Professional Documents
Culture Documents
My Details
I. ID No: VISRI73
Operating Systems-------------------------------------------------------------15
Executive Summary............................................................................................ ...15
Introduction........................................................................................ ...................17
Operating System............................................................................................. .....17
Different Approach To An Operating System.........................................................17
Mandatory Access Controls In An Operating System.............................................18
When And Where This Approach Of Mandatory Access Controls Is Appropriate?. .19
Discretionary Access Controls In An Operating System.........................................19
When And Where This Approach Of Discretionary Access Control is Appropriate? 20
Conclusion.............................................................................................. ...............20
Reference List............................................................................................... .........21
Bibliography............................................................................. .............................22
To breach the Data Confidentiality portable storage devices are mostly been used
these days. As it is an easier way to steal a data from a computer. Also nower days
USB storage devices are available in market in various designs and sizes.
Sometimes we find hard to realize a Pen Drive as it is in a design which we daily use
to day to day life. For example at present Pen Drives are made with a design of a
normal pen, key tags, clocks etc. This could help a hacker to breach Data
Confidentiality using the Portable Data Storage Device. Also in this following session
different ways to apply Portable Storage Devices to breach Data Confidentiality is
discussed. Different ways to breach Data Confidentiality with the help of USB Pen
Drive , Hardware Keylogger, USB enabled mobile phones and Mobile / Camera
memory cards are been discussed in the following session. Also solution to prevent
the breach of Data Confidentiality by those hardwares are too been discussed.
Finally some common tips are given to protect our important datas in our computer.
You can get a brief idea about Portable Hardware and how they are used to breach
Data Confidentiality in this assignment. Also you can also get some information
about how to protect our data from those breaching methods too. All methods and
information discussed in the following session is well referenced.
Hardware And Data Security
Introduction
In this session we are going to discuss about different forms of portable storage
devices and how we can use them to breach Data Confidentiality. Also we are going
to discuss about how we can stop the breach of Data Confidentiality. The table with
the list of some information about the portable devices would help us to their
current price levels too. Threats of portable storage devices for Data Confidentiality
will also be discussed. And solutions to prevent that also will be given below.
Confidentiality
Keeping an information or a message private and secret and also without the hands
of the unauthorized people is meant by Confidentiality.
External Storage devices which are used to store any form of data from a computer
is known as the Portable Data Storage Device.
Eg: Usb Storage Devices
External Hard Disks
Mobile / Camera Memory Cards
Table Of Present Portable Storage Devices
Latest products of storage devices available in the world market are shown in the
following table.
Hardware Keyloggers
To steal a data from a computer Hardware keyloggers can be used. All the
keystrokes are provided to us by them. This is a good way to breach data
confidentiality. Also this is a physical device and our computer won’t detect this
device unless we realize it physically or firewall is enabled. But still this can be used
by disabling the firewall in a computer and adding it. Beyond these hardware
keyloggers doesn’t need any software to be installed.
“Over $120 billion was lost in the USA due to employee fraud last year. And this
figure is growing.” (Keyghost).
By locking their CPU with an appropriate lock after adding their recommended
components to it, people can avoid from the above breaching method. And also
checking the computer physically in a daily basis too would help to avoid the above
threat. But now for Windows XP some softwares are available to detect keyloggers.
Also in Windows XP firewall would also do the above job unless it’s disabled.
Pen Drives
To transfer datas from one computer to the other Pen Drives are mostly used.
Nower days installation of pen drive software is not needed to use it. It is
already installed in the operating system by the creators of it. Also nower
days in various designs and sizes Pen Drives are released where some times
we cannot realize that it is a pen drive. Its available in the shape of normal
components which we use in day to day activities such as pen, key tag etc. To
get and access your personal information in their pen drives without your
attention this could help the hackers.
There are ways to avoid the above situation too. First our personal datas in
computer must kept encrypted. So hackers cannot read them if they took
those from your computer to another using pen drives. Also by disabling the
USB port in our system with the help of our operating system too will help us
to avoid the above situation. Also we can physically block of close the USB
ports in our computer using some specified tools available.
But external hard disks are mostly released in a unique design. It doesn’t
have various designs. Also it is in a big size. These are some disadvantages of
external hard disks. Also to protect data confidentiality we can use the same
methods which we used to protect from pen drive access.
But still we can break this activity by blocking or locking the USB ports in our
computer physically and with the help of our operating system too.
We talked about Hardware and Data Security in this assignment. First of all meaning
of Confidentiality and Portable Hardware Storage Device were discussed. Also table
of current USB drives available in the market was also discussed. Then following
those steps we discussed how we can apply data storage devices to breach Data
confidentiality. With those the steps to protect data from those breaching methods
too were discussed. These were discussed in a clear way and with reference. And
finally some common tips were given to protect our data from breaching methods.
The methods and information discussed in this topic were well referenced. Also this
could give you a clear idea about Data confidentiality and hardwares used to breach
data confidentiality.
List Of Reference
MAC and DAC methods are then briefly discussed. MAC methods are used to
protect privacy and personal data in an organization. Administrator will have
the full control of the computer available. By this users cannot steal or delete
or change any of the data available in the operating system. Also some MAC
methods are implemented with Mandatory profiles. Mandatory profile will let
the users to do any change in it. But when they log off and log into the
operating system all their changes will be lost and the unique profile
designed by the Administrator will appear. But if any of the user wants to add
any object to his profile as compulsory the administrator have to allow
permission to do so. In domain networks sometimes it might be difficult to
give different form of permissions to different users. This was found as a
disadvantage of the MAC methods in operating systems.
In some organization they use both MAC and DAC methods simultaneously.
During these session from the MAC method administrator must allow the
user to create a project and then the user will protect it using DAC method.
More information of these is delivered in the below pages.
Operating Systems
Introduction
In this session we are going to look briefly about operating systems in a security
perspective way. Also with those we are going to talk about Mandatory and
Discretionary access to a computer. Advantages and disadvantages of those
accessing methods too will be discussed. Also we will be viewing that how those
access methods used in various organizations for different purposes.
Operating System
Bridges the gap between applications / users and hardware are called as an
Operating System.
The operating system in our computer can be approached in two different ways
mainly. They are
1. Mandatory Access
2. Discretionary Access
The above are the two main approaches to an operating system in a computer. First
of all we shall try to get brief meaning of those two main approaches.
In mandatory access profile the administrator will first create an access control
matrix in which he defines the user statistics. Access control matrix is most
important to mandatory access control. Access control matrix helps the
administrator to define user powers in a particular computer. Also the administrator
can restrict users from accessing some main features such as in Windows “My
Computer”, “Control Panel”. Group policies would help the administrator to restrict a
user.
Also in Microsoft Operating System, there is an option named Event Viewer which
only can be viewed by the administrator. This will help him by showing who are the
users who tried to do any prompt actions in a particular document / application.
When And Where This Approach Of Mandatory Access Controls
Is Appropriate?
Many big firms use the mandatory access control so that any of their data won’t be
changed or lost by an action of their user. It helps an organization or a particular
user to protect his file from some culprits. Mainly mandatory access controls are
provided with mandatory profiles for each user. Mandatory profiles created to the
users will let the user to change any settings, but when they log off and log in again
all their changed settings will be lost and the unique profile designed by the
administrator will appear.
So this access method is mainly used in many Government Firms and Departments.
Administrator can restrict a user from copying a document. So in the above firms, all
their personal data won’t be changed or lost. Also nowadays Net Browsing Cafe’s
too use this technology. Also this would help an individual user too to protect his
data.
But on the other hand there are some disadvantages by these too. When a user
must add any application to his particular computer / User Account the
administrator must have to allow him, like this for every setting that had to be
changed by several other users, the administrator have to unblock the particular
user. This was found hard in some organizations. Those organizations then used the
next method called Discretionary Access Control method.
As we read earlier this access allow a particular user to control the access control.
This was mainly introduced to reduce the work of administrator. The user will be the
owner for his particularly created object here. But in mandatory access
administrator will be the owner for all. The particular user must have to define the
other users who can access his document and also he has the power to restrict
them to read only access or read and write access and also he can give another
user full control of his particular object.
The above statement clearly shows us that we can use both controls simultaneously
and how they work in a simultaneous manner.
But if these two access controls are simultaneously running in an operating system
from the mandatory access controlling system the administrator must have to allow
permission to a particular user to create a document. And then from the use of
discretionary access controlling system the particular user can give permissions to
other users in a discretionary manner to access his document. He can give full
control to any other user too.
As we got to know in this access control all the other users access to a particular
user’s object is determined discretionally by the object creator user. In this method
too data can be protected by its creator by giving permitted access to the other
users. This will also helpful in many organizations and also to some personals too.
Mostly this access method will be used in some organizations where the worker of it
too needs to run any program in his allocated computer. Nowadays in many IT firms
both access controls are running simultaneously so that administrator do not need
to unblock every particular user to do an action, as IT firms will be having a large
amount of workers in it. In this method too data can be protected by the creator of it
by giving restricted permissions to other users. Also some other government
organizations too use this particular method nowadays.
But as for the above method there are some disadvantages to this method too. In
this method permissions are given to other users in a discretionary manner.
Sometimes some user would have been given full control to that particular
document. So there is no guarantee that the full controlled user might protect the
data himself. When he resigns his work from an organization he might make some
bad attempts in that document.
Conclusion
Reference List
http://uw713doc.sco.com/en/SEC_admin/IS_DiscretionaryAccCntlDAC.html.
[2008, 3 January].
Unknown. (2007). Webopedia. Available WWW:
http://www.webopedia.com/TERM/M/Mandatory_Access_Control.html.
[2008, 5 January].
Bibliography
http://www.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsDiscreti
onaryAc
cessControl.html. [2008, 5 January].
http://www.unisys.com/products/mainframes/security/secure__os__2200__sys
tems/
access__control_a_authorization.htm. [2008, 4 January].
http://uw713doc.sco.com/en/SEC_admin/IS_DiscretionaryAccCntlDAC.html.
[2008, 3 January].
Network Security
Executive Summary
In this assignment we are going to talk mainly about Network Security. We will be
researching and discussing the security implications of Packet Spoofing too. Also
malicious attacks that might be enabled by an attacker being able to spoof network
packets too will be discussed.
As the start of this assignment the meaning for network and packet spoofing is
given. Computer Network means computers interconnected in a particular area to
exchange data among them selves. Spoofing means to assume the character and
appearance of someone or something. Packet Spoofing means in the field of
networking steal a network packet from a sender and send another to the receiver.
Packet Spoofing is mainly handled by the hackers.
Then we will be talking about internet security breaches. If we consider this there
are mainly two different ways to attack a network. Sniffing and Spoofing are those
methods. Sniffing means intercepting and inspecting data packets using sniffers.
Sniffers are third party software used to do the above job. And about the other
method called spoofing, we had talked in the above paragraph. But here we are
going to discuss about packet spoofing most.
After this we will be talking about different ways of attacks using Packet Spoofing. In
a network area data to each computer is sent in packets through network cable.
Packet Spoofing means stealing those packets and sending the receiver a false
packet. But we cannot say where these packet spoofers occupy to steal the network
packets. IP spoofing is the main attack used in packet spoofing. IP Spoofing is
mainly used by the intruders to gain access in a network area. They send a
message to a computer with an IP address indicating that the message is coming
from a trusted host. This is how they start their attack and gain access in others
computers. There are many other kinds of packet spoofing attacks too. Man in the
middle attack, Denial of service attack, Non-blind spoofing, Blind spoofing and many
more.
Man in the Middle attack means when a network connection is implemented among
two or more than two people and if they have started exchanging data among
themselves this particular intruder will occupy in the middle and he will be receiving
all the packets of data which were used in exchanging. Then he can modify them
and send or he can just leave that without sending them to the receiver. All of us
know Windows Live Messenger. Also we know that this Live Messenger is now used
in business communication too. Traders and clients will be communicating through
this Messenger. Intruders apply the Middle Man Attack in this Live Messenger too.
Also they break the business transaction and they convert the client to their
business communication arena. This happens often nowadays. Non blind attacks
take place in a same network area. Attacker will be in the same network. A Non-
blind attack, where a source spoofs its IP but can still see the replies, is only
possible if the source and destination are on the same local network, so the attacker
can sniff the network and still see the reply packets as they travel to the spoofed
source or the gateway router. Also there are softwares which help the attackers to
create Packet Spoofing. “Dnshijack”, “Uso800d”, “Dnsattack” are some of the above
mentioned softwares.
Then we will be talking about why this packet spoofing occurs. Packet Spoofing
occurs due to weaknesses of poor design of the under lying protocols such as UDP,
TCP, IDMP and routing protocols and algorithms. The vulnerability is not in the
kernel of an operating system. These protocols were written 20 years ago when
Internet smaller and safer.
After this only the main part of the assignment arrives. Here we will be discussing
about how we can defend these packet spoofing and the attacks made with the help
of spoofing. Each packet has the source address containing the IP address and port
number from where it is coming from and also it will contain the destination IP
address and port number too. Sending system gets to create the packets, so it can
lie about it own source address. This can be hard to detect and also to defend. But
modern firewalls and routers had been configured to detect what range of IP
addresses should be from the inside and confirm the other should be from the
outside. When such a firewall or router sees a packet with an inside source address
coming from outside it knows that it is a spoofed packet and it will drop it. Also
beyond these there is a third party software called “Wireshark” which will help us to
detect spoofed packets.
Then after this some common tips are given to tell us that how we can defend these
packet spoofing in a common way. And finally this assignment will surely help all to
get a brief idea about packet spoofing and its attacks. Also people can get to know
how to defend the packet spoofing. Read further article to gain more knowledge
about this particular topic.
Network Security
Introduction
In this below paragraphs we are going to discuss about Network Security. Also with
this we will be discussing about the meaning of Packet Spoofing and the
implementation of it and also how we can use that to several ways of Network
Attacks. Also we will be discussing why this spoofing occurs and the softwares
involved in implementing this packet spoofing too. Also in the end we would find a
solution to this packet spoofing attacks too.
Network
Network means connections between items to exchange any form of data. When it’s
come to computer, Computer Network means computers interconnected in a
particular area to exchange data among them selves.
Packet Spoofing
When we talk about internet and network security breach there are two common
ways in use. Sniffing and Spoofing are the ways which were mentioned above.
Sniffing means intercepting and inspecting data packets using sniffers. Sniffers are
third party software used to do the above jobs. And about the other method called
spoofing, we had talked in the above paragraph. But here we are going to discuss
about packet spoofing most.
Applying Packet Spoofing To Attack
When we talk about implementation of packet spoofing it’s mainly about how to
manage it and how we could use this to different attacking methods. Almost many
of us would know about Packet Spoofing. But one article says that only some
Network Administrators knew this Packet Spoofing earlier days. And this had been a
great advantage to the packet spoofers to do their job easily and effectively those
days. But Network Administrators of nowadays are pretty good and also well
knowledged. So they could find and protect the data from packet spoofing.
When we come to talk about how we could apply them to an attacking method, we
can talk about several kinds of attacks. IP Spoofing is mainly used by the intruders
to gain access in a network area. They send a message to a computer with an IP
address indicating that the message is coming from a trusted host. This is how they
start their attack and gain access in others computers. For IP spoofing the intruder
uses many methods to get an IP address of a trusted host. Then the hackers modify
and change the packet headers of the IP so that it will appear that the IP is coming
from that trusted host.
“As IP being connectionless, routers use the "destination IP" address in order to
forward packets through the Internet, but ignore the "source IP" address which is
only used by the destination machine when it responds back to the source. This
makes the task of an attacker much easier to forge the identity by modifying the IP
Packets and becoming a part of the destination network.” (Mehta, 2002).
The above quotation clearly shows us how IP and packet spoofers are provided to
gain the access easier by the routers. How ever IP spoofing is necessary to make
many network attacks that do not need to see responses. These are called as Blind
Spoofing. With the help of current IP protocol technology it is really impossible to
eliminate IP spoofed packets. But still there are solutions to avoid this too.
There are many other kinds of packet spoofing attacks too. Man in the middle
attack, Denial of service attack, Non-blind spoofing, Blind spoofing and many more.
Man-In-The-Middle Attack
In normal English if we could say the meaning for the above word is, being in the
middle and attacking. It’s same the idea in attacking network packets too. That
means when a network is implemented among few computers in an area and if they
had started exchanging data through themselves with the help of packets these
intruder will be in the middle of the exchange line. Middle in the sense means not
physically. These intruders will break the encrypted public key so that they can read
and modify the datas send through that. They will intrude them invisibly, being
middle in the network line and if a sender sends any data to a receiver through
packets the intruder who is occupying in the middle will receive the packet first.
Then he could change and send the data to the receiver or he could just keep it with
him. So the receiver won’t get any data from the sender. The intruder had gained
his access successfully. If he modify and send the data and if the receiver gets the
modified data they think they are communicating through a secure connection. But
they aren’t.
All of us know Windows Live Messenger. Also we know that this Live Messenger is
now used in business communication too. Traders and clients will be communicating
through this Messenger. Intruders apply the Middle Man Attack in this Live
Messenger too. Also they break the business transaction and they convert the client
to their business communication arena. This happens often nowadays.
Non blind attacks take place in a same network area. Attacker will be in the same
network. A Non-blind attack, where a source spoofs its IP but can still see the
replies, is only possible if the source and destination are on the same local network,
so the attacker can sniff the network and still see the reply packets as they travel to
the spoofed source or the gateway router.
Also there are softwares which help the attackers to create Packet Spoofing.
“Dnshijack”, “Uso800d”, “Dnsattack” are some of the above mentioned softwares.
Packet Spoofing occurs due to weaknesses of poor design of the under lying
protocols such as UDP, TCP, IDMP and routing protocols and algorithms. The
vulnerability is not in the kernel of an operating system. These protocols were
written 20 years ago when Internet smaller and safer.
Each packet has the source address containing the IP address and port number from
where it is coming from and also it will contain the destination IP address and port
number too. Sending system gets to create the packets, so it can lie about it own
source address. This can be hard to detect and also to defend.
Modern firewalls and routers had been configured to detect what range of IP
addresses should be from the inside and confirm the other should be from the
outside. When such a firewall or router sees a packet with an inside source address
coming from outside it knows that it is a spoofed packet and it will drop it.
Also beyond these there is a third party software called “Wireshark” which will help
us to detect spoofed packets.
“Packet Spoofing largely can be defended against with a good combination of the
following:
Do not trust UDP source address except on very secure networks.
Ensure that all of your systems have modern IP stacks that do not have
predictable TCP sequence numbers. (Linux had has this widespread problem
fixed since the 2.0.36 kernel).
Use an encrypted tunnel to get through untrusted networks such as the
internet. This is necessary to avoid Sniffing and even TCP session hijacking.
SSH and various VPN software products such as FreeS/Wan are helpful.
“ (Toxen, 2001. p. 216).
These above are some ways to protect and prevent from Packet Spoofing attacks.
Conclusion
http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid6
3_
gci974565,00.html. [2008, 7 January].
Toxen, B. (2001). Real World Linux Security: Intrusion Prevention, Detection and
Recovery. Unknown:
Prentice Hall.
Bibliography
http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid6
3_
gci974565,00.html. [2008, 7 January].
Toxen, B. (2001). Real World Linux Security: Intrusion Prevention, Detection and
Recovery. Unknown:
Prentice Hall.
Unknown. (2007). Electronic Frontier Foundation. Available WWW:
http://www.eff.org/wp/detecting-packet-injection. [2008, 7 January].