3 protecting systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

3-Protecting Systems PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

3-Protecting Systems. Dr. John P. Abraham Professor UTPA. Hardening Operating System. 3 pronged approach: operating system updates, Protect against buffer overflows, configuring operating system protections. Operating System updates. Security Patch: Covers discovered Vulnerabilities

Download Presentation

3-Protecting Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


3 protecting systems

3-Protecting Systems

Dr. John P. Abraham

Professor

UTPA


Hardening operating system

Hardening Operating System

  • 3 pronged approach:

    • operating system updates,

    • Protect against buffer overflows,

    • configuring operating system protections


Operating system updates

Operating System updates

  • Security Patch: Covers discovered Vulnerabilities

    • Turn on automatic updates

  • Hotfix – specific to a customer situation

  • Service Pack – Cumulative security patches and other software updates.

  • Designate one server within your organization as the patch update service


  • Buffer overflow protection

    Buffer Overflow Protection

    • Corrupts system memory and causes freezing

    • May change the return address (from a routine) to a different one where the malware is residing.

    • Programmers should write defensive programming. Show the textbook to the students.

      • For windows based programming use: Data execution prevention(DEP) and Address Space Layout Randomization (ASLR)


    Defensive programming microsoft environment

    Defensive programming Microsoft environment

    • Data Execution Prevention (DEP)

      • DEP is available in VISTA and beyond

      • Designated memory only to hold data not code (No eXecute NX bit associated with the memory). Buffer overflow redirection would not work within a NX memory.

      • Programmers can turn on this feature.

    • Address Space Randomization (ASLR).

      • Each time Vista.. Is rebooted .EXE and .DLL are loaded randomly into 256 possible locations. Attackers find it difficult to work with unpredictable code locations.


    Configuring operating system protection

    Configuring Operating System Protection

    • Security Policy

      • A document that clearly defines the defense mechanisms an organization will employ in order to keep information secure.

      • Configuration baseline – permissions on files, registry permissions, logins, authentications, etc. You may want to create a Security template to handle it.

      • Deployment – individually or by group policy


    Preventing attacks that target web browser

    Preventing Attacks that Target Web browser

    • Attacks through cookies, scripts, Java, ActiveX and cross-site scripting.


    Cookies

    Cookies

    • information about visits saved on user’s computer. First party cookie is created by the site that the user is currently viewing. Third-party cookies are cookies created by some one else is accessed in a current visit to a different site.

    • Cookies do not present a security threat, but is a privacy risk. Track browsing habits, etc. Also provides IP address.


    Scripts java vb etc

    Scripts (Java, VB, etc.)

    • Web pages containing scripts download the scripts to the computer and is executed. The program can send information about the user to a host. Scripts can’t access files on the computer, so limited risk exists.


    3 protecting systems

    Java

    • Java can create applets that run on local computers. Defense against hostile jave applets is a Sandbox (a fence). Unsigned java applet does not come from a trusted source and must be run within the sandbox and gives warning to the users. If users do not read the message, or understand the risk, it can cause serious trouble. Sandbox warnings are given at the bottom left. Signed java applets are from trusted sources and have not been altered.


    Activex add ons

    ActiveX – Add-ons

    • framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language. A software application can then be formed from one or more of these components in order to provide its functionality. They do not run in a sandbox. It can do anything on the computer such as creating, modifying and deleting files. A signed ActiveX control is generally safe. Unsigned is riskier.


    Cross site scripting xss

    Cross Site Scripting (XSS)

    • Scripts that extract information from victim and pass it to the attacker.

    • Changes contents of dynamic websites and injects a script into it that asks for personal information through input validation.

    • A web site that displays bad login screens with login name is a good one for these types of attacks.

    • It could send a URL to click


    Smtp open relays

    SMTP Open Relays

    • A user can set up a email receiving address and a sending address. Usually they are the same like pop.dia.sbc.net and smtp.dia.sbc.net. Some smpt servers are configured to sned mail through other domains (known as relays). An attacker can send spam through such relays without getting caught.


    Instant messaging

    Instant Messaging

    • Once a user signs up with the instan message server, the client’s IP and port is sent to all buddies and communication can take place directly. With direct connection virus and worms can be spread. Attacker can also view contents of messages.


    Peer to peer

    Peer-to peer

    • All types of attacks can take place through P2P networks. BitTorrent is more secure than P2P. However, both can be used to download illegal software or music.


    Defenses

    Defenses

    • Antivirus – always a step behind, update with definition files.

    • Pop-up blockers. Now incorporated into the browser.

    • Anti-spam. Spam filter with smtp server. Install spam filter with pop3

    • Personal firewals.

    • Host Intrusion Detection systems (HIDS) monitoring files systems and logfiles.


  • Login