CIS 2005 System Security and Control - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

CIS 2005 System Security and Control

Description:

Discuss types of malicious code, how they work and how to protect against them. Main focus is on malicious code and program development controls. 4 4. Software ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 33
Provided by: busi270
Category:
Tags: cis | control | security | system

less

Transcript and Presenter's Notes

Title: CIS 2005 System Security and Control


1
CIS 2005System Security and Control
  • Lecture 4
  • Module 4 - Software security

2
Threats to Consider
3
This weeks objectives
  • Distinguish between different groups of software
  • Identify what vulnerabilities, threats and
    controls apply to software
  • Discuss types of malicious code, how they work
    and how to protect against them
  • Main focus is on malicious code and program
    development controls

4
Software Security
  • Keeping programs free from flaws
  • Protecting computers from programs with flaws
  • When is a program secure?
  • Trusted
  • Enforces CIA
  • Fault fixing
  • Penetrate and patch
  • Tiger teams

5
Software groups
  • System software
  • Operating systems
  • Utilities
  • Applications/programs
  • Custom-built software
  • Packaged software
  • Shareware
  • Public-domain
  • Freeware

6
Basic Components
ROM or Flash ROM
BIOS
Communicates with peripherals
Program
Boot Sector
Data
CDROM
Operating System
7
Multiuser/Multitasking
Ensure parts of disk are inaccessible
Separate program/data environments
8
Operating systems security
  • Multitasking vs. single tasking
  • Multi-user vs. single user
  • All operating systems offer different levels of
    security with respect to
  • File protection
  • User authentication and privileges
  • Memory protection
  • General protection of objects
  • Audits, and other areas

9
Programming attacks
  • Non-Malicious Program bugs
  • Inadvertent human error within the code
  • Buffer Overflows
  • Incomplete Mediation
  • Time-of-Check to Time-of-Use Errors
  • Anonymous malicious code (Viruses)
  • Targeted malicious code
  • Trapdoor (written for particular system)
  • Hidden access to functionality
  • Salami attack
  • Small , insignificant amounts are accumulated
    into something significant
  • Covert channel

10
Viruses
  • A program which can pass on malicious code by
    modifying existing files or programs
  • Damage ranges from minimalto disastrous
  • Require a host program or a file as a carrier
  • Activated by external action
  • Can replicate, but replication is limited to one
    system (or virtual system)

11
Types of viruses
  • File virus
  • Attaches itself to or replaces program files
  • Boot sector
  • Replaces the boot program used to start a
    computer with a modifies, infected version of the
    boot program
  • Macro virus
  • Uses the macro language of an application to hide
    virus code.

12
Types of viruses (contd)
  • Logic bomb
  • Activates on a certain condition
  • Time bomb
  • Activates at a certain time
  • Trojan horse
  • Legitimate program which performs undocumented
    functions
  • Worm
  • Does not require a host
  • Spread via network

13
Challenges of virus detection
  • Antivirus programs use virus signatures
  • i.e. patterns of known virus code
  • Polymorphic virus
  • Modifies its code every time it replicates
  • File inoculation offers a solution
  • Recording of the file size and creation date of
    the original file
  • Stealth virus
  • Reports the files original size and creation
    date after infecting it

14
(No Transcript)
15
About Viruses True or False?
  • Viruses can infect only MS Windows systems?
  • Viruses can modify hidden or read only files?
  • Viruses can appear only in data files, or only in
    Word documents?
  • Viruses spread only on disks or only in e-mail?
  • Viruses cannot remain in memory after a complete
    power off/power on reboot?
  • Viruses cannot infect hardware?
  • Viruses can be malevolent, benign or benevolent?

P126
16
W32.Blaster.Worm
  • Worm
  • Program that makes copies of itself, from one
    computer to another
  • Exploits DCOM RPC vulnerability using TCP port
    135
  • Targets only Windows 2000 and Windows XP machines
  • Machines with vulnerable DCOM RPC Services
    running
  • Attempts to download the msblast.exe file to the
    WinDir\system32 directory and then execute it
  • Runs when you start Windows
  • Generates an IP address and attempts to infect
    the computer that has that address
  • Also attempts to perform DoS on Microsoft Windows
    Update Web server (windowsupdate.com)
  • To prevent you from applying a patch on your
    computer against the DCOM RPC vulnerability
  • Thousands of computers affected

17
Virus Protection More Recommendations
  • Turn off and remove unneeded services
  • By default, many OS install unrequired services
  • Keep your patch levels up to date
  • Enforce a password policy
  • Configure your email server to block/remove file
    attachments commonly used to spread viruses
  • .vbs, .bat, .exe, .pif. .scr
  • Isolate infected computers quickly
  • Do not open unsolicited attachments

18
Covert channel
  • Leaks information to unauthorized receiver
    through legitimate information or processes
  • Used for spying
  • Two types of covert channels
  • Storage passes information by the presence or
    absence of objects in storage
  • Timing passes information by the speed at which
    things happen

19
Covert Channel Example
20
Covert channel (contd)
  • National Computer Security Center (NCSC) provides
    a Guide to understanding covert channel analysis
    or trusted systems (Nov 1993)
  • http//www.radium.ncsc.mil/tpep/library/rainbow/NC
    SC-TG-030.html

21
Program development controls
  • Program integrity can be enforced by employing
  • Appropriate programming techniques
  • Modularity
  • Encapsulation
  • Information hiding
  • Good software development practices
  • Administrative controls

22
Modularity
  • Division of a task into logical or functional
    subtasks or modules
  • Each module performs a separate, independent part
    of the task

23
Modularity (contd)
  • Why is this good for security?
  • Modules are easy to understand, maintain and test
  • They have limited effect on other modules
  • Reuse of correct existing modules can
    significantly reduce programming errors

24
Encapsulation
  • Characteristic of a well designed module which
    has little coupling
  • Coupling
  • Strength of interaction between objects
  • Measure of interdependence among modules
  • One of the principles of object-oriented design
    where each object is responsible for its own data
    and functionality

25
Encapsulation (contd)
  • Why is this good for security?
  • Modules operate as if they are surrounded by a
    shield that prevents unwanted access and promotes
    code re-use
  • Once again, re-use
  • Limited interfaces of objects reduce the number
    of covert channels that can be constructed

26
Information hiding
  • A module is designed so that a programmer who
    wants to use this module can use it without
    knowing how the module works.
  • All programmers would need to know is what input
    (parameters) that module requires and what output
    it produces

27
Information hiding (contd)
  • Why is this good for security?
  • Prevents malicious modification of the module
    code

28
Software development practices
  • Roles
  • Division of labor/separation of duties
  • Programming Operational
  • Role of system administrator
  • Enforcing regular holidays
  • Code re-use
  • Peer reviews looking at the code
  • Walkthroughs
  • Based on the concept that correct code is the
    responsibility of the group (egoless)

29
Software development practices
  • Independent testing looking at the output
  • To check program correctness and that it complies
    with user requirements
  • Configuration management
  • Maintains version control during software
    development and maintenance

30
Configuration management
  • Why is this good for security?
  • Protection from intended or unintended
    modification
  • once a program version has been approved it
    cannot be changed
  • Manages parallel development of several similar
    versions of one program

31
Useful sites
  • www.cert.org
  • www.auscert.org.au
  • http//www.symantec.com/avcenter/refa.html
  • http//www.cai.com/virusinfo/

32
Summary
  • Different types of software to be considered
  • Threats relating to software
  • Controls that can be put in place (electronic and
    procedural)
Write a Comment
User Comments (0)
About PowerShow.com