Discussion and research reports for Cyber security

Need to present a Discussion with a word count of above 150+ words and each discussion need a separate reference link for sure.

1) End point detection and Response (EDR) (150 words)

2)VMware carbon Black (Endpoint) ( Need this same topic in two different formats and 2 different URL links as well needed) (150+150 = 300 words)

3)SMishing (150 words)

4)Malvertising ( Need this same topic in two different format like we did previously and 2 different URL links as well needed) ( 150+150 = 300 words)

Need to present a research report on with a word count no more than 70-110 words(not more than the count provided) and should provide a separate

URL reference link too

1) End point detection and Response (EDR). 70-110 words

2) VMware carbon Black (Endpoint) ( Need this same topic in two different formats and 2 different URL links as well needed) (70+70 = 140 words)

3)SMishing 70-110 words

4)Malvertising ( Need this same topic in two different format like we did previously and 2 different URL links as well needed) (70+70 = 140 words+)

It is suggested you use a Research Theme to help you stay focused, and to provide continuity throughout your research. Here is a list of ideas, but this list is not all-inclusive:

Current technologies available to support management functions,
Best Practices,
Future improvements/technologies, or
Other standards related to your specific field.

Note: The content should be in a general words with no technical jargons.

This question is from a cyber security subject so that the matter should relate to cyber security for sure and should connect to readers.

NO PLAGIARISM STRICTLY

Each one should be different and no each topic information should be similar to the other topic strictly.

Deadline: 01/26/2023 12PM CST

Security in Computing,
Fifth Edition

Chapter 3: Programs and Programming

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780

Brief Review Chapter 2
Authentication is someone proving who they are
Authorization is about access control

Certification Error

Fingerprint 1

Fingerprint 2

2
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Objectives for Chapter 3
Learn about memory organization, buffer overflows, and relevant countermeasures
Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation
Survey of past malware and malware capabilities
Virus detection
Tips for programmers on writing code for security

3
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Program Security
This chapter deals with writing of programs and will be built upon in later chapters.
Is a program secure?
What characteristics?
Time to break security
Run for a time without failure
Zero tolerance
Factor of QUALITY
Quantity and types of faults as evidence of quality

4
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Terminology

Bugs: A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.

Error: When a human makes a mistake (non malicious) in performing some software activity, the error may lead to a fault, or an incorrect step, command, process, or data definition in a computer program.

Failure: Is a departure from the system’s required behavior.

5
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Types of Flaws
Validation error (incomplete or inconsistent): permission checks
Domain error: controlled access to data
Serialization and aliasing: program flow order
Inadequate identification and authentication: basis for authorization
Boundary condition violation: failure on first or last case
Other exploitable logic errors

6
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Memory Allocation
7

Much of this chapter requires basic knowledge of how memory is organized, and this is a nice, simple diagram to refresh students on how it works. The key takeaways: code and data separated, with the heap growing up toward high addresses and the stack growing down from the high addresses.
7

Data vs. Instructions
8

The same hex value in the same spot in memory can either be a meaningful data value or a meaningful instruction depending on whether the computer treats it as code or data. This will be the basis of the attacks in the following slides.
8

Buffer Overflows
Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array
In a typical exploitable buffer overflow, an attacker’s inputs are expected to go into regions of memory allocated for data, but those inputs are instead allowed to overwrite memory holding executable code
The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input
9
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

How Buffer Overflows Happen
char sample[10];

int i;

for (i=0; i<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’; 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. This is a very simple buffer overflow. 10 bytes to store buffer, but Character B is placed in memory that wasn’t allocated by or for this procedure. This is a very simple buffer overflow. Character B is placed in memory that wasn’t allocated by or for this procedure. 10 Memory Organization 11 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Similar to the earlier picture on memory organization, only this one shows where the system data/code reside vs. where the program code and its local data reside. This context is important for understanding how an attack that takes place inside a given program can affect that program vs. how it can affect the rest of the system. 11 Where a Buffer Can Overflow 12 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. The memory that’s overwritten depends on where the buffer resides. Examples of buffer overflow effects in the context of the earlier AAAAAAAAAAB example. The memory that’s overwritten depends on where the buffer resides. 12 The Stack 13 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 13 The Stack after Procedure Calls 14 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. When procedure A calls procedure B, procedure B gets added to the stack along with a pointer back to procedure A. In this way, when procedure B is finished running, it can get popped off the stack, and procedure A will just continue executing where it left off. When procedure A calls procedure B, procedure B gets added to the stack along with a pointer back to procedure A. In this way, when procedure B is finished running, it can get popped off the stack, and procedure A will just continue executing where it left off. 14 Compromised Stack 15 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Instead of pointing at procedure B in this case, the program counter is pointing at code that’s been placed on the stack as a result of an overflow. 15 Overwriting Memory for Execution Overwrite the program counter stored in the stack Overwrite part of the code in low memory, substituting new instructions Overwrite the program counter and data in the stack so that the program counter points to the stack 16 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Harm from Buffer Overflows Overwrite: Another piece of your program’s data An instruction in your program Data or code belonging to another program Data or code belonging to the operating system Overwriting a program’s instructions gives attackers that program’s execution privileges Overwriting operating system instructions gives attackers the operating system’s execution privileges 17 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Overflow Countermeasures Staying within bounds Check lengths before writing Confirm that array subscripts are within limits Double-check boundary condition code for off-by-one errors Limit input to the number of acceptable characters Limit programs’ privileges to reduce potential harm Many languages have overflow protections Code analyzers can identify many overflow vulnerabilities Canary values in stack to signal modification 18 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Incomplete Mediation Mediation: Verifying that the subject is authorized to perform the operation on an object Preventing incomplete mediation: Validate all input Limit users’ access to sensitive data and functions http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212&parm2=2009Jan17 19 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 19 Time-of-Check to Time-of-Use Mediation performed with a “bait and switch” in the middle Example: A student is buying a school book that costs $100. The student removes five $20 bills from a wallet, carefully counts them in front of the seller, and lays them on the table. Then the seller turns around to write a receipt. While the seller's back is turned, the student takes back one $20 bill. When the seller turns around, the student hands over the stack of bills, takes the receipt, and leaves with the book. Between the time the security was checked (counting the bills) and the access (exchanging the sculpture for the bills), a condition changed: What was checked is no longer valid when the object (that is, the sculpture) is accessed. 20 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 20 Time-of-Check to Time-of-Use Mediation performed with a “bait and switch” in the middle 21 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. To carry out this authorization sequence, the access control mediator would have to look up the file name (and the user identity and any other relevant parameters) in tables. The mediator could compare the names in the table to the file name in the data structure to determine whether access is appropriate. More likely, the mediator would copy the file name into its own local storage area and compare from there. Comparing from the copy leaves the data structure in the user's area, under the user's control. It is at this point that the incomplete mediation flaw can be exploited. While the mediator is checking access rights for the file my_file, the user could change the file name descriptor to your_file, the value shown in Figure 3-3. Having read the work ticket once, the mediator would not be expected to reread the ticket before approving it; the mediator would approve the access and send the now-modified descriptor to the file handler. 21 Race Conditions 22 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Example 1 (no race condition): A booker books the last seat on the plane, and thereafter the system shows no seat available. See next slide to continue. 22 Race Conditions 23 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Example 2 (race condition): Before the first booker can complete the booking for the last available seat, a second booker looks for available seats. This system has a race condition, where the overlap in timing of the requests causes errant behavior. 23 Other Programming Oversights Undocumented access points (backdoors) Off-by-one errors Integer overflows Unterminated null-terminated string Parameter length, type, or number errors Unsafe utility libraries 24 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Malware Programs planted by an agent with malicious intent to cause unanticipated or undesired effects Virus A program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them Worm A program that spreads copies of itself through a network Trojan horse Code that, in addition to its stated effect, has a second, nonobvious, malicious effect 25 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Types of Malware 26 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Types of Malware (cont.) 27 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. History of Malware 28 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. History of Malware (cont.) 29 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Harm from Malicious Code Harm to users and systems: Sending email to user contacts Deleting or encrypting files Modifying system information, such as the Windows registry Stealing sensitive information, such as passwords Attaching to critical system files Hide copies of malware in multiple complementary locations Harm to the world: Some malware has been known to infect millions of systems, growing at a geometric rate Infected systems often become staging areas for new infections 30 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Transmission and Propagation Setup and installer program Attached file Document viruses Autorun Using nonmalicious programs: Appended viruses Viruses that surround a program Integrated viruses and replacements 31 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Malware Activation One-time execution (implanting) Boot sector viruses Memory-resident viruses Application files Code libraries 32 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Virus Effects 33 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Countermeasures for Users Use software acquired from reliable sources Test software in an isolated environment Only open attachments when you know them to be safe Treat every website as potentially harmful Create and maintain backups 34 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Virus Detection Virus scanners look for signs of malicious code infection using signatures in program files and memory Traditional virus scanners have trouble keeping up with new malware—detect about 45% of infections Detection mechanisms: Known string patterns in files or memory Execution patterns Storage patterns https://cybermap.kaspersky.com/ 35 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Virus Signatures 36 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Countermeasures for Developers Modular code: Each code module should be Single-purpose Small Simple Independent Encapsulation Information hiding Mutual Suspicion Confinement Genetic diversity 37 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Code Testing Unit testing Integration testing Function testing Performance testing Acceptance testing Installation testing Regression testing Penetration testing 38 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Design Principles for Security Least privilege Economy of mechanism Open design Complete mediation Permission based Separation of privilege Least common mechanism (no sharing) Ease of use 39 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Other Countermeasures Good Proofs of program correctness—where possible Defensive programming - to ensure the continuing function of a piece of software under unforeseen circumstances. Design by contract (DbC) – specify pre-/post- conditions. Bad Penetrate-and-patch Security by obscurity (secrecy of design) 40 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Flaws & Controls Two classes of security flaws: those that compromise or change data and those that affect computer service. There are three controls on such activities: development controls, operating system controls, and administrative controls. Development controls limit software development activities, making it harder for a developer to create malicious programs. These same controls are effective against inadvertent mistakes made by developers. Program controls help produce better software. The operating system provides some degree of control by limiting access to computing system objects. They limit access as a way of promoting the safe sharing of information among programs. Administrative controls limit the kinds of actions people can take, and improves system usability, reusability, and maintainability. 41 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 41 Summary Buffer overflow attacks can take advantage of the fact that code and data are stored in the same memory in order to maliciously modify executing programs Programs can have a number of other types of vulnerabilities, including off-by-one errors, incomplete mediation, and race conditions Malware can have a variety of harmful effects depending on its characteristics, including resource usage, infection vector, and payload Developers can use a variety of techniques for writing and testing code for security For fun: http://www.fogcam.org/ 42 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 42 image2 image3.emf image4.emf image5.emf image6 image7.emf image8.emf image9.emf image10.emf image11.emf image12.emf image13 Microsoft_Word_Document x Code Type Characteristics Virus Code that causes malicious behavior and propagates copies of itself to other programs Trojan horse Code that contains unexpected, undocumented, additional functionality Worm Code that propagates copies of itself through a network; impact is usually degraded performance Rabbit Code that replicates itself without limit to exhaust resources Logic bomb Code that triggers action when a predetermined condition occurs Time bomb Code that triggers action when a predetermined time occurs Dropper Transfer agent code only to drop other malicious code, such as virus or Trojan horse Hostile mobile code agent Code communicated semi-autonomously by programs transmitted through the web Script attack, JavaScript, Active code attack Malicious code communicated in JavaScript, ActiveX, or another scripting language, downloaded as part of displaying a web page image14 Microsoft_Word_Document1 x Code Type Characteristics RAT (remote access Trojan) Trojan horse that, once planted, gives access from remote location Spyware Program that intercepts and covertly communicates data on the user or the user’s activity Bot Semi-autonomous agent, under control of a (usually remote) controller or “herder”; not necessarily malicious Zombie Code or entire computer under control of a (usually remote) program Browser hijacker Code that changes browser settings, disallows access to certain sites, or redirects browser to others Rootkit Code installed in “root” or most privileged section of operating system; hard to detect Trapdoor or backdoor Code feature that allows unauthorized access to a machine or program; bypasses normal access control and authentication Tool or toolkit Program containing a set of tests for vulnerabilities; not dangerous itself, but each successful test identifies a vulnerable host that can be attacked Scareware Not code; false warning of malicious code attack image15 Microsoft_Word_Document2 x Year Name Characteristics 1982 Elk Cloner First virus; targets Apple II computers 1985 Brain First virus to attack IBM PC 1988 Morris worm Allegedly accidental infection disabled large portion of the ARPANET, precursor to today’s Internet 1989 Ghostballs First multipartite (has more than one executable piece) virus 1990 Chameleon First polymorphic (changes form to avoid detection) virus 1995 Concept First virus spread via Microsoft Word document macro 1998 Back Orifice Tool allows remote execution and monitoring of infected computer 1999 Melissa Virus spreads through email address book 2000 IloveYou Worm propagates by email containing malicious script. Retrieves victim’s address book to expand infection. Estimated 50 million computers affected. 2000 Timofonica First virus targeting mobile phones (through SMS text messaging) 2001 Code Red Virus propagates from 1st to 20th of month, attacks whitehouse.gov web site from 20th to 28th, rests until end of month, and restarts at beginning of next month; resides only in memory, making it undetected by file-searching antivirus products image16 Microsoft_Word_Document3 x Year Name Characteristics 2001 Code Red II Like Code Red, but also installing code to permit remote access to compromised machines 2001 Nimda Exploits known vulnerabilities; reported to have spread through 2 million machines in a 24-hour period 2003 Slammer worm Attacks SQL database servers; has unintended denial-of-service impact due to massive amount of traffic it generates 2003 SoBig worm Propagates by sending itself to all email addresses it finds; can fake From: field; can retrieve stored passwords 2004 MyDoom worm Mass-mailing worm with remote-access capability 2004 Bagle or Beagle worm Gathers email addresses to be used for subsequent spam mailings; SoBig, MyDoom, and Bagle seemed to enter a war to determine who could capture the most email addresses 2008 Rustock.C Spam bot and rootkit virus 2008 Conficker Virus believed to have infected as many as 10 million machines; has gone through five major code versions 2010 Stuxnet Worm attacks SCADA automated processing systems; zero-day attack 2011 Duqu Believed to be variant on Stuxnet 2013 CryptoLocker Ransomware Trojan that encrypts victim’s data storage and demands a ransom for the decryption key image17.emf Microsoft_Word_Document4 x · Virus Effect How It Is Caused Attach to executable program · Modify file directory · Write to executable program file Attach to data or control file · Modify directory · Rewrite data · Append to data · Append data to self Remain in memory · Intercept interrupt by modifying interrupt handler address table · Load self in non-transient memory area Infect disks · Intercept interrupt · Intercept operating system call (to format disk, for example) · Modify system file · Modify ordinary executable program Conceal self · Intercept system calls that would reveal self and falsify result · Classify self as “hidden” file Spread infection · Infect boot sector · Infect systems program · Infect ordinary program · Infect data ordinary program reads to control its execution Prevent deactivation · Activate before deactivating program and block deactivation · Store copy to reinfect after deactivation image18.emf

Security in Computing,
Fifth Edition

Chapter 4: The Web—User Side

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780

Chapter 4 Objectives
Attacks against browsers
Fake and malicious websites
Attacks targeting sensitive data
Injection attacks
Spam
Phishing attacks
2
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Internet Usage
1995 – <1% 2005 – 1 Billion or ~16% 2010 – 2 Billion or ~30% 2014 – 3 Billion or ~41% 2016 – 3.4 Billion or ~46% http://www.internetlivestats.com/internet-users/ 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Browser Vulnerabilities 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. As browsers have in many ways become our new operating systems, the increases in complexity and scrutiny can be seen in this chart of newly discovered browser vulnerabilities. 4 Browser Vulnerabilities 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. As browsers have in many ways become our new operating systems, the increases in complexity and scrutiny can be seen in this chart of newly discovered browser vulnerabilities. 5 Browser Popularity 6 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 6 Browser Vulnerabilities 7 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 7 Browser Attack Types Man-in-the-browser Keystroke logger Page-in-the-middle Program download substitution User-in-the-middle 8 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. These types of browser attack are covered in more depth in the next few slides. 8 Man-in-the-Browser 9 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Trojan that generally installed as a browser plug-in SilentBanker was a Trojan that generally installed as a browser plug-in. When it detected the user going to a banking URL, it would intercept keystrokes and even modify them so that money transfers would go to attackers’ accounts. 9 Keystroke Logger Hardware or software that records all keystrokes May be a small dongle plugged into a USB port or can masquerade as a keyboard May also be installed as malware Not limited to browsers 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Page-in-the-Middle User is directed to a different page than believed or intended Similar effect to a man-in-the-browser, where attacker can intercept and modify user input 11 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Program Download Substitution Attacker creates a page with seemingly innocuous and desirable programs for download Instead of, or in addition to, the intended functionality, the user installs malware This is a very common technique for spyware 12 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. User-in-the-Middle 13 Using click-bait to trick users into solving CAPTCHAs on spammers’ behalf From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. CAPTCHAs are used by websites to defeat automation, such as by preventing spammers from scripting the creation of massive numbers of email accounts. By using dummy websites to entice users into solving CAPTCHAs, attackers can effectively defeat the CAPTCHAs at scale. 13 Successful Authentication The attacks listed above are largely failures of authentication Can be mitigated with Shared secret One-time password Out-of-band communication Common examples of these mechanisms are SecurID tokens, Google Authenticator, and text message codes. Driver signing is an example of using such techniques to mitigate local malware. 14 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Common examples of these mechanisms are SecurID tokens, Google Authenticator, and text message codes. Driver signing is an example of using such techniques to mitigate local malware. 14 Fake Website 15 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Example of a fake banking website meant to trick users. 15 Fake Code 16 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Example of a software download site meant to trick users into downloading malicious applications. 16 Tracking Bug 17 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. A tiny image served up from one provider (“ClicksRUs”) that tracks user behavior for advertising purposes. Students probably notice this when they see web ads that offer up items very similar to ones they’ve recently been shopping for on other sites. Web bugs can also be used to track users’ reading of advertising emails. A tiny image served up from one provider (“ClicksRUs”) that allows user behavior to be tracked across many sites for advertising purposes. Students probably notice this when they see web ads that offer up items very similar to ones they’ve recently been shopping for on other sites. Web bugs can also be used to track users’ reading of advertising emails. 17 Clickjacking 18 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Clickjacking is a way of tricking users into providing desired input. The attacker makes the input dialog transparent and places an image with an enticement below the transparent dialog. The user ends up answering a question he didn’t even know he was being asked, unknowingly authorizing his computer to execute the attacker’s will. Clickjacking is a way of tricking users into providing desired input. The attacker makes the input dialog transparent and places an image with an enticement below the transparent dialog. The user ends up answering a question he didn’t even know he was being asked, unknowingly authorizing his computer to execute the attacker’s will. “Framing”—moving and layering HTML iframes—is an important component of this attack. 18 Drive-By Download Code is downloaded, installed, and executed on a computer without the user’s knowledge May be the result of clickjacking, fake code, program download substitution, etc. 19 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Unwanted browser toolbars are an example that just about every student will have had experience with. 19 Cross-Site Scripting (XSS) Tricking a client or server into executing scripted code by including the code in data inputs Scripts and HTML tags are encoded as plaintext just like user inputs, so they can take over web pages similarly to the way buffer overflow attacks can take over programs Cool
story.
KCTVBigFan
20
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Cross-Site Scripting (XSS)
21
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Cross-Site Scripting (Reflected XSS)
22
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

SQL Injection
Injecting SQL code into an exchange between an application and its database server
Example:
Loading an SQL query into a variable, taking the value of acctNum from an arbitrary user input field:
QUERY = “SELECT * FROM trans WHERE acct = ‘” + acctNum + ” ‘; ”
The same query with malicious user input:
QUERY = “SELECT * FROM trans WHERE acct = ‘2468’ OR ‘1’=’1′; ”

The result of this example attack is that the application returns the entire accounts table from the database.

23
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

The result of this example attack is that the application returns the entire accounts table from the database.
23

Dot-Dot-Slash
Also known as “directory traversal,” this is when attackers use the term “../” to access files that are on the target web server but not meant to be accessed from outside
Most commonly entered into the URL bar but may also be combined with other attacks, such as XSS

IE is Evil
24

Server-Side Include (SSI)
SSI is an interpreted server-side scripting language that can be used for basic web server directives, such as including files and executing commands
As is the case with XSS, some websites are vulnerable to allowing users to execute SSI directives through text input
25

Countermeasures to Injections
Filter and sanitize all user input
Need to account for every potentially valid encoding
Make no assumptions about the range of possible user inputs—trust nothing, check everything
Use access control mechanisms on backend servers, such as “stored procedures” – they separate SQL code from SQL data, thus preventing most SQL injection attacks.
26
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Stored procedures effectively separate SQL code from SQL data, thus preventing most SQL injection attacks.
26

Email Spam
Experts estimate that 60% to 90% of all email is spam
Types of spam:
Advertising
Pharmaceuticals
Stocks
Malicious code
Links for malicious websites
Spam countermeasures
Laws against spam exist but are generally ineffective
Email filters have become very effective for most spam
Internet service providers use volume limitations to make spammers’ jobs more difficult
My email example (Knucklehead from SC)
27
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
14/33 accts

Phishing
A message that tries to trick a victim into providing private information or taking some other unsafe action
Spear phishing: A targeted attack that is personalized to a particular recipient or set of recipients
28

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Email example 636 pic

Countermeasures
User education (Wombat/PhishMe)
Limited effectiveness and very subject to co-evolution with attacks
PGP and S/MIME
Cryptographic solutions (encryption & signatures) that have seen very limited adoption after years on the market
OTHERS (Good research area)
29
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

User education has become more scientific over the years, with products like PhishMe automating the user training process and focusing on the worst offenders. PGP and S/MIME are both solutions for encrypting and signing email.
29

Summary
What is the most secure web server?

What is second best?

https://www.quora.com/What-is-the-most-secure-web-server-configuration

30
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Summary
Activities:
Server Maintenance
Web App Updates
Web site coding
Limit Information Transfer
Technologies:
Web scans (+ penetration testing)
Firewalls, Antrivirus, and IPS/IDS (Intrusion detection system)
Web site security audit tools

31
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Summary
As web browsers have become a primary focus of users and taken on greater functionality, they’ve become a focus of many types of attack
Browser and website weaknesses are often the result of some form of poor authentication
Many attackers focus on tricking users with fake websites, misleading applications, and phishing emails
On the server side, injection attacks are a key concern, and countermeasures to prevent them are critical

image2.emf

image3

image4

image5

image6.emf

image7.tif

image8.tif

image9.tif

image10.emf

image11.emf

image12.tif

image13

image14

image15

image16

image17.tif

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Discussion and research reports for Cyber security ”

Get high-quality paper

NEW! AI matching with writer

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order