Skip to content

INF4831 - Cyber Security

IEEE Cryptography course

Persistant Link: IEEE LINK

5 pillars of cryptography:

Confidentiality: The technology keeps personal items personal. Using encryption/decryption. Integrity: The technology reliably reads the data that was written. Using cryptographic hashing. Authentication: verifying the senders identity. Non-repudiation: the sending of a message/transaction cannot be denied. Cryptographic signing (using assymetric keys, public/private). Key distribution: the sharing of public/private keys between parties.

Penetration Testing

Penetration testers/ethical hackers/white hat hackers test the security of computer systems by attacking the system without the intent for malice.

Pen testers have to keep up to date on the types of attacks that are being performed (including social engineering tests). 1. Phishing 2. Vishing (voice phishing).

Attacking your own defenses - pen testing

CIA triad - guide for pen tester goals. Confidentiality, integrity and availability of systems and data. Can attackers breach any of these?

Types of hackers

  1. White hat hackers - penetration testers, look for weaknesses in a computer system.
  2. Grey hat hackers - somewhere in between. Hack a company without permission. Show the company their weakness.
  3. Black hat hackers - have malicious intent. Outpace white hats.
    1. Script kiddies (amateurs, use security tools and programs)

Two international groups: Anonymous - international hacktivists ISIL (Islamic State of Iraq and the Levant )

Networking sniffing

Was originated as a tool to "debug" network issues.

Is now used in: 1. Session hijacking 2. MITM attacks 3. DOS attacks 4. Manipulation of data

Sniffing tools

  1. Wireshark - top/best tool
  2. TCPDump - linux
  3. Netwitness
  4. OmniEngine
  5. Omnipeak
  6. Dsniff - intercepting and reveal passwords
  7. Etherape - visual tool

Active vs passive sniffing

Passive - you listen to all the packets sent to you (works on broadcast networks and not point-to-point). Active - you attack a network into recieving packets you should not recieve.

Network hub (like a switch without correct forwarding) and wirleless networks forwards to all clients connected to it. (Broadcast)

Network switch forwards to the intended reciepient only based on the MAC (Point-to-point).

Sniffers can scan networks without having connected to them (wireless only). An NIC in promiscuous mode does not filter out packets that are not intended for that computer.

Mac flooding - spam new MAC addresses to switch to overwhelm the writing to the CAM table. Once the table becomes full, the switch enters into a fail-open mode where it just forwards all packets to all ports. Now sniffing can be done.

ARP cache poisoning - arp protocol does not use authentication and trusts ARP updates and updates the devices own arp table.

MAC spoofing - changing your MAC address to be a MAC address of an existing authenticated device. (SMAC is a tool to change a MAC address to a seemingly valid vendor MAC).

Insecure protocols:

  1. TELNET
  2. HTTP
  3. SMTP, IMAP, POP
  4. NNTP
  5. FTP All send packets in the clear

See also

Web Server and Web Application Security

Web application is a client-server software where the client runs in a web browser. Native applications run on an operating system.

Web apps must: - authenticate - authorize - handle assets (images and other data) - enable auditing - protect data input/output

Web server deliver files over HTTP.

Two Major Web Servers 1. Internet information server (windows) 2. Apache (linux) (52% of websites online)

Structure of a web application

Presentation Layer

Responsible for the display and presentation of information to the user on the client side.

Logic Layer

Used to transform, query, edit and otherwise manipulate information to and from the forms in which it needs to be stored or presented.

Data Layer

Responsible for holding the data or information for the application as a whole.

HTTP - a stateless protocol (server does not need to store information about the clients session)

Cookie - local storage for a webapp.

Web Application Stakeholders:

  1. Server administrators - safety, security and functioning of the webserver. Responsible for configuration and updating.
  2. Network administrators - infrastructure of the network as a whole.
  3. End users - ineracts with the webserver as a consumer.
  4. Application administrators - managing and configuring the web app itself.
  5. Application developers - programming, developing and updating the web application.

Cloud service

A shared resource online.

Tradeoff - less control of what happens with your data.

SAAS - software as a service PAAS - platform as a service IAAS - infrustructure as a service

Key Web App Pieces:

  1. Login/authentication
    1. Digital Certificates use SSL to establish an encrypted link between web server and a web browser
  2. Session tracking
    1. Normally stored in cookies.
  3. Permissions
  4. Application content
  5. Data access
  6. Data storage
    1. Microsoft SQL server
    2. Oracle Database
  7. Logic
  8. Logout

Vulnerabilities

  1. Flawed web design
    1. Hidden tags/comments/passwords visible in html.
  2. Buffer overflow
  3. Misconfiguration of web server. Use vulnerability scanners on your web server to secure the server.
  4. Input validation - prevent users from typing data that can crash the server.

CROSS-SITE SCRIPTING (XSS)

Getting malicious code to run by "infecting" a trusted site with the malicious code. When a browser then requests the website, it runs the code as it comes from a trusted site.

Long-lived session are a vulnerability.

Users should be able to log out.

A hijacked session is where a hacker gains session IDs from other users whose session is still open and pretend to be that user.

Cookie settings - use https secure cookies and other cookie security features (especially the expires attr.)

System Fundamentals for Cyber Security

Operating System -