"If you know the enemy and know yourself you need not fear the results of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun Tzu[1]
Introduction-
Rifle Scope
How to know your enemy
Knowing your enemy is vital in fighting him effectively. Protection should be learned not just by network defense, but also by using the vulnerability of software and techniques used for malicious intent. As computer strike tools and techniques continue to advance, we will likely see major, life-impacting events in the near future. However, we will create a much more derive world, with risk managed down to an approved level. To get there, we have to combine Protection into our systems from the start, and escort approved Protection testing throughout the software life cycle of the system. One of the most interesting ways of studying computer Protection is studying and analyzing from the perspective of the attacker. A hacker or a programming cracker uses discrete available software applications and tools to analyze and research weaknesses in network and software Protection flaws and exploit them. Exploiting the software is exactly what it sounds like, taking advantage of some bug or flaw and redesigning it to make it work for their advantage.
Similarly, your personal sensitive information could be very useful to criminals. These attackers might be finding for sensitive data to use in identity theft or other fraud, a favorable way to launder money, information useful in their criminal company endeavors, or system entrance for other nefarious purposes. One of the most leading stories of the past combine of years has been the rush of organized crime into the computer attacking business. They make use of company processes to make money in computer attacks. This type of crime can be highly lucrative to those who might steal and sell reputation card numbers, commit identity theft, or even extort money from a target under threat of DoS flood. Further, if the attackers cover their tracks carefully, the possibilities of going to jail are far lower for computer crimes than for many types of corporal crimes. Finally, by operating from an overseas base, from a country with minuscule or no legal framework about computer crime prosecution, attackers can operate with virtual impunity [1].
Current Security
Assessing the vulnerabilities of software is the key to enhancing the current Protection within a system or application. Developing such a vulnerability diagnosis should take into observation any holes in the software that could carry out a threat. This process should highlight points of infirmity and help in the building of a framework for subsequent diagnosis and countermeasures. The Protection we have in place today including firewalls, counterattack software, Ip blockers, network analyzers, virus Protection and scanning, encryption, user profiles and password keys. Elaborating the attacks on these basic functionalities for the software and the computer system that hosts it is leading to production software and systems stronger.
You may have a task which requires a client-host module which, in many instances, is the starting point from which a system is compromised. Also insight the framework you're utilizing, which includes the kernel, is imperative for preventing an attack. A stack overflow is a function which is called in a program and accesses the stack to derive leading data such as local variables, arguments for the function, the return address, the order of operations within a structure, and the compiler being used. If you derive this information you may exploit it to overwrite the input parameters on the stack which is meant to produce a dissimilar result. This may be useful to the hacker which wants to derive any information that may grant them entrance to a person's account or for something like an Sql injection into your company's database. Another way to get the same corollary without knowing the size of the buffer is called a heap overflow which utilizes the dynamically allocated buffers that are meant to be used when the size of the data is not known and reserves memory when allocated.
We already know a minuscule bit about integer overflows (or should at least) and so we Integer overflows are basically variables that are prone to overflows by means of inverting the bits to represent a negative value. Although this sounds good, the integers themselves are dramatically changed which could be useful to the attackers needs such as causing a denial of aid attack. I'm concerned that if engineers and developers do not check for overflows such as these, it could mean errors resulting in overwriting some part of the memory. This would imply that if anyone in memory is accessible it could shut down their whole system and leave it vulnerable later down the road.
Format string vulnerabilities are literally the corollary of poor concentration to code from the programmers who write it. If written with the format parameter such as "%x" then it returns the hexadecimal contents of the stack if the programmer decided to leave the parameters as "printf(string);" or something similar. There are many other testing tools and techniques that are utilized in testing the form of frameworks and applications such as "fuzzing" which can forestall these kinds of exploits by finding where the holes lie.
In order to exploit these software flaws it implies, in roughly any case, supplying bad input to the software so it acts in a certain way which it was not intended or thinkable, to. Bad input can produce many types of returned data and effects in the software logic which can be reproduced by studying the input flaws. In most cases this involves overwriting former values in memory either it is data handling or code injection. Tcp/Ip (transfer operate protocol/internet protocol) and any linked protocols are incredibly flexible and can be used for all kinds of applications. However, the potential form of Tcp/Ip offers many opportunities for attackers to undermine the protocol, causing all sorts of problems with our computer systems. By undermining Tcp/Ip and other ports, attackers can violate the confidentiality of our sensitive data, alter the data to undermine its integrity, pretend to be other users and systems, and even crash our machines with DoS attacks. Many attackers routinely exploit the vulnerabilities of former Tcp/Ip to gain entrance to sensitive systems nearby the globe with malicious intent.
Hackers today have come to understand operating frameworks and Protection vulnerabilities within the operating structure itself. Windows, Linux and Unix programming has been openly exploited for their flaws by means of viruses, worms or Trojan attacks. After gaining entrance to a target machine, attackers want to profess that access. They use Trojan horses, backdoors, and root-kits to accomplish this goal. Just because operating environments may be vulnerable to attacks doesn't mean your system has to be as well. With the new increasing of integrated Protection in operating systems like Windows Vista, or for the open source rule of Linux, you will have no problem maintaining sufficient Protection profiles.
Finally I want discuss what kind of technology were finding to literally hack the hacker, so to speak. More recently a Protection professional named Joel Eriksson showcased his application which infiltrates the hackers strike to use against them.
Wired record on the Rsa practice with Joel Eriksson:
"Eriksson, a researcher at the Swedish Protection firm Bitsec, uses reverse-engineering tools to find remotely exploitable Protection holes in hacking software. In particular, he targets the client-side applications intruders use to control Trojan horses from afar, finding vulnerabilities that would let him upload his own rogue software to intruders' machines." [7]
Hackers, particularly in china, use a program called Pcshare to hack their victim's machines and upload's or downloads files. The program Eriksson industrialized called Rat (remote supervision tools) which infiltrates the programs bug which the writers most likely overlooked or didn't think to encrypt. This bug is a module that allows the program to display the download time and upload time for files. The hole was enough for Eriksson to write files under the user's system and even operate the server's autostart directory. Not only can this technique be used on Pcshare but also a discrete whole of botnet's as well. New software like this is advent out everyday and it will be useful for your company to know what kinds will help fight the interceptor.
Mitigation Process and Review
Software engineering practices for capability and integrity contain the software Protection framework patterns that will be used. "Confidentiality, integrity, and availability have overlapping concerns, so when you partition Protection patterns using these concepts as classification parameters, many patterns fall into the overlapping regions" [3]. Among these Protection domains there are other areas of high pattern density which includes distributive computing, fault tolerance and management, process and organizational structuring. These field areas are enough to make a complete procedure on patterns in software form [3].
We must also focus on the context of the application which is where the pattern is applied and the stakeholders view and protocols that they want to serve. The threat models such as Cia model (confidentiality, integrity and availability) will define the question domain for the threats and classifications behind the patterns used under the Cia model. Such classifications are defined under the Defense in Depth, Minefield and Grey Hats techniques.
The tabular classification scheme in Protection patterns, defines the classification based on their domain concepts which fails to account for more of the general patterns which span multiple categories. What they tried to do in classifying patterns was to base the problems on what needs to be solved. They partitioned the Protection pattern question space using the threat model in single to distinguish the scope. A classification process based on threat models is more perceptive because it uses the Protection problems that patterns solve. An example of these threat models is Stride. Go forward is an acronym containing the following concepts:
Spoofing: An endeavor to gain entrance to a system using a forged identity. A compromised system would give an unauthorized user entrance to sensitive data.
Tampering: Data corruption during network communication, where the data's integrity is threatened.
Repudiation: A user's refusal to reply participation in a transaction.
Information Disclosure: The unwanted exposure and loss of private data's confidentiality.
Denial of service: An strike on system availability.
Elevation of Privilege: An endeavor to raise the privilege level by exploiting some vulnerability, where a resource's confidentiality, integrity, and availability are threatened. [3]
What this threat model covers can be discussed using the following four patterns: Defense in Depth, Minefield, procedure enforcement Point, and Grey Hats. Despite this all patterns belong to multiple groups one way or Another because classifying abstract threats would prove difficult. The Ieee classification in their classification hierarchy is a tree which represents nodes on the basis of domain definite verbatim. Pattern navigation will be easier and more meaningful if you use it in this format. The classification scheme based off of the Go forward model alone is limited, but only because patterns that address multiple concepts can't be classified using a two-dimensional schema. The hierarchical scheme shows not only the leaf nodes which display the patterns but also multiple threats that work on them. The internal nodes are in the higher base level which will find multiple threats that all the dependent level is affected by. Threat patterns at the tree's root apply to multiple contexts which consist of the core, the perimeter, and the exterior. Patterns that are more basic, such as Defense in Depth, reside at the classification hierarchy's highest level because they apply to all contexts. Using network tools you will be able to find these threat concepts such as spoofing, intrusion tampering, repudiation, DoS, and derive pre-forking, will allow the developer team to pinpoint the areas of Protection infirmity in the areas of core, perimeter and face security.
Defense against kernel made root-kits should keep attackers from gaining executive entrance in the first place by applying system patches. Tools for Linux, Unix and Windows look for anomalies introduced on a system by discrete users and kernel root-kits. But although a perfectly implemented and perfectly installed kernel root-kit can dodge a file integrity checker, dependable scanning tools should be useful because they can find very subtle mistakes made by an attacker that a human might miss. Also Linux software provides useful tools for incident response and forensics. For example some tools returns outputs that you can be trusted more than user and kernel-mode root-kits.
Logs that have been tampered with are less than useless for investigative purposes, and conducting a forensic investigation without logging checks is like cake without the frosting. To condense any system, a high whole of concentration will be needed in order to defend a given system's log which will depend on the sensitivity of the server. Computers on the net that contain sensitive data will want a great whole of care to protect. For some systems on an intranet, logging might be less imperative. However, for vitally leading systems containing sensitive information about human resources, legality issues, as well as mergers and acquisitions, the logs would make or break protecting your company's confidentiality. Detecting an strike and finding evidence that digital forensics use is vital for building a case against the intruder. So encrypt those logs, the best the encryption, the less likely they will ever be tampered with.
Fuzz Protocols
Protocol Fuzzing is a software testing technique that which automatically generates, then submits, random or sequential data to discrete areas of an application in an endeavor to search Protection vulnerabilities. It is more generally used to scrutinize Protection weaknesses in applications and protocols which cope data converyance to and from the client and host. The basic idea is to attach the inputs of a program to a source of random or unexpected data. If the program fails (for example, by crashing, or by failing in-built code assertions), then there are defects to correct. These kind of fuzzing techniques were first industrialized by Professor Barton Miller and his company [5]. It was intended to change the mentality from being too certain of one's technical knowledge, to literally request the conventional wisdom behind security.
Luiz Edwardo on protocol fuzzing:
"Most of the time, when the perception of Protection doesn't match the reality of security, it's because the perception of the risk does not match the reality of the risk. We worry about the wrong things: paying too much concentration to minor risks and not enough concentration to major ones. We don't correctly compare the magnitude of dissimilar risks. A lot of this can be chalked up to bad information or bad mathematics, but there are some general diagnosis that come up over and over again" [6].
With the mainstream of fuzzing, we have seen numerous bugs in a system which has made national or even international news. Attackers have a list of contacts, a handful of Ip addresses for your network, and a list of domain names. Using a collection of scanning techniques, the attackers have now gained principal information about the target network, including a list of phone numbers with modems (more obsolete but still viable), a group of wireless entrance points, addresses of live hosts, network topology, open ports, and firewall rule sets. The attacker has even gathered a list of vulnerabilities found on your network, all the while trying to evade detection. At this point, the attackers are poised for the kill, ready to take over systems on your network. This growth in fuzzing has shown that delivering the product/service software using basic testing practices are no longer acceptable. Because the internet provides so many protocol breaking tools, it is very likely that an intruder will break your company's protocol on all levels of its structure, semantics and protocol states. So in the end, if you do not fuzz it someone else will. Session based, and even state based, fuzzing practices have been used to form the connections using the state level of a session to find best fault isolation. But the real challenge behind fuzzing is doing these techniques then isolating the fault environment, the bugs, protocols implementation and the monitoring of the environment.
Systems Integrations
There are three levels of systems integration the developer must consider for security. The software developer must consider the whole mitigation divulge of the software flaw and base it on the form implementation. This includes entrance control, intrusion detection and the trade-offs for the implementation. Integrating these controls into the system is leading in the implementation stage of development. Attacks on these systems may even lead to severe Protection and financial effects. Securing computer systems has come to be a very leading part of system development and deployment.
Since we cannot thoroughly take away the threats, we must minimize their impact instead. This can be made potential by creating an insight of human and technical issues complex in such attacks. This knowledge can allow an engineer or developer make the intruder's life as hard as possible. This makes the challenge even greater in insight the attacker's motivations and skill level. Think of it as infiltrating the hackers head by reasoning like them psychologically.
Access Control
Even if you have implemented all of the controls you can think of there are a collection of other Protection lockdowns that must continually be supplemented to constant attacks against a system. You might apply Protection patches, use a file integrity checking tool, and have enough logging, but have you recently looked for unsecured modems, or how about activating Protection on the ports or on the switches in your principal network segments to forestall the latest sniffing attack? Have you carefully implementing non-executable stacks to forestall one of the most common types of attacks today, the stack-based buffer overflow? You should all the time be ready for kernel-level root-kits with any of these other attacks which imply the attacker has the capability of taking you out of command of your system.
Password attacks are very common in exploiting software authorization protocols. Attackers often try to guess passwords for systems to gain entrance either by hand or through using scripts that are generated. Password cracking will involve taking the encrypted or hashed passwords from a system cache or registry and using an automatic tool to conclude the former passwords. Password cracking tools create password guesses, encrypt or hash the guesses, and compare the corollary with the encrypted or hashed password so long as you have the encryption file to compare the results. The password guesses can come from a dictionary scanner, brute force routines, or hybrid techniques. This is why entrance controls must protect human, corporal and intellectual assets against loss, damage or compromise by permitting or denying entry into, within and from the protected area. The controls will also deny or grant entrance proprietary and the time thereof of the protected area. The entrance controls are operated by human resources using corporal and/or electronic hardware in accordance with the policies. To defend against password attacks, you must have a strong password procedure that requires users to have nontrivial passwords. You must make users aware of the policy, hire password filtering software, and periodically crack your own users passwords (with approved permission from management) to levy the policy. You might also want to consider authentication tools stronger than passwords, such as Pki authentication, hardware tokens or auditing software [1].
But despite this, Another developer might be interested in authenticating only. This user would first create minimal entrance points where the authenticator pattern will levy authentication policies. The field descriptor will define the data used to grant or deny the authentication decision. A password synchronizer pattern performs distributed password management. Authenticator and password synchronizer are not directly related. The users will need to apply other patterns after authenticator before they could use a password synchronizer.
Intrusion Detection
Intrusion detection is used for monitoring and logging the activity of Protection risks. A functioning network intrusion detection system should indicate that someone has found the doors, but nobody has literally tried to open them yet. This will scrutinize inbound and outbound network activity and identify patterns used that may indicate a network or system strike from someone attempting to compromise the system. In detecting the misuse of the system the protocols used, such as scanners, analyzes the information it gathers and compares it to large databases of strike signatures it provides. In essence, the Protection detection looks for a definite strike that has already been documented. Like a virus detection system, the detection system is only as good as the index of strike signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the general state of the network's traffic breakdown, load, protocols, and typical packet size. Anomaly detection of segments is used to compare their current state to the general state and look for anomalies. Designing the intrusion detection must also put into account, and detect, malicious packets that are meant to be overlooked by a generic firewall's basic filtering rules. In a host based system, the detection system should scrutinize the activity on each private computer or host. As long as you are securing the environment and authorizing transactions, then intrusion detection should pick up no activity from a flaw in the system's data flow.
Trade-Offs
Trade-offs of the implementation must also be taken into observation when developing these controls and detection software. The developer must also consider the severity of the risk, the probability of the risk, the magnitude of the costs, how sufficient the countermeasure is at mitigating the risk and how well disparate risks and costs can be analyzed at this level, despite the fact that risks diagnosis was complete, because actual changes must be carefully and the Protection estimate must be reassessed through this process. The one area that can cause the feeling of Protection to diverge from the reality of Protection is the idea of risk itself. If we get the severity of the risk wrong, we're going to get the trade-off wrong, which cannot happen at a principal level. We can do this to find out the implications in two ways. First, we can underestimate risks, like the risk of an automobile crisis on your way to work. Second, we can overestimate some risks, such as the risk of some guy you know, stalking you or your family. When we overestimate and when we underestimate is governed by a few definite heuristics. One heuristic area is the idea that "bad Protection trade-offs is probability. If we get the probability wrong, we get the trade-off wrong" [6]. These heuristics are not definite to risk, but lead to bad evaluations of risk. And as humans, our capability to speedily compare and spit out some probability in our brains runs into all sorts of problems. When we form ourselves to correctly analyze a Protection issue, it becomes mere statistics. But when it comes down to it, we still need to form out the threat of the risk which can be found when "listing five areas where perception can diverge from reality:"
-The severity of the risk.
-The probability of the risk.
-The magnitude of the costs.
-How sufficient the countermeasure is at mitigating the risk.
-The trade-off itself [6].
To think a system is thoroughly derive is absurd and illogical at best unless hardware Protection was more widespread. Feeling of the word and reality of Protection are different, but they're intimately related. We try our best Protection trade-offs considering the perception noted. And what I mean by that is that it gives us genuine Protection for a reasonable cost and when our actual feeling of Protection matches the reality of security. It is when the two are out of alignment that we get Protection wrong. We are also not adept at production coherent Protection trade-offs, especially in the context of a lot of ancillary information which is designed to persuade us in one direction or another. But when we reach the goal of complete lockdown on Protection protocol that is when you know the estimate was well worth the effort.
Physical Security
Physical Protection is any information that may be available, and used in order to gain definite information about company linked data which may contain documentation, personal information, assets and population susceptible to communal engineering.
In its most widely practiced form, communal engineering involves an attacker using employees at the target organization on the phone and exploiting them into revealing sensitive information. The most frustrating aspect of communal engineering attacks for Protection professionals is that they are nearly all the time successful. By pretending to be Another employee, a customer, or a supplier, the attacker attempts to manipulate the target someone into divulging some of the organization's secrets. communal engineering is deception, pure and simple. The techniques used by communal engineers are often linked with computer attacks, most likely because of the fancy term "social engineering" applied to the techniques when used in computer intrusions. However, scam artists, private investigators, law enforcement, and even carefully sales population hire virtually the same techniques every single day.
Use communal and private organizations to help with staffed Protection in and nearby complex parameters also install alarms on all doors, windows, and ceiling ducts. Make a clear statement to employees about assign clear roles and responsibilities for engineers, employees, and population in building maintenance and staff that they must all the time have authorization before they can disclose any corporate data information. They must make principal contacts and ongoing transportation throughout a software goods and disclosure of documentation. Mobile resources must be given to employees that tour and there should be installed on their Mobile devices the definite Protection protocols for communicating back and forth from a web connection. The company must utilize local, state, and remote facilities to backup data or utilize services for extra Protection and Protection of data resources. Such extra Protection could contain watch of company waste so it is not susceptible to dumpster diving. Not to say an assailant might be finding for your yesterday's lunch but will more likely be finding for shredded paper, other leading memo's or company reports you want to keep confidential.
Dumpster diving is a incompatibility on corporal break-in that involves rifling through an organization's trash to look for sensitive information. Attackers use dumpster diving to find discarded paper, Cds, Dvds, floppy disks (more obsolete but still viable), tapes, and hard drives containing sensitive data. In the computer underground, dumpster diving is sometimes referred to as trashing, and it can be a smelly affair. In the heavy trash receptacle behind your building, an attacker might scrutinize a complete diagram of your network architecture, or an laborer might have carelessly tossed out a sticky note with a user Id and password. Although it may seem disgusting in most respects, a good dumpster diver can often retrieve informational gold from an organization's waste [1].
Conclusion
Security development involves the meticulous observation of company value and trust. With the world as it exists today, we understand that the response to electronic attacks is not as lenient as they should be but none the less unavoidable. professional criminals, hired guns, and even insiders, to name just a few of the threats we face today, cannot be compared to the pimply teen hacker sitting at his computer ready to get underway his/her latest attacks at your system. Their motivations can contain revenge, monetary gain, curiosity, or common pettiness to attract concentration or to feel terminated in some way. Their skill levels range from the straightforward script kiddies using tools that they do not understand, to elite masters who know the technology best than their victims and maybe even the vendors themselves.
The media, in retrospect, has made it a certain point that the threat of digital terrorism is in the golden age of computer hacking. As we load more of our lives and society onto networked computers, attacks have come to be more prevalent and damaging. But do not get discouraged by the whole and power of computer tools that harm your system, as we also live in the golden age of information security. The defenses implemented and maintained are assuredly what you need. Although they are often not easy, they do add a good deal of job Protection for sufficient system administrators, network managers, and Protection personnel. Computer attackers are excellent in sharing and disclosing information with each other about how to strike your specified infrastructure. Their efficiency on information distribution about infiltrating their victims can be ruthless and brutal. Implementing and maintaining a allembracing Protection program is not trivial. But do not get discouraged, we live in very interesting times, with technologies advancing rapidly, gift great opportunities for studying and growing.
If the technology itself is not interesting enough, just think of the great job Protection given to system administrators, Protection analyzers, and network managers who has knowledgeable feel on how to derive their systems properly. But also keep in mind that by staying diligent, you literally can defend your information and systems while having a interesting and interesting job to give you more experience. To keep up with the attackers and defend our systems, we must understand their techniques. We must help system administrators, Protection personnel, and network administrators defend their computer systems against attack. Attackers come from all walks of life and have a collection of motivations and skill levels. Make sure you accurately compare the threat against your organization and deploy defenses that match the threat and the value of the assets you must protect. And we have to all be aware that we should never underestimate the power of the hacker who has enough time, patience and knowhow to accomplish anyone they put their minds to. So it is your duty to do the same.
Software protection development - A White Hat's PerspectiveRelated : wall mount 19 inch Best of Gmaes
ไม่มีความคิดเห็น:
แสดงความคิดเห็น