information security circa 2004

8/14/2019 Information Security circa 2004

1/11

Information Security: A Current Perspective

ARJUN VENKATRAMANBack

1.0 Abstract

2.0 Introduction: The Need For Security Consciousness

3.0 Vulnerabilities

3.1 Anatomy of a vulnerability:

3.2 Vulnerability Attributes

4.0 Attacks4.1 DoS (Denial of Service ) Attack

4.1.1 Introduction to DoS:

4.1.2 How DoS works:

4.1.3 Distributed Denial of Service:

4.2 Virus/Worm Attack

4.2.1 What are Viruses and Worms?

4.2.2 How do Viruses/Worms Spread?

4.3 Trojan Attack

4.3.1 What is a Trojan

4.3.2 How are Trojans spread?

5.0 Defenses

5.1 Firewalls5.1.1 What is a Firewall?

5.1.2 Firewalls are not bulletproof

5.1.3 Pitfalls of Firewalling

5.2 Vulnerability Assessment Tools

5.2.1 A brief history of Vulnerability Assessment Tools

5.2.2 How Vulnerability Assessment works

5.2.3 Fundamental Shortcomings of Scanners

5.3 Intrusion Detection Systems

5.3.1 An introduction to IDS

5.3.2 Working of an IDS

6.0 Case Studies

6.1

Vulnerabilities

6.1.1 Windows

6.1.2 Linux

6.1.3 Other Software

6.2 Attacks

6.2.1 Ping of Death

6.2.2 Smurf

6.2.3 Trin00

6.2.4 Hare breed of Virus:

6.3 Defenses

6.3.1 Firewall Toolkit (FWTK):

6.3.2 The Open Source Nessus Project:

6.3.3 Cisco Secure IDS:

7.0 Conclusion:

8.0 References

Information Security: A Current Perspective

ARJUN VENKATRAMAN

1.0 Abstract

As the world moves more and more towards becoming a networked environment, where almost every activity

finds an electronic parallel, it becomes increasingly important to realize the need for security of information.

mation Security: A Current Perspective http://arjunvenkatraman.com/work/techno/inf

1 1/4/2010


2/11

The aim of this paper is to present a clear picture of how exactly security breaches occur, what are the methods

used by crackers today to harm systems, and how even the most basic user of a computer is at risk.

This paper deals primarily with the various types of attacks perpetrated against the IT community by malicious

crackers. It attempts to explain the three most popular attacks, i.e. Denial of Service, Trojan and Virus/Worm

attacks, and their effect on non corporate users.

It also touches upon the possible methods of protection against these attacks.

Finally the paper concludes that information security is no longer only a corporate issue, and that all users of

computers, whether at home or at work must consciously secure themselves against such attacks.

2.0 Introduction: The Need For Security Consciousness

It is not news to anyone that in the last few years, particularly from the 1990s onwards, the world has moved

more and more towards becoming one gigantic electronic network. Almost all activities that are part of any

individuals life now have an electronic parallel. For example mail has evolved into e-mail, commerce has evolved

into e-commerce and banking is fast moving towards becoming e-banking.

In fact from an Indian perspective, our very own gurukuls find an electronic persona in the form of

E-Gurucool.com (http://www.egurucool.com).

Under such circumstances, it would not be inaccurate to conclude that information is now the most important

resource in the world.

Any other resource without an appropriate information infrastructure is no longer as valuable as it was ten years

ago.

Hence it is only logical that such an important resource be subject to threat from malicious elements. This threat

could be in the form of theft, fraud, corruption, or even destruction.Therefore, it is the need of the times to protect information adequately.

This need extends not only to the larger corporations but also to the simplest user of a computer. How does this

occur?

A simple user, who uses his computer to browse the internet, create presentations, perhaps a little word

processing, and a little multimedia viewing may well ask, What does my system have that someone would be

after?

Well, the answer to that question in very simple terms is, A lot.

A malicious user, or a cracker as they are called, may use an unsuspecting users computer for any or all of the

following purposes

1) As a testing ground for new malicious applications e.g. viruses, Trojans, worms etc.

2) As a layer of defense while attacking another system

3) As a dumb agent in a Distributed Denial of Service attack

These are just some of the possible uses a cracker may find for an unprotected system.

In the following sections, it will become increasingly clear why the average user needs to be security conscious.

3.0 Vulnerabilities

Vulnerabilities are the tricks-of-the-trade for hackers, giving an intruder the ability to heighten ones access by

exploiting a flawed piece of logic inside the code of a computer. Like the hackers that seek them out,

vulnerabilities are usually quite mysterious and hard to prove they even exist.

As security experts get acquainted with vulnerabilities and how they are exploited, the methods of exploitation

appear random and chaotic each and every one with seemingly unpredictable results. It has been theorized

that this comes from the fact that logic flaws are mistakes, and does not follow the course of intelligent reason.

However, vulnerabilities can be categorized in ways that make more sense to the person investigating the

problems at hand.

3.1 Anatomy of a vulnerability:

A vulnerability is a flaw in the security structure of a system. A computer vulnerability usually gives an

attacker a measure of extra influence over the system thereby allowing him/her to use the computer in

potentially harmful ways.

It is possible to break down the logic to computer security vulnerabilities so that they can fit within specific

categories that make them understandable. Provided with a vulnerability, the danger and function of each

possible type of vulnerability can be explained, and paths of access enhancements can be determined.

There are four basic types of vulnerabilities, which are relative to two factors: what is the specific target of

the vulnerability in terms of computer or person, and the other is how quickly the vulnerability works. One

could imagine this as a matrix:


1 1/4/2010


3/11

Affects

Person

Affects

Computer

Instantaneous Social Engineering Logic Error

Requires a duration of

time

Policy Oversight Weakness

Logic erroris a short cut directly to a security altering effect, usually considered a basic bug. These typesof problem occur due to a special circumstance (usually poorly written code) that allows heightened access.

This is the type of vulnerability usually thought of first.

Weakness is a security measure that was put into place, but has a flaw in its design that could lead to a

security breach. They usually involve security that may or may not be distinctly solid, but is possible for

people to bypass. The term Security through Obscurity fits in this arena, being that a system is secure

because nobody can see or understand the hidden elements.

Social Engineering is a nebulous area of attacking associated with a directed attack against policy of

working followed by an individual or user. Policy is being used in a high level sense, because it could be an

internal worker committing sabotage, a telephone scam directed at a naive employee, or digging for

information that was thrown away in dumpsters.

Policy oversight is a flaw in the planning to avoid a situation, which would be such conditions as not

producing adequate software backups, not having proper contact numbers, not having working protectionequipment and so forth.

3.2 Vulnerability Attributes

Vulnerabilities have five basic attributes, which are Fault, Severity, Authentication, Tactic, and Consequence.

Examining these

attributes can provide a complete understanding of the vulnerability.

Fault describes how the vulnerability came to be, as in what type of mistake was made to create the

problem.

Severity describes the degree of the compromise. There are six levels of severity that can be used to

define a vulnerability: administrator access, read restricted files, regular user access, spoofing,

non-detectability, and denial of service.

Authentication describes if the intruder must have successfully registered with the host proof of identity

before exploiting the vulnerability.Tactic describes the method in which the vulnerability can be exploited, both in terms of location and of

procedure. Some of the ways are:Internal Tactic,Physical Access Tactic, Server Tactic, Client Tactic,

Man-in-the-Middle Tactic.

Consequence describes the outcome. Consequence is the mechanics behind access promotion, and

demonstrates how a small amount of access can lead to far greater compromises.

4.0 Attacks

As described in section 3.2 there are a number of ways, or tactics that a malicious user can employ to take

advantage of the vulnerabilities of a system. Some of the ways that such tactics can be implemented are

described here.

4.1 DoS (Denial of Service ) Attack

4.1.1 Introduction to DoS:

Denial of Service is a type of attack which can cause loss of service or inability to function.

The results can last for minutes, hours or days, and can impact network performance, data

integrity and system operation.

The frequency of DoS attacks has increased alarmingly in the last few years, particularly


1 1/4/2010


4/11

since distributed computing has provided an enhanced version of the attack to evolve. This

enhanced version of DoS is called Distributed Denial of Service (DDoS) and is one of the

most feared attacks of modern times.

4.1.2 How DoS works:

DoS attacks are generally brought about by exploiting a programming flaw in the server

software and by writing specialized programs to perform attacks. DoS attacks usually use

one of the following strategies

Bandwidth Consumption

Resource Saturation

System and Application CrashBandwidth Consumption refers to the complete use of available network bandwidth by an

attacking computer. This makes network response slow or stops the server completely

while the attack is ongoing. The Smurf attack (see section 6.1) is a good example of this

approach.

Resource Saturation makes use of the fact that each computer has only a finite amount of

resources such as memory, storage and processing power. The strategy of resource

saturation is to target one or more of these resources and use it up completely so that

there is none left for allocation to other programs. The SYN flood attack (section 6.2) uses

this strategy

System and Application Crashes are fast and easy approaches wherein an exploitable

programming flaw is used to crash the system or a running application, thereby stopping

service. A well known implementation is the Ping of Death attack (Section 6.3)

4.1.3 Distributed Denial of Service:

DoS attacks are being taken to a higher level of ingenuity with the increasing prevalence of

Distributed Denial of Service (DDoS) attacks. There are several types of DDoS attacks,

but their methods are very similar in that they rely on a large group of previously

compromised systems to direct a coordinated distributed flood attack against a particular

target.

In preparation for these attacks, the culprit will compromise many systems (sometimes

hundreds) on which the agent software can be loaded. The agent software is referred to as

a "Zombie" program since it lies asleep until awakened. The attacker then uses a master

console to communicate with and configure the Zombie agents. At a specified time, all of

the agents initiate an otherwise standard DoS attack against the intended target. The attackis so devastating because of the tremendous traffic volume generated by the "army" of

agents.

4.2 Virus/Worm Attack

4.2.1 What are Viruses and Worms?

A computer virus is defined as a program that replicates by infecting other programs so

that they contain a copy of the virus (F. Cohen: A Short Course on Computer Viruses).

The essential feature of a computer program that causes it to be classified as a virus is not

its ability to destroy data, but its ability to gain control of the computer and make a fully

functional copy of itself. It can reproduce. When it is executed, it makes one or more copies

of itself. Those copies may later be executed, to create still more copies, ad infinitum. Not

all computer programs that are destructive are classified as viruses because they do not all

reproduce, and not all viruses are destructive because reproduction is not destructive.However, all viruses do reproduce. The idea that computer viruses are always destructive is

deeply ingrained in most peoples thinking though. The very term virus is inaccurate. The

scientifically correct term for a computer virus is self-reproducing automaton or SRA for

short. This term describes correctly what such a program does.

A worm on the other hand copies itself across networks without attaching itself to any

program. Some people continue to refer to worms as a subset of the virus genre, since

replication is a characteristic of both varieties of program. However, worms can be

classified separately on the basis of independence from other programs.

Viruses and worms are both written by malicious users, usually as an attempt to prove

coding ability. However, once a virus is released, it may undergo spontaneous

transformations as it infects files and programs and ma evolve further without human


1 1/4/2010


5/11

intervention.

4.2.2 How do Viruses/Worms Spread?

A virus/worm is deemed to be in the wild once it has escaped or been released into the

general public. The general public refers to computing environments outside the

development area where the virus was created and tested.

Almost all viruses work along these lines:

A user calls a legitimate program

The virus code, having infected the program and being in the chain of

command, executes

The virus code terminates and hands over control to the hostWhen the virus code executes it finds more infectable files and proceeds to infect them. As

these files are called more and more copies are created. The virus source may also contain

damaging instructions, which over time affect performance of a system or may even crash it

abruptly.

Viruses are characterized by two major features:

Stealth

Polymorphism

Stealth is a feature which conceals the virus from the user, so that the virus remains

undetected for a long period.

Polymorphism means that every time a virus infects a new file, it evolves in some manner.

This means that the virus code changes subtly or perceptibly at each new infection. The

utility of this feature to virus writers is that since the patterns are fewer, the virus is that

much harder to trace.

4.3 Trojan Attack

4.3.1 What is a Trojan

A Trojan is defined as a program which may do something useful but also has unexpected

functions such as stealing passwords or copying files without the users knowledge

Thus, a Trojan may or may not perform a useful function. There are many types of Trojans

ranging from intentionally written malicious programs, through programs performing both

good and bad functions to accidental Trojans, which are intended as useful programs but

end up having undesirable consequences.The one common characteristic of all Trojans is that they always perform an unexpected

function.

Trojans usually have one of the following intents:

Intent to gain unauthorized access

Intent to obstruct availability

Intent to modify or destroy data

However, more than one of these may be found within the same Trojan.

4.3.2 How are Trojans spread?

Trojans are usually delivered to the victim computer under the guise of useful software.

Once on the system they stealthily perform their task.

Back Door Trojans are usually coded into software and offer unauthorized access to a

system.

Remote Access Tools straddle a line between legitimate systems administration and covertunauthorized access.

Trojans have also been known to masquerade as Anti-Virus Software.

Logic Bombs are Trojans which execute their payload, or malicious code, when a preset

condition is met. This may be a time period elapse, or an action by the victim.

Trojans are commonly found on Usenet the service. They are also commonly spread by

e-mail and other user communication programs.

The execution of a Trojan may be stealthy, or the victim may be persuaded by social

engineering methods to run the appropriate program.

5.0 Defenses


1 1/4/2010


6/11

We now proceed to some of the possible methods of defending against the attacks listed above.

While none of these methods provide foolproof security, their use deters malicious computer use to a large

extent.

5.1 Firewalls

5.1.1 What is a Firewall?

A firewall is any device used as a network level access control mechanism for a particular

network or set of networks. In most cases firewalls are used to prevent outside users from

accessing internal networks. However, firewalls can also be used within a network to

provide more secure pockets for highly sensitive functions, e.g. payroll management etc. A

fast upcoming application of firewall technology is in the field of personal firewalls. As highspeed internet makes its way into homes, it is common to find a home PC acting as a

server. Such users usually feel the need for a personal firewall.

Apart from access control firewalls may also provide some or all of the following services

Content Filtering

Virtual Private Networking

Network Address Translation

Load Balancing

Fault Tolerance

Intrusion Detection

There are mainly three types of firewalls

1) Packet filter based

2) Stateful packet filter based

3) Proxy based

Packet filer based firewalls analyze incoming packets for possible signs of malicious intent.

Typically, the systems administrator can grant or deny access based on parameters like

source address, destination address, protocols and port number.

Stateful packet filter based firewalls build on the packet filtering concept and take it further

by keeping track of sessions and connections in internal state tables. This makes stateful

packet filtering a more stable approach.

Proxy based firewalls act as an intermediate between the host and the remote user. The

firewall forms the connection with the remote user and then relays acceptable information to

the host via its own secure connection. The IP packets are not transmitted directly to the

host but a kind of translation occurs at the firewall level with the firewall acting as conduit

and interpreter.

5.1.2 Firewalls are not bulletproof

It is common for users of firewalls to develop a sense of security about their networks due

to the presence of a firewall.

In fact certain security professionals hold that firewalls may n fact prove a detriment, since

the false sense of total security that they give to users may make them more susceptible to

social engineering attacks. Thus when using a firewall it is best to keep in mind that even

firewalls have certain vulnerabilities.

For some examples of firewall vulnerabilities please refer to section 6.

5.1.3 Pitfalls of Firewalling

Firewalling for all its advantages has a few pitfalls as well. One major pitfall is that security

can be configured so stringently that it can actually impair the process of networking.Especially for networks dependent on distributed applications, this may prove detrimental.

Thus while implementing a firewall one should try and make a provision for a case by case

examination of situations and act accordingly.

5.2 Vulnerability Assessment Tools

5.2.1 A brief history of Vulnerability Assessment Tools

The Vulnerability Assessment Tool or scanner, as it is popularly known, first appeared in the

early 1990s. At that time, the World Wide Web was a relatively new concept.

In 1992 a computer science student named Chris Klaus we experimenting with Internet

security concepts. He created a scanning tool, Internet Security Scanner (ISS) that could be

used to remotely probe UNIX systems for a set of common vulnerabilities.


1 1/4/2010


7/11

A few years later, Dan Farmer and Wieste Venema authored a tool called SATAN (Security

Administrator Tool for Analyzing Networks)

After SATAN an number of scanners have hit the market.

The scanners help find and repair network level faults and errors.

5.2.2 How Vulnerability Assessment works

There are mainly two categories of entry points to a system. These are:

Local exposure points

Remote exposure points

Local exposure points are at the host level while remote exposure points are at the remote

level.In order to exploit a remote exposure point an attacker can use a number of commonly

available tools. For example an attacker may port scan a system using nmap, identify the

running operating system, and then log all the listening ports.

This kind of scanner can also be used by system administrators to scan a system for

vulnerabilities.

Although implementation details differ, scanners generally reveal the following data about a

system:

The vulnerability data:

The scanning mechanism

The reporting mechanism

While choosing a scanner the features to look for are:

Completeness of vulnerability checks

Accuracy of the vulnerability checks

Scope of vulnerability checks

Timely update

Reporting capabilities

Licensing and pricing

5.2.3 Fundamental Shortcomings of Scanners

The major shortcomings of vulnerability scanners can be grouped into three categories:

Completeness

Timeliness

Accuracy

Completeness issues come into the picture when a scanner fails to report all possible

vulnerabilities. The SANS top ten gives a list of vulnerabilities which were not caught bymost scanners.

Timeliness issues arise due to the fact that most of these products are updated once a

quarter. If a vulnerability is announced in January, a scanner may not detect it until March.

Accuracy problems occur since most scanners dont implement stringent enough measures

to detect vulnerabilities.

Hence it is a good idea to be very careful in ones choice of scanner.

5.3 Intrusion Detection Systems

5.3.1 An introduction to IDS

An IDS is basically a system which detects a hostile user or intruder who is attempting to

gain unauthorized access. Assuming this definition, a number of popular methods are used

to detect intruders.

The roots of modern day IDs lie in the Intrusion Detection Expert System and the

Distributed Intrusion Detection System models that were developed by the US Department

of Defense in the late 80s and 90s.

Traditional IDS classification schemes classify most systems into two distinct camps:

misuse detection and anomaly based detection models. However modern day systems fall

into one of the three following categories:

Network-based IDS are basically raw packet parsing engines. These are basically sniffers

which capture network traffic and compare the it with a set of known attack patterns or

signatures. They basically aim to catch intruders in the act.

Host-based IDS vary from vendor to vendor, but they are usually centric in their analysis.

Most host-based IDS will have components that parse system logs and watch user logins

and processes. They are mostly agent based.


1 1/4/2010


8/11

Anomaly-based IDS are usually more complex and are more conceptually oriented than

implementation oriented.

They look for deviations in the set patterns of network usage.

The most common models are host based and network based.

5.3.2 Working of an IDS

Network based IDS (NIDS): A network based IDs is designed to look for known patterns,

known as signatures, in incoming network traffic. It is passive in nature, and the rest of the

systems are seldom even aware that it is operational.

The drawback of NIDS is that it detects only known types of attacks. Thus if an attack

occurs for which the NIDS is not programmed, it will pass by unnoticed. Also in highbandwidth environments with multiple switches, NIDS effectiveness is reduced.

Host-based IDS (HIDS): The host-based IDS varies from the NIDS on a number of fronts.

First and foremost HIDS is more intrusive. HIDS is an active process which requires agents

to be installed on all monitored systems. These work by monitoring the systems internal

working and searching for patterns. The higher end versions even prevent the installation of

Trojans and other malicious code. However the fundamental problem of looking for only

known patterns is still not eradicated. Also HIDS require a lot of computing power and

hence sometimes end up overloading the CPU

6.0 Case Studies

6.1 Vulnerabilities6.1.1 Windows

Microsofts Windows 2000 has a number of security vulnerabilities as listed here

The Netmon Protocol Parsing Vulnerability

Discovered: Mid 2000

Affects: The Windows 2000 Server and Advanced Server as well as all versions

of Windows NT

Fix: Microsoft released a fix with Windows 2000 Service Pack 2

Description: Several protocols in the Netmon stack have unchecked buffers. When an

attacker sends malformed frames to server that is monitoring network traffic, if the

protocol buffer is unchecked, the malformed frame would either cause a Netmon

shutdown or it would enable code of the attackers choice to run on the system. An

attacker can get control of a server this way.

The Telnet Server Flooding Vulnerability

Discovered: Late 2001

Affects: All versions of Windows 2000

Fix: Microsoft has released a patch for this vulnerability. It can be obtained

from http://www.microsoft.com/Downloads

/Release.asp?ReleaseID=22753

Description: This is a remote denial of service vulnerability. A malformed string sent to

the input string box would call the Telnet server to fail, causing loss of any ongoing

work.6.1.2 Linux

Linux, generally thought to be a highly secure OS is not without its own set of vulnerabilities

Imlib graphics library vulnerability:

Discovered: August 2004 by Novell SuSE Linux's Marcus Meissner

Affects: The Linux OSs imlib 1.x and imlib2 1.x are affected

Fix: MandrakeSoft, Gentoo and other Linux vendors are releasing patches for

the flaw.

Description: The problem could be exploited to cause a buffer overflow and execute

malicious code if a user viewed a graphic in any imlib-based application, for example a


1 1/4/2010


9/11

Web browser

LHA archive tool:

Discovered: September 2004

Affects: LHA versions up to and including 1.14

Fix: Fedora, Gentoo and other Linux vendors are releasing patches for the

flaw.

Description: The three LHA bugs are as serious as that in imlib, but are more difficult to

exploit, according to an advisory from Red Hat Inc. The first could take effect if a user

were tricked into extracting or testing a specially crafted archive. The second can onlybe exploited if a user were tricked into passing a specially crafted command line to the

lha command. In the third, an attacker could create a directory with special characters

in its name, which could lead to the execution of malicious commands.

6.1.3 Other Software

Here are listed some of the vulnerabilities of other commonly used software

The MSIE Script Vulnerability

Discovered: Mid 2001

Affects: Microsoft Internet Explorer 4.01 and higher

Fix: The Microsoft fix is available from http://www.microsoft.com/windows/ie/download/critical/patch11.htm

Description: The vulnerability enables an attacker to embed malicious VB code into MS

Access via Internet Explorer. Simply visiting an infected site or previewing an e-mail that

contains malicious code can compromise your system.

The RDISK hole

Discovered: Early 2000

Affects: Windows NT

Fix: No specific fix. Varies from system to system. The rdisk command could

be blocked to normal users for example.

Description: RDISK is an NT utility which allows users to create emergency disks.

However it can be used by a malicious user since it can be used to dump all security

information in the c:\WINNT\REPAIR directory. From here the attacker can use a

password cracker to decrypt the passwords.

6.2 Attacks

6.2.1 Ping of Death

Filename: pingexploit.c, win95ping.c

Author: Bill Fenner ([email protected])

Build OS: BSD UNIX

Target OS: Windows 95, Windows NT 3.51

Description: Oversized ICMP echo requests (>64k) are sent to the target, which due to

inappropriate handling, crashes.

Fix: Microsoft has included a fix in its subsequent applications.6.2.2 Smurf

Filename: smurf.c

Author: TFreak

Build OS: UNIX

Target OS: Any system that responds to ICMP data

Description: Floods the target system with spoofed ICMP echo requests. This congests the

lines to the system and causes a denial of service. Smurf is an example of a bandwidth

consumption attack.

Fix: Disable IP directed broadcasts on the router and configure the OS not to respond to

packets sent to IP broadcast addresses.

6.2.3 Trin00


1 1/4/2010


10/11

Filename: trin00.tgz

Author: Project DoS

Build OS: UNIX

Target OS: UNIX

Description: Floods the target system with spoofed ICMP echo requests. This congests the

lines to the system and causes a denial of service. Smurf is an example of a bandwidth

consumption attack.

Fix: Patch systems to prevent compromise, monitor UDP traffic for trinoo fingerprints and

run DDoS scanner tools like RID. Blocking UDP traffic on high numbered ports may prevent

the problem but this could cause other applications to function unpredictably.6.2.4 Hare breed of Virus:

Virus name: Hare [x]

Infects: COM and EXE files

Size: 7610 bytes

Description: The Hare breed is a common strain of virus which memory resident and

supports full stealth. It is also encrypted and polymorphic, which makes it that much harder

to track down.

6.3 Defenses

6.3.1 Firewall Toolkit (FWTK):

The TIS Firewall Toolkit is a somewhat outdated but still completely feasible solution for

creating a firewall. The package which is free for noncommercial use includes proxies for

the following services: Telnet

FTP

Rlogin

Sendmail

HTTP

X Window system

The service requires some rules to be specified. This is easily done by editing the following

files:

/etc/services: This file specifies what services the machine will support and what

ports those services run on

/etc/inetd.conf: This is the configuration file for inetd. It specifies what server is

activated when outsiders request a service. /usr/local/etc/netperm-table: This is an FWTK file. In it, you specify who can use

the services you provide.

You can choose two schemes for permissions: deny all services which are not expressly

allowed or allow all services which are not expressly prohibited.

Vendor: TIS

Platform: UNIX

6.3.2 The Open Source Nessus Project:

Nessus was written by Renaud Deraison, an open source author living in Paris. Nessus is

quickly becoming the Linux of the vulnerability scanning field. Nessus employ an extensible

plug-in model that enables the security community to add scanning modules at will. This

gives Nessus a development edge because any check that it does not have can be created

with some time and coding abilities on their hands. Nessus uses a console based engine, in

which the console may or may not reside on the same computer as the scanning engine.This distributed architecture allows for some interesting flexibility.

Vendor: NONE (open source)

Platform: UNIX

6.3.3 Cisco Secure IDS:

Cisco acquired the NetRanger NIDS with its acquisition of the Texas based Wheelgroup

corporation in the late 1990s. NetRanger served as the foundation of what is now the Cisco

Secure IDS suite. Cisco has multiple sensor offerings, ranging from the smallest x86 based

appliance to their more industrial strength appliance offering, to an intrusion detection blade

which fits into the Catalyst 6500 series of switches.

Vendor: Cisco Systems

Platform: Appliance


11 1/4/2010


11/11

7.0 Conclusion:

Information security is everyones business. All users of computer networks are responsible to themselves and

the entire community for the protection of individual and common resources. As more and more vulnerabilities

are discovered, better and better methods of security are being implemented.

However, it is important to remember that as better and better methods of computer security are invented, the

efforts and efficiency of crackers will also increase. Hence, in order to stay ahead in this electronic arms race,

one must keep abreast of the latest developments in both the attack as well as defense field.

8.0 References

Maximum Security, 3rd

Edition, Anonymous, Sams Techmedia Publishing 2001

Unofficial Guide to Ethical Hacking, Ankit Fadia, Macmillan India, 2001

Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner, Pearson

Education, 2002

Computer Vulnerabilities, Eric Knight, C.I.S.S.P. Electronic Edition, 2000

The Little Black Book of Computer Viruses, Mark Ludwig, Electronic Edition, 1996

Understanding the Various Types of Denial of Service Attack, Technical Paper, Raja Azrina Raja

Othman

US Government Information Centre: http://usgovinfo.about.com/

The Pine-Mountain Group: http://www.pmg.com/index.htm

Geek-Times.com: http://www.geek-times.com

Slashdot security portal: http://slashdot.org/

Infosyssec.net security portal: http://www.infosyssec.net/

Windows Security portal: http://www.windowsecurity.com

Eweek IT news portal: http://www.eweek.com


information security circa 2004

Documents