valid concerns. Improperly configured or illicitly modified hardware can impact system confidentiality and integrity.

Hardware:
  • Hardware components may fail at any time
    • Mean time between failures (MTBF) used to calculate expected life
    • Failure rates higher during initial system operation
  • Supply chain issues may introduce technical flaws/vulnerabilities or malicious modification
  • Old hardware may be difficult to repair/replace

Communication vulnerabilities can directly impact confidentiality, integrity, or availability depending on system functions. Typically, the communication sub-systems of an information system are the most exposed components of the system and the most susceptible to technical attacks.

Communications:

  • Can fail
  • Can be blocked (denial of service (DoS))
  • Can be intercepted
  • Can be counterfeited (replayed)
  • Can be modified
  • Characteristics can expose information about the sender/ receiver (e.g., address, location, )

Misuse by a system user can significantly impact confidentiality, integrity, or availability. Misuse can include actions resulting from social engineering attacks, phishing attacks, or intentional bypass of security functions to “get the job done.” This is one area that may increase in risk if technical or procedural protections negatively impact user functionality.

Misuse by user:

  • Can be intentional or accidental
  • Can degrade or bypass security controls
  • Increases in likelihood as difficulty to operate increases
  • For example, difficult security requirements increase likelihood of intentional misuse to “get the job done”

Code flaws exist in all software products with more than a very low level of complexity. Flaws may not be obvious, and they may not be easily accessible to an attacker.

Code flaws:

  • Exist in all software products with more than trivial complexity
  • May be introduced accidentally or intentionally
  • Typical risk conditions:
    • Known flaws, patch available, systems not patched, exploit available
    • Known flaws, patch not available, exploit available
    • Unknown flaws, exploit available (zero-day attack possible)

Emanation vulnerabilities are primarily a concern to very high security systems (e.g.,  classified government systems) but can have impacts on other systems. Exploiting emanations is a highly complex problem, but an external observer may be able to obtain useful information  about an environment by doing a basic analysis of detectable emissions.

Emanations:

  • Hardware/physical elements may radiate information
  • Radio frequency
  • Visible and non-visible spectrum
  • Can be used to discern system functions
  • Can be used to locate systems/components

Client-based Systems

Client-based systems are systems in which the end user directly interfaces with the computing hardware in the form of desktops, laptops, thin client terminals, and so on. They are typically present in large quantities in most organizations. Most organizations are continually adding new and decommissioning old client systems.

They are typically general-purpose computers that are used for a variety of purposes across an organization.

Vulnerabilities

End users in most cases physically control these devices. This allows for end user modification or removal from enterprise control of the system. They may be more susceptible to loss or theft for this reason. Since the devices are typically under user control, monitoring and updating the systems may be difficult as the location and power status (e.g., on/off) may be indeterminate.

  • Physically under user control
  • Susceptible to user misuse (intentional or accidental)
  • May be lost/stolen
  • Monitoring may be difficult
  • 100 percent update may be difficult
Mitigations

The following mitigations are the basic mitigations to apply to a general- purpose computer. While these mitigations seem basic in nature, they are difficult to do well across a large installation base of client devices.

  • Patch/update*: Continuous action
  • General network protections: g. Network segmentation, firewall devices, network intrusion prevention or detection
  • Host protections*: Antivirus, host intrusion prevention system (IPS), host firewall, disk encryption
  • Monitor*: Logs, alerts, track location
  • Educate users: Anti-phishing campaign, detecting attacks

*Applied to all general purpose computing systems-servers, database, distributed, cloud-based, and web-based. These mitigations should be applied to all general purpose computing platforms to support software (e.g., database/application) or functional roles.

Related Product : Certified Information System Security Professional | CISSP

Server-based Systems

Server-based systems generally provide a specific purpose and may be specially configured or have special software loaded to provide a specific function. Typical types include: application servers, file servers, domain controllers, print servers, and network service servers (e.g., Domain Name Service). They are often centrally managed and controlled in most organizations and have limited access or functionality beyond their specific intended purpose. They are also often maintained in a controlled, limited access environment.

Vulnerabilities

Server based vulnerabilities include the following:

  • May be exposed to external communication/services
  • Updates may be delayed due to operational need
  • May exist for long periods (risk of being outdated)
  • High-traffic volume makes monitoring more difficult
Mitigations

In addition to selective application of the mitigations identified for client-based systems, servers can be additionally protected by targeting network protections to reduce accessibility to only the design functions.

Other mitigations include the following:

  • Targeted network protections (server specific rules, restricted ports/protocols)
  • Strong remote access mechanisms
  • Configuration and change management
  • Monitor: Logs, alerts-targeted to server functions

Database Systems

Database systems are hosted on various platforms to include stand-alone server, cloud hosting environments, distributed computing environments, and so on. Database systems inherit any platform vulnerabilities and add database-specific vulnerabilities. They typically contain large quantities of valuable information and require high-speed operation with large number of transactions. This tends to make database systems high-value targets for any attacker.

Vulnerabilities

Vulnerabilities specific to the database system itself include the following:

  • Inference: Attacker guesses information from observing available Essentially, users may be able to determine unauthorized information from what information they can access and may never need to directly access unauthorized data.
  • Aggregation: Aggregation is combining nonsensitive or lower sensitivity data from separate sources to create higher sensitivity information. For example, a user takes two or more publicly available pieces of data and combines them to form a classified piece of data that then becomes unauthorized for that Thus, the combined data sensitivity can be greater than the sensitivity of individual parts.
  • Data mining: Data mining is a process of discovering information in data warehouses by running queries on the data. A large repository of data is required to perform data mining. Data mining is used to reveal hidden relationships, patterns, and  trends in the data warehouse. Data mining is based on a seriesof analytical techniques taken from the fields of mathematics, statistics, cybernetics, and genetics. The techniques are used independently and in cooperation with one another to uncover information from data warehouses.
  • High value target: Databases are considered a high-value target and may be sought out by attackers and have attackers willing to spend greater effort to find technical vulnerabilities to exploit than other system types.
Mitigations

Database specific mitigation techniques:

  • Input validation: User input or query input is carefully validated to ensure only allowable information is sent from the user interface to the database server. This limits the utility of Structured Query Language (SQL) injection type attacks and potentially protects database information integrity from invalid entries.
  • Robust authentication/access control: Database access is strictly controlled and user interface is limited to preconfigured or controlled interface methods.
  • Output throttling: To reduce an attacker’s ability to siphon off database data one record at a time, throttling can be employed to limit the number of records provided over a specific time period. This limits an attacker’s ability to perform data mining and some inference and aggregation attacks.
  • Anonymization: This approach permanently removes identifying data features from a database, typically to protect personal information.
  • Tokenization: Similar to anonymization except that information is replaced with an identifier that can be used   to reconstruct the original data if necessary. The identifiers (tokens) are then kept in a more secure system or offline. This approach also allows data to be shared or made available with less risk to inference and aggregation attacks.

Industrial Control Systems (ICSs)

Industrial systems and critical infrastructures are often monitored and controlled by simple computers called industrial control systems (ICS). ICSs are based on standard embedded systems platforms, and they often use commercial off-the-shelf software. ICSs are used to control industrial processes such as manufacturing, product handling, production, and distribution.

They typically have components that execute on embedded, limited function hardware. They also typically contain interfaces between logical (computer) space and the physical world. These may include sensors, motors, actuators, valves, gauges, and so on.

Following are three well-known types of ICS systems:

  • Supervisory control and data acquisition (SCADA): A SCADA system can be typically viewed as an assembly of interconnected equipment used to monitor and control physical equipment in industrial environments. They are widely used to automate geographically distributed processes such as electricity power generation, transmission and distribution, oil and gas refining and pipeline management, water treatment and distribution, chemical production and processing, rail systems, and other mass transit.
  • Distributed control systems (DCSs): Typically confined to a geographic area or specific plant (e.g., manufacturing facility). They are characterized by large numbers of semi-autonomous controllers. They share many similarities with SCADA systems, but they are typically confined to a defined area with a local control  center.
  • Programmable logic controllers (PLCs): Ruggedized industrial Typically use specialized code that reacts in real time to inputs. May be stand-alone systems or included as components in SCADA or DCS infrastructure.
Vulnerabilities

ICSs are typically comprised of embedded system components and some general purpose servers or clients running control software. The general purpose components share vulnerability and mitigation types with client- and server-based systems. The below list of vulnerabilities is targeted at the embedded system components.

  • Limited functionality: Standard OS functions and protections may not be available.
  • Limited protections: General purpose host protections are not feasible.
  • Long lifespan (become outdated): Typically in operation for 10+years.
  • Susceptible to misuse/error: Complicated, specialty systems, difficult to validate correct code and configuration.
  • Highly susceptible to denial of service (DoS) attacks: Typically contain minimal communication protections and are very sensitive to improper inputs.
  • Attacks can produce physical effects: Unlike most computing systems, attacks can cause impacts to the physical world.
  • Often unattended in remote locations: Physical security may be limited or unmonitored allowing attackers to gain and maintain physical access with limited effort.
Mitigations
  • Isolated network infrastructure: The most effective mitigation is to ensure limited functionality components are not connected or exposed to general purpose networks and are only connected to high controlled networks.
  • Robust network connection restrictions and monitoring: Any connections allowed on or off control system networks must be carefully monitor.
  • Highly segmented network: Networks segmented by process or by devices that must directly communicate to function. This generates some very small network segments, but is highly desirable.
  • Protect communication channels: All communication channels must be heavily protected from outside access.
  • Robust configuration control: Configuration and code on devices must be robustly managed.

Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/