Ict287 Computer Security: Attack Surface Assessment Answers

Q 2: Legacy code

For phase two of this audit you gain access to the machine. You may use any of the vulnerabilities you discovered in Question 1 to gain this access.

You must gain a command prompt on the target machine and document the steps you took and evidence that you have obtained this access. This is a trivially simple task, so do not spend too long on this.

As you begin to audit the files, you notice that the hard drive contains some credit card validation software. Your testing shows that this program is vulnerable to a critical and yet common type of software security vulnerability. When you inquire about this software you learn that this cannot be patched as the code is part of a suite of utilities supplied by the financial provider and does not belong to the organisation.

Discuss the type of vulnerability briefly. Discuss the specific vulnerability and show how it theoretically may be exploited. Given that it is not possible to patch or amend the code and that it must remain in use, make several recommendations to reduce the risk this application poses.

Q 3: Known weakness

While finishing up your analysis for the legacy code you notice a saved Email containing a quote that the administrator has saved about the new web systems being set up for the online store. You notice that the Email mentions that a particular hashing algorithm is to be used for digital signatures but your experience tells you that this isn’t the best approach.

Write a report explaining possible vulnerabilities caused by signing certificates with their chosen hash and how these could be exploited. You should include authoritative references about the weaknesses. You should also provide recommendations on how to mitigate the vulnerabilities for general systems as well as for the specific platform being used.

Answers:

1. Introduction

An attack on data networks seeks to exploit a computer system. i.e. (software program, operating system or user system). This is for purposes of causing damage. All computers that are connected to a computer network may be vulnerable to these attacks. However, most of these attacks are launched automatically from computers that are infected. This can be through Trojans, worms, and viruses’ etc.       

The attackers

Attackers of all abilities and motivations are dangerous to the security of the internal network, in several ways:
Beginner. Most attackers only have basic knowledge of systems but are immobile and dangerous because they do not often fully understand the consequences of their actions.

Intermediate. Attackers with intermediate skills are generally trying to gain respect in attacking communities. Typically, they attack prominent targets and create automated tools to attack other networks.

Advanced Highly skilled attackers present a serious security challenge because their attack methods can be extended beyond technology into physical intrusion and social engineering, or deception of a user or administrator to gain information. Although there are relatively few advanced attackers, their skills and experience make them the most dangerous attackers to a network

Types of attacks facing the company. Common vulnerabilities and exposures include the following.

Level network attacks

The Internet is to this day, an indispensable tool for most people, including companies, universities and government of different countries.

People rely on the internet to do their professional and personal activities.

Behind all the utilities, the company has malicious users stalking, they have many ways to attack the computer networks, leaving useless servers where we connect or invading the company’s privacy. 

Potential vulnerable services

Malware or malware on the Internet.

One type of network attack is the introduction of malware on a web page. When a user browses a web, they may inadvertently become infected by malware. The three most well-known types of malware are viruses, worms and Trojans.

Once the malware has infected our computer (computer, PDA, mobile) can do any type of actions. The most outstanding are the deletion of data, collection of personal information (e-mails, passwords, conversations). They can also control everything we write (Keyloggers) and send it to its rightful owner (for use of all data collected).

Normally a common feature of all of them is that they auto-replicate, to infect more users, this way it will spread exponentially.
When we have been infected by malware, and we believe that everything works well, we may be participating in a botnet that the attackers build to make a DDoS (Distributed Denial of Service), that way, unknowingly we may be participating in an attack against a Server to lock it.

- Attack servers and network infrastructure.

Denial of Service (DoS). This attack collapses a server completely and makes it impossible to navigate through. They can be mitigated by inputting specific rules in the firewall.

 Flooding of connections: normally the protocol that is used is TCP, being connective, reliable and oriented to connection. The TCP protocol itself requests the forwarding of the lost packets and handles fragmentation and reassembly (not as UDP over IP). The attacker sets hundreds of connections on the server until it collapses and cannot accept legitimate user connections.

- Bandwidth flood: the malicious user sends many packets to the server, preventing legitimate packets from reaching it, there is not enough bandwidth for more packets.

- Vulnerability attack: if there is a vulnerability in the server, the attacker focuses on exploiting it by sending messages built specifically to cause the machine to fail.

To collapse a server by flooding the bandwidth, the attack has to be distributed (DDoS) since the servers currently have a high bandwidth. Also, it would be very easy to detect since it would only be from an IP (in DoS not distributed). The attack bandwidth must be close to the maximum bandwidth of that server to collapse it.

The problem with distributed attacks is that you do not know if the one who makes the requests is an attacker, or the legitimate user, so it is much harder to detect and, above all, much more difficult to defend against them.

Analyze packets that flow through the network (sniffers).

Nowadays, most of the users connect via Wi-Fi to the internet for the comfort that this entails, since we can navigate quietly from the sofa of our house, or from our new mobile of last generation.

The recommendation to the manager is that he should hire Computer security experts who will be responsible for stopping these attacks, and, as much as possible, designing new architectures that are immune to attacks.

In recent years, network security has become a priority because more and more malicious users are looking for vulnerabilities to break security, either by surpassing themselves or by financial gain.

Physical attacks

Physical security is one of the most forgotten aspects when designing a computer system. While some of the aspects discussed below are anticipated, others such as detecting an internal attacker on the company attempting to physically access an operating room from it.

This can result in an attacker making it easier to capture and copy a tape in the room, than to try to access it logically.

Thus, Physical Security consists of the "application of physical barriers and control procedures, such as prevention measures and countermeasures against threats to resources and confidential information. It refers to the controls and security mechanisms in and around the Computer Center as well as the means of remote access to and from it; implemented to protect the hardware and data storage media.

The recommendation for this attack is that they should secure the premise and do simple procedures like closing doors of the company server room.

2. Threat, risk and vulnerability

A threat in a computer system has the potential to cause a loss or harm. Threats can materialize due to vulnerabilities of the computer resulting in attack of the computer.

Vulnerabilities in Software

Both the Network and the software we add to our computers can infect our computer. For this reason, it is very advantageous to complement the system with programs that protect the system. The type of vulnerability is based on the configuration of the system software.

Both the Network and the software we add to our computers can infect our computer with spyware and other threats. For this reason, it is very advantageous to complement the operating system with programs that protect us effectively and provide us with diagnostic options of recognized solvency.

The various levels of vulnerabilities are specific to each organization. In this organization the vulnerabilities are centered on encryption of various digital and card platforms. Financial management systems are a basis for cyber-attacks.

Intermediate level

As in medicine and in so many fields, prevention is better than cure. If our PC is properly equipped and we are accustomed to pay attention to the various alerts of the operating system and our security applications, keeping the system clean and avoiding all types of malware is much easier than disinfecting the computer.

While a priori may seem convenient to keep them all enabled, in practice you can save resources by canceling some of them. Close, for example, the P2P Shield if you do not use clients that use this technology, or the Shield of instant messaging if you do not use it to establish communication with other users.

Type of vulnerability

But one thing is certain, that there is a vulnerability does not mean that damage to the computer occurs automatically. That is, the computer has a weak point, but that's not going to fail, the only thing that happens is that it is possible for someone to attack the computer taking advantage of that weak point.

Recommendation

At this point, the main measures we can take to stay protected. Needless to say, to complement all that we propose, it is imperative that you keep your software installation updated through regular Windows Update which can be done by configuring. In the event that the infection has occurred and your PC is vulnerable, we propose different tools to facilitate its diagnosis and disinfection.

That the installers of the free programs and the test versions include utilities that, presumably, will improve the performance of our PC, provide additional functionalities or add interesting software to a browser, it has become such a common practice that it is not easy give with honest and clean assistants.

Therefore, during the installation process, proceed with caution, pay attention to all steps and take as a rule do not install anything that is not part of the program that you have chosen in the strict sense. If the application contains malware, most likely, as we will see shortly, the security software you have enabled will warn you in this regard. In our section dedicated to Internet.

Combat malware and other threats

A good antivirus software is nowadays absolutely essential. As an alternative to Security Essentials, the free option that Microsoft offers us for protection in this area, we propose to install Avast! Free Antivirus 7, which offers you many more options without forcing you to shell out a single penny

3.

Known email algorithms in the email to generate computer generated signatures are more vulnerable than expected. There are several vulnerabilities associated with digitally generated signatures. Firstly, they can’t be trusted due to their inability to provide ultimate security to the user. They allow people to make un-authentic and fake SSL certificates.

The internet Public Key Infrastructure (PKI) is very vulnerable to digital certificates especially for secure websites. An attack scenario is very successful and has created a rogue authority of certification that can be trusted by all web browsers. It allows the attacker to impersonate any website on the internet especially in e- commerce and many sites that have high affinity in the use of HTTPS protocol.

The weaknesses lies in the MD5 hash cryptographic function which allows different messages to be constructed. It is known as MD5 collision where digital signatures can lead to multiple level attacks. A rogue certification authority from the digital signature can be trusted and used by unsuspecting user therefore becoming a victim.

The man in the middle attack using such a certificate can be very vulnerable. The connection is usually secure through common security indicators. This extends not only to applications of dubious origin, but also to packages of many interesting programs that will try to convince us to add third party software. In all probability it will not only be useless, but may also contain spyware, adware or other threats.

References

Amoroso, Edward and Edward G Amoroso, Cyber Attacks (Butterworth-Heinemann/Elsevier, 2013)

Dowd, Mark, John McDonald and Justin Schuh, The Art Of Software Security Assessment (Addison-Wesley, 2007)

Haletky, Edward, Vmware Vsphere And Virtual Infrastructure Security (Prentice Hall, 2009)

Landree, Eric, Christopher Paul and Beth Grill, Freedom And Information (RAND Corp., 2007)

Loshin, Peter, Simple Steps To Data Encryption (Elsevier Science, 2013)

Singh, Abhishek, Baibhav Singh and Hirosh Joseph, Vulnerability Analysis And Defense For The Internet (Springer, 2008)

Strauss, Rochelle and Rosemary Woods, One Well (Kids Can Press, 2007)

Takanen, Ari, Jared D DeMott and Charles Miller, Fuzzing For Software Security Testing And Quality Assurance (Artech House, 2008)

Vacca, John R, Network And System Security (Syngress, 2014)