Reducing vulnerabilities

Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove the correctness of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry — see Bruce Schneier et al.

It’s also possible to protect messages in transit (i.e., communications) by means of cryptography. One method of encryption — the one-time pad — is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.

In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it’s usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker’s chances by keeping systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

Computer worm

A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware

Malware, short for malicious software, (sometimes referred to as pestware) is a software designed to secretly access a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U.S. states, including California and West Virginia.

Preliminary results from Symantec published in 2008 suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.” According to F-Secure, “As much malware [was] produced in 2007 as in the previous 20 years altogether.” Malware’s most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.

The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms (products) to protect against the continuous stream of unique and newly produced malware, has seen the adoption of a new mindset for businesses operating on the Internet: the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or another, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers’ computers.

On March 29, 2010, Symantec Corporation named Shaoxing, China, as the world’s malware capital.

Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs. Sometimes, malware is disguised as genuine software, and may come from an official site. Therefore, some security programs, such as McAfee may call malware “potentially unwanted programs” or “PUP”. Though a computer virus is malware that can reproduce itself, the term is often used erroneously to refer to the entire category.

Smurf attack

The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.

In the late 1990s, many IP networks would participate in Smurf attacks (that is, they would respond to pings to broadcast addresses). Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain vulnerable to Smurf attacks.

The fix is two-fold:

1. Configure individual hosts and routers not to respond to ping requests or broadcasts.
2. Configure routers not to forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default, but in that year, the standard was changed to require the default to be not to forward.

Another proposed solution, to fix this as well as other problems, is network ingress filtering which rejects the attacking packets on the basis of the forged source address.

An example of configuring a router not to forward packets to broadcast addresses, for a Cisco router, is:

Router(config-if)# no ip directed-broadcast

(This example does not prevent a network from becoming the target of Smurf attack; it merely prevents the network from “attacking” other networks, or better said, taking part in a Smurf attack.)

A Smurf amplifier is a computer network that lends itself to being used in a Smurf attack. Smurf amplifiers act to amplify (worsen the severity of) a Smurf attack because they are configured in such a way that they generate a large number of ICMP replies to a spoofed source IP address (the victim of the attack).

Cryptography

Cryptography (or cryptology; from Greek κρυπτός, kryptos, “hidden, secret”; and γράφειν, gráphin, “writing”, or -λογία, -logia, , “study”, respectively) is the
practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since WWI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.

Modern cryptography follows a strongly scientific approach, and designs cryptographic algorithms around computational hardness assumptions that are assumed hard to break by an adversary. Such systems are not unbreakable in theory but it is infeasible to do so for any practical adversary. Information-theoretically secure schemes that provably cannot be broken exist but they are less practical than computationally-secure mechanisms. An example of such systems is the one-time pad.

Alongside the advancement in cryptology-related technology, the practice has raised a number of legal issues, some of which remain unresolved.

Computer programming

Computer programming (often shortened to programming or coding) is the process of designing, writing, testing, debugging / troubleshooting, and maintaining the source code of computer programs. This source code is written in a programming language. The purpose of programming is to create a program that exhibits a certain desired behaviour. The process of writing source code often requires expertise in many different subjects, including knowledge of the application domain, specialized algorithms and formal logic.

Backtrack Linux Intro!

Backtrack Linux is a penetration tool kit based on ubuntu Linux . this is the only toolkit which is used to hack anything or penetrate anything. Backtrack Linux includes topmost security tools such as Metasploit, Kismet, Aircrack, Vas , Set etc.if you want to use Backtrack you should know normal operations of Linux.

this is the small introduction to Backtrack Linux . I will give you a more important and its usage related information in further posts. so keep in touch with machine security.

thanks,
Shantanu

Malicious Code

 

Malicious code objects include a broad range of programmed computer security threats that
exploit various network, operating system, software, and physical security vulnerabilities to
spread malicious payloads to computer systems. Some malicious code objects, such as computer
viruses and Trojan horses, depend upon irresponsible computer use by humans in order to
spread from system to system with any success. Other objects, such as worms, spread rapidly
among vulnerable systems under their own power.
All computer security practitioners must be familiar with the risks posed by the various types
of malicious code objects so they can develop adequate countermeasures to protect the systems
under their care as well as implement appropriate responses if their systems are compromised.

Access Control

Controlling access to resources is one of the central themes of security. Access control addresses
more than just controlling which users can access which files or services. Access control is about
the relationships between subjects and objects. The transfer of information from an object to a sub-
ject is called access. However, access is not just a logical or technical concept; don’t forget about
the physical realm where access can involve disclosure, use, or proximity. A foundational principle
of access control is to deny access by default if access to a subject is not granted explicitly.
Subjects are active entities that, through the exercise of access, seek information about or
data from passive entities, or objects. A subject can be a user, program, process, file, computer,
database, and so on. An object can be a file, database, computer, program, process, file, printer,
storage media, and so on. The subject is always the entity that receives information about or data
from the object. The subject is also the entity that alters information about or data stored within
the object. The object is always the entity that provides or hosts the information or data. The roles
of subject and object can switch back and forth while two entities, such as a program and a data-
base interacting with a process and a file, communicate to accomplish a task.

Cryptography and Private Key Algorithms

The first  element that  comes to mind when a person  thinks about com-
puter security  is cryptography. Cryptography is the process of converting
an  information-bearing message  to something  that  appears to be  com-
pletely unintelligible “gibberish,”  or  performing the  inverse  process
(decoding a cryptographically protected message). These processes are
referred to as encryption and decryption, respectively.
There are two basic  forms of cryptographic processes-symmetric,  in
which the same key is used to encrypt and decrypt a message, and asym-
metric, in which the key employed to encrypt a message  is different  from
the key employed to decrypt the message.
A  cryptographic encryption process consists of an algorithm, such as
the data  encryption standard three  times (triple DES), advanced encryp-
tion standard (AES) or a host of others, that takes an input string of char-
acters or numbers (the information we wish  to protect)  and converts the
string to “gibberish.” In order to do so, it must be set to a predictable ini-
tial state, and  it  requires an encryption key. As explained above, in  sym-
metric key  cryptography  the  same key  is used  to encrypt and decrypt a
file. Asymmetric cryptography uses different keys  for encryption and
decryption and so employs a more complex algorithm. This difference
gives symmetric key cryptography an advantage of faster processing  and
therefore  less computing overhead. There are  issues with  symmetric key
cryptography, however.