RSS

Computer Network Security

29 Jan

Own computer network security is often viewed as the result of several factors. This factor varies depending on the basic material, but normally at least some of the following is included:

Security is important classic this is not enough to cover all aspects of computer network security at the present time. These can be combined again by some other important things that can make computer network security can be improved again with includes the following:

Availability

The availability of data or services can be easily monitored by the user of a service. That where the unavailability of a service (service) can be an obstacle to progress for a company and can impact even worse, namely cessation of the production process. So to all network activity, the availability of data is very important for a system to continue to run correctly. 

Confidentiality

There are several types of information available within a computer network. Each different data would have different user groups and data can be grouped so that some restrictions to the use of data must be determined. In general, the data contained within an enterprise are confidential and may not be known by third parties who aim to keep company secrets and strategies of companies. Backdoor, for example, violating company policy due to unwanted access into corporate computer networks.

Confidentiality can be improved and in some cases pengengkripsian data or use a VPN. This topic will not be, but however, will be included in this paper. Access control is a commonly used to restrict access into a computer network. An easy way but was able to restrict access is by using a combination of username-and-password for the user authentication process and provide access to users (users) that have been identified. In some computer network security work environment, is discussed and separated in the context of authentication.

Integrity

Reliable computer network is also based on the fact that the available data what should be. Computer network would not want to be protected from attack (attacks) that can alter dataselama stopover in the process (transmit) [4]. Man-in-theMiddle is a type of attack that can alter the integrity of the data which the attacker (attacker) can hijack ‘session’ or manipulate data sent.

In a secure computer network, participants of a ‘transaction’ data must be sure that the people involved in data communications are reliable and trustworthy. Security of a data communication is required at a certain level data does not change during the process of sending and receiving data communications at the time. This does not necessarily always mean that the ‘traffic’ need to be encrypted, but also not impossible that the attack ‘Man-in-theMiddle’ can occur.

 

Nonrepudiation.

Any action taken in a secure system that has been monitored (logged), this can mean the use of tools (tool) to check the system working as it should. ‘Log’ is also inseparable from the security ‘system’ that which occurs when an intrusion or other attacks will greatly assist the process of investigation. ‘Log’ and note the time, for example, an important part of evidence in court if the crackers caught and prosecuted. For this reason the ‘nonrepudiation’ regarded as an important factor in a competent computer network security.

ITU-T has defined ‘nonrepudition’ as follows:

Computer networks and other data systems are built from several different components of which each has special characteristics for safety. A secure computer network that need to be aware of security issues in all sectors, which is a complete security chain is very weak, weak as weakest point. User (user) is an important part of a chain. ‘Social engineering’ is an efficient way to find a gap (vulnerabilities) in a system and most people use the ‘password’ that is predictable. It also means leaving the ‘workstation’ is not in a state locked in at lunch or the other.

Operating systems (operating systems: Windows, Unix, Linux, MacOS) there is everywhere, computers have operating systems different from one another (depending on taste), and even routers also run by the operating system. Each operating system has its own style and characteristics that distinguish it from other operating systems, and some even used for ‘server’. Some operating systems also have problems that can be used to cause the operating system stops responding to the user.

Service on the ‘server’ plays an important role in security. Software developer announced a security flaw in the software quickly. Reasons for this gap is likely to be used by parties who are not responsible to infiltrate a system or any computer user. Managers or users of servers and workstations had to check to ‘update’ security issues regularly.

The hardware may be a bit difficult to understand as something that has the potential to have a security problem. What actually is very different to what we think, if the hardware is located in a location that is not safe then there is a risk for the installation of unwanted hardware into computer networks and this can make the infiltration becomes easier. Also, if a computer network hardware changed its settings to the default configuration by an outsider.

Selection of method of transmission also has an important role in security issues. Any confidential information should not be transmitted wirelessly, at least not without using a good encryption, so that everyone can tap communications ‘wireless’ is sent. It is strongly recommended to use a firewall to restrict access into the computer network to the required level. Firewalls also can be the weakest point, which can create a sense of security. Firewalls must permit the flow of data into a computer network if there is also the data flow out of the computer network through the firewall and this may be the weakest point. Another important fact that not all attacks launched through the firewall.

 

Securing Computer Networks

Securing computer networks require three levels of the process. To secure our computer networks should be able to map the threats that may occur.

 

Prevention

Most of the threats will be pushed over easily, although the circumstances are truly 100% safe is not necessarily achievable. Unauthorized access into computer networks can be prevented by selecting and configuring services (services) that runs with caution.

 

Observation

When a computer network is running, and an unauthorized access is prevented, then the processes carried out maintenance. Maintenance of computer networks should include a look at the log that is not normal that can refer to the security problems that are not monitored. System IDS can be used as part of the process of observation but using the IDS should not refer to ignorance on the log information provided.

Response

When something unexpected happens and the security of a system has been successfully compromised, then the maintenance personnel must take immediate action. Depending on the process productivity and problems related to security then appropriate action must be immediately implemented. When a process is vital to the functioning of the system and its influence if the shutdown would cause more harm than letting the system that has successfully infiltrated still allowed to run, it should be considered for planned maintenance at the right time. This is a difficult problem because no one will immediately know what the gap so the system has successfully infiltrated from outside.

 

Victims/statistic

Computer network security involves several different things that affect the overall security. Computer network security attacks and misuse and is used the virus, attack from within the computer network itself, the theft of hardware (hardware), penetration into the system, attack ‘Denial of Service “(DoS), sabotage, attack’ wireless’ on computer networks, the replacement of the front page of the site (website defacement), and misuse of Web applications. Statistics show the number of intrusions in this area is pretty much reduced from 2003 [24], this type of attack variation, however, led to almost every person is an attractive target.

Security issues

Modern computer networks are the entities of many small parts. Here are described some weak points of different components.

Weak protocols

Computer network communication using a protocol between the client and server. Most of the currently used protocol is the protocol that has been used in recent decades. This long protocol, such as File Transmission Protocol (FTP), TFTP or Telnet, are not designed to be completely safe. In fact, the fact that most of these protocols should be replaced with a much more secure protocol, because many critical points that can cause the user (users) are not responsible to perform exploitation. For example, a person can easily monitor ‘traffic’ from telnet and can find out a user name and password.

Software issue.

Into something that is easy to exploit gaps in the software. This gap is usually not intentionally created but most of all people experience loss of weakness like this. This gap is usually standardized that anything run by ‘root’ must have access to ‘root’, ie the ability to do everything within the system. Exploitation is actually taking advantage of the weak data handling unexpected by the user, for example, the buffer overflow from the security hole ‘format string’ is not unusual at this time.

The exploitation of these gaps will lead to a situation where a user’s access rights will be raised to a higher level of access. It is also called the ‘rooting’ a ‘host’ is because the attacker usually aim to get privileges ‘root’.

Buffer overflow.

‘Buffer overflow’ has the same meaning as the term. Programmers have been allocated so great memory for some specific variables. However, with this security hole, then this variable can be forced to write into the ‘stack’ without having to check back when the variable length is allowed. If the data which resides in the buffer turned out to be longer than expected, it will likely do the rewriting of stack frames of the ‘return address’ so that the address of the program execution process can be changed.

Authors ‘malicious code’ will usually be the exploitation of writing back ‘return address’ to turn ‘return address’ to ‘shellcode’ their own choice to cancel access ‘shell’ using the permissions of the ‘user-id’ of the program is exploited. ‘Shellcode’ This is not to be included in a program that exploited, but are usually written into the gap part of the ‘buffer’. This is a trick commonly used in variable ‘environment’ like this.

‘Buffer overflow’ is a fundamental problem on the basis of modern computing architectures. Space for variables and the code itself can not be separated into different blocks in ‘memory’. A change in the architecture can easily resolve this problem, but the change is not something easy to do because the architecture in use today have been very widely used.

Format string.

Method of attack ‘format string’ is a new attack method, it was announced to the public at the end of 2000. This method was discovered by hackers 6 months before it was announced to the public. Fundamentally this gap by reminding us of the similar gap “buffer overflow”.

Unless the gap is created due to laziness (laziness), ignorance (ignorance), or a programmer who has mediocre skills. Gap ‘format string’ is usually caused by a lack of ‘format string’ as ‘% s’ in some parts of the program that created the output, as an example of function printf () in C / C + +. When the input is given by passing the ‘format string’ as’% d ‘and’% s’kepada program then easily see ‘stack dump’ or the use of techniques such as the ‘buffer overflow’.

This gap is based on the ‘truncated string format’ from ‘input’. This refers to situations where an external, the data supplied is interpreted as part of a ‘format string argument’. With a specially make an input can cause the troubled program shows the contents of memory and also controls the execution of the program by writing anything to the location of choice the same as in the exploitation of ‘overflow’.

Hardware issue.

Usually the hardware does not have a problem on the attack. The software executed by hardware and the possible lack of documentation of technical specifications is a weak point. Here is an example of how hardware has a problem with security.

Example 1: Cisco

It is not unusual cisco router deemed to have a systematic problem in the IOS software (InterWorks operating system) used by them as the operating system in 2003. Cracks in the software can lead to the ‘denial of service “(DOS) of all router devices. Security issues have in the way the IOS to handle IP 53 (Swipe), 55 (IP Mobility) and 77 (Sun ND) with a value of TTL (Time To Live) 0 or 1.

Usually, Protocol Independent Multicast (PIM) with all values for life, can cause the router to mark the full input demand of ‘interface’ that is sent. As the demand when full, the router will not do the ‘traffic’ any of ‘interface’ in question. Cisco also has some vulnerabilities that are documented and ‘patch’ that is needed has been available for quite a long time.

Example 2: Linksys

Linksys device has a low enough price so widely used by people. Some devices have a problem with linksys vulnerabilities that can lead to attacks’ denial of service “(DoS). Concerned about the security hole found in the handling of the parameter ‘Embedded URLs’ that was sent to the device.

Misconfiguration.

Misconfiguration on the server and hardware (hardware) is very often make the intruders to get into a system with ease. For example, replacement of the front page of a site because of errors in the software configuration ‘www-server’ atapun module. Configuration is not careful can lead to intrusion attempts a lot easier especially if there are other options that can be taken by the intruders.

For example, a server running multiple SSH service can easily be compromised if it allows the use of protocol version 1 or ‘remote root login’ (rlogin) is permitted. Clear configuration error opening security holes caused by the use of protocol version 1, such as “buffer overflow” that could cause the intruder to take the rights of access ‘root’ or also by using the method of ‘brute-force password’ to be able to guess the password ‘root’.

DoS, DDoS.

Denial of Service attacks are attacks that lead to each victim will stop responding or ‘acting’ is not uncommon. Examples of classic attack ‘Denial’ is ‘Ping of Death’ and ‘Syn Flood’ which fortunately is almost not to be found in the present. DoS attacks usually attacks the gaps contained in the service system or the network protocol to cause the service not be used. Lainnya techniques that are causing the system of victims ‘tersedak’ because many packets that it receives harus diproses melebihi the ability of the system itself or cause the occurrence of ‘bottleneck’ on the bandwidth that is used by the system.

Attacks’ Distributed Denial of Service “(DDoS) is a more organized type of attack. These types of attacks usually require preparation and tactics for the victim to drop rapidly and earlier usually the attackers will look for a small system that can be mastered, and after receiving many small systems, the attacker will attack a large system by running thousands and even tens of thousands of small systems simultaneously to bring down a large system.

Worm ‘MyDoom’ famous made to launch a massive attack from the tens of thousands of infected systems to attack http://www.sco.com site. The attack was a huge success that led to http://www.sco.com should be removed from the DNS to be able to run back service.

Viruses.

One definition of a virus program is the insert itself to other objects such as executable files and some types of documents that many people use. Besides the ability to replicate themselves, viruses can store and perform a specific task. The task can be destroyed or simply displaying something to the screen and the victim could have been assigned to look for a type of file to be sent at random to the internet can even do a format on the hard disk of victims.

The virus is spread on the Internet that have not been identified will not be caught by the antivirus program or the like that even though the victim had been infected but did not know it. Antivirus software usually recognize a virus or viral candidates through specific signs contained in the core of the virus itself. Some viruses use polymorphic techniques to escape detection by antivirus.

Habit is a polymorphic virus to transform themselves in any infectious disease that causes the detection becomes much more difficult. Practically every computer platform has the virus each and there are some viruses that have the ability to infect several different platforms (multi-platform). Multi-platform virus usually attacks the executable or document on the Windows operating system due to the popularity of Microsoft Windows and Microsoft Office found that many viruses that aims to destroy the ’empire’ Microsoft Corp.

Worms

A worm is a computer program that spreads itself by sending itself to other systems. The worm will not insert itself to another object. At the present time there are many worms spread due to computer users not to update the software they use, which is where this means, for example, Outlook Express has a function that could allow the execution of the file insertion (attachment) e-mail without interference from user’s computer itself.

Trojan horse.

Trojan horses are programs that pretend not to harm but in fact they are something else [18]. One of the functions contained in the ‘Trojan horse’ is the installation of ‘backdoor’ so that the programmer can infiltrate into the computer or system of victims.

 

junk mail.

‘Junk mail’ is not really a serious security threat, but with the spread of viruses and worms through e-mail, then the amount of junk mail also increases. Real security threat is not from junk e-mail itself but adjunct files (attachments) that warrant concern due to the spread of viruses and worms using this method.

Time bomb.

‘Time bomb’ is a program that has the task but with the new time will do its job. Some types of viruses and worms also have similarities with the functions of this application. Time bomb is different from a virus or worm because he is not to replicate against him but the installation itself into the system.

Hacking: Hackers and Victims

Hackers are categorized into several different categories depending on the type of their activities. Most hackers are the ‘script-kiddies’ who used to use exploits or programs available on the internet to launch their action. If their goal is for commercial or military interests, the stakes become higher and usually they will choose their victims carefully.

The reason behind the hacking itself is mixed. Script kiddies will usually do the ‘scanning’ some IP blocks to search for possible host of the ‘Vulnerable’ (can be attacked) and try to exploit to some daemons are found. One group of hackers usually try to program or script that they develop to see if their work successfully. But after all, a person can become “black-hat ‘atapun’ white-hat ‘depends on the philosophy, ethical values and motivations of their own.

‘White-hat’ means that if a ‘hacker’ success in his efforts and as an example of successful entry into a system that was not his responsibility, then he will notify the system administrator about security gaps exist within the system and how to close security holes it and how to strengthen the current host (host hardening). The aim essentially is to research. ‘White-hat’ usually is the ‘security professionals’ and hired to do a ‘system penetration’ or provide network security consultancy.

‘Black-hat’ is a person who was called ‘white-hat’ as ‘crackers’ (wrecker). The purpose of the ‘cracker’ is not always good, they usually go into a system to steal system information or preparing to commit attacks against other systems, ‘DDoS’ as an example. ‘Black-hat’ usually leave a backdoor in the system is successfully compromised.

There is also a kind of “gray-hat ‘or people who are not destructive but often infiltrate into other systems without notifying the system administrator of the system if there are vulnerabilities, they are not too damaging but also the type that is not too desirable.

Different Types of Attacking

Scanning.

‘Scanning’ is a method of how to get as much information from IP / Network victim. Usually the ‘scanning’ is run automatically remember ‘scanning’ the ‘multiple-hosts’ very time-consuming. ‘Hackers’ usually gather information from the ‘scanning’ of this. By gathering the information needed so ‘hackers’ to prepare the launching of attacks that will.

Nmap is a network scanner that is widely used by professionals in the field of network security, although there are tools that are specially made for the purpose of hacking, but could not beat the popularity of nmap.

Nessus is also a network scanner but also will report if there are security holes in the targets examined. Hackers usually use Nessus for gathering information prior to actually launch the attack.

Fortunately some scanners leave ‘traces’ a unique system that allows the administrator to find out that their system has been scanned so they can immediately read recent articles relating to log information.

Password cracking.

‘Brute-force’ is a technique which will be tested all the possible keyword (password) to be predictable for access into a system. Unpack your keywords with this technique is very slow but efficient, all keywords can be predictable as long as the time available.

To reverse the ‘hash’ on the keywords, is an impossible thing, but there are some ways to disassemble these keywords even though the success rate depends on the strength weakness of keyword selection by the user. If someone can retrieve data ‘hash’ which stores the keyword then a fairly efficient way to use is by using ‘dictionary attack’ that can be done by utility John the Ripper.

Still there are some other ways such as ‘hash look-up table’ but it is very consuming ‘resources’ and time.

Rootkit.

‘Rootkit’ is a tool for eliminating the tracks where it has been carried out infiltration. Rootkits usually include some tools that are used by the system with the already modified so it can cover the trail. For example, modify the ‘PS’ in linux or unix so it can not see the background process running.

Defending

Firewall.

Computers and networks that connect to the Internet need to be protected from attack. Firewall is a decent way to do it efeltif. In general, a firewall will separate the public network and private network.

This type of firewall can be divided into several categories, for example: Packet Filtering Firewall, ‘Proxy Firewall’.

Logs.

A mandatory system administrator to view logs of the system from time to time. By looking at the log, the system administrator can view the activity occurring and are likely to anticipate when seen some suspicious activity occurs.

IDS. (Intrusion Detection System)

One common way to do automation in monitoring the infiltration is to use the IDS. IDS will detect the type of attack from the ‘signature’ or ‘pattern’ of network activity. Even to do a blockade on the suspicious traffic.

Honeypot.

‘Honeypot’ is the server ‘bait’ which is a distraction. The purpose of the honeypot is that they do not run services as generally the server but pretending to run, so let the intruders to think that they really are ‘server’ real. Honeypot is also useful to look at techniques used by the intruders in order to go into the system as well as a tool to collect evidence so that the intruders could be prosecuted.

Configuration.

As discussed previously, a careful configuration will help you to defend against possible attacks. Most of the cases of replacement homepage (web defacement) occurs due to configuration errors that cause a third party can take advantage of this error.

Own computer network security is often viewed as the result of several factors. This factor varies depending on the basic material, but normally at least some of the following is included:

Security is important classic this is not enough to cover all aspects of computer network security at the present time. These can be combined again by some other important things that can make computer network security can be improved again with includes the following:

Availability

The availability of data or services can be easily monitored by the user of a service. That where the unavailability of a service (service) can be an obstacle to progress for a company and can impact even worse, namely cessation of the production process. So to all network activity, the availability of data is very important for a system to continue to run correctly.

Confidentiality

There are several types of information available within a computer network. Each different data would have different user groups and data can be grouped so that some restrictions to the use of data must be determined. In general, the data contained within an enterprise are confidential and may not be known by third parties who aim to keep company secrets and strategies of companies. Backdoor, for example, violating company policy due to unwanted access into corporate computer networks.

Confidentiality can be improved and in some cases pengengkripsian data or use a VPN. This topic will not be, but however, will be included in this paper. Access control is a commonly used to restrict access into a computer network. An easy way but was able to restrict access is by using a combination of username-and-password for the user authentication process and provide access to users (users) that have been identified. In some computer network security work environment, is discussed and separated in the context of authentication.

Integrity

Reliable computer network is also based on the fact that the available data what should be. Computer network would not want to be protected from attack (attacks) that can alter dataselama stopover in the process (transmit) [4]. Man-in-theMiddle is a type of attack that can alter the integrity of the data which the attacker (attacker) can hijack ‘session’ or manipulate data sent.

In a secure computer network, participants of a ‘transaction’ data must be sure that the people involved in data communications are reliable and trustworthy. Security of a data communication is required at a certain level data does not change during the process of sending and receiving data communications at the time. This does not necessarily always mean that the ‘traffic’ need to be encrypted, but also not impossible that the attack ‘Man-in-theMiddle’ can occur.

 

Nonrepudiation.

Any action taken in a secure system that has been monitored (logged), this can mean the use of tools (tool) to check the system working as it should. ‘Log’ is also inseparable from the security ‘system’ that which occurs when an intrusion or other attacks will greatly assist the process of investigation. ‘Log’ and note the time, for example, an important part of evidence in court if the crackers caught and prosecuted. For this reason the ‘nonrepudiation’ regarded as an important factor in a competent computer network security.

ITU-T has defined ‘nonrepudition’ as follows:

Computer networks and other data systems are built from several different components of which each has special characteristics for safety. A secure computer network that need to be aware of security issues in all sectors, which is a complete security chain is very weak, weak as weakest point. User (user) is an important part of a chain. ‘Social engineering’ is an efficient way to find a gap (vulnerabilities) in a system and most people use the ‘password’ that is predictable. It also means leaving the ‘workstation’ is not in a state locked in at lunch or the other.

Operating systems (operating systems: Windows, Unix, Linux, MacOS) there is everywhere, computers have operating systems different from one another (depending on taste), and even routers also run by the operating system. Each operating system has its own style and characteristics that distinguish it from other operating systems, and some even used for ‘server’. Some operating systems also have problems that can be used to cause the operating system stops responding to the user.

Service on the ‘server’ plays an important role in security. Software developer announced a security flaw in the software quickly. Reasons for this gap is likely to be used by parties who are not responsible to infiltrate a system or any computer user. Managers or users of servers and workstations had to check to ‘update’ security issues regularly.

The hardware may be a bit difficult to understand as something that has the potential to have a security problem. What actually is very different to what we think, if the hardware is located in a location that is not safe then there is a risk for the installation of unwanted hardware into computer networks and this can make the infiltration becomes easier. Also, if a computer network hardware changed its settings to the default configuration by an outsider.

Selection of method of transmission also has an important role in security issues. Any confidential information should not be transmitted wirelessly, at least not without using a good encryption, so that everyone can tap communications ‘wireless’ is sent. It is strongly recommended to use a firewall to restrict access into the computer network to the required level. Firewalls also can be the weakest point, which can create a sense of security. Firewalls must permit the flow of data into a computer network if there is also the data flow out of the computer network through the firewall and this may be the weakest point. Another important fact that not all attacks launched through the firewall.

 

Securing Computer Networks

Securing computer networks require three levels of the process. To secure our computer networks should be able to map the threats that may occur.

 

Prevention

Most of the threats will be pushed over easily, although the circumstances are truly 100% safe is not necessarily achievable. Unauthorized access into computer networks can be prevented by selecting and configuring services (services) that runs with caution.

 

Observation

When a computer network is running, and an unauthorized access is prevented, then the processes carried out maintenance. Maintenance of computer networks should include a look at the log that is not normal that can refer to the security problems that are not monitored. System IDS can be used as part of the process of observation but using the IDS should not refer to ignorance on the log information provided.

Response

When something unexpected happens and the security of a system has been successfully compromised, then the maintenance personnel must take immediate action. Depending on the process productivity and problems related to security then appropriate action must be immediately implemented. When a process is vital to the functioning of the system and its influence if the shutdown would cause more harm than letting the system that has successfully infiltrated still allowed to run, it should be considered for planned maintenance at the right time. This is a difficult problem because no one will immediately know what the gap so the system has successfully infiltrated from outside.

 

Victims/statistic

Computer network security involves several different things that affect the overall security. Computer network security attacks and misuse and is used the virus, attack from within the computer network itself, the theft of hardware (hardware), penetration into the system, attack ‘Denial of Service “(DoS), sabotage, attack’ wireless’ on computer networks, the replacement of the front page of the site (website defacement), and misuse of Web applications. Statistics show the number of intrusions in this area is pretty much reduced from 2003 [24], this type of attack variation, however, led to almost every person is an attractive target.

Security issues

Modern computer networks are the entities of many small parts. Here are described some weak points of different components.

Weak protocols

Computer network communication using a protocol between the client and server. Most of the currently used protocol is the protocol that has been used in recent decades. This long protocol, such as File Transmission Protocol (FTP), TFTP or Telnet, are not designed to be completely safe. In fact, the fact that most of these protocols should be replaced with a much more secure protocol, because many critical points that can cause the user (users) are not responsible to perform exploitation. For example, a person can easily monitor ‘traffic’ from telnet and can find out a user name and password.

Software issue.

Into something that is easy to exploit gaps in the software. This gap is usually not intentionally created but most of all people experience loss of weakness like this. This gap is usually standardized that anything run by ‘root’ must have access to ‘root’, ie the ability to do everything within the system. Exploitation is actually taking advantage of the weak data handling unexpected by the user, for example, the buffer overflow from the security hole ‘format string’ is not unusual at this time.

The exploitation of these gaps will lead to a situation where a user’s access rights will be raised to a higher level of access. It is also called the ‘rooting’ a ‘host’ is because the attacker usually aim to get privileges ‘root’.

Buffer overflow.

‘Buffer overflow’ has the same meaning as the term. Programmers have been allocated so great memory for some specific variables. However, with this security hole, then this variable can be forced to write into the ‘stack’ without having to check back when the variable length is allowed. If the data which resides in the buffer turned out to be longer than expected, it will likely do the rewriting of stack frames of the ‘return address’ so that the address of the program execution process can be changed.

Authors ‘malicious code’ will usually be the exploitation of writing back ‘return address’ to turn ‘return address’ to ‘shellcode’ their own choice to cancel access ‘shell’ using the permissions of the ‘user-id’ of the program is exploited. ‘Shellcode’ This is not to be included in a program that exploited, but are usually written into the gap part of the ‘buffer’. This is a trick commonly used in variable ‘environment’ like this.

‘Buffer overflow’ is a fundamental problem on the basis of modern computing architectures. Space for variables and the code itself can not be separated into different blocks in ‘memory’. A change in the architecture can easily resolve this problem, but the change is not something easy to do because the architecture in use today have been very widely used.

Format string.

Method of attack ‘format string’ is a new attack method, it was announced to the public at the end of 2000. This method was discovered by hackers 6 months before it was announced to the public. Fundamentally this gap by reminding us of the similar gap “buffer overflow”.

Unless the gap is created due to laziness (laziness), ignorance (ignorance), or a programmer who has mediocre skills. Gap ‘format string’ is usually caused by a lack of ‘format string’ as ‘% s’ in some parts of the program that created the output, as an example of function printf () in C / C + +. When the input is given by passing the ‘format string’ as’% d ‘and’% s’kepada program then easily see ‘stack dump’ or the use of techniques such as the ‘buffer overflow’.

This gap is based on the ‘truncated string format’ from ‘input’. This refers to situations where an external, the data supplied is interpreted as part of a ‘format string argument’. With a specially make an input can cause the troubled program shows the contents of memory and also controls the execution of the program by writing anything to the location of choice the same as in the exploitation of ‘overflow’.

Hardware issue.

Usually the hardware does not have a problem on the attack. The software executed by hardware and the possible lack of documentation of technical specifications is a weak point. Here is an example of how hardware has a problem with security.

Example 1: Cisco

It is not unusual cisco router deemed to have a systematic problem in the IOS software (InterWorks operating system) used by them as the operating system in 2003. Cracks in the software can lead to the ‘denial of service “(DOS) of all router devices. Security issues have in the way the IOS to handle IP 53 (Swipe), 55 (IP Mobility) and 77 (Sun ND) with a value of TTL (Time To Live) 0 or 1.

Usually, Protocol Independent Multicast (PIM) with all values for life, can cause the router to mark the full input demand of ‘interface’ that is sent. As the demand when full, the router will not do the ‘traffic’ any of ‘interface’ in question. Cisco also has some vulnerabilities that are documented and ‘patch’ that is needed has been available for quite a long time.

Example 2: Linksys

Linksys device has a low enough price so widely used by people. Some devices have a problem with linksys vulnerabilities that can lead to attacks’ denial of service “(DoS). Concerned about the security hole found in the handling of the parameter ‘Embedded URLs’ that was sent to the device.

Misconfiguration.

Misconfiguration on the server and hardware (hardware) is very often make the intruders to get into a system with ease. For example, replacement of the front page of a site because of errors in the software configuration ‘www-server’ atapun module. Configuration is not careful can lead to intrusion attempts a lot easier especially if there are other options that can be taken by the intruders.

For example, a server running multiple SSH service can easily be compromised if it allows the use of protocol version 1 or ‘remote root login’ (rlogin) is permitted. Clear configuration error opening security holes caused by the use of protocol version 1, such as “buffer overflow” that could cause the intruder to take the rights of access ‘root’ or also by using the method of ‘brute-force password’ to be able to guess the password ‘root’.

DoS, DDoS.

Denial of Service attacks are attacks that lead to each victim will stop responding or ‘acting’ is not uncommon. Examples of classic attack ‘Denial’ is ‘Ping of Death’ and ‘Syn Flood’ which fortunately is almost not to be found in the present. DoS attacks usually attacks the gaps contained in the service system or the network protocol to cause the service not be used. Lainnya techniques that are causing the system of victims ‘tersedak’ because many packets that it receives harus diproses melebihi the ability of the system itself or cause the occurrence of ‘bottleneck’ on the bandwidth that is used by the system.

Attacks’ Distributed Denial of Service “(DDoS) is a more organized type of attack. These types of attacks usually require preparation and tactics for the victim to drop rapidly and earlier usually the attackers will look for a small system that can be mastered, and after receiving many small systems, the attacker will attack a large system by running thousands and even tens of thousands of small systems simultaneously to bring down a large system.

Worm ‘MyDoom’ famous made to launch a massive attack from the tens of thousands of infected systems to attack http://www.sco.com site. The attack was a huge success that led to http://www.sco.com should be removed from the DNS to be able to run back service.

Viruses.

One definition of a virus program is the insert itself to other objects such as executable files and some types of documents that many people use. Besides the ability to replicate themselves, viruses can store and perform a specific task. The task can be destroyed or simply displaying something to the screen and the victim could have been assigned to look for a type of file to be sent at random to the internet can even do a format on the hard disk of victims.

The virus is spread on the Internet that have not been identified will not be caught by the antivirus program or the like that even though the victim had been infected but did not know it. Antivirus software usually recognize a virus or viral candidates through specific signs contained in the core of the virus itself. Some viruses use polymorphic techniques to escape detection by antivirus.

Habit is a polymorphic virus to transform themselves in any infectious disease that causes the detection becomes much more difficult. Practically every computer platform has the virus each and there are some viruses that have the ability to infect several different platforms (multi-platform). Multi-platform virus usually attacks the executable or document on the Windows operating system due to the popularity of Microsoft Windows and Microsoft Office found that many viruses that aims to destroy the ’empire’ Microsoft Corp.

Worms

A worm is a computer program that spreads itself by sending itself to other systems. The worm will not insert itself to another object. At the present time there are many worms spread due to computer users not to update the software they use, which is where this means, for example, Outlook Express has a function that could allow the execution of the file insertion (attachment) e-mail without interference from user’s computer itself.

Trojan horse.

Trojan horses are programs that pretend not to harm but in fact they are something else [18]. One of the functions contained in the ‘Trojan horse’ is the installation of ‘backdoor’ so that the programmer can infiltrate into the computer or system of victims.

 

junk mail.

‘Junk mail’ is not really a serious security threat, but with the spread of viruses and worms through e-mail, then the amount of junk mail also increases. Real security threat is not from junk e-mail itself but adjunct files (attachments) that warrant concern due to the spread of viruses and worms using this method.

Time bomb.

‘Time bomb’ is a program that has the task but with the new time will do its job. Some types of viruses and worms also have similarities with the functions of this application. Time bomb is different from a virus or worm because he is not to replicate against him but the installation itself into the system.

Hacking: Hackers and Victims

Hackers are categorized into several different categories depending on the type of their activities. Most hackers are the ‘script-kiddies’ who used to use exploits or programs available on the internet to launch their action. If their goal is for commercial or military interests, the stakes become higher and usually they will choose their victims carefully.

The reason behind the hacking itself is mixed. Script kiddies will usually do the ‘scanning’ some IP blocks to search for possible host of the ‘Vulnerable’ (can be attacked) and try to exploit to some daemons are found. One group of hackers usually try to program or script that they develop to see if their work successfully. But after all, a person can become “black-hat ‘atapun’ white-hat ‘depends on the philosophy, ethical values and motivations of their own.

‘White-hat’ means that if a ‘hacker’ success in his efforts and as an example of successful entry into a system that was not his responsibility, then he will notify the system administrator about security gaps exist within the system and how to close security holes it and how to strengthen the current host (host hardening). The aim essentially is to research. ‘White-hat’ usually is the ‘security professionals’ and hired to do a ‘system penetration’ or provide network security consultancy.

‘Black-hat’ is a person who was called ‘white-hat’ as ‘crackers’ (wrecker). The purpose of the ‘cracker’ is not always good, they usually go into a system to steal system information or preparing to commit attacks against other systems, ‘DDoS’ as an example. ‘Black-hat’ usually leave a backdoor in the system is successfully compromised.

There is also a kind of “gray-hat ‘or people who are not destructive but often infiltrate into other systems without notifying the system administrator of the system if there are vulnerabilities, they are not too damaging but also the type that is not too desirable.

Different Types of Attacking

Scanning.

‘Scanning’ is a method of how to get as much information from IP / Network victim. Usually the ‘scanning’ is run automatically remember ‘scanning’ the ‘multiple-hosts’ very time-consuming. ‘Hackers’ usually gather information from the ‘scanning’ of this. By gathering the information needed so ‘hackers’ to prepare the launching of attacks that will.

Nmap is a network scanner that is widely used by professionals in the field of network security, although there are tools that are specially made for the purpose of hacking, but could not beat the popularity of nmap.

Nessus is also a network scanner but also will report if there are security holes in the targets examined. Hackers usually use Nessus for gathering information prior to actually launch the attack.

Fortunately some scanners leave ‘traces’ a unique system that allows the administrator to find out that their system has been scanned so they can immediately read recent articles relating to log information.

Password cracking.

‘Brute-force’ is a technique which will be tested all the possible keyword (password) to be predictable for access into a system. Unpack your keywords with this technique is very slow but efficient, all keywords can be predictable as long as the time available.

To reverse the ‘hash’ on the keywords, is an impossible thing, but there are some ways to disassemble these keywords even though the success rate depends on the strength weakness of keyword selection by the user. If someone can retrieve data ‘hash’ which stores the keyword then a fairly efficient way to use is by using ‘dictionary attack’ that can be done by utility John the Ripper.

Still there are some other ways such as ‘hash look-up table’ but it is very consuming ‘resources’ and time.

Rootkit.

‘Rootkit’ is a tool for eliminating the tracks where it has been carried out infiltration. Rootkits usually include some tools that are used by the system with the already modified so it can cover the trail. For example, modify the ‘PS’ in linux or unix so it can not see the background process running.

Defending

Firewall.

Computers and networks that connect to the Internet need to be protected from attack. Firewall is a decent way to do it efeltif. In general, a firewall will separate the public network and private network.

This type of firewall can be divided into several categories, for example: Packet Filtering Firewall, ‘Proxy Firewall’.

Logs.

A mandatory system administrator to view logs of the system from time to time. By looking at the log, the system administrator can view the activity occurring and are likely to anticipate when seen some suspicious activity occurs.

IDS. (Intrusion Detection System)

One common way to do automation in monitoring the infiltration is to use the IDS. IDS will detect the type of attack from the ‘signature’ or ‘pattern’ of network activity. Even to do a blockade on the suspicious traffic.

Honeypot.

‘Honeypot’ is the server ‘bait’ which is a distraction. The purpose of the honeypot is that they do not run services as generally the server but pretending to run, so let the intruders to think that they really are ‘server’ real. Honeypot is also useful to look at techniques used by the intruders in order to go into the system as well as a tool to collect evidence so that the intruders could be prosecuted.

Configuration.

As discussed previously, a careful configuration will help you to defend against possible attacks. Most of the cases of replacement homepage (web defacement) occurs due to configuration errors that cause a third party can take advantage of this error.

 
Leave a comment

Posted by on January 29, 2011 in PEMROGRAMAN

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: