Chapter 2: Computer

Threats

Mandefro L. & Diriba M. 1

 Class of Attacks
• Reconnaissance Attack:
§ is the practice of covertly discovering and collecting information
about a system.
§ Often used by ethical hacking or penetration testing.
§ Reconnaissance derives from military language.
• A mission with the goal of obtaining information from enemy
territory
§ Works in seven general steps:
• Collect initial information
• Determine the network range
• Identify active machines
• Find access points and open ports
• Fingerprint the operating system
• Discover services on ports
• Map the network
Mandefro L. & Diriba M. 2
 Reconnaissance attack…
§ Port scanning the most common technique involved with
reconnaissance
• Two main types of reconnaissance:
§ Active Reconnaissance
• Hackers interact directly with the computer system
• Automated scanning or manual testing (ping and netstat)
• Faster and more accurate
• But riskier as it creates more noise and high chance of being
detected
§ Passive Reconnaissance
• Gathers information without directly interacting with systems
• Aided by tools such as Wireshark
• Methods such as OS fingerprinting

Mandefro L. & Diriba M. 3

 Access Attack
• Access attacks require intrusion capabilities
• It consists of
§ Gaining an account holder’s credentials
§ Plugging foreign hardware directly into the network infrastructure
§ They are carried out through logical or physical access
§ Logical Access:
• Exploitation through brute force attacks
• Testing passwords on the network using ‘rainbow tables’ or
dictionary attacks
• Usually attempted only after sufficient reconnaissance or
credentials are obtained

Mandefro L. & Diriba M. 4

 Access attack…
§ Physical Access
• Access to the infrastructure itself
• Access to the people
• One form of physical attack is a social engineering
• Denial of Service (DoS) Attack
§ The information exchange has been prevented due to some
form of interference
§ This can happen because of
• Natural disaster event
• Flood of packets that clogs the network’s ability to function
§ Can be catastrophic
• Imagine a company advertising a new product
§ Malicious DoS needs ample computing power from attacker
Mandefro L. & Diriba M. 5
 DoS Attack…
§ Mostly achieved using collection of networked devices
• The devices may or may not be aware of their involvement
• Referred to as botnet and results Distributed DoS
§ Can result in swift devastation to network without warning

Mandefro L. & Diriba M. 6

 Program Flaws
• Program flaw is a part of a program that can cause the
system to violate its security requirements.
§ Finding it demands some knowledge of system security
requirements
• Buffer Overflows:
§ Memory storage regions that temporarily hold data
§ Also called buffer overrun
§ Occurs when the volume of data exceeds the storage capacity
of the memory buffer
§ The program attempting to write the data to the buffer overwrites
adjacent memory locations

Mandefro L. & Diriba M. 7

 Program flaws…
• Buffer overflows can affect all types of software
• They typically result from malformed inputs or failure to
allocate enough space for the buffer
• If the transaction overwrites executable codes:
§ It can cause the program to behave unpredictably
§ Generate incorrect results
§ Memory access errors
§ Crashes
• Attackers exploit buffer overflow issues by overwriting the
memory of an application
• Changes the execution path of the program

Mandefro L. & Diriba M. 8

 Program flaws…
• Example
§ An attacker may introduce extra code, sending new instructions
to the application to gain access to IT systems
• If attackers know the memory layout of a program,
§ They can intentionally feed input that the buffer cannot store,
§ Overwrite areas that hold executable code, replacing it with their
own code
• Another example
§ An attacker can overwrite a pointer and point it to an exploit
payload, to gain control over the program.

Mandefro L. & Diriba M. 9

 Program Flaws…
• Time-to-Check to Time-of-Use (TOCTOU)
§ Fall under the category of a race condition
§ A hacker is able to access a file and make harmful changes
between the time of check and time of use
§ The opportunity window is very short due to that near
simultaneous overlap
§ TOCTOU can be recognized when shared files that multiple
users can access are susceptible to TOCTOU issues.
§ A file that has been corrupted could cause a system crash or
corrupt data related to the file.

Mandefro L. & Diriba M. 10

 Program flaws…
• Incomplete mediation
§ Mediation is checking the process of intervening to confirm an
actor’s authorization before it takes an intended action
§ It is common to use a notion AAA
• Describes what subject can perform what operation on what object
• Verifying that the subject is authorized to perform the operation on
an object is called mediation
§ Occurs when a program accept an erroneous data and process
it
§ Attackers exploit to cause security problems
§ Consider the following example
• http://www.somesite.com/subpage/userinput.asp?parm1=(808)
5551212&parm2=2015Jan17
§ The parameters: parm1 and parm2
Mandefro L. & Diriba M. 11
 Program flaws…
§ What would happen if parm2 were submitted as 1800Jan01?
Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many?
§ The receiving program would continue to execute but would
generate a very wrong result
• Imagine the amount of interest due today on a billing error with a
start date of 1 Jan 1800
§ The possibilities are endless

Mandefro L. & Diriba M. 12

 Controls to protect Program
•
Flaws
There are different controls
§ Developmental controls
§ Operating System controls
• Developmental controls
§ Software development is a collaborative effort
§ Many controls can be applied during software development to
hunt out and fix problems
§ Here are the practices that should be considered during
software development
• Modularity: Dividing a task into subtasks.
• Encapsulation: Hiding a component’s implementation details
• Information Hiding: developers cannot easily and maliciously alter
the components of others
Mandefro L. & Diriba M. 13
 Protecting program flaws…
• Hazard Analysis: systematic techniques intended to expose
potentially hazardous system states
• Testing: making the product failure free or failure tolerant
• Good Design: modularity, information hiding, and encapsulation
are characteristics of good design
• Configuration Management: know who is making which changes
to what and when
– Corrective changes: maintaining control of the system's day-to-day
functions
– Adaptive changes: maintaining control over system modifications
– Perfective changes: perfecting existing acceptable functions
– Preventive changes: preventing system performance from degrading
to unacceptable levels

Mandefro L. & Diriba M. 14

 Protecting program flaws…
• Operating System Controls
§ A subject is permitted to access an object in a particular mode,
and only such authorized accesses are allowed
§ Provide functionalities to ensure security access into resources
through the implementation of the access control mechanisms
§ The best noticeable example can be related to the access
control function is audit
• A log of which subject accessed which object when and in what
manner.

Mandefro L. & Diriba M. 15

 Protecting program flaws…
• Techniques used in OS to control program flaws
§ Virtual Machine
• An important operating system security technique is virtualization
• Virtualization is implemented by creating virtual machines
• Machines that are created virtually with configured services specific
to the user requirements
§ Sandbox
• A concept similar to virtualization with a protected environment in
which a program can run and not endanger anything else on the
system
• Environment from which a process can have only limited, controlled
impact on outside resources
– A good example of a sandbox is how applets are executed in java

Mandefro L. & Diriba M. 16

 Protecting program flaws…
• Techniques used in OS to control program flaws
§ Honeypot
• A fake environment intended to attract an attacker
• Usually employed in a network
• Shows a limited (safe) set of resources for the attacker
– administrators monitor the attacker’s activities in real time to learn
more about the attacker’s objectives, tools, techniques, and
weaknesses, and then use this knowledge to defend systems
effectively
• A system to attract an attacker into an environment that can be
both controlled and monitored

Mandefro L. & Diriba M. 17

 Program Security Defenses
• Software development controls and Testing techniques
§ Testing is making the product failure free or failure tolerant
§ Testing usually involves several stages
• Module testing: each program component is tested on its own
– Verifies that the component functions properly with the types of input
expected from a study of the component's design
– done in a controlled environment
– The test team can feed a predetermined set of data to the component
being tested and observe what output actions and data are produced
• Integration Testing: verifying that the system components work
together
– Ensures that the interfaces among the components are defined and
handled properly
– Done after module testing

Mandefro L. & Diriba M. 18

 Testing techniques…
• Function testing: evaluates the system to determine whether the
functions described by the requirements specification are actually
performed by the integrated system
– The result is a functioning system
– Compares the system being built with the functions described in the
developers' requirements specification
• Performance testing: compares the system with the remainder of
these software and hardware requirements
– It is during the function and performance tests that security
requirements are examined
– Testers confirm that the system is as secure as it is required to be
• Acceptance testing: conferring with the customer to make certain
that the system works according to customer expectations
– Developers join with customers to conduct acceptance testing
– Checks against the customer's requirements description

Mandefro L. & Diriba M. 19

 Testing techniques…
• Installation testing: run to make sure that the system still
functions as it should
– Security requirements often state that a system should not do
something
• Regression testing: ensures that all remaining functions are still
working and performance has not been degraded by the change
• Each of the types of tests listed here can be performed
from two perspectives
§ Black-box: treats a system or its components as black boxes;
• Testers cannot "see inside" the system, so they apply particular
inputs and verify that they get the expected output
§ White-box: allows visibility
• Testers can examine the design and code directly, generating test
cases based on the code's actual construction
Mandefro L. & Diriba M. 20
 Database management system
• What is database?
security
§ Range of tools, controls, and measures designed to establish
and preserve database confidentiality, integrity, and availability
• Database security must address and protect the
following:
§ The data in the database
§ The database management system (DBMS)
§ Any associated applications
§ The physical database server and/or the virtual database server
and the underlying hardware
§ The computing and/or network infrastructure used to access the
database

Mandefro L. & Diriba M. 21

 DB System Security…
§ DB is network-accessible
• Any security threat to any component within or portion of the
network infrastructure is also a threat to the database
• Any attack impacting a user’s device or workstation can threaten
the database
• The following will be considered when evaluating DB
system security
§ Physical security: DB server must be located within a secure,
climate-controlled environment
• Cloud provider take care of DB servers on the cloud
§ Administrative and network access controls: number of
users should have access to the database
• Their permissions should be restricted to the minimum levels necessary for
them to do their jobs.
• Network access should be limited to the minimum level of permissions
necessary.
Mandefro L. & Diriba M. 22
 DB System Security…
§ End user account/device security: Being aware who is accessing
the database and when and how the data is being used.
• Data monitoring solutions can alert if data activities are unusual or appear risky
• All user devices connecting to the network housing the database should be
physically and subject to security controls at all times.
§ Encryption: ALL data should be protected with best-in-class
encryption while at rest and in transit.
• All encryption keys should be handled in accordance with best-practice
guidelines.
§ Database software security: Using the latest version of database
management software
• Apply all patches as soon as they are issued.
§ Application/web server security: Any application or web server
that interacts with the database can be a channel for attack and should be
subject to ongoing security testing and best practice management.

Mandefro L. & Diriba M. 23

 DB System Security…
§ Backup security: All backups, copies, or images of the database
must be subject to the same security controls as the database itself.
§ Auditing: Record all logins to the database server and operating
system, and log all operations performed on sensitive data as well.
• Database security standard audits should be performed regularly.

Mandefro L. & Diriba M. 24