PGP Desktop TCP

Task-1:-PGP………………………………………………Page-5-To-14

Problem statement……………………………………………

• Download PGP Desktop software………………………..

• Experiment with new installation using the following features:

1.Key management ……………………………………..

2.Securing E-mail Messages ……………………………

3.Securing Instant Messaging ………………………….

c) Experiment and report on the remaining option available under

the licence……………………………………………..

Task-2:- TCP/IP Security…………………………………Page-15-To-20

Problem statement…………………………………………

• Why TCP/IP Network are considered unsecured…….

• Describe the following technologies:

• SSL (Secure Socket Layer)…………………..

• IPSec (IP Security)………………………….

• Kerbaros……………………………………..

Task-3:- Hardware and software…………………………Page-21-To-26

Problem statement…………………………………………

• Differences between Windows NT,Windows XP and UNIX

• Differences between HIDS and NIDS

Task-4:- Buffer overruns…………………………………Page—27-To-32

Problem statement…………………………………………

• How a variety of overruns and format string bugs can alter the program flow on program.

• Five methods of causing havoc by unauthorized altering of memory using a buffer overflow.

• THREE C++ functions

• ONE well-recognized method of preventing buffer overflow.

Solution Task-1

Experiment with new installation using the following features:

1.Key management

2.Securing E-mail Messages

3.Securing Instant Messaging

• 1.Key management:

When managed by a PGP Universal Server, PGP Desktop 9.x provides a secure recovery mechanism for private keys, called KeyReconstruction. As its name suggests, Key

Reconstruction can be used to reconstruct (or restore) your private Key if you have forgotten its passphrase, or if you have deleted your private Key

. To take advantage of Key Reconstruction, you send Key reconstruction data to a reconstruction server (a PGP Universal Server that is managing your PGP Desktop) while you still have your private Key and remember its passphrase. The reconstruction data for your private Key consists of five questions, that you may create, and five answers that only you know. After you have sent your reconstruction questions and answers to the server, you may reconstruct your private Key at any time by answering 3 of the 5 questions correctly. If you have deleted your private Keyor forgotten its passphrase before sending reconstruction questions and answers to the server, you cannot regain your private Key using KeyReconstruction. If you need help understanding any of the concepts mentioned above, please read the following "Crypto Concepts" section. Otherwise, feel free to skip down and Reconstruct your private Key

Crypto Concepts

Private Key

When you install PGP Desktop you are prompted to create a keypair, which is comprised of two related keys: a public Key and a private Key Your private Key is used for decrypting something that was encrypted using your related public Key, as well as generating digital signatures that can be verified using your public Key

As its name suggests, your private Key.

• should be kept totally private, and should be protected by a strong passphrase.

Key

Reconstruction For detailed technical information about Key

Reconstruction, please refer to the white paper "Inside PGP Key

• Reconstruction" (from the  PGP Corporation White Papers).

Reconstruct Your Private Key

• Click the PGP Tray lock icon in your system tray and then click Open PGP Desktop:

• Click the PGP Keys control box.

Select the keyring that contains your Key

Click the Key

• that you wish to reconstruct:

To reconstruct a private Key, you must have its associated public Key

on your keyring. If you don't have a copy of your public Key, you might try downloading it from a Keyserver, such as your PGP Universal Server or the PGP Global Directory. Otherwise, contact your administrator to obtain a copy of your public Key

• Now click the Keys menu and click Reconstruct:

Answer 3 of the 5 Key

• reconstruction questions correctly, then click OK:

The answers are case sensitive, and must be entered precisely as they were when you first sent them to the server. If you are certain that nobody can see your screen, you might want to check the box labeled Show Keystrokes, so that you can verify your answers.

After you have answered 3 of the 5 Key reconstruction questions correctly, you must enter and confirm a new passphrase for your private Key

• , then click OK:

When you are notified that Key

• reconstruction was successful, click OK:

• 2.Securing Email Messages

When PGP Messaging is enabled, you will find that PGP will begin encrypting your E-mail

accounts by default. This will occur when you open your E-mail application for the first time after installing PGP Desktop 9.x, and you send/receive E-mail. If you are communicating with other PGP users through E-mail PGP Desktop can automatically encrypt and sign Messages

to PGP users depending on the policies that have been set within PGP Desktop under the Messaging section.

PGP Desktop does configure default policies if you do not wish to create your own. These default encryption policies will be reviewed in Section 3 of this document. New encryption policies will be described in Section 4 of this document.

Enable PGP Messaging

PGP Messaging is enabled by default during installation. However, if you disabled PGP Messaging during installation, there are two ways to enable this feature. They are as follows:

Locate the PGP Desktop icon (padlock) in the system tray. Click the PGP Desktop padlock and click Use PGP E-mail

• Proxy. The option will have a black check mark next to it when it is enabled.

Open PGP Desktop through the Programs/All Programs menu and select the Tools menu. Click Use PGP E-mail

• Proxy. The option will have a black check mark next to it when it is enabled.

Assign a PGP Key to a PGP Messaging Service

PGP Messaging requires a PGP Key to secure the E-mail

account(s). To assign a key to a messaging service for the first time, do the following:

When you open your E-mail

application for the first time after installing PGP Desktop, PGP will display the “E-mail

• Account Detected” window after sending/receiving mail.

Select Yes, secure this E-mail

• account, and then click Next.

• You may select one of many key sources. If you created a key pair during installation, then generally, the option you would select is PGP Desktop Key. You can also create a new key pair, or import a previously exported key pair.

• After choosing the source, click Next.

Highlight the key to be used for this E-mail

• account and click Next.

Click Finish. You are now ready to encrypt mail through this E-mail

• account and proceed with section 3.

Review Default E-mail

Encryption Policies

Two encryption policies are set by default. These policies are:

Require Encryption: [PGP] Confidential. This policy specifies that any message flagged as confidential in your E-mail

• client or containing the text “[PGP]” in the subject line must be encrypted to a valid recipient public key or it cannot be sent.

Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear). Having this policy the last policy in the list ensures that your Message

• will always be sent, albeit in the clear, even if a key to encrypt it to the recipient cannot be found.

Do not put Opportunistic Encryption first in the list of policies (or anywhere but last, for that matter) because when PGP Desktop finds a policy that matches, and Opportunistic Encryption matches everything, it stops searching and implements the matching policy. So if a policy is lower on the list than Opportunistic Encryption, it will never be implemented. The list of policies is read from the top down, so be sure to put Opportunistic Encryption last in the list.

The default policies Require Encryption: [PGP] Confidential and Opportunistic Encryption cannot be modified or deleted, but they can be disabled. Create New E-mail

Encryption Policies

If you would like to create additional encryption policies, the steps to do so are described as follows:

• Open PGP Desktop.

• Locate the PGP Messaging control box on the left. This will display different configured services and the Messaging Log options.

• Within the PGP Messaging control box, select a configured service (e.g. [email protected]/* */). The settings for the service appear in the PGP Messaging work area, including the list of existing security policies. This is the right hand pane.

• Click New Policy in the PGP Messaging Control box OR pull down the Messaging menu and click New Messaging Policy.

• After the Message Policy dialog appears, enter a description of the policy in the top field offered.

• Specify the conditions to be met and the action to be performed.

• Specify a course of action to take if the recipient key is not found.

For detailed descriptions of the available conditions and actions, please refer to your PGP Desktop User's Guide (.pdf). This is located in Start>Programs>PGP>Documentation.

Policies are applied in the order that they are listed. You can change the order by highlighting the policy you wish to move and clicking the up or down arrow at the bottom of the “Security Policies” window to move it.

Understanding the PGP Messaging Log

The PGP Messaging Log, located in the PGP Messaging control box, is instrumental in describing the actions taken by PGP Messaging in processing E-mail

. View Log For: This item at the top left will allow you to view the logs of the current day or up to seven days past. Just select the day you wish to view. View Level: This option in the upper right will allow you to view logs related to general information, warnings, error Message

, and may even be set to verbose for greater detail of each item previously mentioned. Saving Daily Log If you wish to save the log file for a specific day, display the correct day and click Save at the bottom of the Messaging Log work screen. Specify the location to save the file and click Save again. Shred Log Use the Shred Log option to clean the contents of the Messaging Log for the currently displayed day.

• 3.Securing Instant Messaging

AIM sessions between two systems running PGP Desktop 9.x are protected automatically when PGP Desktop 9.x is installed and the PGP AIM Proxy is enabled.

Both AIM users MUST have PGP Desktop 9.x installed for the session to be encrypted. It is not sufficient that one user have PGP Desktop installed. Both must have the AIM Proxy enabled. Both users also have to be added to the buddy list in the AIM settings.

Enable PGP AIM Proxy

The PGP AIM Proxy is enabled by default if the option was not unchecked during installation. If the proxy is disabled, there are two ways to enable it. These methods are as follows:

• Click on the PGP Desktop padlock in the system tray. Click Use PGP AIM Proxy. The option will have a check by it when enabled.

• Open PGP Desktop through Start>Programs>PGP menu. Pull down the Tools menu, and click Use PGP AIM Proxy.

How to Know the Session is Encrypted

When the option is enabled you should see an alert in the system tray which states “PGP Desktop Secured AOL Instant

Messenger session for [screen name] has started. Additionally, other users will see a padlock next to your screen name. You.

will see in the conversation a note that the conversation is being encrypted by PGP Desktop.

Solution Task-2

a) Why TCP/IP Network are considered unsecured.

W

hen TCP/IP was designed in the early 1980's, security was not a primary concern. However, in the years since their inception, the lack of security in the TCP/IP protocols has become more of a problem. The widespread use and availability of the TCP/IP protocol suite has exposed its weaknesses. Presented here are a number of well-known vulnerabilities of both TCP/IP itself, and of some protocols commonly used along with TCP/IP (such as DNS).

• TCP "SYN" attacks

• IP Spoofing

• Sequence Guessing

• Source Routing

• Connecting Hijacking

• Source Routing

• Connecting Hijacking

• Desynchronization during connection establishment

• Desynchronization in the middle of a connection

• Routing (RIP) attacks

• ICMP attacks

• DNS attacks

• The lack of unique identifiers

a) TCP "SYN" attacks

In an Internet environment, high message latency and loss are not uncommon, resulting in messages that arrive late or in nonsequential order. The TCP half of TCP/IP uses sequence numbers so that it can ensure data is given to the user in the correct order, regardless of when the data is actually received. These sequence numbers are initially established during the opening phase of a TCP connection, in the three-way handshake.

SYN attacks take advantage of a flaw in how most hosts implement this three-way handshake When Host B receives the SYN request from A, it must keep track of the partially opened connection in a "listen queue" for at least 75 seconds. This is to allow successful connections even with long network delays.

Figure: SYN Flooding

b) IP Spoofing

IP Spoofing is an attack where an attacker pretends to be sending data from an IP address other than its own [Morris85, Bellovin89]. The IP layer assumes that the source address on any IP packet it receives is the same IP address as the system that actually sent the packet -- it does no authentication.

c) Sequence Guessing

The sequence number used in TCP connections is a 32 bit number, so it would seem that the odds of guessing the correct ISN are exceedingly low. However, if the ISN for a connection is assigned in a predictable way, it becomes relatively easy to guess. This flaw in TCP/IP implementations was recognized as far back as 1985, when Robert Morris described how to exploit predictable ISN's in BSD 4.2, a Unix derivative [Morris85].

Figure :IP Spoofing via Sequence Guessing

d) Source Routing

Another variant of IP spoofing makes use of a rarely used IP option, "Source Routing". Source routing allows the originating host to specify the path (route) that the receiver should use to reply to it. An attacker may take advantage of this by specifying a route that by-passes the real host, and instead directs replies to a path it can monitor Although simple, this attack may not be as successful now, as routers are commonly configured to drop packets with source routing enabled.

Figure : Source Routing

• Describe the following technologies:

1) SSL (Secure Socket Layer)

2) IPSec (IP Security)

3) Kerbaros

• Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) protocol was developed by Netscape Communications, and enables secure communication over the Internet. SSL works at the transport layer of Transmission Control Protocol/Internet Protocol (TCP/IP), which makes the protocol independent of the application layer protocol functioning on top of it. SSL is an open standard protocol and is supported by a range of both servers and clients.

SSL can be utilized for the following:

• Encrypt Web traffic using Hypertext Transfer Protocol (HTTP). When HTTP is utilized together with SSL, it is known as HTTPS.

• SSL is generally utilized to authenticate Web servers, and to encrypt communications between Web browsers and Web servers.

• Encrypt mail and newsgroup traffic.

SSL provides the following features for securing confidential data as it transverses over the Internet:

• Authentication

• Data integrity

• Data confidentiality through encryption

The SSL handshake process is described below:

• The client initiates the SSL handshake process by sending a URL starting with the following: https:// to the server.

• The client initially sends the Web server a list of each encryption algorithm which it supports. Algorithms supported by SSL include RC4 and Data Encryption Standard (DES). The client also sends the server its random challenge string which will be utilized later in the process.

• The Web server next performs the following tasks:

• Selects an encryption algorithm from the list of encryption algorithms supported by, and received from the client.

• Sends the client a copy of its server certificate.

• Sends the client its random challenge string

2. IPSec (IP Security)

IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or Packet processing layer of network communication. Earlier security approaches have inserted security at the application layer of the communications model. IPsec is said to be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers.

IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The specific information associated with each of these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley protocol.

Security architecture

IPsec is implemented by a set of cryptographic protocols for (1) securing packet flows,mutual authentication and establishing cryptographic parameters.

The IP security architecture uses the concept of a security association as the basis for building security functions into IP. A security association is simply the bundle of algorithms and parameters (such as keys) that is being used to encrypt and authenticate a particular flow in one direction. Therefore, in normal bi-directional traffic, the flows are secured by a pair of security associations.

• Kerberos :

Kerberos is An Authentication Service for Computer Networks. When using authentication based on cryptography, an attacker listening to the network gains no information that would enable it to falsely claim another's identity. Kerberos is the most commonly used example of this type of authentication technology.

Modern computer systems provide service to multiple users and require the ability to accurately identify the user making a request. In traditional systems, the user's identity is verified by checking a password typed during login; the system records the identity and uses it to determine what operations may be performed. The process of verifying the user's identity is called authentication. Password based authentication is not suitable for use on computer networks. Passwords sent across the network can be intercepted and subsequently used by eavesdroppers to impersonate the user. While this vulnerability has been long known, it was recently demonstrated on a major scale with the discovery of planted password collecting programs at critical points on the Internet .

Authentication, Integrity, Confidentiality, and Authorization

Authentication is the verification of the identity of a party who generated some data, and of the integrity of the data. A principal is the party whose identity is verified. The verifier is the party who demands assurance of the principal's identity. Data integrity is the assurance that the data received is the same as generated. Authentication mechanisms differ in the assurances they provide: some indicate that data was generated by the principal at some point in the past, a few indicate that the principal was present when the data was sent, and others indicate that the data received was freshly generated by the principal

Solution Task-3

rock-solid for years.

• Differences between Windows NT,Windows XP and UNIX

UNIX is an operating system which was developed by Bell Labs, which was a subsidiary of the American Telephone and Telegraph company. UNIX was written to run the computers which control telephone switches, and is designed to use the least amount of memory possible. As far as I know, there is no Graphical User Interface, or GUI, available for use with UNIX. Widows is an operating system designed by Microsoft, and is made to be used as a GUI. The early versions of Windows, up through Windows 2000, used Microsoft Disc Operating System, or MS-DOS, to carry out the commands initiated by pointing at an icon and clicking on it. Windows XP uses a new operating system, NT, which was also designed by Microsoft, to carry out those commands.

A Windows user uses a mouse to point at icons, select them, and open them. These operations are performed without having to enter any code into the computer, because the program generates the code when the mouse is clicked on the icon. UNIX requires that the user input code to perform any operation, and this code usually includes address specifications, processing instructions, and and output address specifications.

• Difference between Windows and UNIX web hosting

Windows and UNIX are in fact two different systems and of course we are But Windows servers have also it's positive sides, they are compatible with Microsoft applications, and fully support Microsoft FrontPage, Microsoft Access and MS SQL, they also offer advance-programming environments and features such as Active Server Pages (ASP), the ASP.NET framework, Visual Basic Scripts, MS Index Server, Macromedia's and Cold Fusion. Windows operating system require little or no experience in web development to get advanced features working very quickly because of better graphical user interface (GUI) Software such as Microsoft's FrontPage is specially developed for the webmaster to decrease the website development time and efforts. Lets go back again to UNIX, they support FrontPage, Flash, Shockwave, Real Audio/Video, Cgi Scripts, Perl, PHP, SSH (Secure Telnet), MySQL, Web-Based Control System, Anonymous FTP, Web Site Graphical Statistics, Web-Based Email System, Miva/XML, Cold Fusion Perl, JAVA, PHP, C, C++, Miva, Shell Access and other wide verity of feature like Telnet and SSH that provides lots of flexibility and freedom in managing file and directories, but some of this require advance knowledge of Unix

commands in order for you to customize the scripts to match your website needs. Because of the nature of UNIX, (open source) and the people who love it, there is on the WWW freely available software and scripts, again bringing the cost down. Concluding which one is the best, it really depends what you need, if you need high uptime, security and not so expensive then go with UNIX, if you need to run Windows applications like, MS Access or the MS SQL SERVER then Windows is your choice.

• Difference between Windows and UNIX programming cultures

This post on Slashdot links to an article on comparison between UNIX and Windows programming cultures. However, it mostly talks of how the problem of usability is approached. I'd like to take a different tack, in the difference between the API of the two systems.

Windows APIs are huge. In the Microsoft world, everything seems to end up being part of the core OS services somehow. This has the advantage that you don't need to expect people to have such-and-such library. Or does it? Changes to what is the "core" between OS versions make compatibility somewhat nightmarish; you're never quite sure what libraries are there or not. Writing installers is a mess. MSI helps, but not if there's no MSI package for the libraries. Another side-effect of this is that Windows programmers are always learning a zillion new things. Win32 services. COM. COM+. .NET. DNA. TAPI. The list goes on and on. Many of those APIs do the exact same thing, so learning the new one is only needed because the old one becomes obsolete. It's hard to stabilize such a huge API.

Core Win32 APIs have no consistent reporting. OK, this drove me up the wall when I was coding on that platform. Does the MoveWindow() return NULL or INVALID_HANDLE on error? How about CreateFile()? And what's up with the ridiculous conventions for WaitForMultipleObjects()? Sure, GetLastError() is there, but so many APIs set this (including, say, MessageBox()) that many programs end up reporting an error as "The operation completed successfully". UNIX APIs tend to return ints, -1 on error with errno set, a positive integer otherwise. Period.

Windows SendMessage is stupid. Granted, with MFC and such, you don't need to look at it as much. But what's the big idea of passing two parameters of a known bit-width for every message? Why not pass a void* pointing to a different struct for each message? The result: huge pain when porting from Win16 to Win32, and another huge pain that will occur when porting from Win32 to Win64. No wonder they want to move to .NET. Compare to X-Window, which uses the void* approach, and you have to admit that SendMessage() and the WindowProc() conventions are mis-designed.

Some Windows services are strangely tied to physical windows. For instance, many COM calls don't work if there's no window and no message loop. This is documented, but it's a pain in the ass for multithreaded programming. Ditto for timers; IIRC there's no way portable to Win98 that lets you have a timer callback without a message loop. Compare to UNIX setitimer.

UNIX threading is a mess. This has improved somewhat in recent years, but I still run into problems. Linux and glibc are the big culprits there. They have changed their threading strategies several time, and each time a glitch appears, we get a finger-pointing match between the kernel and glibc team. This is annoying to say the least. At least one widely-distributed Linux distro (RedHat 9) exhibits severe problems under load, due to bugs in the glibc that are partly made worse by the JDK. In my view, threading should be a kernel service (and I'm not completely alone in this view--it seems the Linux kernel is moving more and more towards that model) and it should remain stable, dammit. Sure, you could do similar things with fork(), but that's not a reasonable approach with a GC runtime. In contrast, Win32 threading has been

Differences between HIDS and NIDS

• Host Intrusion Detection (HIDS)

This real-time monitoring device alerts the administrator when a specific event has occurred such as a new user being added or any abnormal usage patterns. Host intrusion detection software detect threats aimed at your critical hosts or servers.

• Network Intrusion Detection(NIDS)

NIDS primary responsibility is to monitor, detect and identify malicious activity on a network. Once suspicious activity is detected, an alert is generated for each activity.

Comparative analysis of HIDS vs. NIDS

Function	HIDS	NIDS	Comments
Protection on LAN	****	****	Both systems protect you on your LAN
Protection off LAN	****	-	Only HIDS protects you when you are off the LAN
Ease of Administration	****	****	The admin of NIDS and HIDS is equal from a central admin perspective.
Versatility	****	**	HIDS are more versatile systems.
Price	***	*	HIDS are more affordable systems if the right product is chosen.
Ease of Implementation	****	****	Both NIDS and HIDS are equal form a central control perspective
Little Training required	****	**	HIDS requires less training than NIDS
Total cost of ownership	***	**	HIDS cost you less to own in the long run
Bandwidth requirements on (LAN)	0	2	NIDS uses up LAN bandwidth. HIDS does not.
Network overhead	1	2	The NIDS has double the total network bandwidth requirements from any LAN
Bandwidth requirements (internet)	**	**	Both IDS need internet bandwidth to keep the pattern files current
Spanning port switching requirements	-	****	NIDS requires that port spanning be enabled to ensure that your LAN traffic is scanned.
Update frequency to clients	****	-	HIDS updates all of the clients with a central pattern file.
Cross platform compatibility	**	****	NIDS are more adaptable to cross platform environments.
Local machine registry scans	****	-	Only HIDS can do these types of scans.
Logging	***	***	Both systems have logging functionality
Alarm functions	***	***	Both systems alarm the individual and the administrator.
PAN scan	****	-	Only HIDS scan you personal area networks. (unless you have the $ to get a NIDS for your home)
Packet rejection	-	****	Only NIDS functions in this mode.
Specialist knowledge	***	****	More knowledge is required when installing and understanding how to use NIDS from a network security perspective.
Central management	**	***	NIDS are more centrally managed.
Disable risk factor	*	****	NIDS failure rate is much higher than HIDS failure rate. NIDS has one point of failure.

• HIDS and NIDS Advantages:

HIDS Advantages:

The primary advantage of NIDS is that it can watch the whole network or any subsets of the network from one location. Therefore, NIDS can detect probes, scans, malicious and anomalous activity across the whole network. These systems can also serve to identify general traffic patterns for a network as well as aid in troubleshooting network problems. NIDS also is not able to understand host specific processes or protect from unauthorized physical access.

NIDS Advantages:

HIDS technology does not have the benefits of watching the whole network to identify patterns like NIDS does. A recommended combination of host and network intrusion detection systems, in which a NIDS is placed at the network border and an HIDS is deployed on critical servers such as databases, Web services and essential file servers, is the best way to significantly reduce risk.

Solution Task-4

• How a variety of overruns and format string bugs can alter the program flow on program.

b. Five methods of causing havoc by unauthorized altering of memory using

a buffer overflow.

c. THREE C++ functions

• ONE well-recognized method of preventing buffer overflow.

• How a variety of overruns and format string bugs can alter the program flow on program.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

In July 2000, a vulnerability to buffer overflow attack was discovered in Microsoft Outlook and Outlook Express. A programming flaw made it possible for an attacker to compromise the integrity of the target computer by simply it sending an e-mail message. Unlike the typical e-mail virus, users could not protect themselves by not opening attached files; in fact, the user did not even have to open the message to enable the attack. The programs' message header mechanisms had a defect that made it possible for senders to overflow the area with extraneous data, which allowed them to execute whatever type of code they desired on the recipient's computers. Because the process was activated as soon as the recipient downloaded the message from the server, this type of buffer overflow attack was very difficult to defend. Microsoft has since created a patch to eliminate the vulnerability.

(b) Five methods of causing havoc by unauthorized altering of memory

using a buffer overflow.

• A Hybrid Method of Defense against Buffer Overflow Attacks:

(1) Stack Guard :

The Stack Guard compiler is the most well known dynamic method of defense against buffer overflows attacks. It is designed to detect and stop stack based buffer overflows attacks targeting the return address on the stack. It guards the return address by placing a dummy value (canary value) between the return address and the stack data just before transferring control to a function. StackGuard protection can be subverted if the attacker can guess the dummy value, or by abusing a pointer to the return address.

(2) Stack Shield:

This is a compiler patch for GCC , which is also based on the idea of protecting the return address on the stack. It implements three types of protection; two of them defend against overwriting of the return address and one against overwriting of function pointers. It basically implements all of them using auxiliary stacks or global variables to maintain copies of the original contents i.e. contents before function calls and then compares the respective contents before returning control, to determine if the return address or function pointers have been tampered with.

(3) Propolice :

Propolice is a GCC patch [7] that is perhaps the most sophisticated compiler based protection mechanism. It borrows the idea of protecting the return address with canary values from StackGuard. Additionally it protects stack allocated variables by rearranging the local variables so that character buffers are always allocated at the bottom, next to the old base pointer, where they cannot be over flown to harm any other local variables.

(4) Libsafe/Libverify :

This tool is similar to the solution proposed in this paper as it also provides a combination of static and dynamic protection. Statically it patches exploitable buffer manipulations functions in standard C library. A range check is done by a safe wrapper function before proceeding with the actual operation, which ensures that the return address and the base pointer cannot be overwritten..

(5) LibsafePlus:

This is a newly developed tool for runtime buffer Overflow protection. The idea of their protection method is similar to that presented in this paper; that is they first collect the size information of buffers in the program and then use it to detect overflows via function call interception as in Libsafe. They use a tool called TIED: Type Information Extractor and Depositor.

(c) Describe at least THREE C++ functions :

• Canary-based defenses.

• Non-executing stack defenses.

• Other approaches.

• Canary-based defenses

Researcher Crispen Cowan created an interesting approach called StackGuard. Stackguard modifies the C compiler (gcc) so that a "canary" value is inserted in front of return addresses. The "canary" acts like a canary in a coal mine: it warns when something has gone wrong. Before any function returns, it checks to make sure that the canary value hasn't changed. If an attacker overwrites the return address (as part of a stack-smashing attack), the canary's value will probably change and the system can stop instead. This is a useful approach, but note that this does not protect against buffer overflows overwriting other values.

2. Non-executing stack defenses

Another approach starts by making it impossible to execute code on the stack. Unfortunately, the memory protection mechanisms of the x86 processors (the most common processors) don't easily support this; normally if a page is readable, it's executable. A developer named Solar Designer dreamed up a clever combination of kernel and processor mechanisms to create a "non-exec stack patch" for the Linux kernel; with this patch, programs on the stack can no longer be normally run on x86s. It turns out that there are cases where executable programs are needed on the stack; this includes signal handling and trampoline handling. Trampolines are exotic constructs sometimes generated by compilers (such as the GNAT Ada compiler) to support constructs like nested subroutines. Solar Designer also figured out how to make these special cases work while preventing attacks.

3. Other approaches

There are many other approaches. One approach is to make standard library routines more resistant to attack. Lucent Technologies developed Libsafe, a wrapper of several standard C library functions like strcpy() known to be vulnerable to stack-smashing attacks. Libsafe is open source software licensed under the LGPL. The libsafe versions of those functions check to make sure that array overwrites can't exceed the stack frame. However, this approach only protects those specific functions, not stack overflow vulnerabilities in general, and it only protects the stack, not local values in the stack. Their original implementation uses LD_PRELOAD, which can conflict with other programs.

(d) ONE well-recognized method of preventing buffer overflow:

• Preventing Buffer Overflows

Buffer overflow vulnerabilities are the result of poor input validation: they enable an attacker to run his input as code in the victim. Even when care has been taken to validate all inputs, bugs might slip through and make the application insecure. This article presents the various options available to protect against buffer overflows. These methods either check for insecure function calls statically, look for overflow during runtime dynamically or prevent execution of code on the stack.

• Non-executable stack: In this method the stack is configured not to hold any executable code. Kernel patches are available for both Linux and Solaris for configuring a non-executable stack. Data execution prevention in Windows XP and 2003 also protect the stack against buffer overflow. This method protects against stack-based buffer overflow attacks.

• Static Analysis: In static analysis the source code is parsed for dangerous library calls and race conditions to detect potential buffer overflows. Functions like strcpy and sprintf are vulnerable to buffer overflows, so source code scanners are used to look for incorrect use of these functions. RATS and SPLINT are two such tools; however static analysis is riddled with false positives.

• Dynamic runtime protection: Buffer overflow conditions are detected during the

actual running of the program in this method, and an attack thwarted. Different techniques of dynamic runtime analysis are:

Canary: When a function call is made, a “canary” is added to the return address; if a buffer overflow occurs, the canary will be corrupted. So, before returning to the parent function, the “canary” is checked again to see if it has been modified. Stack Guard uses this technique by implementing it as a patch to the GCC complier; this causes minimum performance delays. Free BSD also has a patch available to do this.

Copying Return Address: In this method, the return address is saved separately; so even when a buffer overflow exploit overwrites the return address on the stack, it is set back to the original value when the function returns.

Cite this page