Information Security Notes 6 - System Security
Information Security Notes 6 - System Security
Host Security
The Goals of computer security include confidentiality, data integrity, service availability.
Common attacks:
- Phishing
- Malicious code
- System vulnerability
Buffer Overflow Attacks
When a program is executed, both code and data will be copied to ram.
Heap (Kind of tree)
Heap is used to stored dynamic data.
Stack
Stack is used to stored local variables, static variables and return address
What is buffer overflow?
When copying data into a buffer, the length of the data exceeds the remaining space in the buffer. Normally, buffer overflow data will only corrupt program data and cause unexpected termination. But if someone carefully constructs the contents of the overflow data, then it is possible to gain control of the system
By Buffer Overflow Attacks, When using the unsafe strcpy/gets function, the system will blindly copy the entire data of data into the memory area pointed to by buffer. buffer has a finite length and once the data of data exceeds BUF_LEN, a buffer overflow will occur.
Overflow the buffer with malicous (shell code), overwrite the return address to the shellcode. The function will return to the shellcode instead of the function caller
Countermeasure
- Avoid using high risk API
- Measure the length of the string firest
- Compiler Assistant
SQL injection
username: "or""="
password: "or""="
Then the SQL will beSELECT * FROM Users WHERE Name = "" or ""="" AND Pass ="" or ""=""
This will always return true
Counter measure
- Write Better Program
- Data validation in front-end
- Use prepare statement in query instead
Network Security
Ping-of-death
Attackers ping a machine with a very fast rate, the server will be too busy.
It is Theoretically possible, but not realistic because the basic version of ping-of-death is not an efficient attacks.
Ping-of-death, buffer overflow
A typical ICMP packet is 64 bytes only, and do not expect packet larger than 65535(max size of ipv4). The server might encounter a buffer-overflow.
SYN Flooding
In TCP three-ways handshaking requires server to respond. The server will response a SYN-ACK to the client. We might issue a lot of SYN request to the server.
Counter measure
Both ping and SYN can be blacklisted
IP spoofing
The IP packet header stores the routing information of a packet. IP Spoofing refer to generate a fake random source IP address. That makes server cannot block SYN packet directly.
IPSec can be used to assert the correctness of IP header, but it cannot be used to prevent SYN Flooding.
Amplification Attacks with IP Spoofing
Some protocols use UDP instead of TCP connect. For example, Network Time protocol and Domain name service.
Attackers can make requests for large vlumes of replies from these service while putting the victims’s IP addresses as the source addresses.
Real life example: Prank call to a restaurant to order 10 people takeaway and ask them to deliver to a victim’s home.
DDoS - Distributed Denial of Service
Upgrade version of a DoS attack. Attackers controls a lot of devices to DoS attack the victim. Since packets are sent frm different direction, it is not easy block the packets.
Counter Measures
- Building Firewall/Intrusion Detection System(IDS)
- Challenges like Captcha
- Demilitarized zone(DMZ)
- Use(Purchase) third party sevice
DNS Poisoning
Return a fake/false entry on a DNS server.
Information Security Notes 6 - System Security
https://blog.kwunlam.com/Information-Security-Notes-6-System-Security/