SlideShare a Scribd company logo

Ch03 Protecting Systems

Download as PPT, PDF
I
Information Technology

Chapter 3 discusses various methods to protect computer systems from malware and attacks, emphasizing the importance of hardening operating systems and implementing software security applications. It outlines different types of vulnerabilities, such as buffer overflows and SQL injection, and describes defenses like data execution prevention and address space layout randomization. Additionally, it highlights the necessity of regular updates, configuration baselines, and specific strategies for defending against threats from web technologies like cookies, Java, and ActiveX.

EducationTechnology
1 of 66
Downloaded 121 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Chapter 3 Protecting Systems
 At least one in ten web pages are booby-trapped with malware (link Ch 3a)  Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable
 Explain how to harden operating systems  List ways to prevent attacks through a Web browser  Define SQL injection and explain how to protect against it  Explain how to protect systems from communications-based attacks  Describe various software security applications
Ch03 Protecting Systems
 Updates to the operating system  Protecting against buffer overflows  Configuring operating system protections
 Operating systems are huge and contain many bugs (errors in code)  Linux contains 0.17 bug per 1,000 lines of code  Typical commercial software contains 20-30 bugs per 1,000 lines of code (link Ch 3b)  81 bugs a day were reported for Windows Vista Beta 2 (link Ch 3c)  Some of those bugs create vulnerabilities
Ch03 Protecting Systems
Ch03 Protecting Systems
 Security patch  A general software security update intended to cover vulnerabilities that have been discovered  Hotfix addresses a specific customer situation  Often may not be distributed outside that customer’s organization  Service pack  A cumulative package of all security updates plus additional features
Ch03 Protecting Systems
 Automatic Updates Options  Patches can sometimes create new problems
 Used to manage patches locally instead of relying upon the vendor’s online update service  Advantages  Administrators can test patches before deploying them  Every machine is updated simultaneously  Users cannot disable or circumvent updates  Can save bandwidth and time  Computers that do not have Internet access can receive updates
Ch03 Protecting Systems
 Buffer overflow  Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer  Extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning  Attackers also use a buffer overflow in order to compromise a computer
Ch03 Protecting Systems
 Basic defenses  Write “defensive” program code that will protect against these attacks  Use a programming language that makes these attacks more difficult  For Windows-based systems, there are two defenses against buffer overflows  Data execution prevention (DEP)  Address space layout randomization (ASLR)
 Most modern CPUs support an NX (No eXecute) bit to designate a part of memory for containing only data  DEP will not allow code in the memory area to be executed  Windows Vista allows software developers to enable NX hardware protection specifically for the application software that they develop
 In Windows 7  Start, right-click Computer, Properties, Advanced System Settings, Advanced Tab, Performance Settings
 Randomly assigns executable operating system code to one of 256 possible locations in memory  This makes it harder for an attacker to locate and take advantage of any functionality inside these executables  ASLR is most effective when it is used in conjunction with DEP
 Download Process Explorer (link Ch 3e)  View, Show Lower Pane  View, Lower Pane View, DLLS  View, Select Columns, DLL tab, Base Address  Select explorer.exe and find ntdll.dll  Reboot to see base address change  (link Ch 3d)
Ch03 Protecting Systems
 Four steps:  Security policy  Define defense mechanisms company will use  Configuration baseline  Operating System settings  Security template  A set of settings in a single package  Deployment  Manually or through Group Policy
Ch03 Protecting Systems
 Cookies  JavaScript  Java  ActiveX  Cross-site scripting (XSS)
 Cookies are computer files that contain user- specific information  Types of cookies  First-party cookie  Third-party cookie  Cookies can pose a privacy risk  Cookies can be used to track the browsing or buying habits of a user  Defenses against cookies include disabling the creation of cookies or deleting them once they are created
 JavaScript  Developed by Netscape  Scripting language that does not create standalone applications  Scripting language  A computer programming language that is typically interpreted into a language the computer can understand  Visiting a Web site that automatically downloads a program to run on a local computer can be dangerous
Ch03 Protecting Systems
 Several defense mechanisms prevent JavaScript programs from causing serious harm:  JavaScript cannot read or write files  JavaScript cannot connect to other machines on your LAN  Other security concerns remain:  JavaScript programs can capture and send user information without the user’s knowledge or authorization  The defense against JavaScript is to disable it within the Web browser
 Java  A complete object-oriented programming language created by Sun Microsystems  Can be used to create standalone applications  Java applet  A separate program stored on a Web server and downloaded onto a user’s computer along with HTML code  Can also be made into hostile programs
Ch03 Protecting Systems
 Sandbox is a defense against a hostile Java applet  Surrounds program and keeps it away from private data and other resources on a local computer  Two types of Java applets:  Unsigned Java applet: program that does not come from a trusted source  Signed Java applet: has information proving the program is from a trusted source and has not been altered
Ch03 Protecting Systems
 Set of technologies developed by Microsoft  Not a programming language but a set of rules for how applications should share information  ActiveX controls  Also called add-ons or ActiveX applications  Represent a specific way of implementing ActiveX  Can perform many of the same functions of a Java applet, but do not run in a sandbox  Have full access to Windows operating system  ActiveX poses a number of security concerns
 Nearly all ActiveX control security mechanisms are set in Internet Explorer  ActiveX controls do not rely exclusively on Internet Explorer  However, can be installed and executed independently  The defense against ActiveX is to disable it within the Web browser
 Cross Site Scripting (XSS)  An attack in which malicious code is inserted into a specific type of dynamic Web page  Typically involves using client-side scripts written in JavaScript or ActiveX  Designed to extract information from the victim and then pass the information to the attacker  Targeted to Web sites that dynamically generate Web pages that redisplay (echo) user input that has not been properly validated
 Cross Site Scripting (XSS) attack steps  An attacker searches for a Web site that redisplays a bad login (See Figures 3-8 and 3-9)  The attacker then creates an attack URL that contains the embedded JavaScript commands  A fake e-mail is sent to unsuspecting users with the attack URL as a modified embedded link in the e-mail  The unsuspecting victim clicks on the attack URL and enters his username and password
Ch03 Protecting Systems
Ch03 Protecting Systems
Ch03 Protecting Systems
 Defenses against XSS involve both Web masters of legitimate sites as well as users  Webmasters should check that all user input is validated and that attackers do not have the ability to inject code  They also should be sure that all Web services and database software is patched to prevent XSS  Users should never click on embedded links in e-mails
 Link Ch 3e
 One of the most common types of attacks  Uses a form of injection like XSS  Hinges on an attacker being able to enter an SQL database query into a dynamic Web page  SQL (structured query language)  A language used to view and manipulate data that is stored in a relational database
 Hackthissite.org  Don't put anything true about you on this site-- they are real criminals
 Displays entire username database
 Comic from xkcd
 Variations to the SQL injection attack  Deleting data from the database  Accessing the host operating system through function calls  Retrieving a list of all usernames and passwords
Ch03 Protecting Systems
 E-mail systems use two TCP/IP protocols to send and receive messages  Simple Mail Transfer Protocol (SMTP) handles outgoing mail  Post Office Protocol (POP3 for the current version) handles incoming mail  IMAP (Internet Mail Access Protocol)  A more advanced protocol that solves many problems  E-mail remains on the e-mail server  Mail can be organized into folders and read from any computer  Current version is IMAP4
Ch03 Protecting Systems
 SMTP relay  SMTP servers can forward e-mail sent from an e-mail client to a remote domain  SMTP open relay  If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages  The defenses against SMTP open relay are to turn off mail relay altogether  So that all users send and receive e-mail from the local SMTP server only or limit relays to only local users
 Instant messaging (IM)  Real-time communication between two or more users  Can also be used to chat between several users simultaneously, to send and receive files, and to receive real-time stock quotes and news  Basic IM has several security vulnerabilities  IM provides a direct connection to the user’s computer; attackers can use this connection to spread viruses and worms  IM is not encrypted by default so attackers could view the content of messages
 Steps to secure IM include:  Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers  Enable IM virus scanning  Block all IM file transfers  Encrypt messages
 Peer-to-peer (P2P) network  Uses a direct connection between users  Does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network  P2P networks are typically used for connecting devices on an ad hoc basis  For file sharing of audio, video, and data, or real-time data transmission such as telephony traffic  Viruses, worms, Trojan horses, and spyware can be sent using P2P
 A new type of P2P network has emerged known as BitTorrent  Torrents are active Internet connections that download a specific file available through a tracker  Server program operated by the person or organization that wants to share the file  With BitTorrent, files are advertised  BitTorrent downloads are often illegal and contain malware
 Antivirus  Anti-spam  Popup blockers  Personal software firewalls  Host intrusion detection systems
 Antivirus (AV) software  Scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus  If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file  The drawback of AV software is that it must be continuously updated to recognize new viruses  AV software use definition files or signature files
 Popup  A small Web browser window that appears over the Web site that is being viewed  Popup blocker  Allows the user to limit or block most popups  Can be either a separate program or a feature incorporated within a browser  As a separate program, popup blockers are often part of a package known as antispyware  Helps prevent computers from becoming infected by different types of spyware
Ch03 Protecting Systems
 Two different options for installing a corporate spam filter  Install the spam filter with the SMTP server  See Figure 3-14  Install the spam filter with the POP3 server  See Figure 3-15
Ch03 Protecting Systems
Ch03 Protecting Systems
 Another way to filter spam is for the organization to contract with a third-party entity  That filters out spam  All e-mail is directed to the third-party’s remote spam filter  Where it is cleansed before it is redirected back to the organization  This can be accomplished by changing the MX (mail exchange) record
 A third method is to filter spam on the local computer  Typically, the e-mail client contains several different features to block spam, such as:  Level of junk e-mail protection  Blocked senders  Allowed senders  Blocked top level domain list  A final method of spam filtering is to install separate filtering software that works with the e-mail client software
 Very effective  Free  Automatic - effortless to use
 Firewall, sometimes called a packet filter  Designed to prevent malicious packets from entering or leaving computers  Can be software-based or hardware-based  Personal software firewall  Runs as a program on a local system to protect it against attacks  Many operating systems now come with personal software firewalls  Or they can be installed as separate programs
 Monitors network traffic  Detects and possibly prevents attempts to  HIDS are software-based and run on a local computer  These systems can be divided into four groups:  File system monitors  Logfile analyzers  Connection analyzers  Kernel analyzers  HIDS compare new behavior against normal behavior

More Related Content

PPT
Ch02 System Threats and Risks
Information Technology
 
PPTX
Mail server using Linux(Ubuntu)
Navjot Navi
 
PPTX
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
PPT
Chapter 3: Information Security Framework
Nada G.Youssef
 
PPTX
Intrusion Prevention System
Vishwanath Badiger
 
PPTX
Intrusion detection system
Sweta Sharma
 
PPT
intrusion detection system (IDS)
Aj Maurya
 
PDF
Ingenieria de software interaccion humano computador
Crhis
 
Ch02 System Threats and Risks
Information Technology
 
Mail server using Linux(Ubuntu)
Navjot Navi
 
Stuxnet mass weopan of cyber attack
Ajinkya Nikam
 
Chapter 3: Information Security Framework
Nada G.Youssef
 
Intrusion Prevention System
Vishwanath Badiger
 
Intrusion detection system
Sweta Sharma
 
intrusion detection system (IDS)
Aj Maurya
 
Ingenieria de software interaccion humano computador
Crhis
 

What's hot (20)

PPTX
Operating system security
Rachel Jeewa
 
PPTX
Code injection
Gayatri Patel
 
PPT
L2 Intrusion Detection System (IDS)
Rushdi Shams
 
PPTX
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
North Texas Chapter of the ISSA
 
PPT
BotNet Attacks
Rangana lakmal
 
PPTX
Malware Classification and Analysis
Prashant Chopra
 
PPTX
DoS or DDoS attack
stollen_fusion
 
PPTX
Web application security
Kapil Sharma
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
System security
sommerville-videos
 
PPTX
Zero day exploit
Aashiq Ahamed N
 
PDF
Mobile Malware
Martin Holovský
 
PPTX
Operating system security
Ramesh Ogania
 
PDF
Denial of Service Attacks
Pascal Flöschel
 
PPTX
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
PDF
Threat Modelling
n|u - The Open Security Community
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PPTX
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Sundas Kayani
 
PDF
Social Engineering Attacks & Principles
LearningwithRayYT
 
PPTX
User security awareness
K. A. M Lutfullah
 
Operating system security
Rachel Jeewa
 
Code injection
Gayatri Patel
 
L2 Intrusion Detection System (IDS)
Rushdi Shams
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
North Texas Chapter of the ISSA
 
BotNet Attacks
Rangana lakmal
 
Malware Classification and Analysis
Prashant Chopra
 
DoS or DDoS attack
stollen_fusion
 
Web application security
Kapil Sharma
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
System security
sommerville-videos
 
Zero day exploit
Aashiq Ahamed N
 
Mobile Malware
Martin Holovský
 
Operating system security
Ramesh Ogania
 
Denial of Service Attacks
Pascal Flöschel
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Threat Modelling
n|u - The Open Security Community
 
Web Application Penetration Testing
Priyanka Aash
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Sundas Kayani
 
Social Engineering Attacks & Principles
LearningwithRayYT
 
User security awareness
K. A. M Lutfullah
 
Ad

Viewers also liked (20)

PPT
Chapter 3 Presentation
Amy McMullin
 
PPT
Ch10 Conducting Audits
Information Technology
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
PPT
Ch09 Performing Vulnerability Assessments
Information Technology
 
PPT
Ch13 Business Continuity Planning and Procedures
Information Technology
 
PPT
Ch05 Network Defenses
Information Technology
 
PPT
Ch01 Introduction to Security
Information Technology
 
PPT
Ch14 Policies and Legislation
Information Technology
 
PPTX
Web303
Information Technology
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PPT
Ch08 Authentication
Information Technology
 
PPT
Ch11 Basic Cryptography
Information Technology
 
PPT
Ch06 Wireless Network Security
Information Technology
 
PPT
Ch07 Access Control Fundamentals
Information Technology
 
ODP
Python 3000
Bob Chao
 
PPTX
Python programming lab2
profbnk
 
PDF
Cc code cards
ysolanki78
 
PPTX
Introduction to Graphics
primeteacher32
 
PPT
Apache Web Server Setup 3
Information Technology
 
PDF
OSCON 2008: Porting to Python 3.0
guest4d09
 
Chapter 3 Presentation
Amy McMullin
 
Ch10 Conducting Audits
Information Technology
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Ch09 Performing Vulnerability Assessments
Information Technology
 
Ch13 Business Continuity Planning and Procedures
Information Technology
 
Ch05 Network Defenses
Information Technology
 
Ch01 Introduction to Security
Information Technology
 
Ch14 Policies and Legislation
Information Technology
 
Web303
Information Technology
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
Ch08 Authentication
Information Technology
 
Ch11 Basic Cryptography
Information Technology
 
Ch06 Wireless Network Security
Information Technology
 
Ch07 Access Control Fundamentals
Information Technology
 
Python 3000
Bob Chao
 
Python programming lab2
profbnk
 
Cc code cards
ysolanki78
 
Introduction to Graphics
primeteacher32
 
Apache Web Server Setup 3
Information Technology
 
OSCON 2008: Porting to Python 3.0
guest4d09
 
Ad

Similar to Ch03 Protecting Systems (20)

PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPT
Microsoft OS Vulnerabilities
SecurityTube.Net
 
PDF
Report on xss and do s
mehr77
 
PPT
Network Attacks
SecurityTube.Net
 
PPTX
Methods Hackers Use
brittanyjespersen
 
PPTX
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 
PPTX
Browser Security ppt.pptx
AjaySahre
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PPT
5 worms and other malware
drewz lin
 
PDF
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
 
DOC
2071
Brave Sithu
 
PPTX
Types of attacks in cyber security
Bansari Shah
 
PPTX
Cross Site Scripting (XSS)
Barrel Software
 
PPTX
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
PPTX
Types of Cyber Attacks
Rubal Sagwal
 
PPTX
Security and ethics
Argie242424
 
PPT
Software security
jes_d
 
PDF
React security vulnerabilities
AngelinaJasper
 
PPT
Intro to Web Application Security
Rob Ragan
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Microsoft OS Vulnerabilities
SecurityTube.Net
 
Report on xss and do s
mehr77
 
Network Attacks
SecurityTube.Net
 
Methods Hackers Use
brittanyjespersen
 
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 
Browser Security ppt.pptx
AjaySahre
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
5 worms and other malware
drewz lin
 
Ceh v5 module 12 web application vulnerabilities
Vi Tính Hoàng Nam
 
2071
Brave Sithu
 
Types of attacks in cyber security
Bansari Shah
 
Cross Site Scripting (XSS)
Barrel Software
 
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Types of Cyber Attacks
Rubal Sagwal
 
Security and ethics
Argie242424
 
Software security
jes_d
 
React security vulnerabilities
AngelinaJasper
 
Intro to Web Application Security
Rob Ragan
 
Types of cyber attacks
krishh sivakrishna
 

More from Information Technology (20)

PDF
Sql Server Security Best Practices
Information Technology
 
PPT
SAN
Information Technology
 
PPT
SAN Review
Information Technology
 
PPT
SQL 2005 Disk IO Performance
Information Technology
 
PPT
RAID Review
Information Technology
 
PPT
Review of SQL
Information Technology
 
PPT
Sql 2005 high availability
Information Technology
 
PPT
IIS 7: The Administrator’s Guide
Information Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part2
Information Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part1
Information Technology
 
PPT
Clustering and High Availability
Information Technology
 
PDF
F5 beyond load balancer (nov 2009)
Information Technology
 
PPT
WSS 3.0 & SharePoint 2007
Information Technology
 
PPT
SharePoint Topology
Information Technology
 
PDF
Sharepoint Deployments
Information Technology
 
PPT
Microsoft Clustering
Information Technology
 
PDF
Scalable Internet Servers and Load Balancing
Information Technology
 
PPT
Web Hacking
Information Technology
 
PPT
Migration from ASP to ASP.NET
Information Technology
 
PPT
Internet Traffic Monitoring and Analysis
Information Technology
 
Sql Server Security Best Practices
Information Technology
 
SAN
Information Technology
 
SAN Review
Information Technology
 
SQL 2005 Disk IO Performance
Information Technology
 
RAID Review
Information Technology
 
Review of SQL
Information Technology
 
Sql 2005 high availability
Information Technology
 
IIS 7: The Administrator’s Guide
Information Technology
 
MOSS 2007 Deployment Fundamentals -Part2
Information Technology
 
MOSS 2007 Deployment Fundamentals -Part1
Information Technology
 
Clustering and High Availability
Information Technology
 
F5 beyond load balancer (nov 2009)
Information Technology
 
WSS 3.0 & SharePoint 2007
Information Technology
 
SharePoint Topology
Information Technology
 
Sharepoint Deployments
Information Technology
 
Microsoft Clustering
Information Technology
 
Scalable Internet Servers and Load Balancing
Information Technology
 
Web Hacking
Information Technology
 
Migration from ASP to ASP.NET
Information Technology
 
Internet Traffic Monitoring and Analysis
Information Technology
 

Recently uploaded (20)

PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Classroom Observation Tools for Teachers
Nicaramirez
 

Ch03 Protecting Systems

  • 2.  At least one in ten web pages are booby-trapped with malware (link Ch 3a)  Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable
  • 3.  Explain how to harden operating systems  List ways to prevent attacks through a Web browser  Define SQL injection and explain how to protect against it  Explain how to protect systems from communications-based attacks  Describe various software security applications
  • 5.  Updates to the operating system  Protecting against buffer overflows  Configuring operating system protections
  • 6.  Operating systems are huge and contain many bugs (errors in code)  Linux contains 0.17 bug per 1,000 lines of code  Typical commercial software contains 20-30 bugs per 1,000 lines of code (link Ch 3b)  81 bugs a day were reported for Windows Vista Beta 2 (link Ch 3c)  Some of those bugs create vulnerabilities
  • 9.  Security patch  A general software security update intended to cover vulnerabilities that have been discovered  Hotfix addresses a specific customer situation  Often may not be distributed outside that customer’s organization  Service pack  A cumulative package of all security updates plus additional features
  • 11.  Automatic Updates Options  Patches can sometimes create new problems
  • 12.  Used to manage patches locally instead of relying upon the vendor’s online update service  Advantages  Administrators can test patches before deploying them  Every machine is updated simultaneously  Users cannot disable or circumvent updates  Can save bandwidth and time  Computers that do not have Internet access can receive updates
  • 14.  Buffer overflow  Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer  Extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning  Attackers also use a buffer overflow in order to compromise a computer
  • 16.  Basic defenses  Write “defensive” program code that will protect against these attacks  Use a programming language that makes these attacks more difficult  For Windows-based systems, there are two defenses against buffer overflows  Data execution prevention (DEP)  Address space layout randomization (ASLR)
  • 17.  Most modern CPUs support an NX (No eXecute) bit to designate a part of memory for containing only data  DEP will not allow code in the memory area to be executed  Windows Vista allows software developers to enable NX hardware protection specifically for the application software that they develop
  • 18.  In Windows 7  Start, right-click Computer, Properties, Advanced System Settings, Advanced Tab, Performance Settings
  • 19.  Randomly assigns executable operating system code to one of 256 possible locations in memory  This makes it harder for an attacker to locate and take advantage of any functionality inside these executables  ASLR is most effective when it is used in conjunction with DEP
  • 20.  Download Process Explorer (link Ch 3e)  View, Show Lower Pane  View, Lower Pane View, DLLS  View, Select Columns, DLL tab, Base Address  Select explorer.exe and find ntdll.dll  Reboot to see base address change  (link Ch 3d)
  • 22.  Four steps:  Security policy  Define defense mechanisms company will use  Configuration baseline  Operating System settings  Security template  A set of settings in a single package  Deployment  Manually or through Group Policy
  • 24.  Cookies  JavaScript  Java  ActiveX  Cross-site scripting (XSS)
  • 25.  Cookies are computer files that contain user- specific information  Types of cookies  First-party cookie  Third-party cookie  Cookies can pose a privacy risk  Cookies can be used to track the browsing or buying habits of a user  Defenses against cookies include disabling the creation of cookies or deleting them once they are created
  • 26.  JavaScript  Developed by Netscape  Scripting language that does not create standalone applications  Scripting language  A computer programming language that is typically interpreted into a language the computer can understand  Visiting a Web site that automatically downloads a program to run on a local computer can be dangerous
  • 28.  Several defense mechanisms prevent JavaScript programs from causing serious harm:  JavaScript cannot read or write files  JavaScript cannot connect to other machines on your LAN  Other security concerns remain:  JavaScript programs can capture and send user information without the user’s knowledge or authorization  The defense against JavaScript is to disable it within the Web browser
  • 29.  Java  A complete object-oriented programming language created by Sun Microsystems  Can be used to create standalone applications  Java applet  A separate program stored on a Web server and downloaded onto a user’s computer along with HTML code  Can also be made into hostile programs
  • 31.  Sandbox is a defense against a hostile Java applet  Surrounds program and keeps it away from private data and other resources on a local computer  Two types of Java applets:  Unsigned Java applet: program that does not come from a trusted source  Signed Java applet: has information proving the program is from a trusted source and has not been altered
  • 33.  Set of technologies developed by Microsoft  Not a programming language but a set of rules for how applications should share information  ActiveX controls  Also called add-ons or ActiveX applications  Represent a specific way of implementing ActiveX  Can perform many of the same functions of a Java applet, but do not run in a sandbox  Have full access to Windows operating system  ActiveX poses a number of security concerns
  • 34.  Nearly all ActiveX control security mechanisms are set in Internet Explorer  ActiveX controls do not rely exclusively on Internet Explorer  However, can be installed and executed independently  The defense against ActiveX is to disable it within the Web browser
  • 35.  Cross Site Scripting (XSS)  An attack in which malicious code is inserted into a specific type of dynamic Web page  Typically involves using client-side scripts written in JavaScript or ActiveX  Designed to extract information from the victim and then pass the information to the attacker  Targeted to Web sites that dynamically generate Web pages that redisplay (echo) user input that has not been properly validated
  • 36.  Cross Site Scripting (XSS) attack steps  An attacker searches for a Web site that redisplays a bad login (See Figures 3-8 and 3-9)  The attacker then creates an attack URL that contains the embedded JavaScript commands  A fake e-mail is sent to unsuspecting users with the attack URL as a modified embedded link in the e-mail  The unsuspecting victim clicks on the attack URL and enters his username and password
  • 40.  Defenses against XSS involve both Web masters of legitimate sites as well as users  Webmasters should check that all user input is validated and that attackers do not have the ability to inject code  They also should be sure that all Web services and database software is patched to prevent XSS  Users should never click on embedded links in e-mails
  • 42.  One of the most common types of attacks  Uses a form of injection like XSS  Hinges on an attacker being able to enter an SQL database query into a dynamic Web page  SQL (structured query language)  A language used to view and manipulate data that is stored in a relational database
  • 43.  Hackthissite.org  Don't put anything true about you on this site-- they are real criminals
  • 44.  Displays entire username database
  • 46.  Variations to the SQL injection attack  Deleting data from the database  Accessing the host operating system through function calls  Retrieving a list of all usernames and passwords
  • 48.  E-mail systems use two TCP/IP protocols to send and receive messages  Simple Mail Transfer Protocol (SMTP) handles outgoing mail  Post Office Protocol (POP3 for the current version) handles incoming mail  IMAP (Internet Mail Access Protocol)  A more advanced protocol that solves many problems  E-mail remains on the e-mail server  Mail can be organized into folders and read from any computer  Current version is IMAP4
  • 50.  SMTP relay  SMTP servers can forward e-mail sent from an e-mail client to a remote domain  SMTP open relay  If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages  The defenses against SMTP open relay are to turn off mail relay altogether  So that all users send and receive e-mail from the local SMTP server only or limit relays to only local users
  • 51.  Instant messaging (IM)  Real-time communication between two or more users  Can also be used to chat between several users simultaneously, to send and receive files, and to receive real-time stock quotes and news  Basic IM has several security vulnerabilities  IM provides a direct connection to the user’s computer; attackers can use this connection to spread viruses and worms  IM is not encrypted by default so attackers could view the content of messages
  • 52.  Steps to secure IM include:  Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers  Enable IM virus scanning  Block all IM file transfers  Encrypt messages
  • 53.  Peer-to-peer (P2P) network  Uses a direct connection between users  Does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network  P2P networks are typically used for connecting devices on an ad hoc basis  For file sharing of audio, video, and data, or real-time data transmission such as telephony traffic  Viruses, worms, Trojan horses, and spyware can be sent using P2P
  • 54.  A new type of P2P network has emerged known as BitTorrent  Torrents are active Internet connections that download a specific file available through a tracker  Server program operated by the person or organization that wants to share the file  With BitTorrent, files are advertised  BitTorrent downloads are often illegal and contain malware
  • 55.  Antivirus  Anti-spam  Popup blockers  Personal software firewalls  Host intrusion detection systems
  • 56.  Antivirus (AV) software  Scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus  If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file  The drawback of AV software is that it must be continuously updated to recognize new viruses  AV software use definition files or signature files
  • 57.  Popup  A small Web browser window that appears over the Web site that is being viewed  Popup blocker  Allows the user to limit or block most popups  Can be either a separate program or a feature incorporated within a browser  As a separate program, popup blockers are often part of a package known as antispyware  Helps prevent computers from becoming infected by different types of spyware
  • 59.  Two different options for installing a corporate spam filter  Install the spam filter with the SMTP server  See Figure 3-14  Install the spam filter with the POP3 server  See Figure 3-15
  • 62.  Another way to filter spam is for the organization to contract with a third-party entity  That filters out spam  All e-mail is directed to the third-party’s remote spam filter  Where it is cleansed before it is redirected back to the organization  This can be accomplished by changing the MX (mail exchange) record
  • 63.  A third method is to filter spam on the local computer  Typically, the e-mail client contains several different features to block spam, such as:  Level of junk e-mail protection  Blocked senders  Allowed senders  Blocked top level domain list  A final method of spam filtering is to install separate filtering software that works with the e-mail client software
  • 64.  Very effective  Free  Automatic - effortless to use
  • 65.  Firewall, sometimes called a packet filter  Designed to prevent malicious packets from entering or leaving computers  Can be software-based or hardware-based  Personal software firewall  Runs as a program on a local system to protect it against attacks  Many operating systems now come with personal software firewalls  Or they can be installed as separate programs
  • 66.  Monitors network traffic  Detects and possibly prevents attempts to  HIDS are software-based and run on a local computer  These systems can be divided into four groups:  File system monitors  Logfile analyzers  Connection analyzers  Kernel analyzers  HIDS compare new behavior against normal behavior