The Software in C++ and Networking - Essay Example

Networking Assignment Networking Assignment Farzeela Faisal Standard Academia Research If the company makes the software in C++, it should be kept in mind that which kind of data storage technology is going to be used so that it would be easier to restrict an employee to only view his own profile and edit whatever is allowed. If the C++ software is storing employees' information on flat file system then by using C++ business logic the userid, with which the user logs in to the Unix system, should be retrieved from the Unix operating system and depending on that userid, the user is allowed to access the profile associated with that userid. The promiscuous mode of Ethernet card is vulnerability for the whole Unix system. This mode tells an Ethernet card that rather than only detecting and sending packets to the operating system, which were destined for itself, to send every packet it, sees to the operating system. What this means for attackers is that once they penetrate a single machine on a network they can then observe all traffic passing through the network. This allows intruders to quickly collect passwords and account names for many users. And all too often a password good one place is good another. In order to save from this vulnerability, you have to save a copy of Kernel offline because the advance hackers even patches the kernel of Unix system so that the system can not detect that it is under promiscuous mode by the help of "ifconfig" and "tcpdump" commands. (http://www.acm.uiuc.edu) In terms of availability, it should be kept in mind that the several users are accessing the same application simultaneously. For every user the instance of the C++ application would be separate but if look at data file, the data file would act as a centralized data storage so C++ program must have the eligibility to maintain the proper locking mechanism of the data file so that only one user is updating the data file at a time. With locking mechanism in mind, the dead lock possibility should be carefully taken care off. In this way integrity is also maintained as only one user is updating the file at a time. Buffer Overflow 2) A buffer overflow occurs when a program or process tries to store more data in a buffer than it is supposed to hold that means storage of data in buffer more than its capacity. Since buffers are created to contain a finite amount of data, the extra information, which has to go somewhere can overflow into adjacent buffers, corrupting or overwriting the valid data, held in them. Sometimes it may occur accidentally through programming error but now-a-days buffer overflow is an increasingly common type of security attack. In overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C/C++ programming language supplied the framework, and poor programming practices supplied the vulnerability. In a Unix system, a C++ function is intended to allocate a 10 characters array and take userid as input from the user. Now if the function does not check the number of characters entered by the user and the user has entered 14 chars then those 4 extra chars are going to overwrite the other areas of the program. The extra will probably end up making the return address point to an area in memory which is not under the control of the currently executing program, causing a segmentation fault on Unix architectures. Example In November 1988, the Internet Worm shut down over 6,000 systems, just about cutting off all traffic on the Internet. One of the methods used to gain access to these systems was a buffer overflow exploit of a Unix service "finger." When you finger a user, the finger service returns information about the user, such as the user's real name and phone number. In the case of the Worm, the buffer overflow attack on finger replaced the server program with a Unix command interpreter, or shell. This shell was then used to copy across a program that uploaded, linked, and then executed a new copy of the Worm. (http://www.itarchitect.com) The code of the C++ program must have to be designed in a way that the user input must be validated in terms of contents and size before storing into buffers. Interms of Unix operating system safety from buffer overrun attacks, the system administrator must install proper updates to avoid these kind of attacks. 3. Virus A virus is created to insinuate itself into executable files or scripting documents. From there, the virus uses the computer's link to other files to spread itself to them along the pathway, replicating itself as it does so. Since many scripted files are created in a single program, viruses can spread easily to similar files. Sometimes the virus can jump from one file type to another, such as text files in Microsoft Excel and Word. The Word macro virus is capable of changing the macro, or hot key settings in Word to create unexpected results. Trojan Horse Trojan horse, when activated by downloading or opening the file, accesses the computer's vital systems to cause damage to the computer. Most Trojan Horses rely on an existing operating system file to function. For example, the AOL4Free Trojan Horse from 1997 used the DELTREE.EXE Windows file to access and delete the files from the owner's C drive. Unlike worms and viruses, Trojan Horses are unable to duplicate themselves. Worms Worms are the most dangerous of the three. A worm is able to spread from one computer to another by replicating the file, which carries its code. It uses the computer's systems to automatically mail, copies of itself to systems over a network or from an electronic mail program's address book list. Since it uses the account customer's address, others may be caught off guard when someone they know sends them an innocuous message asking them to read a specific document. More advanced worms are able to avoid detection by changing the subject heading of the infected message. Depending on the way it presents itself in the system, the worm may remain undetected for some time. Worms are also capable of accessing passwords and other system security settings. It might also search for openings in the Internet processing components of the computer to install a program on that system that could be controlled remotely by someone over the Internet. One-way to avoid all of these viruses, Trojans and worms is to install antivirus software and keep on updating it. Set the Antivirus software on automatic detection so that it can scan every email, attachment and even the scripts, which are downloaded from the web server in the Temp folder when the web page is opening in the browser. (www.eastserve.com) 4) Process Management The operating system manages many kinds of activities ranging from user programs to system programs like printer spooler, name servers, file server etc. Each of these activities is encapsulated in a process. A process includes the complete execution context (code, data, PC, registers, OS resources in use etc.). There are many processes that run the same program. The five major activities of an operating system in regard to process management are Creation and deletion of user and system processes. Suspension and resumption of processes. A mechanism for process synchronization. A mechanism for process communication. A mechanism for deadlock handling. In this functionality of O/S, if the operating system is not thoroughly handling the processes overall management then any malicious code could start any number of processes on its own at the low level and can do anything. For this the operating system must have the security feature to carefully monitor and assign time to any process, which is required to be executed. Main Memory Management The major activities of an operating in regard to memory-management are: Keep track of which part of memory are currently being used and by whom. Decide which process is loaded into memory when memory space becomes available. Allocate and deallocate memory space as needed. In this functionality, the buffer overrun attack could occur, so the O/S has to closely watch every memory allocation and de-allocation and restrict every block of code from accessing illegal memory space. File Management The five main major activities of an operating system in regard to file management are 1. The creation and deletion of files. 2. The creation and deletion of directions. 3. The support of primitives for manipulating files and directions. 4. The mapping of files onto secondary storage. 5. The back up of files on stable storage media. If the security is not maintained at the file level then any user can access any others file. So for that the file system of O/S like Unix, Linux and windows gives file level security. (http://www.personal.kent.edu/rmuhamma/OpSystems) 5) In the commercial environment, preventing disclosure " often important, but preventing authorized data modification is usually paramount. In particular, for that core of commercial data processing that relates to management and accounting for assets, preventing fraud and error is the primary goal. This goal is addressed by enforcing the integrity rather than the privacy of the information. Hence in commercial world, the policy addresses integrity rather than disclosure. This is basically commercial policy. No user of the system even if authorized, may be permitted to modify data items in such a way that assets or accounting records of a company might get lost or corrupted. In contrast, the policies associated with the management of classified information, and the mechanisms used to enforce these policies, are carefully defined and well understood within the military. However these mechanisms are not well understood in the commercial world, which normally does not have such a complex requirement for control of unauthorized disclosure. For integrity, the computer system controls the ability of an authorized user to copy a data item. In particular, once a computation has read a data item of certain security level, the system must ensure that any data items written by that computation have a security label at least as restrictive as the label of the item previously read. It is this mandatory check of the security level of all data items whenever they are written that enforces the high-level security policy. 6) Expenses of certain military operations are more sensitive, for example, the total amount the United States spends for ballistic missiles, which is not public. There are even operations known only to a few people, and so the amount spent on these operations, or even the fact that anything was spent on such an operation, is highly sensitive. Individual expenditures, like expenditures for paper clips or papers is not sensitive information. Some salary expenditures are subject to privacy requirements. Individual salaries are sensitive, but the aggregate (for example, the total Agriculture Department payroll, which is a matter of public record) is not sensitive. 7) Wide Area Networks have two fundamental problems i.e. the physical infrastructure is vulnerable and Information traveling over a Wide Area Network are vulnerable to attack (capture, eavesdropping, falsification, etc.). Physical vulnerability is caused by cables being routed remotely, away from the information owner. In this connection it is immaterial whether a cable is torn by a builder's digger or by a saboteur with the intention of harming the enterprise. In both cases the result is a broken network connection, data is no longer available and this situation may continue for several hours, even days. The potential costs caused by this are difficult to calculate but can become very significant. As far as the data vulnerability is concerned, if the data is not encrypted the data can be easily tapped by any hacker. Hence to avoid information vulnerability, data encryption is necessary. (http://www.fuhs.de) A Local area network due to certain weaknesses can have the following kinds of threats: Unauthorized LAN access - results from an unauthorized individual gaining access to the LAN. - Inappropriate access to LAN resources - results from an individual, authorized or Unauthorized, gaining access to LAN resources in an unauthorized manner. - Disclosure of data - results from an individual accessing or reading information and possibly Revealing the information in an accidental or unauthorized intentional manner. - Unauthorized Modification to data and software - results from an individual modifying, deleting or destroying LAN data and software in an unauthorized or accidental manner. - Disclosure of LAN traffic - results from an individual accessing or reading information and possibly revealing the information in an accidental or unauthorized intentional manner as it moves through the LAN. - Spoofing of LAN traffic - results when a message appears to have been sent from a legitimate, named sender, when actually the message had not been. - Disruption of LAN functions - results from threats that block LAN resources from being available in a timely manner. Whether we talk about LAN or WAN threats, they are always there because there are some inherent weaknesses in the overall network mechanism, which should have to be controlled. Some are: TCP/IP was not designed for high security: Protection through the use of privileged ports (0-1000) has little value since PCs have become TCP/IP clients. No traffic priority (easy to flood the network). Traffic can be injected, packets can be stolen or hijacked, so ensure routers and firewall implement anti-spoofing. DNS (Domain Name Service) The DNS, which is used on the internal network, should not be visible to the outside world (Internet). Firewalls, which provide DNS information to the Internet, should only resolve firewall addresses/names (i.e. for email, an MX record which points to the firewall itself) and not provide any information about hosts on the internal network. The internal DNS server can be set up to send unresolved queries to the external DNS server Essay: 1) The course of actions would be: Check all the network services provided by NTC and the possible vulnerabilities and the measures to control them. Check the client and server end software and their possible weaknesses. Check all the users and their policies and the authorization given to them. Check the methodologies of user authentication and authorization. Check whether the encryption level is well suited or not. Check for intrusion possibilities like SQL injection, spoofing etc. Check the backup and restoration programs. Check how the overall network restoration program is working in terms of any fault. Check for all the routers configurations. Check for client certificates needed for authentication and authorization. Check for database user privileges and integrity. 2) Passwords, pass-phrases and security codes are used in virtually every interaction between users and information systems. Most forms of user authentication, as well as file and data protection, rely on user-supplied passwords. Since properly authenticated access is often not logged, or even if logged not likely to arouse suspicion, a compromised password is an opportunity to explore a system from the inside virtually undetected. An attacker would have complete access to any resources available to that user, and would be significantly closer to being able to access other accounts, nearby machines, and perhaps even administrative privileges. Despite this threat, accounts with bad or empty passwords remain extremely common, and organizations with good password policy are far too rare. The most common password vulnerabilities are: User accounts have weak or nonexistent passwords. Regardless of the strength of their password, users fail to protect it. The operating system or third-party applications create accounts with weak or nonexistent passwords. In many commercial and Open Source applications, the hashing algorithms is known and often the hashes are stored where they can be accessed by standard users. Whilst system policies cannot help protect against hashing implementations or short-comings, the use of strong passwords can help thwart attacks against the hashes to recover the pass-phrase. Email is one of the most widely used applications on the Internet, as SMTP is one of the oldest protocols. Mail Transport Agents (MTAs) are the servers responsible for getting email from its sender to its intended recipient(s), usually via the SMTP protocol, which can be encrypted with SSL on insecure ports with TLS if both ends support it. It is not surprising, given email's widespread use that this system is under constant attack from viruses, worms, and more personal human attackers. The Simple Network Management Protocol (SNMP) is used extensively to remotely monitor and configure almost all types of modern TCP/IP-enabled devices. While SNMP is rather ubiquitous in its distribution across networking platforms, it is most often used as a method to configure and manage devices such as printers, routers, switches, access points, and to provide input for network monitoring services. Simple Network Management communication consists of different types of exchanged messages between SNMP management stations and network devices, which run what is commonly referred to as agent software. The methods by which these messages are handled and the authentication mechanism behind such message handling both have significant exploitable vulnerabilities. The open-source OpenSSL library provides cryptographic support to the applications that communicate over the network. It is a very widely deployed SSL/TLS protocol implementation, and is used by a large number of vendors. The most well known example of an application using this library is the Apache web server (to support secure http connections). Many of the commonly used POP3, IMAP, SMTP and LDAP servers also have their OpenSSL-based counterparts. Since the OpenSSL library is integrated with a number of applications, any vulnerability in the library can be exploited via these applications. For example, multiple exploits are publicly available that can compromise Apache servers compiled with certain versions of the library. However, the same exploits could easily be modified to compromise send mail, openLDAP, CUPS, or other OpenSSL-enabled applications. 3) NTC will tell its customers that they have to follow all the instructions and the upgradation in the software wherever are required. Further more while using the particular client software, client must follow the instructions handbook given to him. The clients must not tell their passwords, domain name, IP or any information related to the network to anybody. 4) A mechanism should have to devised which will help user to have strong passwords that could not be easily interpreted. The passwords must not be stored in any form in cookies at the client side. The password when typed by the user to be sent to the server for authentication must be 128 bit encrypted first and then sent to server for authentication. After authentication every data transfer between server and client should be 128-bit encrypted so that incase of any tapping the hacker cannot make sense of the data. Proper firewalls should have to maintain and implemented at the server side so that all the email communication must be through secure ports and no insecure ports can be used. Every email, which is received with or without an attachment, must be checked by an updated Antivirus automatically for virus, Trojans and worms. In order to protect against SNMP attacks following steps should be taken into account: 1. Disable SNMP services if not required. 2. Verify that all SNMP community strings have been changed from their default "public" setting. 3. Verify that SNMP enabled devices are not accessible from the public Internet. Use ingress and egress filtering at your border router or firewall to filter SNMP traffic if necessary. When implementing ingress filtering at a border device to prevent SNMP packets from reaching internal devices, care must be used when constructing UDP access list filters. Many typical border devices (i.e. firewalls) such as CheckPoint Firewall-1, Cisco Pix, and other "stateful" devices, will attempt to impose "pseudostate" on UDP-based protocols such as SNMP, which are inherently stateless. This is typically done by activating a timer when the firewall sees a UDP-based "request", and allowing UDP "replies" within the timer window to go in the opposite direction of the request. A hacker could use this to circumvent a firewall rule that blocks SNMP. For example, if the hacker gains a foothold inside an organization, perhaps compromising a desktop or laptop, s/he can then generate the SNMP request packet from the compromised system, with a fake source IP address of the device vulnerable to the SNMP exploit. This would then give the hacker a window of time (typically 30-60 seconds) to send the SNMP reply with the exploit to the vulnerable device. Another possible way to fool stateful firewalls could be via the firewall's handling of packets with a source port of 53, which appear to the firewall to be DNS replies. To avoid these problems, construct your access list filters in a non-stateful fashion, so that there are no circumstances where a UDP packet sent to port 161 or 162 can pass your border device. (http://www.counterpane.com) There are multiple ways to avoid OpenSSL vulnerability. Any one of the following measures is sufficient. 1. Disable SSL 2.0 in the OpenSSL-based application. The vulnerability occurs only if the old protocol version SSL 2.0 is enabled both in an OpenSSL server and in any of the clients (OpenSSL-based or not) connecting to it. Thus, if you have disabled SSL 2.0, the vulnerability does not apply to you. Generally, it is strongly recommended to disable the SSL 2.0 protocol because of its known weaknesses. 2. Upgrade the OpenSSL server software. The vulnerability is resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7h (or later); - in the 0.9.8 branch, version 0.9.8a (or later). OpenSSL 0.9.8a and OpenSSL 0.9.7h are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ (http://www.securiteam.com) (www.eastserve.com) (http://www.itarchitect.com) References http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ * http://www.securiteam.com * http://www.counterpane.com * http://www.personal.kent.edu/rmuhamma/OpSystems * http://www.acm.uiuc.edu Read More