COMPUTER AND NETWORK SECURITY OF TROJAN HORSE

QUESTION

C-1.5

Suppose that you are a computer virus writer; hence, you know that you need to store a copy of the code for your virus inside the virus itself. Moreover, suppose you know that a security administrator is also aware of this fact and will be using it to detect the presence of your virus in operating systems files, as described in the previous problem. Explain how you can hide the embedded copy of your virus so that it is difficult for the security administrator to find it

 

C-1.9

Benny is a thief who tried to break into an Automated teller machine (ATM) using a screwdriver, but was only able to break five different keys on the numeric keypad and jam the card reader. At which point he heard Alice coming, so he hid. Alice walked up, put in her ATM card, successfully entered her 4-digit PIN, and took some cash. But she was not able to get her card back, so she drove off to find help. Benny then went back to the ATM, and started entering numbers to try to discover Alice’s PIN and teal money from her account. What is the worst-case number of PIN’s that Benny has to enter before correctly discovering Alice’s PIN?

 

C-1.20

Describe a good solution to the problem of having a group of students collaborate on a software construction project using the directory of one of the group members in such a way that it would be difficult for nonmembers to discover and would not require the help from a system administrator, assuming that the only access rights the group leader can modify are those for ‘everyone’. You may assume that access rights for directories are ‘read’ , ‘write’, and ‘exec,’ where read means the files and subdirectories in that directory can be listed , “write” means members of that directory can be inserted, deleted , or renamed, and “exec” on a directory or subdirectory means that user can change his location to that directory or subdirectory so long as he specifies its exact name.

 

C -2.4

A group of n red pirates and group of n blue pirates have a shared treasure chest and one unique lock and key for each pirate. Using hardware that is probably already lying around their two ships, they want to protect the chest so that any pair of pirates, one red and one blue, can open the chest using their two locks and keys, but no group of red or blue pirates can open the chest without having at least one pirate from the other group. How do they set this up?

 

 

C-2.9

A variation of the following biometric authentication protocol was experimentally tested several years ago at immigration check-points in major U.S. airports. A user registers in person by showing her credentials (eg: passport and visa) to the registration authority and giving her fingerprint (a “palm print” was actually used) the registration authority then issues to the user a temper-resistant smartcard  that stores the reference fingerprint vector and can execute the matching algorithm. The checkpoint is equipped with a tamper resistant admission device that contains a fingerprint reader and a smartcard reader. The user inserts her smartcard and provides her fingerprint to the device. Which forwards it to the smartcard? The smartcard executes the comparison algorithms and outputs the result (“match.” Or “no match”) to the device, which admits or rejects the user accordingly. Clearly, an attacker outputs “match” shows how to modify the scheme to make it more secure. Namely, the admission device needs to make sure that it is interacting with a valid smartcard issued by the registration authority. You can assume that the smartcard can perform cryptographic computations and that the admission device knows the public key of the registration authority. The attacker can program smartcards and is allowed to have an input-output interaction with a valid smartcard but cannot obtain the data stored inside it.

C-2.12

Consider the following security measures for airline travel. A list of names of people who are not allowed to fly is maintained by the government and given to the airlines; people whose names are on the list are not allowed to make flight reservations. Before entering the departure area of the airport, passengers go through a security check where they have to present a government –issued  ID and a boarding pass , which is scanned to verify the reservation. Show how someone who is on the no-fly list can manage to fly provided boarding passes can be printed online. Which additional security measures should be implemented in order to eliminate this vulnerability?

C-3.2

Alice has a picture-based password system, where she has each user pick a set of their 20 favorite pictures, say , of cats , dogs , cars , etc. to login, a user is shown a series of pictures in pairs-one on the left and one of the right. In each pair, the user has to pick the one that is in his set of favorites. if the user picks the correct 20 out of the 40 he is shown (as20 pairs), then the system logs him in. Analyze the security of this system, including the size of the search space. Is it more secure than a standard password system?

C- 3.5

On unix systems, a convenient way of packaging a collection of files is a Shell Archive, or shar file. A shar file is a shell script that will unpack itself into the appropriate files and directories. Shar files  are created by the shar command. The implementation of the shar command in a legacy version of the HP-UX operating system created a temporary file with an easily predictable filename in directory /tmp. This temporary file is an intermediate file that is created by shar for storing temporary contents during its execution. Also , if a file with this name already exists, then shar opens the file and overwrites it with temporary contents during its execution. If  directory /tmp allows anyone to write to it , a vulnerability exitst . an attacker can exploit such a vulnerability to overwrite a victims file.

1)      What knowledge about shar should the attacker have?

2)      Describe the command that the attacker issues in order to have shar overwrite an arbitrary file of a victim (HINT : the command is issued before shar is executed)

3)      Suggest a simple fix to the shar utility to prevent the attack. Note that this is not a setuid question.

SOLUTION

1.    Introduction of Computer and Network Security

The method of protecting your computer or your network from unauthorized users and spam by using different types of software or hardware is known as computer security. The violation of computer and network security occurs due to unauthorized access by any party. Computer security is vital for every organization to avoid hostile software or intruders damages. Many forms of damages can take place due to lack of security. Let’s see few types of damages:

  • Damage of computer system
  • Damage of internal data.
  • Loss of sensitive information.
  • Sensitive information can be used against the organization’s clients. It may result in loss of customers and legal action by customers against the organization.
  • Damage the reputation of an organization.

2.    Importance of Computer & Network Security

Computer security is essential to keep your computer network safe and running without interruption of intruders. It offers the opportunity to the users to protect their important information present on the network and also in the system. Moreover, it helps in network monitoring and protects it from different threats. It defends the computer system against several destructive technologies and protects your PC from damage. Therefore, it is vital to use computer security solution on some level to protect our data from several stolen problems. Computer and network security is essential for these three reasons:

  • To avoid damage or theft of  the hardware
  • To avoid damage or theft of the information
  • To avoid disruption of services

Many types of software are available today that can be used to protect different types of information and the data storage on the drives of the computer. These software programs are quite helpful in detecting different types of virtues, spy wares, Trojans, Ad wares and many other malware that can damage computer data and network stability. After the detection, the viruses and malware can be removed from the network or from the hard drive. Computer security software first help in detecting the viruses and malware then remove these viruses from the network or from the hard drive.

3.     Types of Computer Security

Risks of computer security include virus, malware and spyware. Types of computer security are completely based on protecting the computer from these risks. These are some common types of computer security [ (Kumar, 2011)]:

  • Computer Network Security
  • Computer System Security
  • Computer Information and Data Security

3.1.        Computer Network Security

Computer Networks have become an integral part of every organization due to offering free-flow of data and services to the authorized users. However, networks also create security threat in case of unauthorized access when hackers access the data by providing the correct user name and password. Computer network security can be disrupted in the following ways:

3.1.1       Denial of Service

Denial-of-service is one of the most common ways of disruption performed by hackers. In such cases hackers disable the whole network of an organization and make computer resources unavailable to its proposed users. To perform this kind of attack, hackers usually submerge a network or the access routers with false traffic. Moreover, they try to disturb the connections between two machines and prevent the users from accessing a service. [ (Georgieva, 2009)]

3.1.2       Trojan horse

Trojan horse attacks are quite common and create one of the most serious threats to computer security. Trojan horse is malicious and security-breaking program that masquerades as a benign application. For example, when you want to download a movie and click on download button, you allow running a dangerous program that erases your disk, or sends your credentials to a stranger and allow that stranger to hijack your computer to perform illegal denial- of- service attacks. Trojan horse is a valuable tool for those hackers who want to smash into private networks. They usually connect Trojan horse to a file which activates a virus or remotely controlled software, and the hackers get a complete control over the computer. [ (Lo, 2006)]

3.1.3       Viruses and Worms

Viruses and worms are quite famous for their harsh behavior and the nature of reproduce themselves. Basically, viruses and worms are small computer programs, written by hackers and computer geniuses. They amend the way a computer operates without the permission of the user. Some viruses and worms are planned to damage the computer by damaging programs, reformatting the hard disk, or deleting files. Some don not perform any damage, but they reproduce themselves and make their presence known by presenting text, audio and video messages.

3.1.4       Sniffing

Many network communications happen in an unsecured format which allows a hacker to eavesdrop or interpret the traffic. The process of eavesdropping to your communications by a hacker is known as sniffing or snooping. Monitoring to an eavesdropper is the biggest security problem that an administrator faces in an organization.

3.2.        Computer System Security

The security of computer hardware and its components is very important for overall data protection. If a user does not lock his computer before taking a short break, meanwhile other person can easily get access to the hard disk and can use it later on other computer for data theft. Therefore, it is recommended to program the computer to auto-lock after a few minutes of inactivity, especially if it contains some important or confidential information. For instance, in Windows OS you can set a password and set the properties to ask for the password when the screen saver is removed. Still, it is a good habit to lock your computer every time you take break. [ (Kumar, 2011)]

3.3.        Computer Information and Data Security

A network failure or a hard disk drive crash is never predictable [ (Harris, 2007)]. Therefore, it is essential to avoid data and information loss if such conditions occur. Always keep backups of all your important data on CD-ROM, magnetic tapes, external hard disks, etc. It is a good practice to take backups on at least two different devices so that in the situation of disk crash, you can restore the information from the backup media onto the new disk. These devices should be kept at a safe and secured place, as your information may be confidential. As the technical issues can occur anytime, it is better to take regular backups in order to avoid any loss of important data.

4.    Important Terminology of Computer Security

Computer security is completely based on the following three terms:

  • Authentication
  • Authorization
  • Confidentiality

4.1          Authentication

Authentication is the process of verifying a user’s identity. In other words, authentication is the act of verifying a person and is usually applied through a combination of username and password when logging into a computer system or application. The correct identification of a person is vital for protecting and maintaining the integrity. [ (Vemuri, 2007)]

4.2          Authorization

Authorization is the method of determining which permissions a user or system is supposed to have. Due to authorization, a user can access only those resources which are appropriate to that user’s identity. In multi-user computer system, a system administrator grants the permission to the users to access system, as well as he defines the privileges of use for which they are eligible.

4.3          Confidentiality

Confidentiality refers to providing information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones. Confidentiality is quite helpful in protecting confidential documents from excessive use and also help in reducing theft of documents.

5.    Methods to Improve Computer & Network Security

There are many different methods are available which can be used to provide the protection to your computers and networks [ (O’Reilly, 2009)]. Some of the important components that are useful to protect your computer from unwanted and malicious software or hackers are listed below.

5.1          Firewall

Firewall is one of the most important tools that are used to protect the computers from various kinds of network and internet threats. They keep the data safe from accepting the fraudulent threats and different types of viruses [ (Stoddard & Thomas, 2012)]. However, they are different from antivirus, but prevent unauthorized programming scripts. Firewalls works automatically while communicating with network’s sources like network computers, client computer, private networks, internet, etc. By default firewall a part of computer system and provided by the software manufacturers such as windows firewall. But users should be well-aware from its installation and configuration procedures in order to improve computer security. In addition, they should know the importance and uses of the firewall.

5.2          Antivirus Software

Antivirus software programs are used to detect, remove and secure files that are infected with computer viruses, malwares, and spywares. Always use the right and the recommended antivirus software that have ability to protect your computers form different types of viruses and also have the facility to identity theft. Install those antivirus programs that can detect and remove the latest security threats. It is very important to install antivirus software properly and also update it on daily basis. Generally, anti-virus companies release weekly updates of their databases to keep your system safe. These updates are known as virus signatures or definition files. Your antivirus software uses these weekly files to discover newly discovered viruses. Basic antivirus software programs normally perform the memory resident scan, the system or file scan, and automated updater. [ (Mirzamani, 2011)]

5.3          Spam Filters

Anti-spam software ensures your privacy and blocks unwanted emails. Therefore, users receive only approved emails into their inbox. Spammers constantly invent new techniques to trap the filters, and anti-spam software developers try not to neglect it. Most anti-spam software can be customized as per your requirements. Anti-spam software programs delete the spam before it reaches the inbox. Some anti-spam solutions have the ability to take the decision about spam messages on the basis of the sender’s email address, subject lines and the message content. Some anti-spam programs have the facility to block the emails with various types of attachments. Generally, all anti-spam solutions catch and delete spam emails before they arrive into your inbox.

5.4          Anti-Spyware

Spyware is a method of gathering information about a person or organization without informing them. If we talk about internet, spywares are programs that locate in someone’s computer to secretly collect the information about the user and communicate it other interested parties. They can enter in a computer as a software virus or due to the installation of a new program. Therefore, anti-spyware programs are must if you are browsing the internet. They perform an excellent job by identifying and removing the spyware promptly. When you install anti-spyware software, do not forget to enable automatic update feature. Moreover, at the time of buying a good anti-spyware program, make sure to check that the program works properly on your Operating System [ (John, 2009)].

5.5          Password

Always use the strong username and the password to protect your email accounts and important information available in your system. Never choose passwords that are based on personal information like your name, date of birth, etc. If you do so your passwords could be accessed or easily guessed. Always surf the internet under the rules and regulations of the administration and block the cookies because they can infect the system.

6.    References

Georgieva, T 2009, Types of Denial of Service (DoS) Attacks, Viewed 28 April 2012, <http://tsveti-georgieva.suite101.com/types-of-denial-of-service-dos-attacks-a143019>.

Harris, R 2007, How data gets lost, Viewed 28 April 2012, <http://www.zdnet.com/blog/storage/how-data-gets-lost/167>.

John, G 2009, Advantages of Antispyware Programs, Viewed 29 April 2012, <http://ezinearticles.com/?Advantages-of-Antispyware-Programs&id=3175106>

Kumar, A 2011, Understanding Computer Security – Types of Computer Security, Viewed 28 April 2012, <http://www.brighthub.com/computing/smb-security/articles/61722.aspx>.

Lo, J 2006, Trojan Horse Attacks, Viewed 28 April 2012, <http://www.irchelp.org/irchelp/security/trojan.html>

Mirzamani, M 2011,  Some Benefits of Using Antivirus Software. Viewed 29 April 2012, <http://www.desktopclass.com/education/computer-it/some-benefits-of-using-antivirus-software.html>.

O’Reilly, D 2009, Five simple PC security tips, Viewed 29 April 2012, <http://news.cnet.com/8301-13880_3-10235339-68.html>.

Stoddard, D & Thomas, T 2012, Network Security First-Step: Firewalls, Viewed 29 April 2012, <from http://www.ciscopress.com/articles/article.asp?p=1823359>.

Vemuri, L 2007, What Is Authentication?, Viewed 29 April <http://www.theiia.org/intAuditor/itaudit/archives/2007/may/what-is-authentication/>.

KF35

“The presented piece of writing is a good example how the academic paper should be written. However, the text can’t be used as a part of your own and submitted to your professor – it will be considered as plagiarism.

But you can order it from our service and receive complete high-quality custom paper.  Our service offers Information security  essay sample that was written by professional writer. If you like one, you have an opportunity to buy a similar paper. Any of the academic papers will be written from scratch, according to all customers’ specifications, expectations and highest standards.”

Please  Click on the  below links to Chat Now  or fill the Order Form !
order-now-new                            chat-new (1)