IBM ICE (Innovation Centre for Education)

Welcome to:
Unit 3: Countermeasures

© Copyright IBM Corporation 2015 9.1

Unit objectives IBM ICE (Innovation Centre for Education)
IBM Power Systems

After completing this unit, you should be able to:

• Understand the trends of emerging threats

• Understand the importance of information protection

• Understand the countermeasures associated to the different fields of security

© Copyright IBM Corporation 2015

Introduction IBM ICE (Innovation Centre for Education)
IBM Power Systems

• There has been rapid advances in information technology (IT) systems.

• The role of computer and internet networking has increased.

• All the equipment in the network, computing systems and the different servers and the data
that they possess are subjected to the threats.

© Copyright IBM Corporation 2014 3

The importance of data protection IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Information is an important asset.

• Information differentiates companies and provides leverage that helps one company become
more successful than another.

• This is typically done in order to control access to the information in different ways,
depending on its importance, its sensitivity and its vulnerability to theft or misuse.

• Organizations classify information in different ways in order to differently manage aspects of

its handling.

© Copyright IBM Corporation 2014 4

Evolution of mitigation technique IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Originally, the academic security model was “wide open” and the government security model
was “closed and locked”.

• In the early days of networking, individual computers were connected together only in
academic and government environments.

© Copyright IBM Corporation 2014 5

Evolution of mitigation technique: Model IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 6

Evolution of mitigation technique:
Academic world IBM ICE (Innovation Centre for Education)
IBM Power Systems

• In the academic world, the goal was to share information openly.

• If we these two models are compared, it can be noted that these two models are
diametrically opposite.

• The government model blocks everything, while the academic model allows everything.

© Copyright IBM Corporation 2014 7

Evolution of mitigation technique:
Open-access model IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 8

Evolution of mitigation technique: Field
of computer security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• In the field of computer security, the practices established by the academic and government
institutions persisted until the early 1990s.

• Those practices that have endured continue to have their place in a comprehensive security
strategy.

• When businesses started to widely embrace the Internet as a sales channel and business
tool in the early-to-mid 1990s, a new security model was required.

© Copyright IBM Corporation 2014 9

Evolution of mitigation technique:
Information security managed IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 10

Countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Overview
– Countermeasures discuss the subject of securing data storage, how security can be applied to the
specific locations where data resides.

• Definition
– A countermeasure is a process, system, device or action that can mitigate or prevent the effects of
various threats that an information asset like a computer, network or server faces.

• Explanation
– It is important to categorize the information before applying countermeasures to it. Information is
typically categorized as being in either a structured format or an unstructured format.

© Copyright IBM Corporation 2014 11

Countermeasures: Malware
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Anti-virus: The propagation of malicious code can be dealt with by using an antivirus
software.

• Firewall: A dedicated network appliance or a software program which serves the purpose of
separating an area which is secure from an area which is less secure. Following are the
types of firewall:
– Software Firewalls
– Hardware Firewalls

© Copyright IBM Corporation 2014 12

Countermeasures: Malware
countermeasures (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 13

Countermeasures: Malware
countermeasures (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Anti-spyware: It is a type of software that is designed to detect and remove unwanted

spyware programs.

• Educating end-users: Education is second method by which virus can be prevented.

© Copyright IBM Corporation 2014 14

Countermeasures: Network security
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Network Monitors: The introduction of network monitors was due to the need of
troubleshooting network problems.

• Intrusion Detection Systems (IDS): A system can be configured by a network administrator in

such a way that it works like a burglar alarm.

© Copyright IBM Corporation 2014 15

Countermeasures: Model IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 16

Countermeasures: Network security
countermeasures (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Honeypot: A computing system which has been turned into a target by an attacker for other
attacks. The main purpose of a honeypot is to make a computing system a target which can
be identified and can be targeted accordingly in order to carry out the computing attacks.

• Intrusion Prevention System (IPS): An Intrusion Prevention System (IPS) is a network

security/threat prevention technology that examines network traffic flows. Vulnerability
exploits usually come in the form of malicious inputs to a target application or service that
attackers use to interrupt and gain control of an application or machine.

© Copyright IBM Corporation 2014 17

Countermeasures: Network security
countermeasures (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Demilitarized Zone (DMZ): Local area networks (LAN) can be secured by using a firewall
configuration viz. DMZ. DMZ also allows one or more computers to run outside the firewall.

• Security Logs/Access Logs: The Security Logs can be accessed in the Event Viewer
underneath the Windows Logo. The Maximum Log Size entry, for the log, is recommended to
be as large as per the affordability of the organization and select Do Not Overwrite Events.

© Copyright IBM Corporation 2014 18

Countermeasures: Audit logs IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Network Security Countermeasures:

• Audit Logs: There should be regular examination of the log files that are created by network
services which are crucial in nature. Following are the filters to be deployed:
– Reporting
– Alarms
– Alerts
– Trends

© Copyright IBM Corporation 2014 19

Countermeasures: Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Defense against key management attacks: Cryptography offers algorithms which are well
accepted and widely used for confidentiality, authentication and integrity.

• The relying basic feature for a cryptographic systems is the efficient, secure and robust key
management system.

• The input information in a cryptographic algorithms is called the key. If the identity of key is
compromised, the information is lost. Local hosts use Key Encryption Key (KEK) method for
building a line of defense.

• The Diffie-Hellman (DH) scheme allows a session key to be generated at both ends when
some public information is being exchanged between two communication parties.

© Copyright IBM Corporation 2014 20

Countermeasures: Database security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Preventing Database Communication Protocol Attacks: Protocol validation is a technology

that helps in defeating data communication protocol attacks. Blocking actions or alerts are
generated in case the live traffic do not match the expectations.

• Preventing Backup Data Exposure: Encryption of data backups is also necessary and it is
been suggested by vendors. Cryptographic key management and performance point out as
drawbacks and a poor substitute to other aforementioned privilege controls.

© Copyright IBM Corporation 2014 21

Database security countermeasures:
Preventing authentication attacks IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Strong Authentication
• Directory Integration
• Authentication Protections
• High Performance
• Separation of Duties
• Cross-Platform Auditing

© Copyright IBM Corporation 2014 22

Database security countermeasures:
Preventing platform attacks IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The necessary protection can be achieved by an amalgamation of Intrusion Prevention

Systems (IPS) and regular software updates (patches).
• The vulnerabilities present in the database can be eliminated using the vendor-provided
updates.
• IPS addresses these problems, identifies attacks, as well as inspects traffic as mentioned
before

© Copyright IBM Corporation 2014 23

Database security countermeasures:
Preventing excessive privilege abuse IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The privileges associated with the databases should only be limited to the SQL’s level at a
minimum amount:

– Access Control

– Flow Control

– Encryption

– RAID

– Authentication

© Copyright IBM Corporation 2014 24

Countermeasures: Banking frauds
countermeasures (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Universal Payment Identification Code (UPIC)

• ACH Block (Automated Clearing House)

• Fraud Detection Software/tools

© Copyright IBM Corporation 2014 25

Countermeasures: Banking frauds
countermeasures (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Banking Frauds Countermeasures (Contd.):

– IP Address Locator

– Credit Card Number Hacking Attack Countermeasures

– Skimming Attack Countermeasures

© Copyright IBM Corporation 2014 26

Countermeasures: Web application
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Cross site script forgery Countermeasures: Countermeasures for stopping cross-site forgery
are given below:
– Check and validate all files
– Need of security policy
– Need of security review
– Implementation and use of different tools
– Filtration of the output script
– Comparison of the generated code

© Copyright IBM Corporation 2014 27

Countermeasures: Web application
countermeasures (1 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Web Application Countermeasures:

– SQL Injection Countermeasures

– Command Injection Flaws Countermeasures

– Directory Traversal/Forceful Browsing Countermeasure

© Copyright IBM Corporation 2014 28

Countermeasures: Web application
countermeasures (2 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Cryptographic Interception Countermeasures

• Authentication Hijacking Countermeasures

• Log Tampering Countermeasures

© Copyright IBM Corporation 2014 29

Countermeasures: Web application
countermeasures (3 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Error Message Interception Countermeasures

• Attack Obfuscation Countermeasures

• Security Management Exploits Countermeasures

© Copyright IBM Corporation 2014 30

Countermeasures: Web application
countermeasures (4 of 4) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Web Services Attacks Countermeasures

• DMZ Protocol Attack Countermeasures

• Intrusion Prevention System (IPS)

• Security policy

• Auditing process

• Updated controls and procedures

© Copyright IBM Corporation 2014 31

Countermeasures: Physical security
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Physical Barrier: An organization should make sure to have at least three physical barriers for
an effective access control mechanism:
– Perimeter
– A locked door
– Computer room entrance

© Copyright IBM Corporation 2014 32

Countermeasures: Physical barrier IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 33

Countermeasures: Mantrap (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Mantrap are high-security installations that use intermediate access control mechanism.
– It only allows only a limited number (one or two) of people to enter into the facility.
– It also serves to physically hold in an unauthorized person.

© Copyright IBM Corporation 2014 34

Countermeasures: Mantrap (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 35

Countermeasures: Perimeter security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The first line of defense for the security model of an organization.

• The idea is to secure the outer periphery of the building so that no potential hostile person
can gain access to the resources present inside.

© Copyright IBM Corporation 2014 36

Countermeasures: Hardware security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Laptops are provided with a built-in security slot where a cable lock can be added.

• A lock on the back must also be placed.

© Copyright IBM Corporation 2014 37

Countermeasures: Security zone (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Areas that require restricted access can be broken down into smaller area.

• An alarm system can be installed that can communicate with security personnel.

© Copyright IBM Corporation 2014 38

Countermeasures: Security zone (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 39

Countermeasures: Partitioning (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Through partitioning, one entity can be isolated from another.

• This discussion will elaborate on the possibilities partitioning provides.

© Copyright IBM Corporation 2014 40

Countermeasures: Partitioning (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 41

Countermeasures: Biometric IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Biometric systems use these traits to allow access in to a facility.

• These systems, when integrated with security-oriented computer systems can be used to
record the attempts.

© Copyright IBM Corporation 2014 42

Countermeasures: Power system IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Power and interference problems are likely to affect computer systems.

• There is a wide band of power characteristics required for the power systems to operate and
ensure smooth functioning.

© Copyright IBM Corporation 2014 43

Countermeasures: EMI shielding (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Shielding can be done against electronic emissions from disrupting operations of a computer
system.

• A Faraday cage provides the necessary protection against external EM waves.

© Copyright IBM Corporation 2014 44

Countermeasures: EMI shielding (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 45

Countermeasures: Hot & cold aisles
(1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• With a hot aisle, hot air outlets are used to cool the equipment, while with cold aisles; cold air
intake is used to cool it.

• Combining the two, there will be cold air intake from below the aisle and hot air outtake
above it, providing constant circulation.

• It is important that the hot air exhausting from one aisle of racks not be the intake air pulled in
by the next row of racks, or overheating will occur.

© Copyright IBM Corporation 2014 46

Countermeasures: Hot & cold aisles
(2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2014 47

Countermeasures: Fire suppression IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Fire extinguishers: Fire extinguishers are known for their portability.

• Other fixed systems: The building systems contain the fixed systems in them.

© Copyright IBM Corporation 2014 48

Countermeasures: Natural
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Examples of natural countermeasures include the following:

– Terminal of natural gas
– Surrounded by water on each side
– Organization situated on the waterway
– Organization surrounded by hills

© Copyright IBM Corporation 2014 49

Countermeasures: Man-Made
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Physical Countermeasures
• Electrical Countermeasures
• Operational Countermeasures

© Copyright IBM Corporation 2014 50

Countermeasures: Insider threat
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Prevention is vastly preferable to detection and attempted remediation.

– Detection, Analysis and Identification of Misuse.
– Desired Responses to Detected Anomalies and Misuses.

© Copyright IBM Corporation 2014 51

Countermeasures: Phone attack
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• One should not disclose any personal information when such phone call is received.
– There are chances that caller ID may not tell the true identity of the caller.
– The risk of a telephone based social engineer attack is high.

© Copyright IBM Corporation 2014 52

Countermeasures: Online attacks
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Attacks can be countered by deleting the mail before it downloads any malware in the
system.

• They just have to get the user to click on a certain page that may trigger downloading of a
script or other credentials.

• A little awareness goes a long way as the user can know the situation need handling.

© Copyright IBM Corporation 2014 53

Countermeasures: Dumpster diving
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• It should be made sure that important confidential documents should be shredded

completely.

• It is recommended that the dumpster installed in an organization is well-structured.

• One wouldn’t leave a credit card application with their name on it on top of the trash pile out
in the dumpster or on the side of the street.

© Copyright IBM Corporation 2014 54

Countermeasures: Reverse social
engineering countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Emails, phones, business cards can be used as media for advertising to fix the issues on
behalf of the organization.

• The attacker, after the advertising stage, would finally cause the problem they claim to fix.

© Copyright IBM Corporation 2014 55

Countermeasures: Persuasion attempts
countermeasures IBM ICE (Innovation Centre for Education)
IBM Power Systems

• To counter this kind of attempt, the identity of people who aren’t allowed inside the
organization should be verified.

• Also, people who expect visitors to come should let everyone know via email.

• Also, if there is more than one exit door (e.g. exit to a parking lot or smoking area), it should
be made sure that these doors should not be used for unauthorized entry.

© Copyright IBM Corporation 2014 56

Countermeasures: Against DOS IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The time taken by the database to give response get delayed when server resources are
overloaded by database DOS.

• Query rates, rates incurred for connection and various other rates for each user of the
database are limited by the server resource with the help of Connection Controls.

© Copyright IBM Corporation 2014 57

Countermeasures: Against spoofing IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The MAC address appears on a port and without authentication, the mapping cannot be
altered.

• A lot of congestion can be saved by making ARP request unicast.

• Protection against tampering of newly forged APR packets can be achieved by sending ARP
request packets.

© Copyright IBM Corporation 2014 58

Countermeasures: Against flooding
attack IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The queue between the SYN ACK connections will increase if the time out waiting of the host
is decreased.

• All flooding attacks a can be dealt with by using an integrated force of Host-based Intrusion
Detection System (HIDS) and Network-based Intrusion Detection System (NIDS).

• Critical servers and network segment(s) are places under HIDS and NIDS, respectively.

© Copyright IBM Corporation 2014 59

Countermeasures: Against D-DoS attack IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Antivirus software can be installed to keep out the Email worms.

• For example: When spoofed packets which have source addresses of fake stature are not
allowed to leave the network, then it is made sure that whatever comes out from the network
only has source addresses belonging to the network by using an Egress filter (outbound) in
the router or the network firewall.

• An Ingress (inbound) confirms that the source addresses of the packets coming to the
network are not present inside network.

© Copyright IBM Corporation 2014 60

Countermeasures: Against
eavesdropping IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Access control can be implemented by using IEEE802.1x security protocol.

• Security protocols divide the network into authentication server, authenticator and supplicant
such that when looked into a wireless network.

• Since there is an involvement of the usage of a RADIUS server in EAP (Extensible

Authentication Protocol) authentication.

© Copyright IBM Corporation 2014 61

Countermeasures: Bluetooth device
countermeasures (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Bluetooth PIN
– It can also be used to generate keys between two devices.

• Device Authentication
– Incorporating application-level software that requires password authentication to secure the device
will add an extra layer of security.

© Copyright IBM Corporation 2014 62

Countermeasures: Bluetooth device
countermeasures (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Frequency Hopping: The use of FHSS is to inherit the Bluetooth design:

– This solution is not completely reliable as it provides only very low degree of protection in reality.

• Biometrics

• Other Measures

© Copyright IBM Corporation 2014 63

Countermeasures: Blue-Bugging IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The countermeasures for a Blue-Bugging attack are as follows:

– Automatic power off capability
– Using RF signatures

• Updating latest firmware/software on vulnerable Bluetooth devices.

© Copyright IBM Corporation 2014 64

Countermeasures: Bluejacking IBM ICE (Innovation Centre for Education)
IBM Power Systems

• It is extremely important for mobile phone users across the globe to be prepared with some
effective countermeasures.

• One of the most effective countermeasures against bluejacking is to simply disable Bluetooth
on a mobile phone by going into options.

© Copyright IBM Corporation 2014 65

Checkpoint (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Multiple choice question:

1. What is the role of a countermeasure?
a) To analyse the threats
b) To store data in case of a threat
c) To assess the vulnerability in a system
d) To minimize and mitigate the risks and thus the amount of data breaches are minimized substantially

2. Which of the following is a countermeasure against malware?

a) DMZ
b) Anti-virus
c) Biometric
d) All of the above

3. What is the full form of DMZ?

a) Decentralized Mantrap Zone
b) Demilitarized Metric Zone
c) Demilitarized Zoom
d) The answer is Demilitarized Zone

© Copyright IBM Corporation 2015

Checkpoint solutions (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Multiple choice question:

1. What is the role of a countermeasure?
a) To analyse the threats
b) To store data in case of a threat
c) To assess the vulnerability in a system
d) To minimize and mitigate the risks and thus the amount of data breaches are minimized
substantially

2. Which of the following is a countermeasure against malware?

a) DMZ
b) Anti-virus
c) Biometric
d) All of the above

3. What is the full form of DMZ?

a) Decentralized Mantrap Zone
b) Demilitarized Metric Zone
c) Demilitarized Zoom
d) The answer is Demilitarized Zone

© Copyright IBM Corporation 2015

Checkpoint (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Fill in the blanks:

1. The full form of DMZ _______.

2. ______ type of fire extinguisher in used against paper and wood fire.
3. Updating latest firmware/software on vulnerable _______ devices.
4. Access control can be implemented by using _____ security protocol.

True or False:

1. Attacks can be countered by deleting the mail before it downloads any malware in the
system.
2. A locked door protecting the computer centre and to keys, ID batches, smart cards, etc. to
be used to access the computer centre.
3. Laptops are provided with a built-in security slot where a cable lock can be added.

© Copyright IBM Corporation 2015

Checkpoint solutions (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Fill in the blanks:

1. The full form of DMZ Demilitarized Zoom.

2. Type C type of fire extinguisher in used against paper and wood fire.
3. Updating latest firmware/software on vulnerable Bluetooth devices.
4. Access control can be implemented by using IEEE802.1x security protocol.

True or False:

1. Attacks can be countered by deleting the mail before it downloads any malware in the
system. True
2. A locked door protecting the computer centre and to keys, ID batches, smart cards, etc. to
be used to access the computer centre. True
3. Laptops are provided with a built-in security slot where a cable lock can be added. True

© Copyright IBM Corporation 2015

Unit summary IBM ICE (Innovation Centre for Education)
IBM Power Systems

Having completed this unit, you should be able to:

• Understand the trends of emerging threats

• Understand the importance of information protection

• Understand the countermeasures associated to the different fields of security

© Copyright IBM Corporation 2015