Mac VS Windows Security - Essay Example

Hussain Alfaraj - 100505107 Perhaps the weakness in windows and Mac is the SMB, which stands for Service Message Block. SMB is a Network sharing protocol. SMB operates in a client and server manner. Remote clients can check availability on SMB service on port 139 and 445 by doing port scan and this vulnerability that is referred to as MS08-68. (Microsoft.com) “A SMB Relay attack is a type of man-in-the-middle attack where the attacker asks the victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target.

The attacker forwards the authentication information both ways, giving him access. Afterward, the attacker tricks the victim into connecting with him before the attacker establishes connection to the target, receives the 8-byte challenge. Subsequently, the attacker sends the 8-byte challenge to victim, who then responds to the attacker with the password hash. Attacker responds back to the targets challenge with the victims hash and finally Target grants access to attacker” (SkullSecurity, 2008).

The Protective measure of this problem is to remove NetBIOS from any network card to reduce the possibility of abusing SMB. In addition, the following steps can help mitigate this weakness: “Enable (and require) NTLMv2 authentication -- this will prevent pre-computed attacks, because the client provides part of the randomness. Enable (and require) message signing for both clients and servers -- this will prevent relay attacks. Install ms08-068 -- this will prevent a specific subset of relay attacks, where its relayed back to itself.

” (SkullSecurity, 2008) RPS attack (Remote procedure call) is used over SMB to offer file and printing sharing. Attacker can compromise the system by sending RPC request to gain access. This usually happens through port 139, which is known as the NetBIOS. “NetBIOS over the Internet is an enormous security risk. The NetBIOS protocol gives people the ability to obtain all kind of information from your systems like your domain, workgroup and system names, as well as account information. To prevent this from happening make sure that on your border gateways you filter out all in- and outgoing traffic for ports 137, 138 and 139.

” (Dennis Leeuw dleeuw, 2011) That being said, Mac, UNIX/Linux machines also use these ports, due to a Windows-file-sharing-compatibility package called Samba. Another vulnerability we are introducing is the Abusing remote Desktop Protocol (RDP). Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. This enhancement can be a threat when it allows an authorized remote user to connect to the operating system.

Connection is usually secured by a username and pass. Therefore, it all depends on the strength of the password. Since this works on port 3389, this is easily found by port scanning. This is threat is more prevalent in Windows when compared to Mac.Unfortunately, even the last version of windows is easily compromised by abusing this enhancement: “One of the new security features in the latest Windows release (Windows 8.1) is the Restricted Admin mode for Remote Desktop Connection.This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket.

However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the very same attacks it was meant to protect against. Ultimately, this feature enables attackers to perform Pass-the-Hash and Pass-the-Ticket attacks by connecting to targeted machines via a Remote Desktop Protocol (RDP) connection” (Tal Beery, 2014).The third type of vulnerabilities is a Rootkit, which target both Mac OS and windows. “A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence.

The term Rootkit is a connection of the two words "root" and "kit". Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes” (veracode). Attacker can exploit the network flow to inject the OS with a rootkit and this process results in a full control of the system.

The last vulnerabilities we are introducing are memory attacks. Hackers can gain access to a system by taking over Windows through its PCMCIA Card. This means that the CPU and OS were bypassed unable to stop malicious DMA request: “The attack, which makes use of the Direct Memory Access (DMA) feature found in modern computer systems, could be highly difficult to guard against, since it bypasses the operating system and CPU entirely, the researchers said in a paper discussing their research.

However, there are also evident limitations, since the attack requires physical access to the system” (Kingsley-Hughes, 2015)Both Windows and Mac are vulnerable to exploits and breaches, such as SMB, RDP, and Rootkit vulnerabilities. Breaches are often enhancements, but can be compromised by those who have the technological knowledge to break the system. While many people argue that Mac is more secure than windows, some researchers have proved this as a false assumption. “According to a report by security firm GFI, Apples Mac OS X is the most vulnerable operating system, with the iOS platform coming in second.

As you have seen, in most cases the user is responsible for the system. Therefore, it is extremely important to be aware of these security issues, and take proactive steps to secure the operating system (Kingsley-Hughes, 2015).ReferencesA. Kingsley-Hughes. (2015). Mac OS X is the most vulnerable OS, claims security firm; Debate ensues [Online]. Available http://www.zdnet.com/article/mac-os-x-is-the-most-vulnerable-os-claims-security-firm D. L. dleeuw (2010). SAMBA Configuration [Online]. Available: http://pig.made-it.com/samba-setup.

html Microsoft (2003). What Is RPC? [Online]. Available: https://technet.microsoft.com/en-us/library/cc787851(v=ws.10).aspx SkullSecurity (2008). ms08-068 — Preventing SMBRelay Attacks[Online] . Available: https://blog.skullsecurity.org/2008/ms08-068-preventing-smbrelay-attacks Tal Beery (2014). Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease? [Online]. Available: http://www.aorato.com/blog/remote-desktops-restricted-admin-cure-worse-disease/ Veracode (2015). Rootkit: What is a Rootkit, Scanners, Detection and Removal Software [Online].

Available: http://www.veracode.com/security/rootkit