Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 (Part 1) Network Security

Published byDwight Glenn Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 (Part 1) Network Security"— Presentation transcript:

1 Chapter 3 (Part 1) Network Security
Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code

2 In this Section Programming errors with security implications
Malicious Code Program Development and Controls Controls to protect against flaws in execution Programs (lots of them)have errors How do we keep programs from flaws? How do we protect computing resources against programs that contain flaws?

3 Secure Programs What is a secure program?
Everyone has there own requirement of secure. Part of assessing software quality Does it meet security requirements in specification? (is requirements complete?) In general, we often look at quantity and types of faults for evidence of security (or lack of it). We track these things.

4 Who’s Fault is it? Finding lots of faults in software early.
NOT GOOD. Early approaches were “Penetrate” and then “Patch” Repairing with a patch is a narrow focus and not the more important requirements. Patches can cause other problems. Non obvious side effects Fix one places – fails another Performance or function suffers

5 Types of Flaws Validation error (incomplete or inconsistent): permissions checks Domain error: controlled access to data Serialization and aliasing: program flow order Inadequate identification and authentication: basis for authorization Boundary condition violation: failure on first or last case Other exploitable logic errors

6 Unexpected Behavior Unexpected behavior is a program security flaw.
Does the program behave as it was designed? Behavior can be: Vulnerability (class of fault) Flaw (fault or failure) Flaw (human) Inadvertent Intentional

7 Nonmalicious Program Errors
Buffer Overflows Excess information provided – overfilling the bucket Buffer – space in which data is held (array or string) char sample[10] or char sample[i] For (i=0; I<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’;

8 Figure 3-1  Places Where a Buffer Can Overflow.

9 Nonmalicious Program Errors
Incomplete Mediation Supplying the wrong type of data being requested. Supplying the wrong length of data being requested. Problem System Fails Supply of Bad Data Must be checked by programmer Client side verses Server Side Time-of-Check to Time-of-Use Errors Old bait-n-switch

10 Viruses and Other Malicious Code
Why worry about it? Harm What is it? Unexpected or undesired effects in program or data caused by an agent intent on damage. Agent is the writer of the code Mistakes are not malicious (human error) Virus – program that replicates itself to other programs by altering the program code. Transient virus – runs when host runs Resident virus – resides in memory (active as a stand alone)

11 Logic Bomb – only on a condition Time bomb – only at certain time
Trojan Horse – in addition to primary effect, has a second, non-obvious malicious effect. Passwords Logic Bomb – only on a condition Time bomb – only at certain time Trapdoor (backdoor) – other means of privileged access; intentional and non-intentional Worm – spreads virus via network Rabbit – replicates to exhaust recourses Viruses can append, surround and integrate

12 Figure 3-4  Virus Appended to a Program.

13 Figure 3-5  Virus Surrounding a Program.

14 Figure 3-6  Virus Integrated into a Program.

15 Figure 3-7  Virus Completely Replacing a Program.

16 Viruses (Continued) Document Virus
Within the format of a document Macro Virus Appealing Qualities for Virus Writers Hard to detect Not easily destroyed Spreads widely Re-infects easily Easy to create Machine and OS independent

17 Viruses (Continued) Where do they live?
One-Time Execution Virus – come in on ; these are popular Boot Sector Virus From the bootsrap (bootup); bootse ctor of the hard disk

18 Viruses (Continued) Where do they live? Memory-Resident Viruses
Terminate and Stay Resident (TSR) Infects Windows System Registry to reload Applications Macros Scripts Libraries Images Documents

19 Viruses (Continued) Virus Signatures
Viruses are no completely invisible They all leave a signature pattern (DNA) Patterns are found with Virus Scanners Virus patterns Always at same location Top of file location File size grows Strange code; jump statements Hash or checksum change (later chapters)

20 Figure 3-9  Recognizable Patterns in Viruses.

21 Viruses (Continued) Transmission Patterns
Polymorphic Virus – every changing virus Encrypting Virus – tries to hide Prevention Commercial software applications Test all software Opening attachments Make system images Keep copies of executable files and data files Virus Detection Software

22 Viruses (Continued) Truths and Misconceptions about Viruses
Viruses infect only Windows (False) Viruses can modify “hidden” or “read-only” files (True) Files only appear in executable files (False) Viruses spread only on disks or only through (false) Viruses cannot remain in memory when power is off (True/False) Viruses can not infect hardware. (True/False) Viruses can be malevolent, benign or benevolent (True)

Download ppt "Chapter 3 (Part 1) Network Security"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
CPSC 6126 Computer Security Information Assurance.

CPSC 6126 Computer Security Information Assurance.
Week 5 - Wednesday.  What did we talk about last time?  Attacks on hash functions.

Week 5 - Wednesday.  What did we talk about last time?  Attacks on hash functions.
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
Last time Program security Flaws, faults, and failures

Last time Program security Flaws, faults, and failures
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Similar presentations

Ads by Google