Please enable JavaScript.
Coggle requires JavaScript to display documents.
Computer Security 2 (Web Attacks (Cookies - Lets the server store a string…
Computer Security 2
Web Attacks
Cookies - Lets the server store a string on the client. Used to identify a user and store preferences/passwords/last visit
-
Eavesdropping - If a connection is not encrypted, it can be eavesdropped by ISP, anyone on the route or local network. Logins should always be via SSL
Cookies can be stolen when a website drops from https to http. Countermeasure is use https all the time
-
-
Cross-site scripting (XSS) - Allows an attacker to inject client side code into web pages, which is then distributed to other users. Eg cookie stealing JavaScript program
Phishing - Attacker injects script that reproduces the site (eg. Paypal) and credentials are sent to attacker
Cross-site request forgery (CSRF) - Victim is logged into a website, visits a malicious one which sends requests to the vulnerable website to exploit cookies
OWASP - Public effort to improve web security. Has a list of biggest web threats. Eg. injection, authentication errors, non encrypted data transmissions, query strings in dynamic webpages
Internet
-
TCP/IP - TCP runs on top of IP and requests new packets if they get lost. Allows inter-network connections
Domain Name Server (DNS) - Name associated with an IP. Eg. bbc.co.uk. Big database stores all of these domain names.
Socket Connection - Connects two ports. stores destination IP, port and source IP, port
-
IP Stack - Application, Transport (TCP), Network (IP) and Link (MAC Address)
-
Dynamic Host Configuration Protocol (DHCP) - Assigns an IP address to a new machine on that network. Not permanent
Address Resolution Protocol (ARP) - Lets router find out which machine is using which IP address. ARP Spoofing lets a machine steal an IP
TLS
Secure Sockets Layer (SSL) - Renamed to Transport Layer Security protocol (TLS). Provides secure socket connection based on keys
X.509 Certificates - Subject, subject's key, issuer name, etc. Issuer signs the hash of the data
-
Send a nonce. Nonce sent back with certificate. Session key = nonces and seed. Send encrypted seed and (hash)k. (hash2)k sent back
TLS-DHE - Stops the user from reading past messages if they get the server's key. Each session key is calculated with 2 nonces and gxy
Weaknesses
Cipher downgrading attack - If server and client both support a weak cipher, attacker can select that cipher to be used and then break it
Self signed certificates - maintaining certificates is hard. Easier to accept any certificates or self signed. Vulnerable to man in the middle
-
VPN - Securely connects you to another network. Can route traffic through VPN, server thinks you're a VPN provider.
-
Exploits
Spear Phishing - Very well crafted, targeted phishing emails
-
-
Firewalls - Blocks internet traffic. Can be setup on computers or the network. Eg. Could block all traffic not on port 80
Anti-Virus - Scans computer and email traffic for known viruses. Can be disabled by an attacker with admin
-
-
Application Security
Compiled code is just data, can be altered and protections removed. Good protection slows this down rather than stops it
-
Java Byte Code - Can be reverse engineered mostly to create source code. Can then be used to look at what program is doing and recompile without checks etc.
Binaries - Written in assembly, much lower level than Java byte code. Patterns distinguish what a program is doing
Defences - Dynamically construct keys. Encrypt files. Mix data and code to slow down attacks. Require online connection (timeouts), Require online content (safeguards), hardware protection
Buffer Overflow Attacks
In languages like C, you have to tell the compiler how much memory is required. If wrong then attacker can run any code in the free space.
Buffer Overflow - Because C doesn't check for character bounds, if 16 bytes are given for the function, the program may write more than that and be able to write over the EIP, and send the return statement of the program to another part of code, maybe a shell
-
Address Space Layout Randomisation - Adds an offset to the stack addresses so that it is hard to guess which address to point to