IA Test 2

Computers count in ___, we count in decimal

Everything in a computer is a bunch of stuff that represents a 1 or a O and they can be sent around in

_ bits make a byte

American Standard Cod for information Interchange - Developed from telegraphi codes - most common character encoding scheme on the internet

UTF-8, UTF-16, UTF - 32

A CPU has a set of very basic instructions that it can perform, if you program directly at the level of bits and bytes, you are using machine code

If you program by using a few reserved words, you are writing code in

Higher programming languages that we use like C, C+, Java, Python are ______ or _______ meaning there are several steps to turn our code into machine language(1's and 0's) that the intruction set can use

The converstion from higher level languages to machine code introduces opportunities for ____ - ex buffer overflows

There are a lot of programers, but there are very few who understand _____ ____ completely. Developers vs. Programers

has a bunch of stuff on it, may include video and audio and networking chips. It's the 'mainboard', runs the show

runs intructions, has some really fast memory of its own to use

RAM - no power, no data

ROM - not really this anymore

The first thing your computer sees when it wakes

When building a PC start with the trinity:

a bunch of magnetric filings that represent a 1 or a 0 depdending on how they are oriented.

are formated in clusters FAT(old) or NTFS(current)

____ written to a disk may not use all of the last cluster this is called ____ ____

can include piece of old e-mails, etc. Can be used to hide data

joes cups are the clusters- writing to hard drive is like filling up cups and you only fill the last one up 1/4

Same thing as FAT with shot glasses, the clusters are smaller but there are more of them

In a disk drive this is not currently used by the operating system but still has your old stuff on it

When you delete a file, the Operating System just erases the entry in the _________ not the actual data

512 byte sector on a partitioned storage device, such as a hard drive(first sector)- tells us how the drive is partitioned, picks up after the BIOS for information on which drives has the operating system, has a unique signature - can be used to hide data, can be come infected

Why is a virus on the Master Boot Record probably the worst virus?

don't burn 1's and 0's instead burn pits and lans,

We input data with our keyboard, mouse, touch screen-->the data goes to the RAM or the hard drive or optical disk-->the CPU takes the data from the RAM and ses it to execute instructions

Data in a computer with 32 bit operating system runs along a

Data on a network connection runs along a _____ meaning that data entering and leaving the computer get queued up in memory - temp file, swap file

human misstep - inadvertant human errors, intentional, malicious flaws

computer misstep, potential failure - a coding or design error, something the designer sees

observable, enacted fault - system not performing as required, though it may be performing as specified, with wrong spevification, something the user sees

search for faluts and patch them- Not good, narrow focus on fault and not context, fault may have non-obvious effects elsewhere, fixing one problem creates others, compromised fixes to not affect system performance

not working as intended

biggest problem in security - more numerous than cyber attacks, cause more damage

Security is fundamentaly ___ programs are huge, can only test for likely causes and it is easy to hide malicious code

_____ advance faster than security techniques- we are mostly caught in reactive mode, rather than proactive

space in memory

if I reserve 6 bytes in memory for my variable and can somehow push 8 bytes to that are, two bytes will overflow into the adjacent memory location - may affect user space or use code, may affect system data or system code

if buffer overflow into ________ ,it is possible to gain control of the system - think of passing machine code into the instrcution set

is a LIFO data structure that determines the order of subprocedure calls, overflow can redirect execution to a block of malicious code

unchecked data values, what happens when we enter odd values for parm1 and parm2? Can we crash the system?

changes that occur between when access rights are checked and those rights are used- this is common exploit in client server environments, mostly sloppy programming

need to be executed: setup programs, e-mal attachments, autorun, browser helper programs

attach themselves to the front and/or end of an executable program, or integrate within the program

buried in the command portion of a document

a virus can join with its target
a virus can replace its target
a virus can change the file system pointers to itself, instead of the target

BIOS to boot sector to bootstrap loader, loader is larger than boot sector, each block of the bootstrap chains to the next block(directs the bootstrap program to the next place on the drive)

can attach to TSR programs(terminate and stay resident) can make registry entries for themselves(sneaky and hard to find/fix) can hide in macros, can hide in software libraries

like the program that itnerprets your keyboard

a byte pattern specific to a particular virus

program begins with a JUMP, fails checksum(hash), virus replaces part of the program making it non-function

hard to catch because the operating system allows them

any storage medium, address book, network, etc.

a sneaky virus, change their signature, encrypt themselves

sneaky viruses - shut themselves off, delete themselves and all traces, reinstall themselves from boot or registry, watch system calls and intercept any that might reveal themselves

use only commercial software acquired from a reliable source(ish), test all new software on an isolate computer, or a virtual machine, don't open strange attachemtns, make a disk image of your computer, make backups of your executable sytem files(stupid), use virus detectors

T/F Only Windows gets infected
True False

T/F MACS are less infected only because they are less popular
True False

T/F Linux machines are less infected only because they are less popular
True False

T/F Viruses can appear in only certain types of files
True False

T/F You can get a virus from surfing the web
True False

T/F Viruses can infect hardware
True False

Boot Sector Virus- and six other sectors marked faulty, trap interrupt 19, uses interrupt 6 - screens disk read calls so the boot sector corruption is not revealed, an early prototype virus

resource exhaustion goal, three techniques, crack password using its own file then your dictionary, overlow fingered programs, allowing shell access, use trapdoor in sendmail program, would send bootsstrap to new machine then grap the rest of itself

exploited microsoft IIS, buffer overflow, different actions on different dates, rebooted machine after a time, leaving a trojan horse in place

used in debugging, sometimes forgotten and left- sometimes left for maintenance - can be purposefully set for malicious use

The whole penny shaving thing- sounds like a good way to do hard time

rootkit discovered by Mark Russinovich - installed on autorun, prevented user from copying music CDs. killed many CD drives(process), hid all files beginning with $sys$ - without user consent, and in cooperation with antivirus vendors, uninstaller made mroe holes

incercept calls, redirecting how the computer works while hiding itself

change the hacker from a user to an admin

fake address bars, fake displays, fake everything

capture all your keystorks, and random screenshots

numbers less than the key take more time to process, the closer you get to the key, but then take a ton less time when you pass the key, so you can infer a reasonable keyspace, then brute force attack that limited area

think steganography, sending signals in the clear because folks aren't looking there

specifiy the system, design the system, implement the system, test the system, review the system, manage the system, maintain the system

is a team process, must have separation of duties(SOX)

Good Code Uses

single purpose(each module performs one function), small(cognitively easy to digest), simple (cognitively easy to digest), Independent(peforms its own task, isolated from others)

easy to maintain, easy to understand, reuse, easy to trace failure point, easy to test - don't exist as much as we like

all the module parts belong there and make sense together- it is good for this to be high

modules should be minimally dependent on other moduals as possible - low or loose is good

The ocde in a module is not affected by other modules - except specifically in documented ways that we allow and plan for - classic object-oriented concept

each module is a "black box" as viewed by other modules, they don't know what happens except that a module is asked to do something and it does the task

well written programs never assume that a program that it calls, or is called by is not corrupted- ex. rechecking or permissions, or a second concrrency control check

an operating system behavior - limit access to system resources for unknown programs

never use single vendor, look at the falibility of the microsoft office suit, avoid tight integration

peer reviews, hazard analysis, testing, good design, prediction, static analysis, configuration management, mistake analysis

Review(is this what we want to do), Walk through(demonstrating the code/program), Inspection (formal process of deciding if the code/program is good to go)

What if, think of everything that can go wrong, weigh the likelihood of each possibility, address or fix or plan for disaster

product quality is the goal

testing the module alone

is it working correctly?

is it causing system slowdown

is the customer happy? or just not unhappy

does it still work at implementation

did we break anything? set of formal repetitive tasks on all functions

does a given input give the expected output- code is hidden

trying to break the code with specific inputs - code is shown

wait for the system to fail

actively check data, build in redundancy

it will fail, we find ways to gracefully handle failures

tools, languages, methodologies

both in the code and external

peer revies, code audits

independent testing, archive testing results

control access to, and ghanes of code - who changes the code and who has admin rights

access control, identity and credential management, information flow, audit and integrity protection

Early computers were designed for ___ - executive, simple passive uitility to assist programmers - multiple users required another kind of system - monitors, actively kept users' programs separate

memory, shareable I/O devides(disks), serially reusable I/O devices(printers, tape drives), shareable programs and sub procedures, networks, shareable data

physical(sepearte printers), temporal(different times), logical(allow only certain processes), cryptographic(processes conceal their data)

Modes of sharing -do not protect

Modes of sharing - processes have their own space

Modes of sharing- share all or nothing

Modes of sharing -share with access limits

Modes of sharing - rights are dynamic

Modes of sharing - limit use

unchangeable space for system

variable space for system

only protected the system from the user not users from users- fence and fence register

moving all memory address an equal distance - relocation factor as the starting address for a program

memory and address protection -variable fence register - sets lower bound

memory and address protection sets upper bound

these registers change from one user's program to another(context switch) -protects users from users

memory and address protection - can add another set of registers these proetect the user program space from

every word or machine memory has one or more extra bit to identify access rights to that word- word is nominally 2 bytes - this is better than a ton of fences- old and uncommon

program is broken into segments with unique name - code or data in the segment is identified with the segment name and the offset within the segment

uses a segment address table for each process being executed

in the segment is identified with the segment name and the offset within the segment

separates physical memory location from lgoical memory location

each address reference passes through the o/s can be checked for protection, process can only access a segment that is in its segment translation table, different classes of data item can have different levels of protection, access rights are granted to a segment, downside is a program can reference and offset beyond the end of a segment

Paging - program is divided into equal sized

Paging - memory is divided into equal sized

like segmentation except: cannot address beyond the end of a page, changes to the program push all subsequent intructions to lower addresses, movying bytes from the end of one page to the next, this is a problem because access rights go to the page and there is no unity to the items on a page

goal to check every access, enforce least privilege, verify acceptable usage- a user can be a person, a program, or another object

simply matches users and rights with objects, list can get huge, revocation of access can be a pain, pseudonyms

each object has its own directory - allows for default rights per object, easy to maintain, objects can be grouped, and rights assigned per group, or users can have specific group access by spficiying wild cards

an unforgeable token that gives the possessor rights to an object

some objects can transfer or propagate capabilities to other objects - each process operates in a domain

the collection of objects that the process can access

uses capabilities called tickets - secured with symmetric cryptography

kerberos- authentication server(AS) ticket granting server(TGS)

You authenticate to the AS and get a ticket. You want to use a printer. Your ticket goes to TGS, and you get two tickets back - one says you are authorized to use the printer, one is for you to give to the printer

users can belong to groups, both can have permissions, requires some thinking before implementation, databases use this

all or none, files were by default, public - not a good idea, can't trust everyone, too coarse, can't handle sharing well, requires human intervention, all files can be listed

persistent permission, temporary acquire permission-program, not the executing user, gets the owner's permission set, per-object and per-user protection

we have confidence in memory protection, file protection, general object access control, user authentication

the software does and acts like it should

even when given bad or unauthorized commands, the data that the software touches is unaffected

program accesses only the secure data that it nees and doesn't pass rights or data to untrusted objects

the trust we have in a program matches the sensitivity of the data and environment

is or is not, property of the persenter, asserted based on the product, absolute, in all settings, a goal

has degrees of trustworthiness, property of the receiver, judged on evidence and analysis, relative to the context of use, a characteristic

a set of rules that lay out what is to be secured and why - a statement of the security we expect the system to enforce

a representation of the policy that the o/s will enforce

the implementation of the model and how it is to be implemented

design

features ensure all the functioanlity needed is present

our belief that the o/s is implemented in a way that enforces the secuirty policy

based on protecting classified information, secuirty levels are in hierarchy, need to know basis, projects are compartmentalized(may be in one or more sensitivity level) - Classification

not like military - no formalized clearnances, internal data is internal data, rules are not well regulated, there is no dominance function

focus is on integrity and confidentiality, activities are done in a specific, documented sequence, with each person performing a step in the sequence being authenticated, includes separation of duty

prevents conflict of interest(confidentiality), objects, company groups(aggregations of objects), conflict classes(highest level clusters for competing companies

test a policy for completeness and consistency, document a policy, conceptualize and design an implementation, chack if and implementation meets its requirements

generalized model of secuirty, military model is this, some commercial models are as well, not every pair of elements need be comparable, allows for relational logic

employs both mandatory and discretionary access control mechanisms when implementing its two basic security principles - simple secuirty property

no subject can read information from an object with a security classification higher than that po sssessed by the subject itself - no read up rule

part of the bell-lapadula model - a subject may write to an object only if its security classification is less than or equal to the object's secuirty clissification - counterintuitive but designed for confidentiatliy not integrity

simple intergity rule and integrity * property

users must not view content below their own integrity level no read down

users may not create content above their own integrity level no write up

formal system of protection rules

can be used to decide if a given subject in a system can ever obtain particular rights to an object, proves the if commands can execute multiple operations the above may not hold true

proves that we can decide if a given subject can share an object with anther- proves we can decide if a given subject can steal access to an object from another subject

A trusted system design element- least privelge

A trusted system design element- protection system should adhere to KISS

A trusted system design element- protection mechanism should not assume attackers are ignorant

A trusted system design element- every access attempt must be checked

A trusted system design element-default condition should be denial of access

A trusted system design element- access should depend on more than one condition

A trusted system design element- the less sharing of objects the better

A trusted system design element- protection systems that are hard to use won't be used

user authentication, memory protection, file and i/o device access control, allocation and access control to general objects, enforced sharing, guaranteed fair service, interprocess conmmunication and synchronization, protected operation system protection data,Identification and authenciation, MAC, and DAC, object reuse protection, complete mediation, trusted path, audit logs, audit log reduction, intrustion detection,

central authority decides who accesses what, military secuirty clearnaces

users can give and remove acces to their objects(where they are the owners)

like disk space is it cleaned after use - magnetric remeance

all accesses are checked without exception

direct communication to a ligitamate receiver

who did what when

how much to capture

actively detecting secuirty threats

assuaracne in trusted o/s secuirty kernel access to every protected object must pass through the secuirty kernel

assuaracne in trusted o/s secuirty kernel- easier to protect the security mechanisms from o/s and user penetration

assuaracne in trusted o/s secuirty kernel- all secuirty systems are performed by a single set of code

assuaracne in trusted o/s secuirty kernel changes to the security code are easier to make and test

assuaracne in trusted o/s secuirty kernel- performs one function so it is typically small

assuaracne in trusted o/s secuirty kernel- because it is small can be analyzed rigorously

collection of access controls, must be tamper proof, unable to be bypasssed, analyzable, window nt line has one

everything in the trusted operating system necessary to enforce the secuirty policy - monitors: process activiation, execution domain switching, memory protection, I/O operation, because of domain switching

combined secuirty kernel/operating system. separate security kernel

each user gets a virtual operating system

user interaction, ambiguity(isolation vs sharing) incomplete mediation, generality

hci falls outside of secuirty kernel, code is typically very complex, security may be bypassed in the interest of speed

Testing, Penetration Testing(aka tiger time analysis, ethical hacking), formal verification, validation

tiger team analysis, ethical hacking

uses mathematical models to test securit properties

making sure the software is being built to specification, implementation checks

something the user knows, has, is - a combo of these is best(multifator)

a password, kids' names, birth dates, birth places, hobbies

a card(ATM, smart card), a key(physical or electronic)

biometrics- eyes, voice, fingerprints, dna problems and privacy

shines certain wavelength of light into eyes, blood vessels absorb more light than the surrounding area, making them easy to identify, affected by diabetes, glaucoma, bloodthinning, and alcohol - has to be done at a close rance, your clone has the same retinal image

take a picture of the iris using ultraviolet light, converted into a digital templace(mathematical representation) not even your clone has the same one(randomly determinted during gestation) can be done a couple meters away

guess likely passwords for that user, search the system, search the environment, dictionary attack, rainbow tables

all the possible combinations

forcing users to create an 8 character password with at least one upper case character and one number ______ the key space

in a database we store the ___ not the password.

to make attacks more difficult we ____ the password by pre-pending a random string to the password and storing the resulting hash - rules out dictionary attacks, can be too long for dictionary attacks store this hash and this in the database

windows lan manager hash for passwords, used exclusively through windows ME, default for XP for backward cimpatibility, No SALT, challaenge:crack two 7 byte hashes- trivial

much stronger in client- server authentication, still leaves a 32 byte hash on the local computer, harder to crack but not weak with passwords

LM and NTLM hashes are stored in

PWDump, Rainbow Crack, John the Ripper, Cain and Abel, OPHcrack

piggybacking and should surfing, dumpster diving, installing unauthorized hardware and software, access by non-employees, social engineering, reverse social engineering

the tactic of closely following a person who has just used an access card or pin to gain physical access to a room or building

a procedure in which attackers position themsleves in such a way as to be able to observe the authorized user entering the correct access code

attackers need some information before launching an attack, a common place to find this info is to go through the target's trash,

if the attackers are lucky and the target's secuirty procedures are very poor attackers may find userids and passwords, manuals of hardware or software purchased may also provide a clue as to waht vulnerabilities might be present on the target's computer systems and networks

"The best way to prepare to write a programs, and to study great programs that other people have written. In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating systems."Who said it?

Organizations should have a policy to restrict normal users from installing ____ and ___ on their systems. communication software and a modem may allow individuals to connect to their machines at work using a modem from home, this creates a backdoor into the network and can circumvent all the other security mechanisms

If an attacker gains access to a facility, there are chances of obtaining enough information to penetrate

the attaacker deceives to obtain privleged information, convince the target to do something that they normally would not

is successful because of the basic human nature to be helpful and that individuals normally seek to avoid confrontation and trouble

the attacker hopes to convince the target to initate contact, the attack may be successful because of this and because they might not have to convince target of authenticity

methods of social engineering

people are not only the biggest problem and secuirty risk but also the best tool to defend against these attacks

organizations must fight social engineering attacks by establishing ____ that define rolds and responsibilities for all users and not jsut security personnel