The History Of The Advanced Network Security

Published Date: 02 Nov 2017

Exam

David Lay

1. One way we can make all of our systems much more secure is to encrypt all files and traffic, something that the military and associated organisations sometimes do. Why isn't this common practice? Why doesn't everybody encrypt every file and transmission? What changes to the structure of the Internet would be required for such a system to be realistic? Would hackers still be able to compromise these systems?

Encrypting all files and traffic would make the system more secure however the time required to process these encryption would be longer nevertheless the encryption algorithm is a major factor, once hackers knows the encryption algorithm used, it is inevitable that the hackers would know the flaws and potentially break them, hence hashing encrypted files and traffic may be a better solution but the internet infrastructure would need to be upgraded to meet the potential aspect of fast encryption and hashing mechanisms. As a result, if everyone encrypts the file and hash the traffic, the information flow would be genuinely secure but requires a lot of processing power to decrypts files and therefore time consuming. Thus only military and associated organisations are capable of performing such practice and not the common users of the internet due to the economic feasibility is not possible to meet on the users, but applicable to the military and associated organisations.

2. (This question is stolen from someone else's exam). Phishing web sites create a copy of a legitimate web site (e.g. a bank) and present to the user an authentic-looking login page. When the user enters a login credential (username/password) the data is recorded and later collected by the Phisher. The Phisher can drive traffic to the phishing page using a number of techniques, including spam email and ads.

(a) Login pages are typically served over HTTPS using the site’s certificate.

How can phishers who do not want to pay for a certificate get around this?

Fraudsters will often host their phishing content on a compromised website and so can make use of the website's legitimate certificate, however they may not have realised that SSL services are available and so serve the content over HTTP. (Phishing on sites using SSL Certificates | Netcraft, 2012)

(b) Some phishers copy the login page as is. That is, they copy the login

page, but leave the embedded image links pointing to the real banking site. Explain

how a banking site can use this fact to detect phishing sites.

The bank can use this information and examine through packet logging or network monitoring for criterias that meets:

Where requests of an object comes from the same host over the network this would denotes that a phishing site may be running, due to the amount of requests.

perhaps PhishZoo would be used to demonstrate phishing sites using fuzzy hashing techniques to detect phishing, in particular this would provide some point of information for "banking sites" to determine their websites being phished or not via this mechanism. (Sadia Afroz, Rachel Greenstadt, 2011)

(c) Some phishers may make a complete copy of the phished site, duplicating all images and scripts on the target page and store them on the phishing server.

They copy Javascript on the phished page, but without altering the script. Explain how a bank can use this fact to not only detect phishing sites, but also detect which of its customers fell victim to the phishing scam. The bank can then move to block those customers’ accounts.

The bank can apply a method known as "Cryptographic Identity Verification Method" such method encrypts and decrypts under the control of the Central Processing Unit. This approach however requires a drastic change to the entire Web infrastructure (both servers and clients) hence adopting a neural network would be a fundamental to detect phishing sites even when login page may be left with embedded links. (A.Martin, Na.Ba.Anutthamaa, M.Sathyavathy, Marie Manjari Saint Francois,Dr.Prasanna Venkatesan, 2011)

From that, the bank can issue emails notices to it's customers, then with various alerts to the network administrator, he/she would be able to inform the bank manager to block off the infected accounts.

(d) Suppose the banking login page has an XSS vulnerability. Explain how this can make the phisher’s life easier.

By expecting a XSS vulnerability on a Bank login page, makes the phisher's life easier through the means of Local File Intrusion or Remote File Intrusion and furthermore gaining remote access via the internet by using such mechanisms that redirects pages using scripts hence this requires no programming of new exploits, but manipulating strings on the address bar to perform desire of any attacks. XSS comes from all sorts of exploits ranging from scripting within textboxes by manipulating various HTTP POST parameters. (Cross site scripting), (Hamburg TF-CSIRT Presentation.PDF, 2004)

3. Your friend thinks he's a security expert (though he hasn't been to TAFE) and claims that the best way to protect your data when using the Internet at home is to use the "private" or "incognito" mode in Firefox or Chrome for sensitive transactions. What security benefits does such an action provide? Is this really a valid way to protect your information? If it isn't, how would you take this guy down?

Unfortunately even though incognito on Chrome, Private browsing on Firefox, Private browsing on Opera, all are the same providing anonymous is shown as private browsing, but still not fully secured to some extent, it is valid to a point where history, cookies and other temporary internet files are erased on exit, however still would be prone to Wireshark sniffing and websites that collects or share information about you. Therefore my friend is invalid.

4. (This question is stolen from someone else's exam). A bot is remotely controlled software, executing on a compromised host. A botnet is

a network of bots and a controller that controls their operation. Most bots are highly programmable, allowing the bot controller to send programs that are executed by bots. Bot detection and remediation can be carried out on a network by examining network traffic, or on a host by trying to identify software that is acting as a bot.

(a) Bots are widely used for relaying email spam. Describe a network de-

fense that detects bots used for spam.

Blocking outbound ports that are used by email, except those that required outgoing email servers or use an IDS/IPS system as such to detects potentially any activities running on SMTP/POP3 protocols would be further reviewed prior to send out via the Emai Server. This approach would detect email based bots that are intentionally used for spams.

For example, if within a network, both SMTP or POP3 are shown with high network activity, it could possibly denotes that the network is infected with a bot attached with a SPAM mechanism that ultilises these two ports.

(b) Bots have been used for launching distributed denial of service (DDoS) attacks. Describe a network defense that detects bots carrying out a DDoS attack. Use some characteristic of the way DDoS attacks are usually done other than measuring the amount of network traffic coming from a host on the network.

With IPS/IDS system, (Intrusion Detection System/Instrusion Prevention System) is a particular network defense strategy that detects bots carrying out a DDoS attack, it is effectively determine the a DDoS attack on the basis of abnormal network activity similar to a firewall. Such as DDoS, SYN Flooding, SPAMs etc. By using rules sets in IDS/IPS or the firewall, where rules mets are true would trigger to alert and this would determine a possible DDoS attack.

(c) One possible way to do host-based bot detection is to compare contents of network packets that might be commands from the controller with system calls on the host. Explain how this idea might help you detect a bot executing a port redirect command (i.e. receive input on one port and send it back out on another).

using snort as a host-based bot detection, through analysing the network packets showing executable commands such as port redirect: (Ashley) using wireshark at the same time thus providing traces of "executable commands remotely" would essentially shows for example: the Phatbot utilises the following commands for port redirection which may be apparent via wireshark packets, if captured

SYNTAX: redirect.tcp <localport> <remotehost> <remoteport>

USAGE:

<User> .redirect.tcp 2352 www.microsoft.com 80

<BoT> redirtcp: redirecting from port 2352 to "www.microsoft.com:80".

So therefore within Wireshark, if packets are captured: we could filter where string == "redirect" to show potential aspect of bots running on host machine.

5. From http://project.cyberpunk.ru/idb/hacker_ethics.html:

***

The idea of a "hacker ethic" is perhaps best formulated in Steven Levy's 1984 book, Hackers: Heroes of the Computer Revolution. Levy came up with six tenets:

1. Access to computers - and anything which might teach you omething about the way the world works - should be unlimited and total. Always yield to the Hands-On imperative!

2. All information should be free.

3. Mistrust authority - promote decentralization.

4. Hackers should be judged by their hacking, not bogus criteria such as degress, age, race, or position.

5. You can create art and beauty on a computer.

6. Computers can change your life for the better.

***

***

ibid, from Richard Stallman

"I don't know if there actually is a hacker's ethic as such, but there sure was an M.I.T. Artificial Intelligence Lab ethic. This was that bureaucracy should not be allowed to get in the way of doing anything useful. Rules did not matter - results mattered. Rules, in the form of computer security or locks on doors, were held in total, absolute disrespect. We would be proud of how quickly we would sweep away whatever little piece of bureaucracy was getting in the way, how little time it forced you to waste. Anyone who dared to lock a terminal in his office, say because he was a professor and thought he was more important than other people, would likely find his door left open the next morning. I would just climb over the ceiling or under the floor, move the terminal out, or leave the door open with a note saying what a big inconvenience it is to have to go under the floor, "so please do not inconvenience people by locking the door any longer." Even now, there is a big wrench at the AI Lab entitled "the seventh-floor master key", to be used in case anyone dares to lock up one of the more fancy terminals."

***

The types of people who are interested and passionate about hacking are the same types of people who are charged with the protection of the networks they seek to exploit. It's almost as if the inmates are taking over the asylum! Discuss how the hacker ethic can lead to the ethical hacker?

The hacker ethic can lead to an ethical hacker through the means of becoming a white hat hacker. Ultilising the access to computers, Freedom of information as in unrestricted to resources, judged on the basis of their skills not discriminating, hence promoting Equal Opportunity, providing a potential change to make the world a better place, as such exhibits the ehancement of securities within an environment to protect and prevent potential attacks from the art of programming. "Sharing is caring" is a common aspect within the hacking realm, as such programmers would make a program and share amongst the computer users.

As seen the MIT AI Lab is somewhat a hacking lab, similar to that BIT(Network Security) Major Security Project - Pentest Lab which serves as an ethical hacking environment for any ethical hackers, this potentially shows Levy's tenets from Hackers Heroes of the Computer Revolution by the means of having the following aspects:

Access to computers - and anything which might teach you something about the way the world works - should be unlimited and total. Always yield to the Hands-On imperative!

All information should be free.

Hackers should be judged by their hacking, not bogus criteria such as degress, age, race, or position.

Computers can change your life for the better.

As shown, students from TAFENSW somewhat have some levels of hacking skills, with the Lab setting up by BIT allows to demonstrate ethical hacking and security enhancement laid out by Levy, as such these are core principles for demonstrating to the hacking realms or Info Sec realms the pathway to become an ethical hacker.

Therefore Levy pointed several valid points that are genuine to keep as core values when becoming an ethical hacker through hacking ethics. To a very high extent I agree with such, however not all ethical hackers are keen on sharing their knowledge, yet even though this requires self-hands-on learning which may not be applicable at some times and the experiences associated with such is not always accountable.