Security engineering course는 총 4개의 assignment를 내줬는데 그 중 한개는 완전히 기술적인거라 제외하고 나머지 3개를 공유하려고 한다.
첫 essay는 Randwick coles지점의 보안에 대해 연구해서 보고하는거였다. 열심히 잘썼다고 생각했는데 6.5/10을 받았다. 왜냐고 물어보니 보호해야 할 항목중에 가장 기본적인 staff를 빼먹었다고 큰 감점을 당했다고...
두번째 essay는 완전히 기술적인 내용이라 애매하고.. 4/10 이 부분에서 점수를 많이 깎아 먹었는데 감점요소가 많았다고 한다. 난 당연히 실무적인 입장에서 기술 분석을 썼는데... 그게 아니라 수업내용을 기반으로 써야된다고..
세번째 essay는 한 병원의 보안설계를 해오는거였다. 첫번째 두번째에서 지적을 당하고 난 이후 꼼꼼히 설계를 했더니 9/10점
네번째는 최근일어난 보안 이슈중 하나를 선택해서 분석을 해오는 부분이었다. 우리나라의 신용카드개인정보 유출사건을 다뤘는데.. 7/10점을 받았다. 기술적으로 뚫린게 아니라 하청업체직원이 권한도용해서 한거라..기술적인 측면이 부족하다고..
6.5/10을 받은 첫번째 에세이
Security vulnerabilities and brief solutions to the Coles Belmore.
Security Engineering, XXXXXXXXXXXXXX
1. Introduction
In this report, I am going to present several security threats to the Coles Belmore store (The store). I am also going to investigate the store’s issues as a security engineer trying to achieve a further contract from the store. I personally visited the store to investigate issues and considered myself as a security engineer as well as an attacker.
2. What are we protecting?
1) The goods per se: Obviously, Coles is a big supermarket. Therefore, the goods inside the store must be the main target to protect. The store must be losing a lot of products by many ways, and some of them would be caused by security problems. The key to protecting the products should focus on efficiency. It would be useless if the cost of security is bigger than the cost of lost merchandises.
2) Customers’ private information: A lot of customers trust the store and they use their credit/debit card and the membership card that contain their precious personal information. If we fail to protect the sensitive information, we will not only lose some money but also the enterprise’s long stored reputation. Furthermore, customers will stop purchasing form the store, as they do not trust the store anymore. The loss would be a tragedy in running the business.
3. Who are we protecting from?
1) Shoplifters: The most frequent threat would be from shoplifters who try to steal some goods. They are not that big issue and we do not lose a huge amount of money, but rampant shoplifting will lead us to bigger disasters. Although this is not a serious issue so far, we must prioritize this matter other than other issues.
2) Freeloaders: In many countries, there are always some freeloaders who eat some foods inside the store to avoid paying. Therefore, we also must consider these freeloaders a threat. They are similar to shoplifters, but it is hard to catch them, as they never pass the casher.
3) Hackers/Crackers: These malicious technicians would be the most significant adversity to the store’s security. They not only steal customers’/store’s information, but also they use the acquired information in a worse way. There are many cases reported about selling or using customers’ private information or payment method.
4. What risks/costs follow from failure to protect?
1) The loss of asset: As we all know, the store is a big chain supermarket. It supplies not only cheaper products but also prestige goods. Losing a few cheap items would not be a big issue. However, losing some expensive products would make the store endangered. Therefore, there must be reinforced security in the expensive product section.
2) Irrecoverable damage to the hard earned reputation: The reputation takes a vast amount of time to earn. However, it does not require much time to lose it all. As I have mentioned earlier, once the privacy is breached, it would be impossible to recover the damage to the store’s credit. In addition, the collateral damage would be extremely difficult to estimate.
5. What are the capabilities of the adversary or adversaries? (Risk level)
1) Hiding products inside the bag(less): I carefully inspected the store’s security policy against carrying bags inside the store. If somebody is carrying a bag and pass the casher, the store’s staff ask the customer to reveal the inside of the bag. Thus, I am sure that there is less threat in hiding
2) Eating food inside the store without paying (medium): As I mentioned, freeloaders are the biggest threat in some developing countries. Unlike those countries, Australia is an advanced country. However, there are always freeloaders. I believe eating food without getting caught is not that hard in the store. I could have eaten a huge amount of food when I tried to investigate. Therefore, this issue must be handled carefully by the staff.
3) Self checking out stand (high): I assume this is where the most vulnerability comes from. Although this is a good idea to reduce the staff’s effort, customers could easily skip tagging, which is almost the same with stealing or shoplifting. The store must reinforce or close the self checking out stand immediately.
4) Running (medium): I have seen some young teenagers grabbing and running because they are young and faster than security guards. This could also happen in the store. When I visited the store, a guard was standing in front of the main gate. However, he was a little old and fat. I do not think he could catch youngsters running with expensive goods.
5) Casher stand security (medium): Customers use their cards on the casher stand and also enter their pin. It would be extremely easier to snatch the card information along with the pin. People with malicious intention could install a camera to record all payment activity and use or sell it for crime purposes. I found out that there is no security concerns at the casher stand although there is where all money transaction is happening.
6) Inside job (high): This would be the easiest way to breach the security of the store. You could steal both products and private information if you could bribe one of the employees. Since all employees have their ID card and access clearance, they can commit any inside job. If I were the criminal and trying to steal from the store, this is the way I would conduct.
6. Brief solutions to the possible adversaries.
1) Hiding products inside the bag(less): As I presented before, it is well supervised in the store. Whenever customers pass the casher carrying a bag, staff will request a search for the bag. Therefore, I can say there is no risk for hiding items inside the bag. There is no necessary prevention on this issue.
2) Eating food inside the store without paying (medium): This matter is the one I am really concerned. Although there are some staffs between aisles, the number of staffs is not enough to observe customers’ behavior. I could have eaten many products without getting caught especially, fruits. The store must dispatch more employees to monitor customers’ behavior to prevent these freeloaders otherwise; there will be more attempts to eat some food without paying.
I suggest at least there should be a sign or warning that indicating it is against the law to eat or open products without paying.
3) Self checking out stand (high): The beauty of self checking out stand is to reduce the cost of hiring cashers. It looks easy to skip tagging some products regardless of the intention. I do not think the loss from self checking out stand is bigger than hiring more cashers. However, it would be very helpful if the store would hire a senior/handicapped monitor staff to inspect and help customers on the stand. Then the store could build an image that they try to contribute to the society by hiring more employees.
4) Running (medium): I have never seen running teenagers like other countries. However, it would happen if the store starts selling more valuable products. It is not happening yet because the store offers cheaper products and barely handles expensive goods. The store must consider hiring a guard or installing a fence in front of the casher when they decide to supply more expensive products, as there are always juvenile delinquents willing to steal some products.
5) Casher stand security (medium): This would be the only IT related issue regarding the store’s security. Furthermore, this would be the only serious and fatal security concern as well. It is hard to steal customers’ information from the casher stand, but it is extremely fatal to the store’s credit. Therefore, this issue must be assessed by professional experts and there must be immediate and swift reaction.
6) Inside job (high): This issue is also critical to the store’s security. It would be impossible to stop if a casher is trying to retrieve customers’ payment information using a specially designed EFTPOS machine instead of the original one. The employee could accumulate the information for a long time then use it for other purposes. Thus, there must be a strict rule about using the EFTPOS machine or replacing it. It is also recommended that the manager must inspect the machine on a regular basis, otherwise; there will be more bribing attempts and it will lead the store to more crime vulnerabilities. One more solution is to restrict the casher’s clearance level. For example, cashers are not allowed to switch or touch the EFTPOS machine on any cases. The process should be very strict and only possible through the manager or someone with higher access level.
7. Conclusion
I have analyzed some security vulnerabilities to the Coles Belmore. Since the store is located in a stable and moderate suburb, shoplifting or freeloading is not rampant at all. However, if the economy goes down and any economical hardships happen, there will be more physical attacks like hiding products inside the bag, running/eating without paying or skipping tagging. The store must prepare solutions for the possible adversaries as well as some IT related attacks such as hacking, cracking and stealing customers’ payment/private information.
Some methods will cost the store, but the actions must be performed and the store will need professional advice to protect the goods and hard-earned reputation.
-THE END-
9/10점을 받은 세번째 에세이
Assignment 3
Designing a security architecture for TreatUWell medical centre and a pharmacy inside the building
XXXXXXXXXXXXX
Introduction
I am going to design the security architecture for a medical centre including a pharmacy residing and cooperating in the same building with the centre. Since this complex centre offers various services and handle many kinds of sensitive information, the design must be strong and safe to protect it from attackers. The relationship between the centre and pharmacy is just business partners, but they cooperate in terms of dealing prescription information.
Services must be supported by the network.
In order to run the business, these functions are necessary to support in the network.
Access to patients’ medical record: the most significant and valuable information of the centre. This information has the top priority and should be hidden from outside.
Access to patients’ prescription record: This is as important as medical record, but the centre needs to share it with the pharmacy. It should be very cautious, as attackers could infer patients’ record from the prescription record.
Access to the staff’s personal information: Since most staff have their own desktop, it is also important to protect their privacy. Therefore, it is also required to separate them from public network.
Official website: This homepage is offering general information to the customers and function as a reservation system. This service must not contain any precious information but general ones.
Email service: The centre operates its own email server, as it could contain sensitive medical information.
Wireless hotspot: This service is only for customers’ convenience. Therefore, it is suggested to use a separated network. However, since the centre uses the same network to provide this service, we also need to consider the security vulnerability from it.
The main information assets we need to protect
Patients’ medical record: This information is only allowed to the regular doctor and Dr Rich themselves. If someone else needs this information, there should be a clear exception rule. However, any kind of exception would make the system fragile.
Patient’s prescription detail: This is only allowed to share with Dr Poisson herself. There must be a system to ensure that the sales person in the pharmacy does not have the permission at all. Furthermore, Dr Rich must ensure that the prescription record stays in the Dr Poisson’s computer for the sake of security. They are just business partners not employer and employee.
Staff’s personal information: Since all staff including doctors have their own desktop,
The main website: This is a public website and functions as a reservation system. It would cause many problems if this system is breached.
Email content: The centre operates the mail server to protect its content. Therefore, the mail system is as important as patients’ medical record.
Identifying attackers
Medical record thieves: Some attackers would want to acquire patients’ record to use it as leverage. Losing this information is a nightmare for the centre. Thus, encrypting the record in the database is recommended, as they could hack the database server.
Prescription snoopers: Some pharmaceutical companies would want to catch up the prescription trend by snooping the record so that they could use it on their plan. The use of private/public key cryptography is necessary to prevent their sniffing.
Personal information hijackers: Like other websites, this system is also a good target to harvest private or valuable information. They are going to try to attack server vulnerabilities.
Rivals: Some rival medical centres would try to compromise the centre’s reputation in any way. Once it is broken, it would be impossible to recover. Therefore, the system should focus on protecting all assets.
Aspiring hackers: Aspiring hackers would think this kind of medical centre would not have a state-of-the-art architecture. Sometimes they just try to practice their hacking skills, but they are going to use the system as their relay base if they gain access to the system. Therefore, constant intrusion detection is required.
Security requirements for the architecture
Fail-safe defaults: No matter what, the information must be safe and intact. Therefore, default setting for every transaction should be fail. All exception must be approved by Dr Rich for the sake of integrity.
The principle of least privilege: Nurses, radiologist, general staff must have least privilege they are only supposed to have; otherwise, inside job or negligence problems would occur.
Dual access control: When the regular doctor is absence, the patient’s record is accessible from other doctors. In this case, there must be Dr Rich or someone with the authority. Otherwise, it would leave a blind spot in the security. For the sake of the system’s security, the only person who has access other than the regular doctor should be Dr Rich himself.
Complete mediation: This system contains highly sensitive information. Therefore, every access request must be checked. Not only password, but also finger print or iris recognition is also recommended. Complex password making rule with regular changing is necessary.
Psychological acceptability: Psychological acceptability from all staff is extremely important when we design this kind of sensitive system. Therefore, there must be appropriate educational sessions for the staff and follow ups as well.
Open design: Although the system is completely closed to the public, we must adopt some open designs to support public services such as hotspot and home page. However, I still believe that these public services must use other internet connection other than Telstra. It is also a good idea to provide another internet connection to Dr Poisson since the pharmacy computer could be a security hole.
7. Required setting on the components
Intrusion detection system on the database: Since patients’ medical record is the most significant one, we must focus all IDS resource on the data. All access to the data must be logged and analysed on a regular basis.
Prescription data protection: As I mentioned earlier, Dr Poisson should be the only one person has access to the information. Therefore, we must adopt a card or finger print recognition system to make it sure. In addition, the prescription record must remain in the system. Thus, the desktop in the pharmacy must be under Dr Rich’s supervision.
Furthermore, this desktop must not have the capability to access public internet. This is the only way to prevent prescription leak at all.
Adopting encryption system: It is obvious that encrypting/decrypting all medical record would be a big burden for the system. However, in case the system is breached, this is the only way to protect the data. Therefore, high depth encryption is required on the data server.
Physical server security: There are many servers in the IT manager’s room. Therefore, the room must be physically protected from outsiders.
Adopting highly secure hardware: It is recommended to use hardware VPN device to enhance the level of security.
Conclusion and evaluation
I designed a security system for the TreatUWell medical centre. As I mentioned, this system is not for convenience or easy access, as it contains extremely valuable information. Therefore, I focused on protecting the information. One weak link in the system is the relationship with the pharmacy, which is an independent business. Thus, I also put extra effort on protecting prescription information during the transaction.
7/10점을 받은 네번째 에세이
Assignment 4
Awareness of current events
XXXXXXXXXXXXXXXX
Introduction
I am going to analyse a huge credit card breach occurred in the beginning of this year in Korea. This organized crime stole over 104 million credit card information along with the owners’ personal details. Although Korea is extremely well-known for the country’s higher technology level, this organized crime is based on human error and the labour system.
Accordingly, it was possible due to violating several very basic security principles.
This is the third biggest security breach in the world following Shanghai Roadway and D &B. The number of victims is twice bigger than the gross population of South Korea.
Description of the event
In the beginning of 2014, media all over the world started broadcasting a huge security breach happened in Korea. Korea’s 3 major credit card companies’ information is stolen. Not only information, but also credit card number, expiry data even CVV are reported stolen.[1]
At first, media pressed that the number of victims is small, but the number started growing as time goes by. A few days later, the number reached 40 million, which is almost the same with South Korea’s gross population. [2]
However, at the end of investigation, the number reached 104 million, which is twice of South Korea’s population.[3]
These media are credential, as all famous and eminent media worldwide reported this event for several months. Zdnet and Time are very reliable sources in terms of technical and sociological fields.
Technical aspects of the event
Analysis proved that it was based on human error. [4]
Korea has state-of-the-art security technology in security field. For example, Korean banks and credit card companies use highly sophisticated encryption and strong security policies. Due to some phishing in financial field, they even strengthened the policy. Therefore, it is nearly impossible to break the system from outside.
However, there is always vulnerability. In this case, it is the possibility of inside job.
A contract system tester, Mr Park had access to those major credit card companies’ servers in order to audit the system’s safety. During the test, he was supposed to use dummy customer data. However, he was authorized to access to real customer data.
He acted in collusion with some brokers to steal and sell the information at a higher price.
On the day of crime, he roamed three credit card companies’ server and then copied all information in a USB memory stick.
The government and companies did not even know the crime until a US security firm warned it.
So many people’s personal information has been stolen and used for several months and some people tried to use those credit card numbers and CVV to purchase products.
The facts related to some relevant aspects of security engineering class
The hacking incident happened by violating several very basic security design aspects we discussed in the class.
The principle of least privilege: The main source of hacking was a contract worker who has too much authority more than he expected. He and his accomplice saw the blind spot and made up their mind to exploit the vulnerability.
Bell-lapadula rules: “No read up, No write down”, this is a very basic rule in security. However, the contract worker had access to read up authority that he never needs.
Role based access control: a contract tester is only supposed to have the exact role. However, I do not know why, the contract worker had the authority to the whole server.
Mandatory/discretionary access control: Analysts say that the credit card company staff allowed this for convenience. Whenever the tester tries to test the server, credit card company staff can take a rest without doing anything.
Separation of privilege: The test worker was not supposed to conduct it alone. The staff must have been with him to monitor the process.
The nature of attackers
The prime suspect Mr Park was just a contract worker in the auditing company. However, when he saw the blind spot, he contacted his accomplice to exploit the opportunity. If he did not see the chance, he would have stayed as a lawful citizen so far. Once he was involved in an organised crime, he became a felony like his accomplices.
Motivation
Motivation of any organized crime would be financial advantage. Mr Park knew the information is extremely valuable. After his crime ring confirmed it is viable, the conducted the heist and made a fortune. Some of them were captured, but they already hid the money. Therefore, this crime was very successful for the criminals.
Vulnerability
The only vulnerability that Korea’s security system has is the labour system, as Korea runs all kinds of financial transactions on a highly sophisticated encryption system. Bigger companies outsource many jobs to reduce labour fee. The problem is that the outsource company once again outsource the job to other outsourcing company for lower price. The criminal Mr Park worked for the second outsourcing company so it was hard to monitor him.
I still do not know how he gained access to the real customer database, I am sure that it is caused by Korea’s deformed labour system.
Assets attacked
The main target was credit card information: Number, expiry date with CVV that makes possible to use the credit card online. So many false credit card uses were reported and the credit card companies had to take care of those problems.
Customers’ personal information including social security number: In Korea, anyone can do almost everything if they have one’s social security number with birthday. The information stolen included more than that. It included all security questions and address, phone number, family detail and even spouse information. This caused a chaos in Korea after they found out these information was sold at a low price.
Consequences of the attack
The damage was so horrible and made a huge amount of financial/reputational loss[5]
The three major credit card companies were suspended for a long time due to the breach, and the predicted loss was billions of dollars.
A huge number of customers visited the companies’ customer centre to annul the contract or reissue, however; even cancelling was nearly impossible for over ten days due to too crowded and angry customers.
So many fraud credit card payments have been made, and the companies had to take care of those payments.
After confirmation of the personal information sold, the companies pressed big announcements for apologizes.
As a consequence, the loss of reputation was unpredictable and impossible to recover including loss of customers. Those companies had to spend extra budget and effort to
A group of customers sued the companies and the trial is still going on. Whenever this trial is on the media, the credibility of three companies keep falling down.
Defensive actions taken
The Korean government had to raise the regulation because of the stolen private information.
According to press, these defensive actions had taken by the government. [6]
Beefing up monitoring of staff and contractors in areas related to data protection
Tighter regulations over sharing of customer data between affiliates
Choice for users to opt out of data sharing practices with affiliates and third parties
Cutting down on required personal information collected such as citizen registration numbers
Credit card firms required to delete customer data within a certain timeframe after membership cancelation
Lessons from this attack
Security is not for convenience: Whatever it is, security is not for convenience. Do not ever try to make the process easy and convenient.
Once it is breached, it is impossible to recover: Aside from the loss that those companies have lost, the scarlet letter they earned from this incident will last forever.
Nothing is perfect: Even though Korea has cutting edge technology in terms of security, criminals always find a way to work around it like the Maginot line.
Never overlook basic concepts: This Korean credit card incident was possible because they ignored several very basic security principles. Basic does not mean not important.
Analysis as a security consultant
If I were a security consultant analysing this incident, I would suggest these conclusions and solutions.
The trap of outsource: Outsourcing important parts to reduce labour fee was the beginning of this disaster. Therefore, companies must not outsource their important parts especially anything related to security.
The use of encrypted storage: Most companies never encrypt data in the database for the sake of efficiency. However, if they handle extremely sensitive data, they must encrypt the data, at least critical information such as CVV and social security number. Even though it would require extra time and processing time to decrypt, it can prevent the worst scenario.
Act everything by code: Some field workers ignore basic rules to make the job easier. However, this kind of ignoring rule lets criminals get inside the system. Therefore, companies must make sure their employees understand the importance of following the rule and the serious consequence if they broke it. Otherwise, workers will keep trying to find any way to make the job easier.
References
[1] Zdnet: Bank data of 20 million customers leaked in South Korea.
[2] Zdnet: Target confirms breach: 40 million accounts affected. <http://www.zdnet.com/target-confirms-breach-40-million-accounts-affected-7000024499/>
[3] Time: Most South Korean Credit Card Holders Have Details Stolen in Massive Breach. <http://world.time.com/2014/01/21/south-korean-credit-card-breach/>
[4] Zdnet: Analysts on Visa, MasterCard credit card security breach. <http://www.zdnet.com/blog/security/analysts-on-visa-mastercard-credit-card-security-breach/11161>
[5] Zdnet: South Korean credit card firms suspended over data breach. <http://www.zdnet.com/south-korean-credit-card-firms-suspended-over-data-breach-7000026406/>
[6] Zdnet: South Korea raises regulatory penalties following massive data leaks. <http://www.zdnet.com/south-korea-unveils-harsher-regulatory-penalties-following-massive-data-leaks-7000025437/>
-The End-
|
