Ict287 Computer Security: Attack Surface Assessment Answers
Questions:
Planet of the grapes
Planet of the Grapes, a local wine and spirit merchant currently operates in three stores around Perth. Stores are independent from one another and there is no data sharing between stores, although this is not by design but simply a by-product of faster than expected expansion. The organisation is now moving into the online arena and has contracted your computer consulting company to perform a variety of audits on their computer network. The owners have never employed any IT security staff in the past and have preferred to set up systems for themselves. However, it has become apparent that the risks of moving business systems online are not to be ignored. For this reason you are being asked to make recommendations on a variety of specific systems.
These recommendations should be presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Furthermore, the report will also be read by upper management who may have less IT skill overall. There are three distinct tasks being requested in this phase of the audit. Each of these should be answered separately.
Q 1: Attack Surface Modelling
The site being audited has a total of 10 full time staff and an unspecified number of casual staff. The back-office duties are only undertaken by full time staff, although the staff common areas and offices are not locked or physically separated. Full time staffers handle payroll, HR and scheduling tasks. The front counter/cashier duties are sometimes taken on by full timers but also by casual staff. We have been informed that the turnover of casual staff is quite large, although the reasons for this are unknown. The computer systems in the back office are all networked via a Cisco small business series router supplied by Telstra, ADSL services are also provided by Telstra. To permit the owner(s) to check on files from home, remote access services are enabled on some but not all of the machines. There is no centralized server or authentication mechanism and users logon locally to these machines. The machines are running Windows XP SP2 and all contain two local user accounts “admin” and “user”. These accounts are shared by staff to ensure that files are always accessible to fellow staff.
You will require your student number to download the VM. You should download your own specific VM and not copy from a friend as there are multiple different VMs for different people.
Your first task is to assess the attack surface of this machine. The scope of your analysis is limited to (1) network level attacks and (2) physical attacks. You do not need to logon to the machine and analyse the individual software packages that have been installed; simply identifying any vulnerable services from a network level is sufficient.
Write a short report to the business manager outlining possible weaknesses and vulnerabilities in these systems. The report should start with a 1 page memo that summarises the issues and is understandable by a layperson. The following few pages should describe the technical details.
Your report should include an overview of the potential vulnerable services and of the physical attack points, reference specific CVE items (with brief explanations) and a prioritization of the most important issues. A fully exhaustive list of CVEs is not required (there are too many), but you should at least discuss the most critical dozen or so and these must be relevant to the actual system and services.
Q 2: Legacy code
For phase two of this audit you gain access to the machine. You may use any of the vulnerabilities you discovered in Question 1 to gain this access.
You must gain a command prompt on the target machine and document the steps you took and evidence that you have obtained this access. This is a trivially simple task, so do not spend too long on this.
As you begin to audit the files, you notice that the hard drive contains some credit card validation software. Your testing shows that this program is vulnerable to a critical and yet common type of software security vulnerability. When you inquire about this software you learn that this cannot be patched as the code is part of a suite of utilities supplied by the financial provider and does not belong to the organisation.
Discuss the type of vulnerability briefly. Discuss the specific vulnerability and show how it theoretically may be exploited. Given that it is not possible to patch or amend the code and that it must remain in use, make several recommendations to reduce the risk this application poses.
Q 3: Known weakness
While finishing up your analysis for the legacy code you notice a saved Email containing a quote that the administrator has saved about the new web systems being set up for the online store. You notice that the Email mentions that a particular hashing algorithm is to be used for digital signatures but your experience tells you that this isn’t the best approach.
Write a report explaining possible vulnerabilities caused by signing certificates with their chosen hash and how these could be exploited. You should include authoritative references about the weaknesses. You should also provide recommendations on how to mitigate the vulnerabilities for general systems as well as for the specific platform being used.
Answers:
1. Introduction
An attack on data networks seeks to exploit a computer system. i.e. (software program, operating system or user system). This is for purposes of causing damage. All computers that are connected to a computer network may be vulnerable to these attacks. However, most of these attacks are launched automatically from computers that are infected. This can be through Trojans, worms, and viruses’ etc.
The attackers
Attackers of all abilities and motivations are dangerous to the security of the internal network, in several ways:
Beginner. Most attackers only have basic knowledge of systems but are immobile and dangerous because they do not often fully understand the consequences of their actions.
Intermediate. Attackers with intermediate skills are generally trying to gain respect in attacking communities. Typically, they attack prominent targets and create automated tools to attack other networks.
Advanced Highly skilled attackers present a serious security challenge because their attack methods can be extended beyond technology into physical intrusion and social engineering, or deception of a user or administrator to gain information. Although there are relatively few advanced attackers, their skills and experience make them the most dangerous attackers to a network
Types of attacks facing the company. Common vulnerabilities and exposures include the following.
Level network attacks
The Internet is to this day, an indispensable tool for most people, including companies, universities and government of different countries.
People rely on the internet to do their professional and personal activities.
Behind all the utilities, the company has malicious users stalking, they have many ways to attack the computer networks, leaving useless servers where we connect or invading the company’s privacy.
Potential vulnerable services
Malware or malware on the Internet.
One type of network attack is the introduction of malware on a web page. When a user browses a web, they may inadvertently become infected by malware. The three most well-known types of malware are viruses, worms and Trojans.
Once the malware has infected our computer (computer, PDA, mobile) can do any type of actions. The most outstanding are the deletion of data, collection of personal information (e-mails, passwords, conversations). They can also control everything we write (Keyloggers) and send it to its rightful owner (for use of all data collected).
Normally a common feature of all of them is that they auto-replicate, to infect more users, this way it will spread exponentially.
When we have been infected by malware, and we believe that everything works well, we may be participating in a botnet that the attackers build to make a DDoS (Distributed Denial of Service), that way, unknowingly we may be participating in an attack against a Server to lock it.
- Attack servers and network infrastructure.
Denial of Service (DoS). This attack collapses a server completely and makes it impossible to navigate through. They can be mitigated by inputting specific rules in the firewall.
Flooding of connections: normally the protocol that is used is TCP, being connective, reliable and oriented to connection. The TCP protocol itself requests the forwarding of the lost packets and handles fragmentation and reassembly (not as UDP over IP). The attacker sets hundreds of connections on the server until it collapses and cannot accept legitimate user connections.
- Bandwidth flood: the malicious user sends many packets to the server, preventing legitimate packets from reaching it, there is not enough bandwidth for more packets.
- Vulnerability attack: if there is a vulnerability in the server, the attacker focuses on exploiting it by sending messages built specifically to cause the machine to fail.
To collapse a server by flooding the bandwidth, the attack has to be distributed (DDoS) since the servers currently have a high bandwidth. Also, it would be very easy to detect since it would only be from an IP (in DoS not distributed). The attack bandwidth must be close to the maximum bandwidth of that server to collapse it.
The problem with distributed attacks is that you do not know if the one who makes the requests is an attacker, or the legitimate user, so it is much harder to detect and, above all, much more difficult to defend against them.
Analyze packets that flow through the network (sniffers).
Nowadays, most of the users connect via Wi-Fi to the internet for the comfort that this entails, since we can navigate quietly from the sofa of our house, or from our new mobile of last generation.
The recommendation to the manager is that he should hire Computer security experts who will be responsible for stopping these attacks, and, as much as possible, designing new architectures that are immune to attacks.
In recent years, network security has become a priority because more and more malicious users are looking for vulnerabilities to break security, either by surpassing themselves or by financial gain.
Physical attacks
Physical security is one of the most forgotten aspects when designing a computer system. While some of the aspects discussed below are anticipated, others such as detecting an internal attacker on the company attempting to physically access an operating room from it.
This can result in an attacker making it easier to capture and copy a tape in the room, than to try to access it logically.
Thus, Physical Security consists of the "application of physical barriers and control procedures, such as prevention measures and countermeasures against threats to resources and confidential information. It refers to the controls and security mechanisms in and around the Computer Center as well as the means of remote access to and from it; implemented to protect the hardware and data storage media.
The recommendation for this attack is that they should secure the premise and do simple procedures like closing doors of the company server room.
2. Threat, risk and vulnerability
A threat in a computer system has the potential to cause a loss or harm. Threats can materialize due to vulnerabilities of the computer resulting in attack of the computer.
Vulnerabilities in Software
Both the Network and the software we add to our computers can infect our computer. For this reason, it is very advantageous to complement the system with programs that protect the system. The type of vulnerability is based on the configuration of the system software.
Both the Network and the software we add to our computers can infect our computer with spyware and other threats. For this reason, it is very advantageous to complement the operating system with programs that protect us effectively and provide us with diagnostic options of recognized solvency.
The various levels of vulnerabilities are specific to each organization. In this organization the vulnerabilities are centered on encryption of various digital and card platforms. Financial management systems are a basis for cyber-attacks.
Intermediate level
As in medicine and in so many fields, prevention is better than cure. If our PC is properly equipped and we are accustomed to pay attention to the various alerts of the operating system and our security applications, keeping the system clean and avoiding all types of malware is much easier than disinfecting the computer.
While a priori may seem convenient to keep them all enabled, in practice you can save resources by canceling some of them. Close, for example, the P2P Shield if you do not use clients that use this technology, or the Shield of instant messaging if you do not use it to establish communication with other users.
Type of vulnerability
But one thing is certain, that there is a vulnerability does not mean that damage to the computer occurs automatically. That is, the computer has a weak point, but that's not going to fail, the only thing that happens is that it is possible for someone to attack the computer taking advantage of that weak point.
Recommendation
At this point, the main measures we can take to stay protected. Needless to say, to complement all that we propose, it is imperative that you keep your software installation updated through regular Windows Update which can be done by configuring. In the event that the infection has occurred and your PC is vulnerable, we propose different tools to facilitate its diagnosis and disinfection.
That the installers of the free programs and the test versions include utilities that, presumably, will improve the performance of our PC, provide additional functionalities or add interesting software to a browser, it has become such a common practice that it is not easy give with honest and clean assistants.
Therefore, during the installation process, proceed with caution, pay attention to all steps and take as a rule do not install anything that is not part of the program that you have chosen in the strict sense. If the application contains malware, most likely, as we will see shortly, the security software you have enabled will warn you in this regard. In our section dedicated to Internet.
Combat malware and other threats
A good antivirus software is nowadays absolutely essential. As an alternative to Security Essentials, the free option that Microsoft offers us for protection in this area, we propose to install Avast! Free Antivirus 7, which offers you many more options without forcing you to shell out a single penny
3.
Known email algorithms in the email to generate computer generated signatures are more vulnerable than expected. There are several vulnerabilities associated with digitally generated signatures. Firstly, they can’t be trusted due to their inability to provide ultimate security to the user. They allow people to make un-authentic and fake SSL certificates.
The internet Public Key Infrastructure (PKI) is very vulnerable to digital certificates especially for secure websites. An attack scenario is very successful and has created a rogue authority of certification that can be trusted by all web browsers. It allows the attacker to impersonate any website on the internet especially in e- commerce and many sites that have high affinity in the use of HTTPS protocol.
The weaknesses lies in the MD5 hash cryptographic function which allows different messages to be constructed. It is known as MD5 collision where digital signatures can lead to multiple level attacks. A rogue certification authority from the digital signature can be trusted and used by unsuspecting user therefore becoming a victim.
The man in the middle attack using such a certificate can be very vulnerable. The connection is usually secure through common security indicators. This extends not only to applications of dubious origin, but also to packages of many interesting programs that will try to convince us to add third party software. In all probability it will not only be useless, but may also contain spyware, adware or other threats.
References
Amoroso, Edward and Edward G Amoroso, Cyber Attacks (Butterworth-Heinemann/Elsevier, 2013)
Dowd, Mark, John McDonald and Justin Schuh, The Art Of Software Security Assessment (Addison-Wesley, 2007)
Haletky, Edward, Vmware Vsphere And Virtual Infrastructure Security (Prentice Hall, 2009)
Landree, Eric, Christopher Paul and Beth Grill, Freedom And Information (RAND Corp., 2007)
Loshin, Peter, Simple Steps To Data Encryption (Elsevier Science, 2013)
Singh, Abhishek, Baibhav Singh and Hirosh Joseph, Vulnerability Analysis And Defense For The Internet (Springer, 2008)
Strauss, Rochelle and Rosemary Woods, One Well (Kids Can Press, 2007)
Takanen, Ari, Jared D DeMott and Charles Miller, Fuzzing For Software Security Testing And Quality Assurance (Artech House, 2008)
Vacca, John R, Network And System Security (Syngress, 2014)
Buy Ict287 Computer Security: Attack Surface Assessment Answers Online
Talk to our expert to get the help with Ict287 Computer Security: Attack Surface Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
Get Online Support for Ict287 Computer Security: Attack Surface Assessment Answers Assignment Help Online
Resources
- 24 x 7 Availability.
- Trained and Certified Experts.
- Deadline Guaranteed.
- Plagiarism Free.
- Privacy Guaranteed.
- Free download.
- Online help for all project.
- Homework Help Services