CYBER SECURITY-TUTORIAL1

From: Sweta DargadAssistant ProfessorNTC

SYSTEMS VULNERABILITY AND SCANNING 1. Explain what is vulnerability.

2. List various types of vulnerability and explain briefly.

3. What is a port and explain how many ports are used regularly?

4. List various port numbers known.

5. Explain Packet Sniffing.

6. List down packet sniffers.

7. What is TCPdump and Windump.

WHAT IS VULNERABILITY.

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.

Vulnerability is the intersection of three elements:

a system susceptibility or flaw

attacker access to the flaw

and attacker capability to exploit the flaw.

Vulnerability is a ‘hole‘ in any software, operating system or service, that can be exploited by web criminals for their own benefits. 

A SECURITY VULNERABILITY IS A WEAKNESS IN A PRODUCT THAT COULD ALLOW AN ATTACKER TO COMPROMISE THE INTEGRITY, AVAILABILITY, OR CONFIDENTIALITY OF THAT PRODUCT.

Integrity of Product: means trustworthiness. If the above weakness is bad enough that it allows exploiters to misuse it, the product is not integrated enough. There is a question mark as to how safe is the product.

Availability of the Product: again refers to the weakness whereby an exploiter can take over the product and deny access to it for authorized users.

Confidentiality of the Product: is keeping the data secure. If the bug in the system allows for unauthorized people to collect others’ data, it is termed vulnerability.

HAZARDS OF VULNERABILITY To exploit a vulnerability, an attacker

must have at least one applicable tool

or technique that can connect

to a system weakness

EXAMPLES OF VULNERABILITIES

1. Buffer overflow

2. Lack of input validation

3. Lack of sufficient logging mechanism

4. Fail-open error handling

5. Not closing the database connection properly

6. Integer overflow

7. Format string vulnerability

8. Access Control Problems

BUFFER OVERFLOW Buffer overflows can cause applications to crash, can compromise data, and can provide an attack vector for further privilege escalation to compromise the system on which the application is running.

Any application or system software that takes input from the user, from a file, or from the network has to store that input, at least temporarily.

stack—stores data that is specific to a single call to a particular function, method, block, or other equivalent construct.

heap—General purpose storage for an application. Data stored in the heap remains available as long as the application is running

Buffer overflow attacks generally occur by compromising either the stack, the heap, or both.

LACK OF INPUT VALIDATION As a general rule, you should check all input received by your program to make sure that the data is reasonable

Any input received by your program from an untrusted source is a potential target for attack. (In this context, an ordinary user is an untrusted source.)

text input fields

commands passed through a URL used to launch the program

audio, video, or graphics files

command line input

Hackers look at every source of input to the program and attempt to pass in malformed data. If the program crashes or misbehaves, the hacker tries to find a way to exploit the problem. Example:

“jail break” iPhones

ACCESS CONTROL PROBLEMS Access control is the process of controlling who is allowed to do what.

This ranges from controlling physical access to a computer

keeping your servers in a locked room,

for example—to specifying who has access to a resource (a file, for example) and what they are allowed to do with that resource (such as read only).

Many exploits involve an attacker somehow gaining more privileges than they should have.

Privileges, also called permissions, are access rights granted by the operating system, controlling who is allowed to read and write files, directories, and attributes of files and directories (such as the permissions for a file), who can execute a program, and who can perform other restricted operations such as accessing hardware devices and making changes to the network configuration

Such an attack caused by this vulnerability is PRIVILEGE ESCALTION which is also a step in hacking

WHAT IS A PORT In computer networking, a port serves as an endpoint in an operating system for many types of communication. It is not a hardware device, but a logical construct that identifies a service or process.

A port is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination address of a communications session.

A port is identified for each address and protocol by a 16-bit number, commonly known as the port number.

CLASSIFICATION OF PORTSThe Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. This includes the registration of commonly used port numbers for well-known Internet services.

The port numbers are divided into three ranges:

1. Well-known ports: The well-known ports (also known as system ports) are those from 0 through 1023.

2. Registered ports: Ports 1024-49151 - Registered port: vendors use for applications

3. the dynamic or private ports :Ports >49151 are the port numbers that are available for use by any application to use in communicating with any other application, using TCP or UDP.

PACKET SNIFFINGA packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic.

Using the information captured by the packet sniffer, an administrator can identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission.

The packet sniffer is also capable of capturing ALL packets traversing the network regardless of destination.

By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic.

Within a given network, username and password information is generally transmitted in clear text which means that the information would be viewable by analyzing the packets being transmitted.

PACKET SNIFFERS A Packet Sniffer is also known as packet analyzer is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.

As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packets.

1. Wireshark

2. WinPcap

3. Packetyzer

4. Ip Sniffer

5. CommView

TCPDUMP AND WINDUMPtcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

tcpdump is free software, Tcpdump works on most Unix-like operating systems

tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. Tcpdump can write packets to standard output or a file.

WinDump, the Windows version of tcpdump, can help you analyze network traffic to look for signs of active malware