COSC 316 COMPUTER HOSTS SECURITY

1
COSC 316 COMPUTER HOSTS SECURITY

• SOUNDARARAJAN EZEKIEL
• COMPUTER SCIENCE DEPARTMENT
• INDIANA UNIVERSITY OF PENNYLVANIA
• INDIANA, PA 15705

2
Part IV Handling Security Incidents Chapter 23
Protecting Against Programmed Threats

• We will talk about
• Computer worms, viruses, Trojan horses, and other
  programmed threats
• Programmed threats definition
• Damage
• Authors
• Entry
• Protecting yourself
• Preventing attacks

3
Chapter 22 Protecting Against programmed Threats

• Story
• 4 am August 14, Hillary Nobels pager is ringing
  she turn the pager off went to bed phone
  ringing A major NY city law firm counterpart in
  London none of the computer works they work
  stand alone but not as network she turns on her
  laptop instead of login window she got a
  message
• Dear Ms. Nobel The virus report. Slow
  stealthy worm (SSW)copy righted game software
  copies by one of your employee. 75 K .
• She try to reach FBI and changed her mind and
  started to transfer 5000 in order to bring the
  network back before sunrise.

4
Programmed Threats Definitions

• Computer execute the instruction sequentially
  one after another
• Instructions some time damaging or malicious
  these are called malicious code/ programmed
  threat
• Bugs- the most common cause of unexpected
  program behavior
• There are many kinds malicious codes/software
  sometimes called viruses and worms
• It is classified according the way they behave,
  how they triggered and how they spread
• there is no single definitions for these
  malicious software

5
Continue

• Security tools and toolkits- usually designed
  to be used by security professional to protect
  their sites
• Back doors- also called trap doors, these allow
  unauthorized access to your system
• Logic bomb- hidden feature in program that of
  off after certain condition met
• Trojan horses- program that appear to have one
  function but actually perform another functions
• Viruses- program that modifies other program on
  a computer, inserting copies of themselves
• Worms program that propagate from computer to
  computer on a network, without necessarily
  modifying other programs on the target machine
• Bacteria or rabbit program- program that make
  copies of themselves to overwhelm a computer
  systems resource

6
Security Scanners and other tools

• Many programs are written that can automatically
  scan for computer security weakness these
  programs are called security scanners or security
  tools
• It has double purpose tell the weakness and help
  perpetrators to scan the system
• Some sold some are free on the internet
• Example nmap network mapping developed by
  the computer underground and it is now widely
  used by professionals

7
Back doors and trap doors

• It is a code written into applications or OS to
  grant programmers access to program without
  requiring them to go through normal method of
  access authentication
• Around for many years
• Attacker insert a back door in a system after a
  successfully penetrates that system it gives the
  attacker a way to get back into the system or
  become root at a later time
• An attacker might
• Install an altered version of login other
  programs
• Plant an entry in the rhost, shots, or
  ssh/authorized files
• Change the file system
• Add an alias to the mail system
• Change the owner of a directory
• Change file permission
• Change shared library
• Change or add network service to remote user
• Add a back door to sshd so that login with
  specific username and password

8

• Protecting against back doors are complicated
• Check new software
• Test the software in a non-critical machine
• Free software are not safe
• Logic Bombs
• Logic bombs are programmed threats that lie
  dormant in commonly used software for an extended
  period of time until they are triggered.
• It can destroy or change data cause damage to
  the system
• Famous example- employ ID triggered if a
  particular employ ID did not appear in payroll in
  2 consecutive month ( if they left or fired)
• Protect similar to Back door programs

9
Trojan Horses

• It is named after Trojan Horses of myth
• Modern Trojan horses looks like a program that
  the user wishes to run say game, spreadsheet
• While the program appears to be doing what the
  user wants, it actually is doing something else
  unrelated to its advertised purpose, and without
  the users knowledge.
• Trojan horses in mobile code- attacker embed
  command in places other than compiled program
  such as scipt, Tex file, ps
• Terminal based Trojan horses make use of
  block/send commands
• Avoiding Trojan Horses- never execute anything

10
Viruses

• A true virus is a sequence of code that is
  inserted into other executable code so that when
  the regular program is run, the viral code is
  also executed.
• The viral code causes a copy of itself to be
  inserted in one or more other programs. They
  cannot run on their own, and some host program,
  of which they are a part, must be executed to
  activate them
• Found on pcs running on most popular OS

11
Continue

• It can be hidden in the source code
• Hidden in precompiled program
• Network based viruses
• Environments that let Window based software
• Webpages with applets
• ps files
• MIME encoded mail
• Protection
• Same as back door and attackers

12
Worms

• Worms are programs that can run independently and
  travel from machine to machine across network
  connections worms may have portions of
  themselves running on many different machines.
• They do not change other programs, although they
  may carry other code that does
• Click here to accept this worm-- greeting cards
• If you suspect call the response team isolate
  that system from the network

13
Bacteria and Rabbits

• Bacteria, also known as rabbits, are programs
  that do not explicitly damage any files
• Their sole purpose is to replicate themselves
• May do nothing more than execute two copies of
  itself simultaneously or perhaps create two new
  files, each of which is a copy of the original
  source files of the bacteria program
• Both of those programs then may copy themselves
  twice and so on.. eventually taking up processor,
  memory, disk space.

14

• Damage-
• Complete destruction of data
• low level disk format
• Corruption of files
• Other damages
• Authors
• students
• Publicity hounds
• Experimenters and hobbyists
• Common criminals
• Activists
• Information warfare researchers
• Who will plant the programs
• Program authors
• Employees
• Thieves
• Spies
• Extortionists
• Political activists

15

• Entry
• How do these threats find their way into your
  computer system and how do they reproduce?
• Internet
• E-mail
• Network
• Protecting yourself
• Shell features- the shells provide users with a
  number of shortcuts and conveniences. Among these
  features is a complete programming language with
  variables. Some of these variables govern the
  behavior of the shell itself. If an attacker is
  able to subvert the ay the shell of a privileged
  user works, the attacker can often get the user
  to execute a task for him

16
Continue

• Startup file Attack- various programs have
  methods of automatic initialization to set
  options and variable for the user. Once these
  options and variable are set, the user normally
  never looks at them again. As a result, they are
  a great spot for an attacker to make a hidden
  changes to be executed automatically on her
  behalf
• Abusing automatic mechanisms- Unix has program
  and systems that run automatically. Many of these
  system require special privileges. If an
  attacker can compromise these systems, he may be
  able to gain direct unauthorized access to other
  parts of the OS or plant a back door to gain
  access at a later time.

17
Preventing Attacks

• No matter what the threat is called, how it
  enters your system, or what the motives of the
  person who wrote it may be, the potential for
  damage is your main concern.
• Any of these problems can result in downtime and
  lost or damaged resources.
• File protection- files and directories and
  devices that are writable by any user on the
  system can be dangerous security holes.
  Maintain vigilant
• Shared libraries- programs that depend on shared
  libraries are vulnerable to a variety of attacks
  that involve switching the shared library that
  the program is running. If your system has
  dynamic libraries, they need to be protected.

18
Conclusion

• Programmed threats are among the most serious
  threats facing users and administrators in
  today's networked computing environments.
• There are many kinds of threats
• There are many steps that you can take to protect
  yourself against programmed threats, including
  anti-virus software, applying patches, and
  providing users education. You must employ them
  all to protect your system. Otherwise, you will
  be a victim. There are simply too many of these
  attack programs on the loose