Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review For Exam 3 © Abdou Illia – Spring 2016.

Published byJulia Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Review For Exam 3 © Abdou Illia – Spring 2016."— Presentation transcript:

1 Review For Exam 3 © Abdou Illia – Spring 2016

2 Host Hardening 2

3 Computer Hardware & Software
Operating System Web service software (IIS, Apache, ...) Web browser Productivity Software Client & server application programs

4 Your knowledge about Host hardening
Which of the following is most likely to make a computer system unable to perform any kind of work or provide any service? Client application programs get hacked Server application programs (web service software, database service, network service, etc.) get hacked The operating system get hacked The connection to the network/Internet get shut down

5 OS Vulnerability test 2010 by omnired.com
OS tested: Win XP, Win Server 2003, Win Vista Ultimate, Mac OS Classic, OS X 10.4 Server, OS X 10.4 Tiger FreeBSD 6.2, Solaris 10, Fedora Core 6, Slackware 11.0, Suse Enterprise 10, Ubuntu 6.10 Tools used to test vulnerabilities: Scanning tools (Track, Nessus) Network mapping (Nmap command) All host with OS installation defaults Results Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities and allow for executing malicious code The UNIX and Linux variants present a much more robust exterior to the outside Once patched, however, both Windows and Apple’s OS are secure. OS market share

6 Your knowledge about Host hardening
You performed an Out-of-the-box installation of Windows XP and Linux FreeBSD 6.2 on two different computers. Which computer is more likely to be secure ? Windows XP Linux FreeBSD 6.2 They will have the same level of security What needs to be done, first, in order to prevent a hacker from taking over a server with OS installation defaults that has to be connected to the Internet? Lock the server room Configure the firewall to deny all inbound traffic to the server Download and install patches for known vulnerabilities

7 Security Baseline Because it’s easy to overlook something in the hardening process, businesses need to adopt a standard hardening methodology: standard security baseline Need to have different security baseline for different kind of host; i.e. Different security baselines for different OS and versions Different security baselines for different types of server applications (web service, service, etc.) Different security baselines for different types of client applications.

8 Hardening servers Choose the OS that provides the following:
Ability to restrict admin access (Administrator vs. Administrators) Granular control of data access Ability to disable services Ability to control executables Ability to log activities Host-based firewall Support for strong authentication and encryption Disable or remove unnecessary services or applications If no longer needed, remove rather than disable to prevent re-enabling Additional services increases the attack vector More services can increase host load and decrease performance Reducing services reduces logs and makes detection of intrusion easier

9 Hardening servers (cont.)
Configure user authentication Remove or disable unnecessary accounts (e.g. Guest account) Change names and passwords for default accounts Disable inactive accounts Assign rights to groups not individual users Don't permit shared accounts if possible Configure time sync Enforce appropriate password policy Use 2-factor authentication when necessary Always use encrypted authentication

10 UNIX / Linux Hardening Many versions of UNIX
No standards guideline for hardening User can select the user interface Graphic User Interface (GUI) Command-Line Interfaces (CLIs) or shells CLIs are case-sensitive with commands in lowercase except for file names

11 UNIX / Linux Hardening Three ways to start services
Start a service manually (a) through the GUI, (b) by typing its name in the CLI, or (c) by executing a batch file that does so Using the inetd program to start services when requests come in from users Using the rc scripts to start services automatically at boot up Inetd = Internet daemon; i.e. a computer program that runs in the background

12 UNIX / Linux Hardening Starting services upon client requests
Services not frequently used are dormant Requests do not go directly to the service Requests are sent to the inetd program which is started at server boot up Program A 1. Client Request To Port 123 4. Start and Process This Request Program B inetd Program C Program D 2. Port 123 3. Program C Port Program A Port Program B Port Program C Port Program D /etc/inetd.config

13 UNIX / Linux Hardening Turning On/Off unnecessary Services In UNIX Identifying services running at any moment ps command (process status), usually with –aux parameters, lists running programs Shows process name and process ID (PID) netstat tells what services are running on what ports Turning Off Services In UNIX kill PID command is used to kill a particular process kill (If PID=47)

14 Advanced Server Hardening Techniques
File Integrity Checker Creates snapshot of files: a hashed signature (message digest) for each file After an attack, compares post-hack signature with snapshot This allows systems administrator to determine which files were changed Tripwire is a file integrity checker for Linux/UNIX, Windows, etc.: (ftp://coast.cs.purdue.edu/pub/tools/unix)

15 Advanced Server Hardening Techniques
Reference Base File 1 File 2 Other Files in Policy List File 1 Signature File 2 Signature 1. Earlier Time Tripwire 3. Comparison to Find Changed Files Post-Attack Signatures File 1 File 2 Other Files in Policy List File 1 Signature File 2 Signature 2. After Attack Tripwire File Integrity problem: many files change for legitimate reasons. So it is difficult to know which ones the attacker changed.

16 The Elements of Cryptography

17 Cryptography? Traditionally, cryptography refers to
The practice and the study of encryption Transforming information in order to prevent unauthorized people to read it. Today, cryptography goes beyond encryption/decryption to include Techniques for making sure that encrypted messages are not modified en route Techniques for secure identification/authentication of communication partners.

18 Your knowledge about Cryptography
Which of the following do cryptographic systems protect? Data stored on local storage media (like hard drives) from access by unauthorized users. Data being transmitted from point A to point B in a network Both a and b

19 Your knowledge about Cryptography
Which of the following security issues is addressed by cryptographic systems? Confidentiality; i.e. protection against eavesdropping Authentication; i.e. assurance parties involved in a communication are who they claim to be Message integrity; i.e. assurance that messages are not altered en route Availability; i.e. making sure that communication systems are not shut down by intruders. All of the above

20 Basic Terminology 1 Plaintext: original message to be sent. Could be text, audio, image, etc. Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decrypt Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext Ciphertext: encrypted message. Looks like a random stream of bits Encryption Algorithm + Encryption key Hello Ciphertext “ ” Plaintext “Hello” Network Interceptor Party A Decryption Algorithm Plaintext “Hello” Ciphertext “ ” + Decryption key Party B

21 Free Encryption online: Tools4noobs.com
Basic Terminology 2 Encryption: Converting plaintext into ciphertext using algorithms and keys The size of the ciphertext is proportional to the size of the plaintext Ciphertext is reversible to plaintext Symmetric Key Encryption: Same key is used both for encryption and decryption Keys are usually identical or trivially identical* Asymmetric Key Encryption: Also called Public/Private Key Encryption Two different keys are used: one for encryption, one for decryption * Trivially identical means simple transformation could lead from one key to the another. Party A Party B Party A Party B Free Encryption online: Tools4noobs.com

22 Your knowledge about Cryptography
Based on how symmetric encryption systems work, which of the following is the worst thing to happen? An attacker gets a copy of the encryption and decryption algorithms An attacker gets the decryption key a and b are equally damaging Which of the following presents more challenge for exchanging keys between partners? Asymmetric encryption Symmetric encryption A and b are equally challenging

23 Exhaustive search and Key length
Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertext Most attacks require the capture of large amount of ciphertext Every additional bit in the length of the key doubles the search time Every additional bit in the length of the key doubles the requirements in terms of minimum processor’s speed to crack the key. Key Length in bits Number of possible keys (2key length in bits) 1 2 4 16 8 256 65536 56 112 or E+33 168 E+50 E+77 512 1.3408E+154

24 Your knowledge about Cryptography
If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm? _______________________________________ Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits? ________________

25 Weak vs. Strong Keys Symmetric Key Encryption
Usually for private of customer e-business Keys < 100-bit long are considered weak today. Keys 100-bit long or more are considered strong today. Asymmetric Key Encryption Usually used for B2B e-commerce Key pairs must be much longer (512 bit and more) because of the disastrous consequences of breaking the decryption key Key Length in bits Number of possible keys (2key length in bits) Type of communication 1 21 = 2 2 22 = 4 16 216 = 65536 56 256 = Private, symmetric, weak asymmetric (e.g. DES) 100 2100 = Private, symmetric 112 2112 = or E+33 Business, asymmetric (e.g. 112-bit DES) 168 E+50 Business, asymmetric (e.g. 3DES) 256 E+77 Business, asymmetric (e.g. AES) 512 1.3408E+154 Business, asymmetric (e.g. RSA) 1024 to 4096 21024 to 24096

26 Your knowledge about Cryptography
Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key? Answer: change the key very often

27 Symmetric Key Encryption

28 Symmetric Key Encryption methods
Two categories of methods Stream cipher: algorithm operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks Only a few symmetric methods are used today Methods Year approved Comments Data Encryption Standard - DES 1977 1998: Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hours DES-Cipher Block Chaining Triple DES – TDES or 3DES 1999 Advanced Encryption Standard – AES 2001 Its versions among the most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish

29 Data Encryption Standard (DES)
DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bits Problem: same input plaintext gives same output ciphertext DES Encryption Process 64-Bit Ciphertext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) 64-Bit Plaintext

30 DES-Cipher Block Chaining
DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder An 64-bit initialization vector is used for first block First 64-Bit Plaintext Block DES Key Initialization Vector (IV) DES Encryption Process Second 64-Bit Plaintext Block DES Key First 64-Bit Ciphertext Block DES Encryption Process Second 64-Bit Ciphertext Block

31 168-Bit Encryption with Three 56-Bit Keys
Triple DES (3DES) 168-Bit Encryption with Three 56-Bit Keys Sender Receiver Encrypts original plaintext with the 1st key Decrypts ciphertext with the 3d key 1st 3rd Decrypts output of first step with the 2nd key Encrypts output of the first step with the 2nd key 2nd 2nd Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1st key; gives the original plaintext 3rd 1st

32 112-Bit Encryption With Two 56-Bit Keys
Triple DES (3DES) 112-Bit Encryption With Two 56-Bit Keys Sender Receiver Encrypts plaintext with the 1st key Decrypts ciphertext with the 1st key 1st 1st Decrypts output with the 2nd key Encrypts output with the 2nd key 2nd 2nd Encrypts output with the 1st key Decrypts output with the 1st key 1st 1st

33 Your knowledge about Cryptography
Based on the way DES and 3DES work, which of the following is true? 3DES requires more processing time than DES Compared 3DES, DES requires more RAM Both a and b Given the increasing use of hand-held devices, 3DES will be more practical than DES. True False

34 Advanced Encryption Standard - AES
Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM requirements compared to 3DES Can be used on a wide variety of devices including Cellular phones PDAs Etc.

35 Asymmetric Key Encryption

36 Public Key Encryption For confidentiality
Each Party uses other party’s public key for encryption Each Party uses own private key for decryption No need to exchange private key, but key needs to be very strong (512+ bit) Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Party B’s Public Key Party B’s Private Key Encrypted Message

37 Public Key Encryption methods
Asymmetric encryption methods are used both for Encryption in order to provide confidentiality Digital signature in order to provide partners’ authentication Methods Year proposed Comments RSA by Ron Rivest, Adi Shamir, and Leonard Adleman 1977 1995: First attack in lab conditions was reported Elliptic Curve Cryptosystem - ECC 1985 Becoming widely used Other symmetric encryption methods: Dieffe-Hellman, El-Gamal

38 Basic Terminology 3 Hashing: Hash function: Hash:
Mathematical process for converting inputs into fixed-length outputs Hash function: Algorithm that does the hashing. Uses an input + a shared secret or password. Example: MD5, Secure Hash Algorithm. Hash: Fixed-length output of the hashing

39 Encryption Versus Hashing
Use of Key Uses a key as an input to an encryption method Password is usually added to text; the two are combined, and the combination is hashed Length of Result Output is similar in length to input Output is of a fixed short length, regardless of input Reversibility Reversible; ciphertext can be decrypted back to plaintext One-way function; hash cannot be “de-hashed” back to the original string

40 Cryptographic Systems (cont.)
Packaged set of cryptographic countermeasures used for protecting dialogues

41 MS-CHAP* Hashing for Authentication
CHAP is an authentication hashing scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients After the completion of the link establishment phase, the server sends a "challenge" message to the client. The client responds with a value calculated using a one-way hash function, such as an MD5 or SHA (Secure Hash Algorithm). The server checks the response against its own calculation of the expected hash value. If the values match, the server acknowledges the authentication; otherwise it should terminate the connection. At random intervals the server sends a new challenge to the peer and repeats steps 1 through 3. Shared secret * Microsoft’s version of Challenge Handshake Authentication Protocol

42 MD5 (Message-Digest algorithm 5)
A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output) An MD5 hash value is typically expressed as a 16- hexadecimal number like 912df11644fccac439b6fc5f80af5cdb Each hex number is 8 bits MD5 generates a 128-bit hash value regardless of the input length. Commonly used to check the integrity of files like downloaded software programs 42

43 SHA1 (Secure Hash Algorithm 1)
A widely used cryptographic hash function used to hash inputs (typed texts or files) in order to generate hash values (called checksums, message digest, or output) A SHA1 hash value is typically expressed as a 20-hexadecimal number like fb1a26e4bc422aef54eb4 SHA1 generates a 160-bit hash value regardless of the input length Commonly used to check the integrity of files like downloaded software programs 43

44 Application Security: General apps &Web service

45 General Applications Security Issues

46 Which of the following is true about Application Security?
If a server application (or service) is no longer needed, it should be turned off Fewer applications on a computer means fewer attack opportunities Use good security baselines to install and configure apps Do not install application centrally using group policies Add application layer authentication by requiring users to provide credentials to run application programs Implement cryptographic authentication for sensitive apps If a server application (or service) is no longer needed, it should be removed Do not turn on each applications’ automatic update checking 46

47 Applications and Buffer Overflow
OUTDO OR Buffers are RAM areas where data is stored temporarily Buffer overflow occurs when data spill from one buffer to the next Buffer Overflow is the biggest issue in application coding If an attacker sends more data than the programmer had allocated to a buffer, a buffer might overflow, overwriting an adjacent section of RAM Buffer overflow attacks RAM Buffer1 Buffer2 Buffer7 Buffer3 Buffer4 Buffer6 Buffer5 47

48 Buffer Overflow Attack
Occurs when ill-written programs allow data destined to a memory buffer to overwrite instructions in adjacent memory register that contains instructions. If the data contain malware, the malware could run and creates a DoS Example of input data: ABCDEF LET JOHN IN WITHOUT PASSWORD Buffer Instructions 1 2 3 4 5 6 Print Run Program Accept input Buffer Instructions 1 2 3 4 5 6 A B C D E F LET JOHN IN WITHOUT PASSWORD Run Program Accept input 48 48

49 Preventing Buffer Overflow
Key Principle: Never Trust User Input Use Languages/tools that provide automatic bounds checking such as Perl, Python, and Java instead lower level language (C or Assembly, etc). However, this is usually not possible or practical because almost all modern OS are written in the C language. Eliminate The Use Of Flawed Library Functions like gets(), strcpy, and strcmp that fail to check the length or bounds of their arguments. Design And Build Security Within Code Use Source Code Scanning Tools. Example: PurifyPlus Software Suite can perform a dynamic analysis of Java, C, or C++ source code. For instance, this simple change informs strcpy() that it only has an eight byte destination buffer and that it must discontinue raw copy at eight bytes. // replace le following line strcpy (buffer2, strng2); // by strcpy (buffer2, string2, 8)

50 Web service security

51 Webservice & E-Commerce apps
Web applications could be the target of many types of attacks like: Directory browsing Traversal attacks Web defacement Using HTTP proxy to manipulate interaction between client and server IIS IPP Buffer Overflow Browser attacks Time configuration

52 Web sites’ directory browsing
Web server with Directory Browsing disabled User cannot get access to list of files in the directory by knowing or guessing directory names

53 Web site with directory browsing
Web server with Directory Browsing enabled User can get access to the list of files in the directory by knowing or guessing directory names

54 Traversal Attack Normally, paths start at the WWW root directory
Adding ../ (Windows) or ..\ (Unix) in an HTTP request might take the attacker up a level, out of the WWW root directory. Example: ../../ Example: If attacker traverses to Command Prompt directory in Windows or NT, he can execute any command with system privileges

55 Traversal Attacks (Cont.)
Preventing traversal attacks Companies filter out ../ and ..\ using URL scanning software Attackers respond with hexadecimal and UNICODE representations for ../ and ..\ ASCII Character Chart with Decimal, Binary and Hexadecimal Conversions Name Character Code Decimal Binary Hex Null NUL 00 Start of Heading SOH Ctrl A 1 01 Space 32 20 Exclamation Point ! Shift 1 33 22 Plus + Shift = 43 2B Period . 46 2E Forward Slash / 47 2F Tilde ~ Shift’ 126 7E

56 IIS IPP Buffer Overflow
The Internet Printing Protocol (IPP) service included in IIS 5.0 and earlier versions is vulnerable to buffer overflow attacks The jill.c program was developed to launch the attack using: GET NULL.printer HTTP/1.0 Host: 420-byte jill.c code to launch the command shell IIS server responds launching the command shell (C:\WINNT\SYSTEM32\>) giving the attacker SYSTEM privileges.

57 IIS IPP Buffer Overflow (cont.)
Link to jill.c code Code compilable using gcc jill.c –o jill on Linux Precompiled version (jill-win32.c) and executable (jill-win32.exe) available at ftp://ftp.technotronic.com/ newfiles/jill-win32.exe. This executable file is ready to run on a Windows machine.

58 Browser Attacks Malicious links attack.txt.exe seems to be attack.txt
User must click on them to execute (but not always) Common extensions are hidden by default in some operating systems. attack.txt.exe seems to be attack.txt

Download ppt "Review For Exam 3 © Abdou Illia – Spring 2016."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Application Security: General apps &Web service

Application Security: General apps &Web service
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Host Hardening (March 30, 2015) © Abdou Illia – Spring 2015 Series of actions to be taken in order to make it hard for an attacker to successfully attack.

Host Hardening (March 30, 2015) © Abdou Illia – Spring 2015 Series of actions to be taken in order to make it hard for an attacker to successfully attack.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.

Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.

The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.
Application Security: General apps &Web service (April 11, 2012) © Abdou Illia – Spring 2012.

Application Security: General apps &Web service (April 11, 2012) © Abdou Illia – Spring 2012.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.

CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.

Similar presentations

Ads by Google