Presentation is loading. Please wait.

Presentation is loading. Please wait.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Published bySuzanna Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "3-Protecting Systems Dr. John P. Abraham Professor UTPA."— Presentation transcript:

1 3-Protecting Systems Dr. John P. Abraham Professor UTPA

2 Hardening Operating System 3 pronged approach: ◦ operating system updates, ◦ Protect against buffer overflows, ◦ configuring operating system protections

3 Operating System updates  Security Patch: Covers discovered Vulnerabilities  Turn on automatic updates  Hotfix – specific to a customer situation  Service Pack – Cumulative security patches and other software updates.  Designate one server within your organization as the patch update service

4 Buffer Overflow Protection Corrupts system memory and causes freezing May change the return address (from a routine) to a different one where the malware is residing. Programmers should write defensive programming. Show the textbook to the students. ◦ For windows based programming use: Data execution prevention(DEP) and Address Space Layout Randomization (ASLR)

5 Defensive programming Microsoft environment Data Execution Prevention (DEP) ◦ DEP is available in VISTA and beyond ◦ Designated memory only to hold data not code (No eXecute NX bit associated with the memory). Buffer overflow redirection would not work within a NX memory. ◦ Programmers can turn on this feature. Address Space Randomization (ASLR). ◦ Each time Vista.. Is rebooted.EXE and.DLL are loaded randomly into 256 possible locations. Attackers find it difficult to work with unpredictable code locations.

6 Configuring Operating System Protection Security Policy ◦ A document that clearly defines the defense mechanisms an organization will employ in order to keep information secure. ◦ Configuration baseline – permissions on files, registry permissions, logins, authentications, etc. You may want to create a Security template to handle it. ◦ Deployment – individually or by group policy

7 Preventing Attacks that Target Web browser Attacks through cookies, scripts, Java, ActiveX and cross-site scripting. Attacks through cookies, scripts, Java, ActiveX and cross-site scripting.

8 Cookies information about visits saved on user’s computer. First party cookie is created by the site that the user is currently viewing. Third- party cookies are cookies created by some one else is accessed in a current visit to a different site. information about visits saved on user’s computer. First party cookie is created by the site that the user is currently viewing. Third- party cookies are cookies created by some one else is accessed in a current visit to a different site. Cookies do not present a security threat, but is a privacy risk. Track browsing habits, etc. Also provides IP address. Cookies do not present a security threat, but is a privacy risk. Track browsing habits, etc. Also provides IP address.

9 Scripts (Java, VB, etc.) Web pages containing scripts download the scripts to the computer and is executed. The program can send information about the user to a host. Scripts can’t access files on the computer, so limited risk exists. Web pages containing scripts download the scripts to the computer and is executed. The program can send information about the user to a host. Scripts can’t access files on the computer, so limited risk exists.

10 Java Java can create applets that run on local computers. Defense against hostile jave applets is a Sandbox (a fence). Unsigned java applet does not come from a trusted source and must be run within the sandbox and gives warning to the users. If users do not read the message, or understand the risk, it can cause serious trouble. Sandbox warnings are given at the bottom left. Signed java applets are from trusted sources and have not been altered. Java can create applets that run on local computers. Defense against hostile jave applets is a Sandbox (a fence). Unsigned java applet does not come from a trusted source and must be run within the sandbox and gives warning to the users. If users do not read the message, or understand the risk, it can cause serious trouble. Sandbox warnings are given at the bottom left. Signed java applets are from trusted sources and have not been altered.

11 ActiveX – Add-ons framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language. A software application can then be formed from one or more of these components in order to provide its functionality. They do not run in a sandbox. It can do anything on the computer such as creating, modifying and deleting files. A signed ActiveX control is generally safe. Unsigned is riskier. framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language. A software application can then be formed from one or more of these components in order to provide its functionality. They do not run in a sandbox. It can do anything on the computer such as creating, modifying and deleting files. A signed ActiveX control is generally safe. Unsigned is riskier.

12 Cross Site Scripting (XSS) Scripts that extract information from victim and pass it to the attacker. Scripts that extract information from victim and pass it to the attacker. Changes contents of dynamic websites and injects a script into it that asks for personal information through input validation. Changes contents of dynamic websites and injects a script into it that asks for personal information through input validation. A web site that displays bad login screens with login name is a good one for these types of attacks. A web site that displays bad login screens with login name is a good one for these types of attacks. It could send a URL to click It could send a URL to click

13 SMTP Open Relays A user can set up a email receiving address and a sending address. Usually they are the same like pop.dia.sbc.net and smtp.dia.sbc.net. Some smpt servers are configured to sned mail through other domains (known as relays). An attacker can send spam through such relays without getting caught. A user can set up a email receiving address and a sending address. Usually they are the same like pop.dia.sbc.net and smtp.dia.sbc.net. Some smpt servers are configured to sned mail through other domains (known as relays). An attacker can send spam through such relays without getting caught.

14 Instant Messaging Once a user signs up with the instan message server, the client’s IP and port is sent to all buddies and communication can take place directly. With direct connection virus and worms can be spread. Attacker can also view contents of messages. Once a user signs up with the instan message server, the client’s IP and port is sent to all buddies and communication can take place directly. With direct connection virus and worms can be spread. Attacker can also view contents of messages.

15 Peer-to peer All types of attacks can take place through P2P networks. BitTorrent is more secure than P2P. However, both can be used to download illegal software or music. All types of attacks can take place through P2P networks. BitTorrent is more secure than P2P. However, both can be used to download illegal software or music.

16 Defenses Antivirus – always a step behind, update with definition files. Antivirus – always a step behind, update with definition files. Pop-up blockers. Now incorporated into the browser. Pop-up blockers. Now incorporated into the browser. Anti-spam. Spam filter with smtp server. Install spam filter with pop3 Anti-spam. Spam filter with smtp server. Install spam filter with pop3 Personal firewals. Personal firewals. Host Intrusion Detection systems (HIDS) monitoring files systems and logfiles. Host Intrusion Detection systems (HIDS) monitoring files systems and logfiles.

Download ppt "3-Protecting Systems Dr. John P. Abraham Professor UTPA."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google