Cyber Unit4 Lecture 5

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

Legal Issues in Data Mining:

1. Privacy: Complete privacy is not an inherent part of any society. This is


because participation in a society necessitates communication and
negotiation, which renders absolute privacy unattainable. Hence, an
individual member of a society develops an independent and unique
perception of their own privacy.
An individual can maintain their privacy by limiting their accessibility to
others (Gavison 1984). In some contexts, this is best achieved by restricting
the availability of their personal information. If a person considers the type
and amount of information known about them to be inappropriate, then they
perceive their privacy to be at risk. Thus, privacy can be violated when
information concerning an individual is obtained, used, or disseminated,
especially if this occurs without their knowledge or consent.

2. Database Security: In an ethical sense, database security is closely related to


privacy. This is because database security inhibits the unauthorized
dissemination of personal data thus further enhancing, albeit indirectly, an
individual’s capacity to regulate access to their data.

“When data can be viewed from many different angles and at different
abstraction levels, it threatens the goal of protecting data security and
guarding against the invasion of privacy. It is important to study when
knowledge discovery may lead to an invasion of privacy, and what security
measures can be developed for preventing the disclosure of sensitive
information”.
In terms of database security, two forms of mining operation need to be
considered:
 Those operating as authorized applications by an individual or
organization that owns and has full access to the data;
 Those operating as unauthorized applications by an individual or
organization that has access to the data only insomuch as has been
permitted for other allowable purposes.

3. Data Accuracy:
 Personal data to be precise, complete and current in order to protect
people from the harmful repercussions associated with poor data
quality. This becomes more relevant when a data mining application
reveals information that could have detrimental repercussions for a data
subject, especially as information is customarily regarded as infallible.
 In some cases, what is accurate data at one point in time is inaccurate
shortly after that. When mining is executed over expired data inaccurate
patterns are more likely to be revealed, which can lead to negative
consequences for an individual specifically and groups and society in
general.
 There is a great likelihood of errors caused by repetitive mining over
poor quality data.

4. Maintaining Data Integrity


Ensuring data integrity is a key factor to ensure that data mining tools and analysis
is meaningful and accurate. Data integrity ensures that data is consistent
throughout the database. There are several business rules (also known as
constraints) that maintain the accuracy and integrity of data stored in the database.

Domain constraints focus on what values may be assigned to an attribute. Upon the
creation of a database, each attribute must contain domain name, data type (such as
numeric, character, date, or integer), size, and the acceptable range or value of the
data.

Entity integrity ensures that every primary key is a non-null. Also, every attribute
that is part of the primary key within a data base is non-null as well. If a value is not
known a database developer will create a null (an automatic value that is assigned if
no information is available) value.
Security Issues in Software:

Software is subject to two general categories of threats:

1. Threats during development (mainly insider threats): A software engineer


can sabotage the software at any point in its development life cycle through
intentional exclusions from, inclusions in, or modifications of the requirements
specification, the threat models, the design documents, the source code, the
assembly and integration framework, the test cases and test results, or the
installation and configuration instructions and tools. Secure development
practices are, in part, designed to help reduce the exposure of software to insider
threats during its development process.
2. Threats during operation (both insider and external threats): Any software
system that runs on a network-connected platform is likely to have its
vulnerabilities exposed to attackers during its operation. Attacks may take
advantage of publicly known but unpatched vulnerabilities leading to memory
corruption, execution of arbitrary exploit scripts, remote code execution, and
buffer overflows. Software flaws can be exploited to install spyware, adware,
and other malware on users' systems that can lie dormant until triggered to
execute.

1. Code Injection
Hackers are sometimes able to exploit vulnerabilities in applications to insert
malicious code. Often the vulnerability is found in a text input field for users, such
as for a username, where an SQL statement is entered, which runs on the database,
in what is known as an SQL Injection attack. Other kinds of code injection attacks
include shell injection, operating system command attacks, script injection, and
dynamic evaluation attacks.
Attacks of this type can lead to stolen credentials, destroyed data, or even loss of
control over the server. They are also surprisingly common, as the OWASP (Open
Web Application Security Project) Foundation ranks code injection first in its Top
10 Application Security Risks.
There are two ways to prevent code injection: avoiding vulnerable code and
filtering input.
Applications can guard against vulnerable code by keeping data separate from
commands and queries, such as by using a safe API with parameterized queries.
Businesses should also use input validation, and observe the principle of least
privilege, applying controls like the SQL LIMIT function to reduce the damage from
a successful attack. A Web Application Firewall (WAF) which updates a threat
database in real-time is the only effective way to filter application input to protect
against code injection.

2. Data Breach
The cost of data breaches is well documented. They are often caused
by compromised credentials, but the range of other common causes include software
misconfiguration, lost hardware, or malware (more on that below).
Data breach prevention requires a range of good practices. Site traffic and
transactions should be encrypted with SSL, permissions should be carefully set for
each group of users, and servers should be scanned. Employees should be trained in
how to avoid being caught by phishing attacks, and how to practice good password
hygiene. The principle of least privilege is worth noting here, as well.

In the event that your business discovers a potential data breach, you may face legal
or compliance requirements for notifying customers or regulatory authorities.
Disclosure requirements and strategies should be determined ahead of time so that
the maximum amount of organizational resources can be dedicated to making sure
that no more data is stolen as well as repairing the damage caused. Once the attack
vector has been blocked, a comprehensive incident investigation should be
conducted, and the network scanned to make sure all vulnerabilities have been
identified and closed off.

3. Malware Infection
Most businesses are aware on some level of the security threat posed by malware,
yet many people are unaware that email spam is still the main vector of
malware attack.
Because malware comes from a range of sources, several different tools are needed
for preventing infection. A robust email scanning and filtering system is necessary,
as are malware and vulnerability scans. Like breaches, which are often caused by
malware infection, employee education is vital to keep businesses safe from
malware.
Any device or system infected with malware must be thoroughly scrubbed, which
means identifying the hidden portions of code and deleting all infected files before
they replicate. This is practically impossible by hand, so requires an effective
automated tool.

4. Distributed Denial of Service Attack


A Distributed Denial of Service (DDoS) attack generally involves a group of
computers being harnessed together by a hacker to flood the target with traffic.

A NETSCAPE Arbor report suggested there were 7.5 million DDoS attacks in 2017,
so while many target IT service providers, they are still more prevalent than many
people realize. One of the most worrying aspects of DDoS attacks for businesses is
that without even being targeted, the business can be affected just by using the same
server, service provider, or even network infrastructure.
If your business is caught up in a DDoS attack, put your disaster recovery plan into
effect, and communicate with employees and customers about the disruption. A
security tool such as a WAF is used to close off the port or protocol being saturated,
in a process which will likely have to be repeated as attackers adjust their tactics.
Ultimately, service is best restored with a content distribution network (CDN) like
CloudFlare, which can absorb an enormous impact while identifying and then
filtering out malicious traffic. Make sure to also look for DDoS protection with real-
time monitoring for comprehensive mitigation of attacks.
5. Malicious Insiders
This last threat is uncomfortable to think about, but common enough to require
serious consideration, as the 2017 U.S. State of Cybercrime Highlights report from
CERT shows that one in five attacks are committed by insiders.

Preventing damage from insider attacks is largely about limiting the amount of
access a malicious insider has. This means setting logical access control policies to
implement the principle of least privilege (but you have that covered by now, right?),
and monitoring the network with audit and transaction logs. A solution like Liquid
Web’s custom Malicious Activity Detector (MAD) will also guard against threats
both from within and outside the organization.
If a malicious insider attack is detected, the insider’s access privileges should
immediately be revoked. That done, the police should be contacted to prevent that
person from carrying out further actions that could damage the business, such as
selling stolen data.

5. Security misconfiguration

In my experience, web servers and applications that have been misconfigured are
way more common than those that have been configured properly. Perhaps this
because there is no shortage of ways to screw up. Some examples:

1. Running the application with debug enabled in production.

2. Having directory listing enabled on the server, which leaks valuable


information.

3. Running outdated software (think WordPress plugins, old PhpMyAdmin).

4. Having unnecessary services running on the machine.


5. Not changing default keys and passwords. (Happens way more frequently
than you’d believe!)

6. Revealing error handling information to the attackers, such as stack traces

7. Using components with known vulnerabilities

The title says it all. I’d again classify this as more of a maintenance/deployment
issue. Before incorporating new code, do some research, possibly some auditing.
Using code that you got from a random person on GitHub or some forum might be
very convenient, but is not without risk of serious web security vulnerability.

8. Unvalidated redirects and forwards

This is once again an input filtering issue. Suppose that the target site has
a redirect.php module that takes a URL as a GET parameter. Manipulating the
parameter can create a URL on targetsite.com that redirects the browser
to malwareinstall.com . When the user sees the link, they will
see targetsite.com/blahblahblah which the user thinks is trusted and is safe to click.
Little do they know that this will actually transfer them onto a malware drop (or any
other malicious) page. Alternatively, the attacker might redirect the browser
to targetsite.com/deleteprofile?confirm=1 .

9. Improper Maintenance
SQL Injection

https://www.youtube.com/watch?v=3Axp3VDnf0I

You might also like