#TC2720 Review

--Originally published at Mental Droppings of a Tired Student

I took this course as part of my optional courses, I was always interested in computing from a security standpoint. I was not disappointed by the format of this class, I felt comfortable blogging right away, however I was approached by a couple of my classmates who asked me for advice on blogging. I am aware that not everyone was comfortable with this style of learning which is why I have a couple of suggestions.

  1. Some of the blog posts I made were really “researchey” because the topic is quite technical. Perhaps to avoid these from being too formal or a mere copy paste of information sources, we could have activities on which a student documents what he or she did and writes a couple of notes/opinions/questions about the activity.I think having activities will make the people who don’t like blogging get into it by sharing what they’ve done or their code.
  2. I think open source should be a mastery topic
  3. Perhaps having the first two classes an introduction to blogging for those who are less than thrilled to write posts. Maybe have a look at examples to get them inspired.
  4. Ethics in computing security should be a mastery topic (Uncle Bob’s talk sparked some debate action in class)
  5. We shouldn’t be able to have our laptops open in class unless we’re doing an activity. Each class could be dedicated to looking at material related to the next mastery topic so that the students know where to look/ find good resources /maybe even get inspired.
  6. I think the activities should be included in the rubric

 


Open Source

--Originally published at Mental Droppings of a Tired Student

When I started this blog I was wondering if I actually understood the concept of open source. That’s the beauty of crippling self doubt, ir forces you to research before even getting into a topic.

I usually start off with a dummy proof simple explanation. The following video provided this insight beautifully, using the metaphor of a cookie recipe.

As a student within the technology spectrum, I’ve used various open source programs. Here is a list of some of the ones I remember using at some point:

  • Mozilla Thunderbird – email client
  • Apache — the most popular web server
  • Moodle — a free and open-source learning management system
  • PuTTY — terminal (ssh, telnet, serial)
  • OpenOffice-Replaces Microsoft Excel and Microsoft PowerPoint
  • VLC Media Player
  • Audacity

 


Network Security (Mastery 17)

--Originally published at Mental Droppings of a Tired Student

This semester I took a Wireless Network class, I learned about security within a network and common attacks.

MITM

A Man-In-The-Middle (MITM) attack is achieved when an attacker poisons the ARP cache of two devices with the (48-bit) MAC address of their Ethernet NIC (Network Interface Card). Once the ARP cache has been successfully poisoned, each of the victim devices send all their packets to the attacker when communicating to the other device. This puts the attacker in the middle of the communications path between the two victim devices; hence the name Man-In-The-Middle (MITM) attack. It allows an attacker to easily monitor all communication between victim devices.

The objective of this MITM attack is to take over a session. The intent is to intercept and view the information being passed between the two victim devices.

Three (3) scenarios were used for the MITM attack. They were as follows:

mitm

ARP (Address Resolution Protocol) Poisoning, A.K.A. Man-In-The-Middle (MITM), is a very effective attack if proper mitigation techniques have not been implemented. As the MITM attack requires the attacker to be on the same network as the intended victims, an attack would need to be initiated from the inside of the network. With the Ettercap tool being publicly available, and versions that run on both Windows and Linux based operating systems, most network could be susceptible to this attack if mitigation techniques were not in place.

How to protect your network

By using the DHCP Snooping and Dynamic ARP Inspection (DAI) features, multiple types of Layer 2 attacks, including the ARP Poisoning (MITM) attack can be stopped.

DHCP Snooping is a security feature capable of intercepting DHCP messages crossing a switch and blocking bogus DHCP offers. DHCP Snooping uses the concept of trusted and untrusted ports. Typically, the trusted ports are

mac
Continue reading "Network Security (Mastery 17)"

Operating System Security (Mastery 16)

--Originally published at Mental Droppings of a Tired Student

When you think about security in your operating system, the common notion is that windows is trash, Linux is extremely safe but very few users actually use Linux, and mac is quite safe but their price points aren’t always budget friendly.

But it was a cold day in hell when a huge vulnerability was discovered in an operating system that is pretty much one of the safest available.

Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory. The changes are then committed to storage, allowing a non-privileged user to alter root-owned files and setuid executables – and at this point, it’s game over.

While the flaw is not by itself a gravely serious or uncommon condition – Microsoft fixes priv-esc bugs in Windows practically every month – this vulnerability could prove particularly troublesome: it has been present in the Linux kernel since version 2.6.22 in 2007, and it is very easy to reliably exploit. We’re told it is also present in Android, which is powered by the Linux kernel.

How did it all go wrong?

Copy-on-write is used to streamline the memory management in an operating system. Among other things, it allows running programs to share common data in memory until one of them wants to privately alter that data. At that point the kernel copies the data to another page in memory so just that one process can affect it – hence the name, copy-on-write (CoW).

The exploit works by

Continue reading "Operating System Security (Mastery 16)"

Security Policies

--Originally published at Mental Droppings of a Tired Student

Information security is all about keeping corporate information safe. Policies address the requirement to protect information from disclosure, unauthorized access, loss, corruption and interference and are relevant to information in both electronic and physical formats.

As we had seen in a previous post, information security can be defined by three things:

  • Confidentiality – information must not be made available or disclosed to unauthorized individuals, entities, or processes
  • Integrity – data must not be altered or destroyed in an unauthorised manner, and accuracy and consistency must be preserved regardless of changes
  • Availability – information must be accessible and useable on demand by authorised entities

 

Documented Policies and procedures take the guess work out of information security and enable an organisation to manage business risk through defined controls that provide a benchmark for audit and corrective action.

Without documented policies and procedures each and every employee and contractor will act in accordance with their own perception of acceptable use and system management will be ad-hoc and inconsistent.  Staff will be unaware whether they are acting within the organisation’s risk appetite or not.

Security attacks against organisations are increasing both in number and sophistication and we must ensure our systems can be protected against these threats. The first step in achieving this is to document the rules and guidelines around system management, operation and use. By complying with these rules and guidelines organisations are doing everything they can to protect their systems and their people from a security threat.

In closing, it is important to also recognize that effective information security policies protect the staff as much as the organisation.

References:

[1]-http://mpa.co.nz/problem-solved/professional-services/why-are-it-policies-important/

 

 


Classic Security Architecture Models

--Originally published at Mental Droppings of a Tired Student

A security model is a specification of a security policy it describes the entities governed by the policy, it states the rules that constitute the policy.

There are various types of security models:

  • Models can capture policies for confidentiality or for integrity.
  • Some models apply to environments with static policies, others consider dynamic changes of access rights.
  • Security models can be informal, semi-formal, or formal.

Model vs Policy

A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques that are necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are then mapped to system specifications, and then developed by programmers through programming code.

For Example, if a security policy states that subjects need to be authorized to access objects, the security model would provide the mathematical relationships and formulas explaining how x can access y only through the outlined specific methods
A security policy outlines goals without regard to how they will be accomplished. A model is a framework that gives the policy form and solves security access problems for particular situations.

Read more about secuirty policies in my next post.

Here are three classic security architecture models:

Lattice Models

  • A lattice is a mathematical construct that is built upon the notion of a group.
  • A lattice is a mathematical construction with:
    • a set of elements
    • a partial ordering relation
    • The property that any two elements must have unique least upper bound and greatest lower bound

A security lattice model combines multilevel and multilateral security Lattice elements are security labels that consist of a security level and set of categories.

State Machine Models

In state machine model, the state of a machine is captured in order to verify the security

Continue reading "Classic Security Architecture Models"

Risk Assessment Methodologies (Mastery 7)

--Originally published at Mental Droppings of a Tired Student

In all types of engineering, sophisticated risk assessments are often used  within companies when it concerns threats to life, environment or machine functioning. The nuclear, aerospace, oil, rail and military industries have a long history of dealing with risk assessment. Medical, hospital, social service and food industries control risks and perform risk assessments on a continual basis. Methods for assessment of risk may differ between industries and whether it pertains to general financial decisions or environmental, ecological, or public health risk assessment.

Risk assessment is the determination of quantitative or qualitative estimate of risk related to a well-defined situation and a recognized threat. Quantitative risk assessment requires calculations of two components of risk:

  • The magnitude of the potential loss (L)
  • The probability (p) that the loss will occur.

An acceptable risk is a risk that is understood and tolerated usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.

Part of the difficulty in risk management is that both the quantities by which risk assessment is concerned (potential loss and probability of occurrence) can be very difficult to measure. The chance of error in measuring these two concepts is high.

ok

The following methodologies that are commonly used by security
practitioners and consultants for risk assessment:

  • Asset Audit
  •  Pipeline Model
  •  Attack Tree

Asset Audit

The asset audit approach is an easy-to-use and straightforward method for
assessing risks by giving the reviewer and owners a direct approach of looking at
all the information assets and their risk exposure. The people involved in the
asset audit process also obtain a better understanding of how information flows
in and out of, as well as, is stored on the system. With this knowledge and insight
of the system and the information flow, the reviewer can have

Continue reading "Risk Assessment Methodologies (Mastery 7)"

Apache: What I did today

--Originally published at Mental Droppings of a Tired Student

This is what I did to build an Apache installation in my directory on the server.

wget http://ftp.wayne.edu/apache//httpd/httpd-2.4.23.tar.gz
gzip -d httpd-2.4.23.tar.gz
tar xvf httpd-2.4.23.tar

cd /home/a01225670/httpd-2.4.23
mkdir /home/a01225670/apache2
./configure –prefix=/home/a01225670/apache2
make
make install

cd /home/a01225670/apache2
vi /home/a01225670/apache2/conf/httpd.conf

# Look for the line that says Listen 80 in the conf file and change it to whatever higher port number you choose I’m using 5000

# Start the daemon
/home/a01225670/apache2/bin/apachectl -k start

 

netstat -an | grep 5000
lsof -i:5000

References:

http://stackoverflow.com/questions/3940909/configure-apache-to-listen-on-port-other-than-80/34536957#34536957

 


What makes people click? (Mastery 13)

--Originally published at Mental Droppings of a Tired Student

I’m sure if you’ve snooped around the web enough you’ve seen click bait advertisements, or even opened a suspicious link. I’ve lost count of how many tool-bar laden browsers I’ve seen, or how many people have asked me “Why is my computer so slow?”.

Continue reading "What makes people click? (Mastery 13)"