FIT1047
FIT1047 – Week 12 Part 1
Security: Overview Final exam discussion
Introduction to computer systems, networks and security
Abdul Malik Khan
W. Stallings. (2016). Network Security Essentials: Applications and Standards. Global Edition (6e) Pearson International. Ross Anderson. Security Engineering. Second edition, 2008. Wiley. This book is also available for free online: http://www.cl.cam.ac.uk/~rja14/book.html
FIT1047
Security: overview
Encryption and digital signatures
• Symmetric key encryption
• Public key cryptography
• Message Authentication Code (MAC) • Hash functions
Access control
• Operating System access control
• Kernel-mode versus user- mode
• Role of system calls for access control • Passwords
• Multi-factor authentication
Security Protocols
• TLS -Handshake, recort, Alert • Diffie- Hellman Key Exchange • Certificates
• VPN
Firewalls
• Port-based firewalls
• Parameters for filtering
• DMZ
• Intrusion detection, Intrusion prevention
FIT1047
Overview of Security Properties
Authenticity
Something has definitely happened in the way we assume. Integrity
Some data has not been changed since some authentic event. Confidentiality
Some information is only known to some principals. Privacy
Protection of personal information (also includes protection of personal space). Availability
Some service or resource can be used within a particular time with particular quality. plus other properties e.g. safety
FIT1047
Attacks on industrial control systems
• Can cause physical damage and injuries
• Potentially affects critical infrastructures
• Control systems are more and more connected
Example: Stuxnet – Attack on nuclear facilities in Iran
A worm spreading between Windows PCs
Target is Siemens programmable logic controllers PLC
Amazingly sophisticated malware
Bridges *air gap* to PLC during configuration of PLC from
Windows computer
Changed motor speed on centrifuges used to enrich uranium
Apparently destroyed 900 -1000 Iranian centrifuges in 2009/2010
FIT1047
Computer Worm
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
• It can use computer networks and other links (e.g. USB memory) to actively spread itself.
• Unlike a computer virus, it does not need to attach itself to an existing program, but it usually relies on weaknesses on the target computer.
An earlier example from 2008
In August 2008 a pipeline exploded in Turkey.
• None of the sensors and cameras monitoring each meter of the pipeline triggered any signal.
• Control rooms only Learned about the blast 40 min after it happened.
• Hackers, probably acting under the direction of a STATE, had shut down alarms, cut off communications and then super-pressurized the crude oil in the line. Over 60 hours of video surveillance were erased by the hackers. There was a recording from an unknown IR camera that caught two individuals with laptop computers walking near the pipeline
FIT1047
Main weapon was a keyboard
• Security camera system was hacked and used as entry point into the systems.
• Single infrared camera showed 2 men with laptops walking along the pipeline.
• Computers at small valve stations hacked and pressure in the pipeline increased.
• Units for sending alerts were tampered with.
• Super-high pressure destroyed the pipeline in a massive explosion. No evidence of explosives was found.
Attacking a bank on a large scale
• February 2016: The SWIFT network for international transfer of money between banks is instructed to transfer 951 Million US Dollar from Bangladesh Bank to various bank accounts.
• Five transaction were successful (101 Million US Dollar). Remaining transaction were blocked.
• Money was transferred to Sri Lanka (20 Million, later recovered) and to the Philippines (81 Million).
FIT1047
How to find targets to attack?
This is (unfortunately) not very difficult.
Thousands of devices can just be found on theInternet.
Search engine Shodan:
Shodan https://www.shodan.io/
There is quite a number of spectacular attacks.
But: Many attacker don’t go for Large-scale breaches.
Most of them go for “Low-hanging fruit”.
FIT1047
• Phishing
Creates a fake website with a login prompt
Attacking the normal user
Motivate a person to access this website (e.g. by fake mail)
Person types in username and password that is now phished by the attacker For all types of services: Bank, Paypal, Enterprise access
• Ransomware
Installs a malicious software that e.g. encrypts all data
Ask for money (BitCoin) to get data back Very professional
• Ransomware – What to do?
Don’t panic! Try first to get more information.
Some infections are easy to clean, or it is only scareware.
Alot ofusefulinformationcanbefoundhere:https://www.nomoreransom.org/ You might need to re-install your system and restore from backup.
• Bot
Is derived from “robot“ called Botnet
Automated process interacting with network services
Malicious bots connect many devices to a command and control center Gather information (camera, keystrokes, access information)
Remote control, run Distributed Denial of Service DDoS attacks
FIT1047
Denial of Service Attacks (DoS)
Distributed Denial of Service (DDoS) attacks form a significant security threat
making networked systems unavailable
by flooding with useless traffic
using large numbers of “zombies”
growing sophistication of attacks
defense technologies struggling to cope
In January 2016, HSBC’s online banking website and mobile app were briefly knocked offline by a DDoS attack, which was the most common type of cyber attack on financial institutions at the time.
January 2017 UK banks have been targeted by a DDoS campaign that affected services intermittently at the Lloyds Banking Group
FIT1047
Denial of Service Attacks (DDoS)
Attack that prevents a service from working
From inside a computer through a virus/trojan horse
From outside by massive requests/traffic (e.g. using a Botnet, i.e. a network of bots)
FIT1047
Distributed Denial of Service Attacks (DDoS)
DDoS : Flood Types
FIT1047
Viruses, Worms, Trojans
Different types of malware with different ways how to spread and different tasks. Virus:
Inserts itself into another program/document
Gets distributed with the program/ document
Runs and spreads, when the host program is executed Might try to load additional malware/rootkits etc.
Worm:
Similar to a virus, but is a standalone program
Uses weaknesses in the system or tricks the user into executing the worm Once it is running it can spread via networking, file transfer, etc.
Trojan:
Malware hidden in a seemingly Legitimate piece of software
Many different variants, creating backdoors to give attackers access, manipulate banking, activate additional malware, etc.
FIT1047
Do only careless people get malware?
Careless people probably get malware more often.
But: Malware can spread without user interaction!
e.g. via active content (flash) in advertisement on normal news websites (e.g. using Angler exploit kit in ads at BBC, New York Times, AOL, NFL in March 2016).
But: Anti-malware programs, up-to-date with security updates, backups, etc. do help.
Virus Scanner – Anti-Virus Software
Anti-Virus Software can efficiently prevent infections with known malware.
It is the first thing to be manipulated by mal ware. Unable to detect new malware.
FIT1047
FIT1047 – Week 12 Part 2
Security: Overview Final exam discussion
Introduction to computer systems, networks and security
Abdul Malik Khan
W. Stallings. (2016). Network Security Essentials: Applications and Standards. Global Edition (6e) Pearson International. Ross Anderson. Security Engineering. Second edition, 2008. Wiley. This book is also available for free online: http://www.cl.cam.ac.uk/~rja14/book.html
FIT1047
Overview for today
• Risk management
• Some weaknesses
• Privacy Enhancing Technologies • The Dark Web & Dark Net
FIT1047
Risk management basically means to have the right security controls in place • But: There is a wide range of possible controls:
Risk Assessment;
Certification, Accreditation and Security Assessments; System Services and Acquisition;
Security Planning;
Configuration Management;
System and Communications Protection;
Personnel Security; Awareness and Training;
Physical and Environmental Protection;
Media Protection;
Contingency Planning;
System and Information Integrity;
Incident Response;
Identification and Authentication;
Access Control; and
Accountability and Audit
More info can be found at: https:/ /csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-(RMF)- Overview/Security-Controls
FIT1047
What kind of weaknesses can be exploited?
Some examples:
Buffer overflow Command injection Cross-site scripting (XSS) SQL Injection
FIT1047
Example for an exploit: Buffer overflow
• Happen when a programmer neglects checking for array bounds violations (buffer overflows). • Buffer overflow can be possible if input is not properly checked.
• Countermeasures do exist (canary, address randomization,…)
FIT1047
Command Injection
If an application passes on user input to a shell in a bad way, in can be used to execute arbitrary shell commands with the rights of the application process.
Examples at owasp.org (Open Web Applications Security Project):
https://www.owasp.org/index.php/Command_injection
FIT1047
What is Cross-site scripting (XSS)?
Usually, browsers don’t execute scripts not Loaded (directly or indirectly) from the domain of the visited page.
If an attacker can insert own code to be executed is this cross-site scripting.
How can attacker get script included in the page send from the server?
Let’s Look at one example: Stored XSS attack
How to prevent XSS?
https:/ /www.owasp.org/index.php /XSS_(Cross_Site_Script ing)_Prevention_Cheat_Sheet
FIT1047
SQL Injection
This is about attacking SQL databases.
Embed database commands in normal input
As the full name is read into the school’s system’s databases without data sanitization, it causes the “Students” table in the database to be deleted.
The exploited vulnerability here is that the single quote in the name input was not correctly “escaped” by the software. That is, if a student’s name did indeed contain a quote mark, it should have been parsed as one of the characters making
up the text string and not as the marker to close the string, which it erroneously was.
Lack of careful parsing is a common SQL vulnerability; this type of exploit is referred to as SQL injection.
Mrs. Roberts thus reminds the school to make sure that they have added data filtering code to prevent code injection exploits in the future.
For Explanation Please check this link out: https://www.explainxkcd.com/wiki/index.php/327:_Exploits_of_a_Mom
FIT1047
SQL Injection
This is about attacking SQL databases.
SQL Code that provides tt of rows that contain a combination of UserName and password:
SELECT Count(*) FROM UsersTable WHERE UserName= ‘Joanne’
AND Password= ‘JoannesPassword’
Now insert other SQL code and terminate with – –
SELECT Count(*) FROM UsersTable WHERE UserName=’OR 1=1–‘
AND Password= ”
The OR 1=1 always returns TRUE. Thus the query will always return a count greater than zero, resulting in a successful Login.
FIT1047
Other attacks
• Attacks via DMA
Direct memory access DMA can potentially be used to read arbitrary parts of memory
Prevention: Don’t let anyone just attach devices to your computers. • Physical (hard-disk access)
With physical (temporary) access, one can directly read from the hard-disk (or write to it) without being logged in.
Prevention: Disk encryption. Self-encrypted disks.
Privacy issues
• If a product is free you are the product.
• Companies build large collections of user profiles
• Linking this data provides even more information
• One photo might be enough to identify you and link to yohugeur profile
FIT1047
Privacy Enhancing Technologies
Technologies are available
They are not used by service providers, but by users
One example is TOR, The Onion Routing
The Onion Router
Developed by US Navy, Protection for secret information • Useful for:
• Human rights activists, whistleblowers
• For people that just want to have privacy
• Also for criminal activities
FIT1047
How Tor Browser works TOR Step 1:
ectronicFrontier Foundation
FIT1047
How Tor Browser works TOR Step 2:
ectronicFrontier Foundation
FIT1047
How Tor Browser works TOR Step 3:
ectronicFrontier Foundation
FIT1047
TOR The Onion Router
https://en.wikipedia.org/wiki/Onion_routing
FIT1047
Another example of TOR The Onion Router
TOR Node
TOR Node
TOR Node
TOR Node
FIT1047
Deep Web vs Dark Web
Deep Web – ALL content that is only accessible with known address (might be 99% of all content)
Cloud Storage Private videos Data bases Other data
Dark Web – Client and server are hidden (e.g. both sides use TOR)
Information on weaknesses, exploits, stolen data ALL types of criminal activities
Lots of things you dont want to see or know about But also: Activities of human rights groups
A Large part of the dark web is not the evil stuff that tabloid newspapers Like to write about.
Final Examination discussion
• Structure / skeleton / format
• Discuss types and parts of exam Q’s
• Sample/Mock exam / solution
• Pre-exam consultation…
31
Final Examination
FIT1047
32
FIT1047
Final Exam – 8 June 2021
Final Exam Link: https://eassessment.monash.edu/my/
FIT1047
Final Exam:
INSTRUCTIONS
THIS EXAM IS FOR STUDENTS STUDYING AT: AUSTRALIA & MALAYSIA CAMPUSES
This exam is marked out of 100 marks.
It is an close book exam. (Permitted to one blank worksheet for rough calculations).
No hand written notes or printed material allowed. No online/electronic access.
There are a total of 1 Matching Question worth 4 marks, 40 MCQ’s worth 41 Marks and 12 Theory & Concepts Short Answer Questions worth 55 Marks.
Students have 130 minutes to complete the exam.
Students must attempt ALL questions.
Scientific calculator is permitted / Use of PC Operating System based calculator is permitted.
Please note: All questions are presented as images.
There is no requirement for uploading of responses in this exam.
All responses can be entered onto the platform.
FITl047 Week11 Part 1 FITl047 Week 11
FIT1047
Sample Exam:
FITl047 Week11 Part 1 FITl047 Week 11
FIT1047
Practice Quizzes Weeks1-6 & Weeks7-12:
FITl047 Week11 Part 1 FITl047 Week 11
Examination
Part A
• 41 questions
• No negative marking!
• select one (multiple choice) correct answer
Matching Questions:
• 1 questions
Total Marks for Part A: 45 Marks
Please note No negative marking! So attempt all the questions. 37
Multiple Choice Questions:
Examination
Part B
Questions in the exam are similar in style as covered in our weekly labs, concepts covered in lecture slides.
Style & type of questions – 12 short answers, Problems, conceptual questions worth: 55 marks
Key points: Lecture slides, Lab/tutorial solutions & revisit provided electronic version of Alexandria eBook links in each weeks section for further read.
38
eExam Technique
Use your 10 minutes reading time to plan how you will answer the questions:
– answer questions you feel confident about first (you will probably be quicker at these, leaving more time for the harder ones)
Pace yourself. The exam is 100 marks, and lasts 120 minutes therefore:
• 1 mark = 1.2 minutes • 5 marks = 6 minutes
39
Answering Sections B
It is OK to answer in point form, BUT ensure that your point form
answers are complete and coherent.
Be specific and relevant:
– answer the questions/problems asked.
– marks will not be awarded for bulk (do not ‘memory dump’).
Marks will be awarded based on quality not quantity.
Allocated Marks is a guide for problem solving/ explaining/writing to the
point / drawing appropriate details in answering the questions
If and where appropriate, support your answers with examples if required
40
Sample Examination
Same format but proportion of questions may differ to the actual exam.
Contains questions “similar in style” to those on the exam but contains NO questions from the actual exam. (but similar types)
It will NOT be marked! It is designed only to give you a sample of the look and feel of the actual exam.
FIT1047 Mock Exam site:
https://lms.monash.edu/mod/quiz/view.php?id=8285008
Made Available from 31st May to 7th June 2021 3 Attempts Allowed in total
41
Pre-exam Consultations
Pre-Exam consultation times will be made available by end of this week in Moodle.
Please make full use of the arranged consultations, Do not overcrowd the consultations in the last minute, as tutors may not be able to cater large crowds in the last minute consultations.
Consultations will be well spread, so please use them well.
42
Practice Quiz and Mock / Sample eAssessment online Exam for preparation
43
All the very best for this semester!!!
Good Luck with Your ALL your Exams !!