The Subject of Protection of the Computer System - Assignment Example

Article Review Introduction The assignment is based on critiquing two articles on the of protection of the computer system. With the increased use of website applications, several vulnerabilities have been arrived and these vulnerabilities are growing at an alarming rate. Meanwhile, the two articles provide certain information for the protection of computer system from the web related vulnerabilities. A critique has been made in order to evaluate how effectively the articles have represented the findings and how the findings have contributed to the area of computer science. Furthermore, in order to make better comparison, similar other articles in the related subject area have also been evaluated. Review of Paper 1 Article Citation Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D. (2009). Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web, 3(1), 421-431. Summary The article is based on understanding the way the web browsers can be protected from Domain Name System (DNS) rebinding attacks. The focus of the article is development of strong protection against DNS rebinding attacks that defend modern web browsers. A qualitative and exploratory approach has been used in the study and information is collected from secondary sources. The key finding that has been understood from this article is that attackers can exploit the vulnerabilities that exist in the website browser. The DNS rebinding attacks do not necessitate the users to click to a link. By only viewing the advertisements, the attackers can hijack the Internet Protocol (IP) address and accordingly send spam messages, commit fraudulent activities and abuse the open network proxies. Most of the work of the articles concentrates on the evaluation of such attacks exclusively along with providing guidelines for network administrators about the way they can safeguard the computer system. Analysis DNS rebinding attacks are well known internet security threats where attackers can infiltrate the computer security system by web browsers, java applications and flash applications. These types of attack can convert web browsers into open network proxies. In order to deal with this attack, DNS pinning is used. However, in several circumstances, DNS pinning is not effective due to vulnerabilities presented by several plug-ins. These plugins offer extra functionalities to the different webpages. However, simultaneously, these plugins also allow the attackers to elude DNS pinning. Basically, DNS rebinding attacks are classified into two extensive categories namely firewall circumvention and IP hijacking, depending on the outcome of such attack (Kokkinopoulos, 2009). Main Contribution and Strengths. The key strength of the article is that the findings were quite apparent and contributed significantly in the area of information technology and computer science. Since, present generation is highly related with the use of internet technology, it is highly essential to understand the type of harm that can arrive from various sources and one such source is DNS rebinding. The article discusses the aspect of DNS rebinding and how it can assist in attacking a computer system. It also delineates various types of network access which are important in order to understand a type of attack and defend the machine accordingly. The other strength of the article is that it recognized the vulnerabilities which are related with DNS rebinding such as standard vulnerabilities and multi-pin vulnerabilities. Through this article, the reader will understand how hackers can attack by using DNS rebinding. For example, one such method is firewall circumvention. This type of attack facilitates to evade the proscription on inbound connections along with allowing the attackers to connect to internal servers. Another such method discussed in the article was IP hijacking, where hackers target the public internet services. The article defined several defenses against such DNS rebinding attacks. Such defenses comprise fixing the firewall circumvention, fixing the plug-ins and fixing the browsers with respect to default sockets. Weaknesses and Limitations. There are several limitations or weaknesses in the article. One limitation is that the article does not consider the primary data. Only secondary information has been used in the article. Furthermore, the article did not describe the methodology used in order to understand the research subject. Moreover, it has also been found that the researchers lack in providing adequate explanation to the philosophy of the research approach. Such explanation is vital in order to indicate the potentiality of the research. Concerning the data collection, the authors also lacked the justification of the method used in order to collect information. No explanation has been made regarding the data analysis method used in the study. Possible Improvements. Improvements in the article could be made, if the authors provide information regarding the approaches used in the research. Furthermore, the article would be improved if proper justification is given regarding the selected research philosophy. Moreover, the use of extensive research would also help to enhance the quality of outcome. More experiments are required in order to describe how attackers can effectively misuse the vulnerabilities in network security system. Comparison. In comparison with another related article, this article has much clearer aim and focus. For example, the article of Haines et al. (2000), discusses intrusion detection assessment. One key difference found in the article is that it comprises several realistic attacks while the Jackson et al. (2007) article has not defined any such realistic examples. Furthermore, the findings of Jackson et al. (2007) are quite generalizable whereas the findings of Haines et al. (2000) are quite complex and lack generalizability. The article of Haines et al. (2000) provided much pictorial representation in comparison with Jackson et al. (2007) in order to define the research subject. Nevertheless, both articles have followed the qualitative and exploratory approach to the research subject. Conclusion Overall, it can be stated that in Jackson et al. (2007), the authors have provided valuable information regarding the protection of browsers through DNS rebinding. The key arguments of the article are that the classic defenses of DNS such as DNS pinning are unable to protect the browsers of present generation and therefore the authors have defined certain methods to deal with such attacks. In the article, Jackson et al. (2007) also provided certain tools in order to block the external attacks from hackers. These tools are valuable for network administrators in order to protect the computer system. Review of Paper 2 Article Citation Sommer, R., & Paxon, V. (2003). Enhancing byte-level network intrusion detection signatures with context. Proceedings of the 10th ACM Conference on Computer and Communication Security, 262-271. Summary The article intends to develop the thought of contextual signatures where traditional model of string oriented signature matching is amplified by incorporating extra context on different levels. The focus of the article is to demonstrate how the concept of contextual signature can assist in eliminating a majority of weaknesses of traditional signatures. In order to demonstrate this, Sommer et al. (2003) evaluated interdependent signatures, regular expressions and knowledge regarding precise network environment, having considerable possibility to minimize incorrect positive rate and to recognize unsuccessful attack efforts. The key findings obtained from the article are that there is potentially great utility in incorporating more contexts in system’s analysis before generating an alert for an attack. The quality of alert can also be improved by utilizing knowledge regarding present state of network. Analysis The significance of internet security has grown considerably in recent times because of safety concerns in today’s network. An extensive diversity of systems has been recommended by different researchers which can identify and deal with the internet security threats. Among various applications, signature oriented ‘Network Intrusion Detection System’ (NIDS) has gained much success. There are two basic approaches of NIDS application namely signature and anomaly. A signature oriented NIDS maintains a collection of signatures which symbolizes the profile of identified security threats. These signatures are used in order to pass the information of several flows moving through network link. When an information flow matches a signature, proper action is taken, for instance to block the information or to restrict the information flow. Usually, security signatures have been identified as snort signatures, header condition signatures and port signatures (Kumar, 2007). Main Contribution and Strengths. The present article concentrated on NIDS and how it can be enhanced. Sommer et al. (2003) implemented the idea of contextual signatures provided by NIDS Bro, which are fundamentally a protocol examination element and a policy script element. A key strength of the work of Sommer et al. (2003) is to syndicate Bro’s tractability with the abilities of other NIDS by applying a signature device. At the higher degree, Sommer et al. (2003) used Bro’s rich contextual condition in order to implement the development to plain matching. In the article, Sommer et al. (2003) represented the key design thoughts behind the implementation of contextual signatures and integration into Bro’s architecture. The article also discusses different signature language for NIDS. For instance, one such set is Snort’s signature set. Sommer et al. (2003) highlights that Snort arrives with various problems such as the signatures are quite general in nature and at times there are certain overlapping signatures that exist in Snort which assist in exploitation by the attackers. In contrast to the Snort signature, the article defines the strength of Bro signatures in order to protect the computer system from network related threats. While demonstrating the strength of Bro signatures, the article defines regular expressions which permit even greater suppleness in comparison with fixed strings. Besides, it also discusses vulnerability profiles of several applications. Weaknesses and Limitations. Multiple weaknesses or limitations have also been observed in the article. The first limitation is that there is no clear statement of finding in the research. The authors have represented the findings in ambiguous manner and high level of complexity has also been observed in the research. Although comparison method has been used in order to analyze the effectiveness of signature engine with Snort with respect to run time performance and generation of alerts, Sommer et al. (2003), have also not justified the analysis method applied in the research. Moreover, the article has not assessed the idea of conceptual signatures. As an alternative, Sommer et al. (2003) confirmed that the application of Bro signatures is able to perform as a real substitute for most extensively positioned NIDS even if Sommer et al. (2003) did not describe any of advanced features it offers. Throughout the comparison of Bro and Snort signatures, Sommer et al. (2003) found several peculiarities which are believed to be of general interest. Possible Improvements. Possible improvements can be made by spreading the idea of developing an outline beyond just using protocol analysis. In future, the research can submissively fingerprint hosts in order to define the operating system version data by observing specific characteristics of the header field signature in the traffic they generate. Furthermore, improvement can also be made by making the findings along with the research aims and objectives more appropriate. Comparison. In contrast to Sommer et al. (2003), article presented by Kirda et al. (2009) also discusses scripting protection in online services. From the observation of the both articles, it can be stated that the aims and objectives are much clearer in Kirda et al. (2009). Furthermore, the findings have been quite well presented in Kirda et al (2009) with respect to Sommer et al. (2003). More specifically, the findings presented by Sommer et al. (2003) are quite complex than Kirda et al. (2009). Conclusion Irrespective of several limitations of the article presented by Sommer et al. (2003), it provides a framework regarding the development of traditional model of string oriented signature matching used by NIDS. The article stated that by strongly incorporating the new signature engine into Bro’s event oriented design, several major development can be made on other signature oriented NIDS. Sommer et al. (2003) also assessed the signature engine by utilizing Snort as a locus and compared both engines with respect to run time performance. The work of Sommer et al. (2003) acts as a baseline for the development of contextual signatures which can be used in several commercial as well as educational contexts. Furthermore, the analysis and discussion can further aid in addressing the threats associated with network intrusion effectively which in turn can help to mitigate unwarranted losses in business purview. References Haines, J. W., Rossey, L. M., & Lippmann, R. P. (2000). Extending the DARPA off-line intrusion detection evaluation. Massachusetts Institute of Technology, 1-11. Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D. (2009). Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web, 3(1), 421-431. Kirda, E., Jovanovic, N., Kruegel, C., & Vigna, G. (2009). Client-side cross-site scripting protection. Computers & Security, 28(7), 592-604. Kokkinopoulos, G. (2009). DNS rebinding attacks. Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a508892.pdf Kumar, S. (2007). Survey of current network intrusion detection techniques. Retrieved from http://www1.cse.wustl.edu/~jain/cse571-07/ftp/ids/index.html Sommer, R., & Paxon, V. (2003). Enhancing byte-level network intrusion detection signatures with context. Proceedings of the 10th ACM Conference on Computer and Communication Security, 262-271. Read More