Computer security
Subject code: 12177
Q1.
a)
(i)The need of the security
Page 1 of 25
The need of computer security has been threefold: confidentiality, integrity, and
availability the CIA of security.
(1 Mark – for this statement)
(1 Marks each for explanation of following points)
(1)Confidentiality
The purpose of confidentialityis to ensure that only those individuals who
have the authority to view a piece of information may do so. No unauthorized
individual should ever be able to view data they are
not entitled to. Confidentiality is the concealment of information or resources.
The need for keeping the secret arises from the use of computers in sensitive
fields such as government and industry. For example, military and civilian
institution in the government often restrict access to information to those who
need that information .The first formal work in computer security was
motivated by the military s attempt to implement controls to enforce a need to
know principle . This principle also applies to industrial firms , which keep
their proprietary designs secure test their competitors try to steal the designs.
As a further example, all types of institutions keep personnel records secret.
(2)Integrity
Integrityis a related concept but deals with the modification of data. Only
authorized individuals should ever be able to change (or delete) information.
Integrity refers to the trust worthiness of data or resources and it is usually
phrased in terms of preventing improper or unauthorized change ,Integrity
and origin integrity .The source of information may bear on its accuracy and
credibility and on the trust that people place in the information.
(3)Availability
The goal of availabilityis to ensure that the data, or the system itself, is
available for use when the authorized user wants it. Availability refers to the
ability to use the information or resources desired. Availability is an important
aspect of reliability as well as of system design because an unavailable system
is at least as bad as no system at all. The aspect of availability that is relevant
to security is that someone may deliberately arrange to deny access to data or
to a service by making it unavailable.
As a result of the increased use of networks for commerce, two
additional security goals have been added to the original three in the CIA of
security. Authentication deals with the desire to ensure that an individual is
who they claim to be. The need for this in an online transaction is obvious.
Related to this is no repudiation, which deals with the ability to verify that a
message has been sent and received. The requirement for this capability
in online transactions should also be readily apparent.
(ii)Active and Passive attacks ( 2 Marks for each)
Classes of attack might include passive monitoring of communications,
active network attacks, close-in attacks, exploitation by insiders, and attacks
through the service provider. Information systems and networks offer
attractive targets and should be resistant to attack from the full range of
threat agents, from hackers to nation-states. A system must be able to limit
damage and recover rapidly when attacks occur. Types of attacks are
Passive Attack
Apassive attack monitors unencrypted traffic and looks for clear-text
passwords and sensitive information that can be used in other types of
attacks.Passive attacks include traffic analysis, monitoring of unprotected
communications, decrypting weakly encrypted traffic, and capturing
authentication information such as passwords. Passive interception of
network operations enables adversaries to see upcoming actions. Passive
attacks result in the disclosure of information or data files to an attacker
without the consent or knowledge of the user.
Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is
being transmitted. Two types of passive attacks are release of message
contents and traffic analysis. The release of message contents is easily
understood. A telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential information. We would
like to prevent an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler. Suppose that we
had a way of masking the contents of messages or other information traffic so
that opponents, even if they captured the message, could not extract the
information from the message. The common technique for masking contents
is encryption. If we had encryption protection in place, an opponent might still
be able to observe the pattern of these messages. The opponent could
determine the location and identity of communicating hosts and could
observe the frequency and length of messages being exchanged. This
information might be useful in guessing the nature of the communication that
was taking place. Passive attacks are very difficult to detect because they do
not involve any alteration of the data. Typically, the message traffic is sent
and received in an apparently normal fashion and neither the sender nor
receiver is aware that a third party has read the messages or observed the
traffic pattern. However, it is feasible to prevent the success of these attacks,
Page 3 of 25
usually by means of encryption. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection..
Active Attack
In anactive attack, the attacker tries to bypass or break into secured
systems. This can be done through stealth, viruses, worms, or Trojan horses.
Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information. These attacks
are mounted against a network backbone, exploit information in transit,
electronically penetrate an enclave, or attack an authorized remote user
during an attempt to connect to an enclave. Active attacks result in the
disclosure or dissemination of data files, DoS, or modification of data.
Active attacks can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service. A masquerade takes
place when one entity pretends to be a different entity.
A masquerade attack usually includes one of the other forms of active
attack. For example, authentication sequences can be captured and replayed
after a valid authentication sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of messages simply means that some portion of a
legitimate message is altered, or that messages are delayed or reordered, to
produce an unauthorized effect. For example, a message meaning "Allow John
Smith to read confidential file accounts" is modified to mean "Allow Fred
Brown to read confidential file accounts."
The denial of service prevents or inhibits the normal use or
management of communications facilities. This attack may have a specific
target; for example, an entity may suppress all messages directed to a
particular destination (e.g., the security audit service). Another form of service
denial is the disruption of an entire network, either by disabling the network
or by overloading it with messages so as to degrade performance.
(iii)Problems due to translation of unauthorized software
(Any related four point 4 marks, 1 mark per point)
Installing unauthorized software programs such as games to play during break time,
signature files for email, weather programs, etc. oil your computer at work may seem
harmless or even beneficial. However, software from unauthorized sources can create
many problems as elaborated below
Page 4 of 25
1. Freeware and low-cost software downloaded from the Internet or distributed on
floppy disks or CDs can contain viruses that will infect the system and spread to
other computers on the network,
2.Unauthorized software may be poorly written, intended for use with a different
operating system, or have conflicts with currently installed software that can cause it
to crash your computer or send unwanted messages on the network
3.Unauthorized software might be pirated (copied illegally), which could penalties in
case of a software audit,
4.The unauthorized software may contain spy ware that will capture information you
type and send it to marketers or criminals,
5.The unauthorized software may not contain known security flaws when installed but
hackers may discover and exploit flaws, as can be seen from the above, downloading
unauthorized software can be anything but harmless and therefore shall be avoided.
(iv)Password management
(Any 8 points 4 marks, ½ marks per point)
The username and password challenge is arguably the most popular security
mechanism in use today. Unfortunately, it s also the most poorly configured,
neglected, and easily circumvented. The first step in addressing the password issue
is to create an effective and manageable password policy that both system
administrators and users can work with. In creating a policy, you should examine
your business and security needs carefully. What level of risk is acceptable? How
secure does the system need to be? How often should users change their
passwords? Should you ever lock accounts? What guidelines should users use
when selecting passwords? Your list of questions will vary greatly, but the key is to
spend time identifying your concerns and addressing them specifically in your
password policy.
Those setting password requirements must remember that making the
password rules too difficult may actually decrease security if users decide
the rules are impossible or too difficult to meet. If passwords are changed
too often, users may tend to write them down or make their password a
variant of an old password which an attacker with the old password could
guess. The following password requirements will be set by the IT security
department:
1.Password should have minimum and maximum limit
1.Minimum Length - 8 characters recommended
2.Maximum Length - 14 characters
2.Minimum complexity - No dictionary words included. Passwords should use
three of four of the following four types of characters:
1.Lowercase
2.Uppercase
3.Numbers
4.Special characters such as !@#$%^&*(){}[]
2.Passwords are case sensitive and the user name or login ID is not case sensitive.
3.Password history - Require a number of unique passwords before an old password
may be reused. This number should be no less than 24.
1.Maximum password age - 60 days
2.Minimum password age - 2 days
Page 5 of 25
4.Store passwords using reversible encryption - This should not be done without
special authorization by the IT department since it would reduce the security of the
user's password.
5.Account lockout threshold - 4 failed login attempts
a.Reset account lockout after - The time it takes between bad login attempts
before the count of bad login attempts is cleared. The recommended value as
of the date of writing this article is 20 minutes. This means if there are three
bad attempts in 20 minutes, the account would be locked.
6.Account lockout duration - Some experts recommend that the administrator reset
the account lockout so they are aware of possible break in attempts on the
network. However this will cause a great deal of additional help desk calls.
Therefore depending on the situation, the account lockout should be between 30
minutes and 2 hours.
7.Password protected screen savers should be enabled and should protect the
computer within 5 minutes of user inactivity. Computers should not be unattended
with the user logged on and no password protected screen saver active. Users
should be in the habit of not leaving their computers unlocked. they can press the
CTRL-ALT-DEL keys and select "Lock Computer".
8.Rules that apply to passwords apply to pass phrases which are used for
public/private key authentication
b)
(i)Secure code technique and buffer overflow
(1 marks secure code technique and 3 – marks for buffer overflow with example)
In software development, the implementation of designs is the coding step.
1.The act of converting an idea into code is a critical point where an error can enter the
process.
2.The errors are of two types: the failure to include desired functionality, and the
inclusion of undesired behavior in the code.
3.If the requirements are listed in a previous phase of the process then testing for the
first type of error is relatively easy.
4.Testing for the second type of error is significantly more difficult. Testing for an
5.Unknown is a virtually impossible task, so the concept of testing for categories of
previously determined errors makes this possible.
6.The common type of error known as a buffer overflow. Other common types are code
injections, privilege errors, and cryptographic failures.
Buffer Overflow
The input buffer is used to hold program input, which is overwritten with data that is
larger than the buffer can hold. The cause of this vulnerability is a combination of two
things: poor programming practice and programming language weaknesses.
Many programming languages like C were designed for space and performance
constraints. Many functions in C, like gets ( ), are unsafe, because they will permit
unsafe operations, like unbounded string manipulation into fixed buffer locations.
Also, the C language allows direct memory access through pointers, a functionality that
provides a lot of programming power, but it carries the burden of proper safeguards
being provided by the programmer.
Page 6 of 25
The first line of protection is to write solid code. Regardless of the language used, or
the source of outside input, careful programming practice is to treat all input from
outside a function as unfriendly. Authenticate all inputs as if they were aggressive and
an attempt to force a buffer overflows.
Although during development phase, accept the notations, everyone may be on the
same team, be conscientious and compliant with design rules.
Designing prevention into functions is a foundational protection against such type of
vulnerability.
A second line of protection is proper string handling, this is a common event in
programs, and string-handling functions are the source of a large number of known
buffer overflow vulnerabilities. To improve the security use strncpy( ) in place of strcpy( )
is a simple.
The function strncpy( ) requires the length of input for the number of characters to
be copied. Further validation before passing values to string functions, they involves a
performance penalty, which can prevent buffer overrun problems.
To achieve program objectives, proper use of functions is essential to prevent
unintended effects like buffer overflows. Use of the gets( ) function can never be totally
safe because it reads from the stdin stream until a linefeed return.
There is no way to predetermine whether the input is going to overflow the buffer or
not. So better is to use a stream object of C++ or use of fgets( ) function. The function
fgets( ) requires an input buffer length, and hence avoids the overflow. Simply replace
{
char buffer[512];
gets(buffer);
------
------
------
}
with
{
char buffer[512];
fgets(buffer,sizeof(buffer),stdin)l
------
------
------
}
(Any such related example can be accepted)
(ii)Operation system hardening
(Any four points to be considered, 1 marks per point)
The hardening of operating systems involves ensuring that the system is configured
to limit the possibility of either internal or external attack. While the methods for
hardening vary from one operating system to another, the concepts Involved are largely
Subject code: 12177
Page 7 of 25
similar regardless of whether Windows, UNIX, Linux, Macos x or any other system is
being base lined. Some basic hardening techniques are as follows:
Non-essential services: It is important that an operating system only be configured to
run the services required to perform the tasks for which it is assigned. For example,
unless a host is functioning as a web or mall server, there is no need to have FITTP or
SMTP services running on the system.
Patches and Fixes:As an ongoing task, it is essential that all operating systems be
updated with the latest vendor supplied patches and bug fixes (usually collectively
referred to as security updates).
Password Management: Most operating systems today provide options for the
enforcement of strong passwords. Utilization of these options will ensure that users are
prevented from configuring weak, easily guessed passwords. As an additional level of
security, it includes enforcing the regular changing of passwords and the disabling of
user accounts after repeated failed login attempts.
Unnecessary accounts:All guest, unused and unnecessary user accounts must be
disabled or removed from operating systems. it is also vital to keep track of employee
turnover so that accounts can be disabled when employees leave an organization.
File and Directory Protection: Access to files and directories must be strictly
controlled through the use of Access Control Lists (ACLs) and file permissions.
File and File System Encryption: Some file systems provide support for encrypting
files and folders. For additional protection of sensitive data, it is important to ensure
that all disk partitions are formatted with a file system type with encryption features
(NTFS in the case of Windows).
Enable Logging: It is important to ensure that the operating system is configured to log
all activities, errors and warnings.
File Sharing: Disable any unnecessary File sharing.
Q2.
a)DES
DES stands for Data Encryption Standard. It was first developed over twenty years ago. In
1973 the National Bureau of Standards (NBS), now known as the National Institute of
Standards and Technology (NIST), issued a request for proposals for a standard
cryptographic algorithm DES is what is known as a block cipher, segmenting the input data