Security Essay Example

C-4.6 Solution to the Thompsons rigged compiler

The Thompsons rigged compiler is a deadly attack that is almost impossible to detect. However, its detection via login with the backdoor password proves an opportunity to resolve the issue using a technique known as diverse double compiling ( Saltzer & Kaashoek, 2009). Since it is not possible for Unix developers to inspect code in a production environment, inspecting the compiler code for the login program will not resolve the issue since the back door will continue appearing in future codes that the infected computer generate. Consequently compiling the code using a trusted compile is key to overcoming the Thompson rigged compiler attacks.

Using a different compile is a sure way of increasing diversity and reducing the limit of the attack. Whereas the Trojan may have affected the new compiler in the same way, it is very unlikely that both compilers will have the same infection—Thompson rigged compiler. A developer can create a new compiler in a different UNIX machine and even impose mores restriction on the compiler regarding the output of the code. The new compiler must have stringent rules and the developer must test this compiler to verify its integrity. The new compile will help compile the login program for use in the infected UNIX system. This technique makes it possible to prevent recurrence of the Thompsons rigged compiler by using a trusted compiler.

C-4.8

Malware such as Key loggers are difficult to evade, but using simple tricks and ways of obfuscating passwords are plausible intervention to the security problem Key loggers pose (Gawrock and International Conference Future of Trust in Computing, 2008). As the scenario depicts, the key logger cannot capture any username and password from what the user will enter because it does not rely on screen and mouse capture. Entering the user name and password into the online bank account portal is possible using two screens (browser window and a text editing window open at the same time) along with a simple trick to obfuscate the passwords.

First, the user will have to enter the username in the text editing software, but include other dummy characters as part of the username. For instance, if the username is thamer, the user can write tyt78h99adtmrteuir (notice the word in italics and bold representing the username). Once the user has written this string of characters, the user can select the dummy character (non-italics or bold) using the mouse and delete them using the right click option accessed via right clicking on the selection. Entering the password to the password text box window will only be through dragging and dropping the username—thamer. The user must repeat the same procedure for the password and remember to use the dummy data as in the first case and then dropping the password in its textbox. The key logger will not detect the scheme, but the user will access the bank system securely.

C-5.10

Network computers can come under threat from SYN flood that maximize on the vulnerability of SYN cookie. In a networked environment, users can exploit the vulnerability of computer system to execute SYN flood that will devour system resources on the target server by using all the possible TCP connections available.

The administrator must first get the addresses of the host in the network and populate them in spoofing software. Being that the network has a massive number of IP addresses; the resulting SYN flood will be very intense. The idea is to imitate real host in the network and send connection request that will exploit SYN cookie by not completing the TCP connection, further exploiting the TPC/IP stack (Erickson, 2003). With the administrators computer (attacker) having spoofed about 64,000 IP addresses, sending TCP packets having SYN bit to the remote host will cause the web server to open numerous half TCP connections that will remain open as long as the SYN cookies are in use. With many of the SYN cookies tracking the half TCP connections, it would be very difficult for the Web server to respond to any legitimate TCP packets since the TCP flood will have exhausted all system resources such the memory and CPU cycle.

C-5.15

An attacker can spoof an IP address and perform a penetration using a spoofed IP address, but the log session can help verify the authenticity of the TCP connection. In this scenario, Johnny makes a connection to webserver in Chicago, while an IP address showing its origin in Denmark. While this is a claim that the network administrator can verify, understanding the features of the TCP connection is key to resolving this issue.

To prove that Jonny is not making a physical connection from Copenhagen, Denmark, the time taken for his computer to execute the three-way handshake is too short than what we expect. Being that Copenhagen is far from Chicago Illinois (a continent away), we expect the three-way handshake to complete in more than 10 milliseconds. Muller (2006) argues that three-way handshake in LAN often take about hundreds of milliseconds to complete and perhaps seconds in WANs. In this scenario, a valid TCP connection from Denmark should take more time than that what the log indicates. Conversely, the information on the session log hint that Johnny may be close to the webserver than he is claiming. This is because the three-way handshake completed within a short time frame that what we would expect of the connection originating from Denmark.

C-6.6

The adage human is to error affects users of computers as their actions can offer hackers with potential information on how to intrude a computer system. Dean (2010) argues that intruders can use social engineering or snooping to gain additional information about their target computers. This means that computer hackers can gain addition information from watching computer users in the day-to-day work because they can gain vital intelligence that can make their attack possible.

An intruder can watch users closely and take note of their password usage. In a typical work environment, some users may not memories their passwords. Some prefer writing them down on pieces of paper and keeping them in or on their desk. After watching a user for some time, the intruder can notice where the user keeps the files and snoop on the file. This will make the user gain access to the system easily.

Additional, the intruder can also take note of whether the user locks the computer during breaks and if not, use this time to access the computer when it is not in use. Whereas some computers lock themselves after a lapse of time, some may have a large waiting time. In such a case, the intruder may realize that the user’s computer is not locked during breaks and this can prompt the intruder to access the computer during the absence of the user.

C-6.12

Papanicolaou, Kokolakis, and Boneli (1998) explored the standard coupon collection procedure and formulated vital information about the process. To draw the right coupon, say r from the collection of coupons, the waiting time to acquire W_r will be equivalent to S_r= W₁ + W₂ + ….. + W _r where S_r is the Sample. This problem can help us identify the number of successful TCP connection that users can initiate in system. As the scenario depicts, we have a port range of 1 to 65535, which a port scanner has to select at random.

To make connection, randomly and independently, from port 1 to 65535, consider the following logic

The first port will open with the first connection, but the second distinct port (any of the remaining {65535-1} ports) will open after the port scans make c/c-1 tries. Using this information, can see that an i^th try to open a TCP port remaining (c-i+1 of the entire 65535) will require c/(c-i-1) attempts by the ports scan.

Expanding the above information gives

1 + 65535/ (65535-1) + 65535/(65535-2) + … 65535/1 and this gives 65535 ln 65535

Therefore, the TCP scanner will have 65535ln 65535 attempts to probe all ports.

C- 7.9

Ad servers have become popular vehicles for adverting and gathering of intelligence about consumers and their preferences. Whereas computer users do not expect advertisers to mine their data and use them for marketing, ad servers operation in multiple domains (more than one website) are a security threat as they can help gather significant amount of information about users.

Ad servers with the serving two different sites forms an effective configuration that can help advertisers gather information about users and possibly create profiles based on their preferences. When visiting these websites, the computer will retain a cookie from the ad server, which will possibly transmit information about the website the user visits (Parsons & Oja, 2011). Many security advocates believe that such ad serving cookies can compile user profiles by gathering information from multiple websites intruding on user privacy.

By setting the browse to reject the third party cookies, it is possible to mitigate the dangers that ad-serving cookies pose to online users. Because most of the ads serving cookies are third party cookies, rejecting them at the browser level will ensure that the user is not vulnerable to being tracked. This is a plausible solution to the problem of ad serving cookies collecting and profiling users, who visit website running their adverts.

References

Dean, T. (2010). Network+ Guide to Networks. Boston, Mass. : Cengage Course Technology.

doni coupon collector problem. Journal of Computational and Applied Mathematics, 93(2):9.5- 105.

Erickson, J. (2003). Hacking: the art of exploitation. San Francisco: No Starch Press.

Gawrock, D. & International Conference Future of Trust in Computing (2009).Future of trust in computing: Proceedings of the First International Conference Future of Trust in Computing 2008. Wiesbaden: Vieweg Teubner.

Jamrich, P. J. & Dan, O. (2011). New Perspectives on Computer Concepts 2012 Introductory. Thomson Place, Boston, MA : Course Technology Ptr 2011.

Muller, G. (2006). Emerging trends in information and communication security : international conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006. Berlin: Springer.

Papanicolaou. V. G., Kokolakis, G. E.. & Boneli. S. (1998). Asymptotics for the ran

Saltzer, J. H. & Kasshoek, F. (2009). Principles of computer system design: an introduction. Burlington, MA : Morgan Kaufmann.

References