Chapter III Protecting Systems
Hardening the Operating System
• Hardening the operating system to resist attacks is often a three-pronged approach that involves:
– Managing updates to the operating system
– Protecting against buffer overflows
– Configuring operating system protections
Managing Operating System Updates
• Update terminology
– The task of writing a secure operating system is daunting
– Due to the increased length and complexity of operating systems
• Unintentional vulnerabilities were introduced and then these were exploited by attackers
• Update terminology (continued)
– Security patch
• A general software security update intended to cover vulnerabilities that have been discovered
– Hotfix addresses a specific customer situation
• Often may not be distributed outside that customer’s organization
– Service pack
• A cumulative package of all security updates plus additional features
• Patch management techniques
– Install updates automatically
– Download updates but let me choose whether to install them
– Check for updates but let me choose whether to download and install them
– Never check for updates
• Patches can sometimes create new problems
• Automated patch update service
– Used to manage patches locally instead of relying upon the vendor’s online update service
• Advantages to an automated patch update service
– Can save bandwidth and time
– Computers that do not have Internet access can receive updates
– Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs
• Advantages to an automated patch update service (continued)
– Specific types of updates that the organization does not test can be automatically installed whenever they become available
– Administrators can approve updates for “detection” only
– Users cannot disable or circumvent updates
Buffer Overflow Protection
• Buffer overflow
– Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer
– Extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning
• Attackers also use a buffer overflow in order to compromise a computer
• Basic defenses
– Write “defensive” program code that will protect against these attacks
– Use a programming language that makes these attacks more difficult
• For Windows-based systems, there are two defenses against buffer overflows
– Data execution prevention (DEP)
– Address space layout randomization (ASLR)
• Data Execution Prevention (DEP)
– Most modern CPUs support an NX (No eXecute) bit to designate a part of memory for containing only data
– DEP will not allow code in the memory area to be executed
– Windows Vista allows software developers to enable NX hardware protection specifically for the application software that they develop
• Address Space Layout Randomization (ASLR)
– Randomly assigns executable operating system code to one of 256 possible locations in memory
– This makes it harder for an attacker to locate and take advantage of any functionality inside these executables
– ASLR is most effective when it is used in conjunction with DEP
Configuring Operating System Protection
• Most organizations take a four-fold approach to configuring operating system protections:
– Security policy
– Configuration baseline
– Security template
– Deployment
Preventing Attacks That Target the Web Browser
• These attacks involve using:
– Cookies
– JavaScript
– Java
– ActiveX
– Cross-site scripting
Cookies
• Cookies are computer files that contain user-specific information
• Types of cookies
– First-party cookie
– Third-party cookie
• Cookies can pose a privacy risk
– Cookies can be used to track the browsing or buying habits of a user
• Defenses against cookies include disabling the creation of cookies or deleting them once they are created
JavaScript
• JavaScript
– Developed by Netscape
– Scripting language that does not create standalone applications
• Scripting language
– A computer programming language that is typically interpreted into a language the computer can understand
• Visiting a Web site that automatically downloads a program to run on a local computer can be dangerous
• Several defense mechanisms prevent JavaScript programs from causing serious harm:
– JavaScript does not support certain capabilities
– JavaScript has no networking capabilities
• Other security concerns remain:
– JavaScript programs can capture and send user information without the user’s knowledge or authorization
• The defense against JavaScript is to disable it within the Web browser
Java
• Java
– A complete object-oriented programming language created by Sun Microsystems
– Can be used to create standalone applications
• Java applet
– A separate program stored on a Web server and downloaded onto a user’s computer along with HTML code
– Can also be made into hostile programs
• Sandbox is a defense against a hostile Java applet
– Surrounds program and keeps it away from private data and other resources on a local computer
• Two types of Java applets:
– Unsigned Java applet: program that does not come from a trusted source
– Signed Java applet: has information proving the program is from a trusted source and has not been altered / miss used
ActiveX
• Set of technologies developed by Microsoft
• Not a programming language but a set of rules for how applications should share information
• ActiveX controls
– Also called add-ons or ActiveX applications
– Represent a specific way of implementing ActiveX
– Can perform many of the same functions of a Java applet, but do not run in a sandbox
– Have full access to Windows operating system
• ActiveX poses a number of security concerns
• Nearly all ActiveX control security mechanisms are set in Internet Explorer
• ActiveX controls do not rely exclusively on Internet Explorer
– However, can be installed and executed independently
• The defense against ActiveX is to disable it within the Web browser
Cross Site Scripting (XSS)
• Cross Site Scripting (XSS)
– An attack in which malicious code is inserted into a specific type of dynamic Web page
– Typically involves using client-side scripts written in JavaScript or ActiveX
• Designed to extract information from the victim and then pass the information to the attacker
– Targeted to Web sites that dynamically generate Web pages that redisplay (echo) user input that has not been properly validated
• Cross Site Scripting (XSS) attack steps
– An attacker searches for a Web site that redisplays a bad login (See Figures 3-8 and 3-9)
– The attacker then creates an attack URL that contains the embedded JavaScript commands
– A fake e-mail is sent to unsuspecting users with the attack URL as a modified embedded link in the e-mail
– The unsuspecting victim clicks on the attack URL and enters his username and password
• Defenses against XSS involve both Web masters of legitimate sites as well as users
– Webmasters should check that all user input is validated and that attackers do not have the ability to inject code
– They also should be sure that all Web services and database software is patched to prevent XSS
– Users should never click on embedded links in e-mails
Hardening Web Servers
• Because of their open exposure, Web servers are prime targets for attackers
• SQL injection
– One of the most common types of attacks
– Uses a form of injection like XSS
– Hinges/ turning point on an attacker being able to enter an SQL database query into a dynamic Web page
• SQL (structured query language)
– A language used to view and manipulate data that is stored in a relational database
• Variations to the SQL injection attack
– Deleting data from the database
– Accessing the host operating system through function calls
– Retrieving/ recover a list of all usernames and passwords
Protecting Systems from Communications-Based Attacks
• Communications protocols and applications can also be vectors for attacks
• Some of the most common communications-based attacks are:
– SMTP open relays
– Instant messaging
– Peer-to-peer networks
SMTP Open Relays
• E-mail systems use two TCP/IP protocols to send and receive messages
– Simple Mail Transfer Protocol (SMTP) handles outgoing mail
– Post Office Protocol (POP3 for the current version) handles incoming mail
• IMAP (Internet Mail Access Protocol)
– A more advanced protocol that solves many problems
– E-mail remains on the e-mail server
– Mail can be organized into folders and read from any computer
– Current version is IMAP4
• SMTP relay
– SMTP servers can forward e-mail sent from an e-mail client to a remote domain
• SMTP open relay
– If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages
• The defenses against SMTP open relay are to turn off mail relay altogether
– So that all users send and receive e-mail from the local SMTP server only or limit relays to only local users
Instant Messaging
• Instant messaging (IM)
– Real-time communication between two or more users
– Can also be used to chat between several users simultaneously, to send and receive files, and to receive real-time stock quotes and news
• Basic IM has several security vulnerabilities
– IM provides a direct connection to the user’s computer; attackers can use this connection to spread viruses and worms
– IM is not encrypted by default so attackers could view the content of messages
• Steps to secure IM include:
– Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers
– Enable IM virus scanning
– Block all IM file transfers
– Encrypt messages
Peer-to-Peer (P2P) Networks
• Peer-to-peer (P2P) network
– Uses a direct connection between users
– Does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network
• P2P networks are typically used for connecting devices on an ad hoc basis
– For file sharing of audio, video, and data, or real-time data transmission such as telephony traffic
• Viruses, worms, Trojan horses, and spyware can be sent using P2P
• A new type of P2P network has emerged known as BitTorrent
• Torrents are active Internet connections that download a specific file available through a tracker
- Server program operated by the person or organization that wants to share the file
• With BitTorrent, files are advertised
• BitTorrent cannot be used to spread viruses or malware like traditional P2P networks
Applying Software Security Applications
• Software security applications that are commonly installed on systems include:
– Antivirus
– Anti-spam
– Popup blockers
– Personal software firewalls
– Host intrusion detection systems
Antivirus
• Antivirus (AV) software
– Scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus
• If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file
• The drawback of AV software is that it must be continuously updated to recognize new viruses
– AV software use definition files or signature files
Popup Blockers
• Popup
– A small Web browser window that appears over the Web site that is being viewed
• Popup blocker
– Allows the user to limit or block most popups
– Can be either a separate program or a feature incorporated within a browser
• As a separate program, popup blockers are often part of a package known as antispyware
– Helps prevent computers from becoming infected by different types of spyware
Anti-Spam
• Two different options for installing a corporate spam filter
– Install the spam filter with the SMTP server
• See Figure 3-14
– Install the spam filter with the POP3 server
• See Figure 3-15
• Another way to filter spam is for the organization to contract with a third-party entity
– That filters out spam
• All e-mail is directed to the third-party’s remote spam filter
– Where it is cleansed before it is redirected back to the organization
– This can be accomplished by changing the MX (mail exchange) record
• A third method is to filter spam on the local computer
• Typically, the e-mail client contains several different features to block spam, such as:
– Level of junk e-mail protection
– Blocked senders
– Allowed senders
– Blocked top level domain list
• A final method of spam filtering is to install separate filtering software that works with the e-mail client software
Personal Software Firewalls
• Firewall, sometimes called a packet filter
– Designed to prevent malicious packets from entering or leaving computers
– Can be software-based or hardware-based
• Personal software firewall
– Runs as a program on a local system to protect it against attacks
• Many operating systems now come with personal software firewalls
– Or they can be installed as separate programs
Host Intrusion Detection Systems (HIDS)
• Host Intrusion Detection Systems (HIDS)
– Attempt to monitor and possibly prevent attempts to intrude into a system and network resources
– HIDS are software-based and run on a local computer
• These systems can be divided into four groups:
– File system monitors
– Logfile analyzers
– Connection analyzers
– Kernel analyzers
• HIDS work on the principle of comparing new behavior against normal behavior
Summary
- Hardening the operating system is key in resisting attacks
- A buffer overflow occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer
- Most organizations use a four-fold approach to protecting operating systems: security policies, configuration baselines, security templates, and deployment
- Systems must also be protected from attacks that attempt to enter through a Web browser
- Attacks can also be based on communications protocols and applications
- Additional security-based software, whose sole purpose is to fend off attacks, is another important layer of security
- A firewall is designed to prevent malicious packets from entering or leaving the computer
Thanks ............
0 komentar:
Posting Komentar