ss case study
Post on 07-Apr-2018
220 Views
Preview:
TRANSCRIPT
-
8/3/2019 Ss Case Study
1/23
COMPUTER VIRUS
A computer virus is a computer program that can replicate itself and spread from onecomputer to another. The term "virus" is also commonly but erroneously used to refer toother types ofmalware, including but not limited to adware andspywareprograms that do
not have the reproductive ability. A true virus can spread from one computer to another (insome form of executable code) when its host is taken to the target computer; for instancebecause a user sent it over a network or the Internet, or carried it on a removable mediumsuch as a floppy disk, CD, DVD, orUSB drive.
Viruses can increase their chances of spreading to other computers by infecting files on anetwork file system or a file system that is accessed by another computer.
Computer viruses are most easily spread by attachments in e-mail messages or by instantmessaging messages. Therefore, you must never open an e-mail attachment unless you
know who sent the message or unless you are expecting the e-mail attachment. Computerviruses can be disguised as attachments of funny images, greeting cards, or audio and videofiles. Computer viruses also spread by using downloads on the Internet. Computer virusescan be hidden in pirated software or in other files or programs that you may download.
Symptoms that may be the result of ordinary Windows functions
A computer virus infection may cause the following problems:Note: These problems may also occur because of ordinary Windows functions or problemsin Windows that are not caused by a computer virus.
Windows does not start even though you have not made any system changes or eventhough you have not installed or removed any programs.
Windows does not start because certain important system files are missing.Additionally, you receive an error message that lists the missing files.
The computer sometimes starts as expected. However, at other times, the computerstops responding before the desktop icons and the taskbar appear.
The computer runs very slowly. Additionally, the computer takes longer thanexpected to start.
You receive out-of-memory error messages even though the computer has sufficientRAM.
New programs are installed incorrectly. Windows spontaneously restarts unexpectedly. Programs that used to run stop responding frequently. Even if you remove and
reinstall the programs, the issue continues to occur. A disk utility such as Scandisk reports multiple serious disk errors. A partition disappears. The computer always stops responding when you try to use Microsoft Office products. You cannot start Windows Task Manager. Antivirus software indicates that a computer virus is present.
http://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Source_codehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Floppy_diskhttp://en.wikipedia.org/wiki/Compact_Dischttp://en.wikipedia.org/wiki/DVDhttp://en.wikipedia.org/wiki/USB_flash_drivehttp://en.wikipedia.org/wiki/Distributed_file_systemhttp://en.wikipedia.org/wiki/Distributed_file_systemhttp://en.wikipedia.org/wiki/USB_flash_drivehttp://en.wikipedia.org/wiki/DVDhttp://en.wikipedia.org/wiki/Compact_Dischttp://en.wikipedia.org/wiki/Floppy_diskhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Source_codehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Computer_program -
8/3/2019 Ss Case Study
2/23
Symptoms of a computer virus
If you suspect or confirm that your computer is infected with a computer virus, obtain thecurrent antivirus software. The following are some primary indicators that a computer maybe infected:
The computer runs slower than usual. The computer stops responding, or it locks up frequently. The computer crashes, and then it restarts every few minutes. The computer restarts on its own. Additionally, the computer does not run as usual. Applications on the computer do not work correctly. Disks or disk drives are inaccessible. You cannot print items correctly. You see unusual error messages. You see distorted menus and dialog boxes. There is a double extension on an attachment that you recently opened, such as a
.jpg, .vbs, .gif, or .exe. extension. An antivirus program is disabled for no reason. Additionally, the antivirus program
cannot be restarted. An antivirus program cannot be installed on the computer, or the antivirus program
will not run. New icons appear on the desktop that you did not put there, or the icons are not
associated with any recently installed programs. Strange sounds or music plays from the speakers unexpectedly. A program disappears from the computer even though you did not intentionally
remove the program.
Symptoms of worms and Trojan horse viruses in e-mail messages
When a computer virus infects e-mail messages or infects other files on a computer, youmay notice the following symptoms:
The infected file may make copies of itself. This behavior may use up all the freespace on the hard disk.
A copy of the infected file may be sent to all the addresses in an e-mail address list. The computer virus may reformat the hard disk. This behavior will delete files and
programs. The computer virus may install hidden programs, such as pirated software. This
pirated software may then be distributed and sold from the computer. The computer virus may reduce security. This could enable intruders to remotely
access the computer or the network. You receive an e-mail message that has a strange attachment. When you open the
attachment, dialog boxes appear, or a sudden degradation in system performanceoccurs.
Someone tells you that they have recently received e-mail messages from you thatcontained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.
-
8/3/2019 Ss Case Study
3/23
The Types Of Computer Viruses
There are six broad categories or types of computer viruses:1. Boot Sector Virus
2. File Infection Virus3. Multipartite Virus
4. Network Virus5. E-mail Virus6. Macro Virus
Boot Sector Viruses
Viruses that aim at the boot sector of a hard drive are infecting a very crucial component ofthe boot process. The boot sector holds critical information that controls the hard drive andalso the part of the operating program that is in charge of the whole boot process. Thesetypes of computer viruses go a long way toward the assurance they will be successful in
their mission by absolutely loading into the system memory while the boot cycle is starting.
Unlike other viruses the boot virus does not affect files, instead it goes after the drive itselfon which the virus is saved and this is part of the reason that it is no longer as big a threatas it used to be. Since the advent of cds and dvds and the drives that carry them it is not
possible to infect the programs that they carry. In the days of floppy drives the virus couldspread quite quickly from computer to computer via the disks but since it is not possible toinfect a cd or dvd this virus has become almost a non threat. Another reason this types ofcomputer viruses have become less common is that now operating systems stand guardover the boot sector and that makes it very hard for the virus to have any effect.
File Virus
File viruses are coded so that they will attach themselves to exe files, compressed files likezip files and driver files. The can be set into actions when the program they are attached tois started. Then after the virus is set into motion it will attach itself to other programs andsystem files and start along it's intended path for which it was written. So you see it is a two
prong approach. First depending on the types of computer viruses it will duplicate and thengo about its intended mission. The virus will search through the programs in the system and
find places to infect with the code and then it will activate when that program is run nexttime. It will continue to duplicate until it is all over the computer and probably anycomputer that is attached to the original system.
Often these viruses will harbor special code that causes them to be activated when certainevents take place. The event often is a date or some other trigger event that is easily definedon any computer system you may have.
Multipartite Viruses
That which has been termed the multipartite virus are the types of computer viruses thatare both a file virus and a boot sector virus. They enter the computer via various sorts ofmedia and then embed themselves in the system memory. They then go into the hard drive
-
8/3/2019 Ss Case Study
4/23
and infect the boot sector. Once installed in the boot sector these types of computer virusesinfect executable files and spread themselves in the system.
This is another virus that has past its prime for various reasons but in times past these typesof computer viruses were responsible for many infections because they combinedcharacteristics of two different viruses into one.
Network Viruses
A virus that is especially made for networks is uniquely created to quickly spreadthroughout the local area network and generally across the internet as well. Most of thetime is moves within shared resources like drives and folders. Once it finds entry into asystem it will search for vulnerable computers in the network and likewise infect thatsystem and do the same again and again always on the hunt for new vulnerable systems.
E-Mail Viruses
Most of the time a e-mail virus is one of those types of computer viruses that is generally amacro virus and it will multiply itself by seeking out the other contacts in a e-mail addressbook and then send itself to those addresses in hopes that they will activate the virus too.Thus it spreads over and over again exponentially. There are even times an email virus canspread by only previewing it in the mail client. One that was very successful in spreadingworldwide was the ILOVEYOU virus and it was destructive too.
Macro Viruses
Macro viruses as the name implies, will infect files of programs that use macros in theprogram itself. The most common of these are the Microsoft Office files created in Excelspreadsheets, Word documents, Access databases, PowerPoint presentations and thesetypes of files from AmiPro and Corel Draw and others.
These types of computer viruses are programmed using the language that the applicationunderstands and not in the language of the operating system thus they are operating in away that is independent of the operating system so it can infect any kind of system be itMac, PC or even Linux just as long as the computer is running the application that
understands the macro virus. As the macro language has become more and more powerfulthe threat of these types of computer viruses has graduated to more critical types ofcomputer viruses. These viruses have been around since 1995 and the first was found toinfect Microsoft Word but now have moved to other programs and they number in thethousands.
One should always be on the lookout for these types of computer viruses and should takeevery precaution to avoid them. Be ever watchful of every file you open or else you may belooking for my next hub on how to remove these types of computer viruses.
-
8/3/2019 Ss Case Study
5/23
NMAP
Nmap (NetworkMapper) is a securityscanneroriginally written byGordon Lyon (alsoknown by his pseudonym Fyodor Vaskovich) used to discoverhosts andservices on acomputer network, thus creating a "map" of the network. To accomplish its goal, Nmapsends specially craftedpackets to the target host and then analyzes the responses. Unlike
many simple port scanners that just send packets at some predefined constant rate, Nmapaccounts for the network conditions (latencyfluctuations, network congestion, the targetinterference with the scan) during the run. Also, owing to the large and active usercommunityproviding feedback on its features and contributing back, Nmap has succeededto extend its discovery capabilities beyond basic host being up/down or port beingopen/closed to being able to determine operating system of the target, names and versionsof the listening services, estimate uptime, the type of device, presence of the firewall.
Nmap runs on Linux, Microsoft Windows, Solaris, HP-UXandBSD variants (includingMac OS X), and also on AmigaOSandSGI IRIX. Linux is the most popular Nmap platformwith Windows following it closely.
History
Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included. With the help and contributions of the computer security community,development continued at an ever increasing pace. Changes to the program includedoperating system fingerprinting, service fingerprinting, code rewrites (Cto C++), additionalscan types, protocol support (e.g. IPv6, SCTP) and new programs that complement Nmap'score features. Some of the larger changes include:
December 12, 1998
Nmap 2.00 is released, including Operating System fingerprinting
April 11, 1999
NmapFE, a GTK+front end, is bundled with Nmap
December 7, 2000
Nmap ported to Windows
August 28, 2002Rewrite from C to C++
September 16, 2003
Nmap 3.45 the first public release to include service version detection
August 31, 2004
Core scan engine rewritten for version 3.70. New engine is called ultra_scan
Summer 2005
Nmap selected for participation in Google Summer of Code. These and future studentscontributed major features like Zenmap, NSE, Ncat, and 2nd-generation OS detection.
http://en.wikipedia.org/wiki/Network_scannerhttp://en.wikipedia.org/wiki/Gordon_Lyonhttp://en.wikipedia.org/wiki/Host_%28network%29http://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Packet_%28information_technology%29http://en.wikipedia.org/wiki/Latencyhttp://en.wikipedia.org/wiki/Communityhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Firewall_%28computing%29http://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Solaris_Operating_Systemhttp://en.wikipedia.org/wiki/HP-UXhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/AmigaOShttp://en.wikipedia.org/wiki/SGI_IRIXhttp://en.wikipedia.org/wiki/Phrack_Magazinehttp://en.wikipedia.org/wiki/C_%28programming_language%29http://en.wikipedia.org/wiki/C%2B%2Bhttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/SCTPhttp://en.wikipedia.org/wiki/GTK%2Bhttp://en.wikipedia.org/wiki/Google_Summer_of_Codehttp://en.wikipedia.org/wiki/Google_Summer_of_Codehttp://en.wikipedia.org/wiki/GTK%2Bhttp://en.wikipedia.org/wiki/SCTPhttp://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/C%2B%2Bhttp://en.wikipedia.org/wiki/C_%28programming_language%29http://en.wikipedia.org/wiki/Phrack_Magazinehttp://en.wikipedia.org/wiki/SGI_IRIXhttp://en.wikipedia.org/wiki/AmigaOShttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/HP-UXhttp://en.wikipedia.org/wiki/Solaris_Operating_Systemhttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Firewall_%28computing%29http://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Communityhttp://en.wikipedia.org/wiki/Latencyhttp://en.wikipedia.org/wiki/Packet_%28information_technology%29http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Host_%28network%29http://en.wikipedia.org/wiki/Gordon_Lyonhttp://en.wikipedia.org/wiki/Network_scanner -
8/3/2019 Ss Case Study
6/23
December 13, 2007
Nmap 4.50, the 10th Anniversary Edition, is released. Includes the new Zenmap frontend,2nd-generation OS detection, and the Nmap Scripting Engine
March 30, 2009
Emergency release of Nmap 4.85BETA5, which leverages NSE to detectConfickerinfections
July 16, 2009
Nmap 5.00 includes netcat-replacement Ncat and Ndiff scan comparison tool
January 28, 2011
Nmap 5.50 released, including the new Nping packet generation toolA full list of the changes in each release is recorded in the Nmap Changelog
Features
Nmap features include:
Host Discovery Identifying hosts on a network, for example listing the hosts whichrespond to pings, or which have a particular port open
Port Scanning Enumerating the open ports on one or more target hosts Version Detection Interrogating listening network services listening on remote
devices to determine the application name and version number[4] OS Detection Remotely determining the operating system and some hardware
characteristics of network devices. Scriptable interaction with the target using Nmap Scripting Engine (NSE) andLua
programming language, customized queries can be made.
In addition to these Nmap can provide further information on targets, including reverseDNS names, device types, and MAC addresses.
Typical uses of Nmap:
Auditing the security of a device, by identifying the network connections which canbe made to it
Identifying open ports on a target host in preparation for auditing Network inventory, Network mapping, maintenance, and asset management Auditing the security of a network, by identifying unexpected new servers.
Graphical interfaces
NmapFE, originally written by Zach Smith, was Nmap's officialGUIfor Nmap versions 2.2to 4.22. For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was
replaced withZenmap, a new official graphical user interface based on UMIT, developed byAdriano Monteiro Marques.
http://en.wikipedia.org/wiki/Confickerhttp://en.wikipedia.org/wiki/Netcathttp://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Nmap#cite_note-vscan-3http://en.wikipedia.org/wiki/Nmap#cite_note-vscan-3http://en.wikipedia.org/wiki/OS_fingerprintinghttp://en.wikipedia.org/wiki/Operating_systemhttp://nmap.org/book/nse.htmlhttp://en.wikipedia.org/wiki/Lua_%28programming_language%29http://en.wikipedia.org/wiki/Network_mappinghttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/Network_mappinghttp://en.wikipedia.org/wiki/Lua_%28programming_language%29http://nmap.org/book/nse.htmlhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/OS_fingerprintinghttp://en.wikipedia.org/wiki/Nmap#cite_note-vscan-3http://en.wikipedia.org/wiki/TCP_and_UDP_porthttp://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Netcathttp://en.wikipedia.org/wiki/Conficker -
8/3/2019 Ss Case Study
7/23
Various web-based interfaces have also been available for controlling Nmap remotely froma web browser. These include LOCALSCAN, nmap-web, and Nmap-CGI.
Also some Microsoft Windows specific GUIs exist. These include NMapWin, which has notbeen updated since v1.4.0 was released in June 2003, and NMapW bySyhunt.
Reporting results
Nmap provides four possible output formats for the scan results. All but the interactiveoutput is saved to the local file. All of the output formats in Nmap can be easily manipulatedby text-processing software like awk, sed, or many others thus enabling the user tocreate customized reports.
Interactive presented and updated real time when a user runs the Nmap from thecommand line. Various options can be entered during the scan to facilitate monitoring.
XML its document type definition is located at.[14]Using XML format for results allowslater to produce documents suited for the various media. One such use is to create HTMLreport not available as built-in output format with the help of freely available Open source
XSLTprocessors.
Grepable line-oriented output that is tailored to the line-processing tools like grep sedorawk.
Normal the output as seen while running Nmap from the command line, but saved to thefile.
Script kiddie meant to be the funny way to postformat the interactive outputreplacingletters with their visually alike number representations. For example, Interesting portsbecomes Int3rest|ng p0rtz .
http://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Syhunthttp://en.wikipedia.org/wiki/Awkhttp://en.wikipedia.org/wiki/Sedhttp://en.wikipedia.org/wiki/XMLhttp://en.wikipedia.org/wiki/XMLhttp://en.wikipedia.org/wiki/Document_type_definitionhttp://en.wikipedia.org/wiki/Nmap#cite_note-13http://en.wikipedia.org/wiki/Nmap#cite_note-13http://en.wikipedia.org/wiki/Nmap#cite_note-13http://en.wikipedia.org/wiki/Open_sourcehttp://en.wikipedia.org/wiki/XSLThttp://en.wikipedia.org/wiki/Grephttp://en.wikipedia.org/wiki/Sedhttp://en.wikipedia.org/wiki/Awkhttp://en.wikipedia.org/wiki/Script_kiddiehttp://en.wikipedia.org/wiki/Script_kiddiehttp://en.wikipedia.org/wiki/L33thttp://en.wikipedia.org/wiki/L33thttp://en.wikipedia.org/wiki/Script_kiddiehttp://en.wikipedia.org/wiki/Awkhttp://en.wikipedia.org/wiki/Sedhttp://en.wikipedia.org/wiki/Grephttp://en.wikipedia.org/wiki/XSLThttp://en.wikipedia.org/wiki/Open_sourcehttp://en.wikipedia.org/wiki/Nmap#cite_note-13http://en.wikipedia.org/wiki/Document_type_definitionhttp://en.wikipedia.org/wiki/XMLhttp://en.wikipedia.org/wiki/Sedhttp://en.wikipedia.org/wiki/Awkhttp://en.wikipedia.org/wiki/Syhunthttp://en.wikipedia.org/wiki/Microsoft_Windows -
8/3/2019 Ss Case Study
8/23
Purpose
Nmap is used to discover computers and services on a computer network, thus creating amap of the network. Just like many simple port scanners, Nmap is capable of discovering
passive services on a network, despite the fact that such services arent advertising
themselves with a service discovery protocol. In addition, Nmap may be able to determine
various details about the remote computers.
Ethical issues and legality
Like most tools used in computer security, Nmap can be used forblack hathacking, orattempting to gain unauthorized access to computer systems. It would typically be used to
discover open ports which are likely to be running vulnerable services, in preparation for
attacking those services with another program.
System administrators often use Nmap to search for unauthorized servers on their network, or
for computers which don't meet the organization's minimum level of security.
Nmap is often confused with host vulnerability assessment tools such as Nessus, which go
further in their exploration of a target by testing for common vulnerabilities in the open ports
found.
In some jurisdictions, unauthorized port scanning may be illegal.
Nmap in popular culture
In The Matrix Reloaded, Trinityis seen using Nmap to access a power plant's computersystem,[28]allowing Neo to "physically"break in to a building. The appearance of Nmap inthe film was widely discussed on internet forums and hailed as an unusually realisticexample of hacking compared to other movies.
Nmap and NmapFE were used in the film The Listening, a 2006 movie about a former NSAofficer who defects and mounts a clandestine counter-listening station high in the Italianalps.
Some Nmap source code can be seen in the movie Battle Royale, as well as brief views of the
command line version of Nmap executing in Die Hard 4 andBourne Ultimatum.
Nmap in academia
Nmap has long since become an integral part of academic activities. It has been used forresearch involving TCP/IP protocol suite and networking in general, with the securitydomain being the main beneficiary. Beyond being the helping tool in researching varioustopics, Nmap has become the topic of research itself
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Black_hathttp://en.wikipedia.org/wiki/Black_hathttp://en.wikipedia.org/wiki/Black_hathttp://en.wikipedia.org/wiki/Nessus_%28software%29http://en.wikipedia.org/wiki/The_Matrix_Reloadedhttp://en.wikipedia.org/wiki/Trinity_%28Matrix_character%29http://en.wikipedia.org/wiki/Nmap#cite_note-nmapmovies-27http://en.wikipedia.org/wiki/Nmap#cite_note-nmapmovies-27http://en.wikipedia.org/wiki/Nmap#cite_note-nmapmovies-27http://en.wikipedia.org/wiki/Neo_%28The_Matrix%29http://en.wikipedia.org/wiki/Burglaryhttp://www.imdb.com/title/tt0427461/http://en.wikipedia.org/wiki/Battle_Royale_%28film%29http://en.wikipedia.org/wiki/Die_Hard_4http://en.wikipedia.org/wiki/Bourne_Ultimatum_%28film%29http://en.wikipedia.org/wiki/Bourne_Ultimatum_%28film%29http://en.wikipedia.org/wiki/Die_Hard_4http://en.wikipedia.org/wiki/Battle_Royale_%28film%29http://www.imdb.com/title/tt0427461/http://en.wikipedia.org/wiki/Burglaryhttp://en.wikipedia.org/wiki/Neo_%28The_Matrix%29http://en.wikipedia.org/wiki/Nmap#cite_note-nmapmovies-27http://en.wikipedia.org/wiki/Trinity_%28Matrix_character%29http://en.wikipedia.org/wiki/The_Matrix_Reloadedhttp://en.wikipedia.org/wiki/Nessus_%28software%29http://en.wikipedia.org/wiki/Black_hathttp://en.wikipedia.org/wiki/Computer_security -
8/3/2019 Ss Case Study
9/23
Output from Nmappre
Command :- nmap -sV -T4 -O -A -v
Starting Nmap 5.35DC1 at 2010-10-21 01:57 ISTNSE: Loaded 6 scripts for scanning.
Nmap scan report for ()
Host is up (0.10s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
113/tcp closed authRunning: Linux 2.6.X (96%), Cisco Linux 2.6.X (90%), HP embedded (89%), Riverbed
embedded (87%) Aggressive OS guesses: Linux 2.6.9 (96%), Linux 2.6.9 2.6.27
(96%), Linux 2.6.9 (CentOS 4.4) (95%), Linux 2.6.15 2.6.26 (92%), Blue Coat
Director (Linux 2.6.10) (92%), Linux 2.6.26 (PCLinuxOS) (91%), Linux 2.6.11 (90%),HP Brocade 4Gb SAN switch (89%), Linux 2.6.22.132.fc6 (x86, SMP) (89%), Linux
2.6.28 (88%) No exact OS matches for host (test conditions non-ideal). Uptime
guess: 35.708 days (since Wed Sep 15 08:58:56 2010)Nmap done: 1 IP address (1 host up) scanned in 19.94 seconds
Raw packets sent: 2080 (95.732KB)| Rcvd: 24 (1.476KB)TRACEROUTE (using port 113/tcp)
HOP RTT ADDRESS
1 2.27 ms 192.168.254.4
Nmap done: 1 IP address (1 host up) scanned in 19.94 secondsRaw packets sent: 2080 (95.732KB)| Rcvd: 24 (1.476KB)
http://en.wikipedia.org/wiki/Template:Prehttp://nmap.org/http://nmap.org/http://en.wikipedia.org/wiki/Template:Pre -
8/3/2019 Ss Case Study
10/23
PGP
Pretty Good Privacy(PGP) is a data encryption and decryption computer program thatprovides cryptographic privacyandauthenticationfor data communication. PGP is oftenused for signing, encrypting anddecrypting texts, E-mails, files, directories and whole disk
partitions to increase the security of e-mail communications. It was created byPhilZimmermann in 1991.PGP and similar products follow the OpenPGPstandard(RFC 4880) for encrypting anddecrypting data.
How PGP encryption works
PGPencryption uses a serial combination ofhashing, data compression, symmetric-keycryptography, and, finally, public-key cryptography; each step uses one of several supportedalgorithms. Each public key is bound to a user name and/or an e-mailaddress. The firstversion of this system was generally known as a web of trustto contrast with the X.509
system which uses a hierarchical approach based on certificate authorityand which wasadded to PGP implementations later. Current versions of PGP encryption include bothoptions through an automated key management server.
Compatibility
As PGP evolves, PGP systems that support newer features and algorithms are able to createencrypted messages that older PGP systems cannot decrypt, even with a valid private key.Thus, it is essential that partners in PGP communication understand each other'scapabilities or at least agree on PGP settings.
Confidentiality
PGP can be used to send messages confidentially. For this, PGP combines symmetric-keyencryption and public-key encryption. The message is encrypted using a symmetricencryption algorithm, which requires a symmetric key. Each symmetric key is used onlyonce and is also called a session key. The session key is protected by encrypting it with thereceiver's public key thus ensuring that only the receiver can decrypt the session key. Theencrypted message along with the encrypted session key is sent to the receiver.
Digital signatures
PGP supports message authentication and integrity checking. The latter is used to detectwhether a message has been altered since it was completed (the message integrity
property), and the former to determine whether it was actually sent by the person/entityclaimed to be the sender (a digital signature). In PGP, these are used by default inconjunction with encryption, but can be applied to the plaintextas well. The sender usesPGP to create a digital signature for the message with either the RSA orDSA signaturealgorithms. To do so, PGP computes a hash (also called a message digest) from the
plaintext, and then creates the digital signaturefrom that hash using the sender's privatekey.
http://en.wikipedia.org/wiki/Data_encryptionhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Cryptographichttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Decryptinghttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGPhttp://tools.ietf.org/html/rfc4880http://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Cryptographic_hash_functionhttp://en.wikipedia.org/wiki/Data_compressionhttp://en.wikipedia.org/wiki/Symmetric-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_cryptographyhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/Message_digesthttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Message_digesthttp://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/Public-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_cryptographyhttp://en.wikipedia.org/wiki/Symmetric-key_cryptographyhttp://en.wikipedia.org/wiki/Data_compressionhttp://en.wikipedia.org/wiki/Cryptographic_hash_functionhttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Datahttp://tools.ietf.org/html/rfc4880http://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGPhttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Decryptinghttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Cryptographichttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Data_encryption -
8/3/2019 Ss Case Study
11/23
Web of trust
Main article: Web of trust
Both when encrypting messages and when verifying signatures, it is critical that the publickey used to send messages to someone or some entity actually does 'belong' to the intended
recipient. Simply downloading a public key from somewhere is not overwhelming assuranceof that association; deliberate (or accidental) impersonation is possible. PGP has, from its
first versions, always included provisions for distributing a user's public keys in an 'identitycertificate'which is also constructed cryptographically so that any tampering (oraccidental garble) is readily detectable. But merely making a certificate which is impossibleto modify without being detected effectively is also insufficient. It can prevent corruptiononly after the certificate has been created, not before. Users must also ensure by somemeans that the public key in a certificate actually does belong to the person/entity claimingit. From its first release, PGP products have included an internal certificate 'vetting scheme'to assist with this; a trust model which has been called a web of trust. A given public key (or
more specifically, information binding a user name to a key) may be digitally signed by athird party user to attest to the association between someone (actually a user name) andthe key. There are several levels of confidence which can be included in such signatures.
Although many programs read and write this information, few (if any) include this level ofcertification when calculating whether to trust a key.
The web of trust protocol was first described byZimmermann in 1992 in the manual forPGP version 2.0:
As time goes on, you will accumulate keys from other people that you may want todesignate as trusted introducers. Everyone else will each choose their own trustedintroducers. And everyone will gradually accumulate and distribute with their key acollection of certifying signatures from other people, with the expectation that anyonereceiving it will trust at least one or two of the signatures. This will cause the emergence ofa decentralized fault-tolerant web of confidence for all public keys.
The web of trust mechanism has advantages over a centrally managedpublic keyinfrastructure scheme such as that used byS/MIMEbut has not been universally used. Usershave been willing to accept certificates and check their validity manually or to simplyaccept them. No satisfactory solution has been found for the underlying problem.
Certificates
In the (more recent) OpenPGP specification, trust signatures can be used to supportcreation ofcertificate authorities. A trust signature indicates both that the key belongs toits claimed owner and that the owner of the key is trustworthy to sign other keys at onelevel below their own. A level 0 signature is comparable to a web of trust signature sinceonly the validity of the key is certified. A level 1 signature is similar to the trust one has in acertificate authority because a key signed to level 1 is able to issue an unlimited number of
level 0 signatures. A level 2 signature is highly analogous to the trust assumption usersmust rely on whenever they use the default certificate authority list (like those included inweb browsers); it allows the owner of the key to make other keys certificate authorities.
http://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/S/MIMEhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/S/MIMEhttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Public_key_infrastructurehttp://en.wikipedia.org/wiki/Phil_Zimmermannhttp://en.wikipedia.org/wiki/Web_of_trusthttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Identity_certificatehttp://en.wikipedia.org/wiki/Web_of_trust -
8/3/2019 Ss Case Study
12/23
PGP versions have always included a way to cancel ('revoke') identity certificates. A lost orcompromised private key will require this if communication security is to be retained bythat user. This is, more or less, equivalent to the certificate revocation lists of centralizedPKI schemes. Recent PGP versions have also supported certificate expiration dates.
The problem of correctly identifying a public key as belonging to a particular user is not
unique to PGP. All public key / private key cryptosystems have the same problem, if inslightly different guise, and no fully satisfactory solution is known. PGP's original scheme, atleast, leaves the decision whether or not to use its endorsement/vetting system to the user,while most other PKI schemes do not, requiring instead that every certificate attested to bya centralcertificate authoritybe accepted as correct.
Security quality
To the best of publicly available information, there is no known method which will allow aperson or group to break PGP encryption by cryptographic or computational means.
Indeed, in 1996, cryptographerBruce Schneiercharacterized an early version as being "theclosest you're likely to get to military-grade encryption." Early versions of PGP have been
found to have theoretical vulnerabilities and so current versions are recommended. Inaddition to protecting data in transit over a network, PGP encryption can also be used to
protect data in long-term data storage such as disk files. These long-term storage optionsare also known as data at rest, i.e. data stored, not in transit.
The cryptographic security of PGP encryption depends on the assumption that thealgorithms used are unbreakable by directcryptanalysis with current equipment andtechniques. For instance, in the original version, the RSA algorithm was used to encryptsession keys; RSA's security depends upon the one-way function nature of mathematicalinteger factoring. Likewise, the secret key algorithm used in PGP version 2 was IDEA, whichmight, at some future time, be found to have a previously unsuspected cryptanalytic flaw.Specific instances of current PGP, or IDEA, insecuritiesif they existare not publiclyknown. As current versions of PGP have added additional encryption algorithms, the degreeof their cryptographic vulnerability varies with the algorithm used. In practice, each of thealgorithms in current use is not publicly known to have cryptanalytic weaknesses.
New versions of PGP are released periodically and vulnerabilities that developers are awareof are progressively fixed. Any agency wanting to read PGP messages would probably useeasier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis orblack-bagcryptanalysis i.e. installing some form oftrojan horse orkeystroke loggingsoftware/hardware on the target computer to capture encrypted keyrings and their
passwords. The FBIhas already used this attack against PGP in its investigations. However,any such vulnerabilities apply not just to PGP, but to all encryption software.
In 2003, an incident involving seizedPsion PDAs belonging to members of the Red Brigadeindicated that neither the Italian police nor the FBI were able to decrypt PGP-encrypted
files stored on them.
A more recent incident in December 2006 (see United States v. Boucher) involving UScustoms agents and a seizedlaptop PCwhich allegedly containedchild pornographyindicates that US Government agencies find it "nearly impossible" to access PGP-encrypted
http://en.wikipedia.org/wiki/Certificate_revocation_listhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Cryptographerhttp://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Cryptanalysishttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/Integer_factorizationhttp://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/Rubber-hose_cryptanalysishttp://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Keystroke_logginghttp://en.wikipedia.org/wiki/FBIhttp://en.wikipedia.org/wiki/Psionhttp://en.wikipedia.org/wiki/PDAhttp://en.wikipedia.org/wiki/Red_Brigadehttp://en.wikipedia.org/wiki/Italian_policehttp://en.wikipedia.org/wiki/United_States_v._Boucherhttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/Laptop_PChttp://en.wikipedia.org/wiki/Child_pornographyhttp://en.wikipedia.org/wiki/Child_pornographyhttp://en.wikipedia.org/wiki/Laptop_PChttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/United_States_Customs_Servicehttp://en.wikipedia.org/wiki/United_States_v._Boucherhttp://en.wikipedia.org/wiki/Italian_policehttp://en.wikipedia.org/wiki/Red_Brigadehttp://en.wikipedia.org/wiki/PDAhttp://en.wikipedia.org/wiki/Psionhttp://en.wikipedia.org/wiki/FBIhttp://en.wikipedia.org/wiki/Keystroke_logginghttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Black-bag_cryptanalysishttp://en.wikipedia.org/wiki/Rubber-hose_cryptanalysishttp://en.wikipedia.org/wiki/International_Data_Encryption_Algorithmhttp://en.wikipedia.org/wiki/Integer_factorizationhttp://en.wikipedia.org/wiki/One-way_functionhttp://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/Cryptanalysishttp://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Cryptographerhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_revocation_list -
8/3/2019 Ss Case Study
13/23
files. Additionally, a judge ruling on the same case in November 2007 has stated thatforcing the suspect to reveal his PGP passphrase would violate his Fifth Amendmentrightsi.e. a suspect's constitutional right not to incriminate himself. The Fifth Amendment issuehas been opened again as the case was appealed and the federal judge again ordered thedefendant to provide the key.
Evidence suggests that as of 2007, British police investigators are unable to break PGP, soinstead have resorted to using RIPA legislation to demand the passwords/keys. InNovember 2009 a British citizen was convicted under RIPA legislation and jailed for 9months for refusing to provide police investigators with encryption keys to PGP-encrypted
files.
PGP 3 and founding of PGP Inc.
During this turmoil, Zimmermann's team worked on a new version of PGP encryption calledPGP 3. This new version was to have considerable security improvements, including a new
certificate structure which fixed small security flaws in the PGP 2.x certificates as well aspermitting a certificate to include separate keys for signing and encryption. Furthermore,the experience with patent and export problems led them to eschew patents entirely. PGP 3introduced use of the CAST-128 (a.k.a. CAST5) symmetric key algorithm, and the DSA andElGamalasymmetric key algorithms, all of which were unencumbered by patents.
After the Federal criminal investigation ended in 1996, Zimmermann and his team started acompany to produce new versions of PGP encryption. They merged with Viacrypt (to whom
Zimmermann had sold commercial rights and who had licensed RSA directly from RSADSI)which then changed its name to PGP Incorporated. The newly combined Viacrypt/PGP teamstarted work on new versions of PGP encryption based on the PGP 3 system. Unlike PGP 2,which was an exclusivelycommand lineprogram, PGP 3 was designed from the start as asoftware libraryallowing users to work from a command line or inside a GUIenvironment.The original agreement between Viacrypt and the Zimmermann team had been thatViacrypt would have even-numbered versions and Zimmermann odd-numbered versions.Viacrypt, thus, created a new version (based on PGP 2) that they called PGP 4. To removeconfusion about how it could be that PGP 3 was the successor to PGP 4, PGP 3 was renamedand released as PGP 5 in May 1997.
OpenPGP
Inside PGP Inc., there was still concern about patent issues. RSADSI was challenging thecontinuation of the Viacrypt RSA license to the newly merged firm. The company adoptedan informal internal standard called "Unencumbered PGP": "use no algorithm withlicensing difficulties". Because of PGP encryption's importance worldwide (it is thought tobe the most widely chosen quality cryptographic system), many wanted to write their ownsoftware that would interoperate with PGP 5. Zimmermann became convinced that an openstandard for PGP encryption was critical for them and for the cryptographic community asa whole. In July 1997, PGP Inc. proposed to the IETFthat there be a standard called
OpenPGP. They gave the IETF permission to use the name OpenPGP to describe this newstandard as well as any program that supported the standard. The IETF accepted theproposal and started the OpenPGPWorking Group.
http://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitutionhttp://en.wikipedia.org/wiki/British_policehttp://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000http://en.wikipedia.org/wiki/CAST-128http://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/ElGamalhttp://en.wikipedia.org/wiki/Command_linehttp://en.wikipedia.org/wiki/Software_libraryhttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/IETF_Working_Grouphttp://en.wikipedia.org/wiki/IETF_Working_Grouphttp://en.wikipedia.org/wiki/IETFhttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/Software_libraryhttp://en.wikipedia.org/wiki/Command_linehttp://en.wikipedia.org/wiki/ElGamalhttp://en.wikipedia.org/wiki/Digital_Signature_Algorithmhttp://en.wikipedia.org/wiki/CAST-128http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000http://en.wikipedia.org/wiki/British_policehttp://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution -
8/3/2019 Ss Case Study
14/23
OpenPGP is on the Internet Standards Trackand is under active development. The currentspecification is RFC 4880 (November 2007), the successor to RFC 2440. Many e-mail clients
provide OpenPGP-compliant email security as described in RFC 3156.
The Free Software Foundation has developed its own OpenPGP-compliant program calledGNU Privacy Guard(abbreviated GnuPG or GPG). GnuPG is freely available together with all
source code under the GNU General Public License (GPL) and is maintained separately fromseveral Graphical User Interfaces (GUIs) that interact with the GnuPG library forencryption, decryption and signing functions (see KGPG, Seahorse, MacGPG). Several othervendors have also developed OpenPGP-compliant software.
Network Associates acquisition
In December 1997, PGP Inc. was acquired byNetwork Associates, Inc. ("NAI"). Zimmermann
and the PGP team became NAI employees. NAI was the first company to have a legal exportstrategy by publishing source code. Under NAI, the PGP team added disk encryption,desktop firewalls, intrusion detection, andIPsec VPNs to the PGP family. After the exportregulation liberalizations of 2000 which no longer required publishing of source, NAIstopped releasing source code.
In early 2001, Zimmermann left NAI. He served as Chief Cryptographer forHushCommunications, who provide an OpenPGP-based e-mail service, Hushmail. He has alsoworked with Veridis and other companies. In October, 2001, NAI announced that its PGPassets were for sale and that it was suspending further development of PGP encryption. The
only remaining asset kept was the PGP E-Business Server (the original PGP Commandlineversion). In February 2002, NAI canceled all support for PGP products, with the exception ofthe re-named commandline product. NAI (nowMcAfee) continues to sell and support the
product under the name McAfee E-Business Server.
Current situation
In August 2002, several ex-PGP team members formed a new company, PGP Corporation,and bought the PGP assets (except for the command line version) from NAI. The newcompany was funded by Rob Theis of Doll Capital Management (DCM) and Terry Garnett ofVenrock Associates. PGP Corporation supports existing PGP users and honors NAI's supportcontracts. Zimmermann now serves as a special advisor and consultant to PGP Corporation,as well as continuing to run his own consulting company. In 2003, PGP Corporation createda new server-based product called PGP Universal.
In mid-2004, PGP Corporation shipped its own command line version called PGP CommandLine, which integrates with the other PGP Encryption Platform applications. In 2005, PGPCorporation made its first acquisitionthe German software companyGlueck and KanjaTechnology AG, which is nowPGP Deutschland AG. In 2010, PGP Corporation acquired
Hamburg-based certificate authority TC TrustCenter and its parent company,ChosenSecurity, to form its PGP TrustCenterdivision.
http://en.wikipedia.org/wiki/Internet_Standardhttp://tools.ietf.org/html/rfc4880http://tools.ietf.org/html/rfc2440http://tools.ietf.org/html/rfc3156http://en.wikipedia.org/wiki/Free_Software_Foundationhttp://en.wikipedia.org/wiki/GNU_Privacy_Guardhttp://en.wikipedia.org/wiki/GNU_General_Public_Licensehttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/KGPGhttp://en.wikipedia.org/wiki/Seahorse_%28software%29http://en.wikipedia.org/wiki/MacGPGhttp://en.wikipedia.org/wiki/Network_Associateshttp://en.wikipedia.org/wiki/IPsechttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/Hush_Communicationshttp://en.wikipedia.org/wiki/Hush_Communicationshttp://en.wikipedia.org/wiki/Hushmailhttp://en.wikipedia.org/wiki/McAfeehttp://en.wikipedia.org/wiki/PGP_Corporationhttp://en.wikipedia.org/wiki/Germanyhttp://glueckkanja.com/http://pgp.de/http://www.pgptrustcenter.com/http://www.pgptrustcenter.com/http://pgp.de/http://glueckkanja.com/http://en.wikipedia.org/wiki/Germanyhttp://en.wikipedia.org/wiki/PGP_Corporationhttp://en.wikipedia.org/wiki/McAfeehttp://en.wikipedia.org/wiki/Hushmailhttp://en.wikipedia.org/wiki/Hush_Communicationshttp://en.wikipedia.org/wiki/Hush_Communicationshttp://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/IPsechttp://en.wikipedia.org/wiki/Network_Associateshttp://en.wikipedia.org/wiki/MacGPGhttp://en.wikipedia.org/wiki/Seahorse_%28software%29http://en.wikipedia.org/wiki/KGPGhttp://en.wikipedia.org/wiki/GUIhttp://en.wikipedia.org/wiki/GNU_General_Public_Licensehttp://en.wikipedia.org/wiki/GNU_Privacy_Guardhttp://en.wikipedia.org/wiki/Free_Software_Foundationhttp://tools.ietf.org/html/rfc3156http://tools.ietf.org/html/rfc2440http://tools.ietf.org/html/rfc4880http://en.wikipedia.org/wiki/Internet_Standard -
8/3/2019 Ss Case Study
15/23
Since the 2002 purchase of NAI's PGP assets, PGP Corporation has offered worldwide PGPtechnical support from its offices in Draper, Utah, Offenbach, GermanyandTokyo, Japan.
On April 29, 2010 Symantec Corp. announced that it would acquire PGP for $300 millionwith the intent of integrating it into its Enterprise Security Group.[14]This acquisition was
finalized and announced to the public on June 7, 2010.
PGP Corporation encryption applications
This section describes commercial programs available from PGP Corporation. For
information on other programs compatible with the OpenPGPspecification, see OpenPGP
implementations below.
While originally used primarily for encrypting the contents of e-mail messages andattachments from a desktop client, PGP products have been diversified since 2002 into a setof encryption applications which can be managed by an optional central policy server. PGP
encryption applications include e-mail and attachments, digital signatures, laptop full diskencryption, file and folder security, protection for IM sessions, batch file transfer encryption,and protection for files and folders stored on network servers and, more recently, encryptedand/or signed HTTP request/responses by means of a client side (Enigform) and a serverside (mod openpgp) module. There is also a Wordpress plugin available, called wp-enigform-authentication, that takes advantage of the session management features ofEnigform with mod_openpgp.
The PGP Desktop 9.x family includes PGP Desktop Email, PGP Whole Disk Encryption, andPGP NetShare. Additionally, a number of Desktop bundles are also available. Depending on
application, the products feature desktop e-mail, digital signatures, IM security, whole diskencryption, file and folder security, self decrypting archives, and secure shredding of deleted
files. Capabilities are licensed in different ways depending on features required.
The PGP Universal Server 2.x management console handles centralized deployment,security policy, policy enforcement, key management, and reporting. It is used forautomated e-mail encryption in the gateway and manages PGP Desktop 9.x clients. Inaddition to its local keyserver, PGP Universal Server works with the PGP public keyservercalled the PGP Global Directoryto find recipient keys. It has the capability of delivering e-mail securely when no recipient key is found via a secure HTTPS browser session.
With PGP Desktop 9.x managed by PGP Universal Server 2.x, first released in 2005, all PGPencryption applications are based on a new proxy-based architecture. These newer versionsof PGP software eliminate the use of e-mail plug-ins and insulate the user from changes toother desktop applications.
All desktop and server operations are now based on security policies and operate in anautomated fashion. The PGP Universal server automates the creation, management, andexpiration of keys, sharing these keys among all PGP encryption applications.
The current shipping versions are PGP Desktop 10.1 (Windows and Mac-OS Platforms) andPGP Universal 2.12 . Version 3.x of Universal Server is announced for being released inMarch 2010.
http://en.wikipedia.org/wiki/Draper,_Utahhttp://en.wikipedia.org/wiki/Utahhttp://en.wikipedia.org/wiki/Offenbach_am_Mainhttp://en.wikipedia.org/wiki/Germanyhttp://en.wikipedia.org/wiki/Tokyohttp://en.wikipedia.org/wiki/Japanhttp://en.wikipedia.org/wiki/Symantechttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-13http://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-13http://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-13http://en.wikipedia.org/wiki/PGP_Corporationhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGPhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP_implementationshttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP_implementationshttp://en.wikipedia.org/wiki/Enigformhttp://en.wikipedia.org/wiki/Mod_openpgphttp://en.wikipedia.org/w/index.php?title=Self-Decrypting_Archive&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Self-Decrypting_Archive&action=edit&redlink=1http://en.wikipedia.org/wiki/Mod_openpgphttp://en.wikipedia.org/wiki/Enigformhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP_implementationshttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP_implementationshttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGPhttp://en.wikipedia.org/wiki/PGP_Corporationhttp://en.wikipedia.org/wiki/Pretty_Good_Privacy#cite_note-13http://en.wikipedia.org/wiki/Symantechttp://en.wikipedia.org/wiki/Japanhttp://en.wikipedia.org/wiki/Tokyohttp://en.wikipedia.org/wiki/Germanyhttp://en.wikipedia.org/wiki/Offenbach_am_Mainhttp://en.wikipedia.org/wiki/Utahhttp://en.wikipedia.org/wiki/Draper,_Utah -
8/3/2019 Ss Case Study
16/23
Also available are PGP Command Line, which enables command line-based encryption andsigning of information for storage, transfer, and backup, as well as the PGP SupportPackage for BlackBerry which enables RIM BlackBerry devices to enjoy sender-to-recipientmessaging encryption.
New versions of PGP applications use both OpenPGP and the S/MIME, allowing
communications with any user of a NISTspecified standard.
http://en.wikipedia.org/wiki/NISThttp://en.wikipedia.org/wiki/NIST -
8/3/2019 Ss Case Study
17/23
TCPDUMP TOOL TO ANALYSE THE NETWORK
Tcpdump is a common packet analyzerthat runs under the command line. It allows theuser to intercept and displayTCP/IPand other packets being transmitted or received over anetworkto which the computer is attached. Distributed under the BSD license,[1]tcpdump is
free software.
Tcpdump works on mostUnix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UXandAIXamong others. In those systems, tcpdump uses the libpcap library to capture
packets. There is also a portof tcpdump forWindows called WinDump; this uses WinPcap,which is a port of libpcap to Windows.
The tcpdump is a tool meant for network monitoring, protocol debugging and data
acquisition. It is a network packet sniffer that runs under the command line. This document
gives an overview of a tcpdump tool.
INTRODUCTION
The tcpdump is a tool meant for network monitoring, protocol debugging and dataacquisition. It is a network packet sniffer that runs under the command line. This document
gives an overview of a tcpdump tool.HISTORY
The tcpdump allows the user to intercept and display the TCP/IP and other network
packets that are being transmitted/ received over a network to which the computer isattached.
The tool was originally written by Van Jacobson, Craig Leres and Steven McCanne who wereworking in the Lawrence Berkeley Laboratory Network Research Group.
DESCRIPTION
The tcpdump is a premier network analysis that is being used by security professionals.The tcpdump' tool listens to and records traffic on a network segment. The tool can be
highly useful in troubleshooting and monitoring network activity. It runs under commandline. The tool prints out the packet headers on a network interface that match theexpression which would be given as a part of the command. In all cases, only packets thatmatch expression will be processed by tcpdump.
The simplest way to use the tool is to run with the option -ispecifying which networkinterface must be used. This would dump the summary of all the network packetstransmitted and received on the network interface.
Its always good to specify explicitly the correct network interface with the -ioption. If there
are any DNS problems, tcpdump might hang trying to lookup DNS names for IP addresses;to disable this feature use the -for-n options.
http://en.wikipedia.org/wiki/Packet_analyzerhttp://en.wikipedia.org/wiki/Command_linehttp://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/BSD_licensehttp://en.wikipedia.org/wiki/Tcpdump#cite_note-0http://en.wikipedia.org/wiki/Tcpdump#cite_note-0http://en.wikipedia.org/wiki/Tcpdump#cite_note-0http://en.wikipedia.org/wiki/Free_softwarehttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Solaris_%28operating_system%29http://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/HP-UXhttp://en.wikipedia.org/wiki/AIX_operating_systemhttp://en.wikipedia.org/wiki/Libpcaphttp://en.wikipedia.org/wiki/Portinghttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Portinghttp://en.wikipedia.org/wiki/Libpcaphttp://en.wikipedia.org/wiki/AIX_operating_systemhttp://en.wikipedia.org/wiki/HP-UXhttp://en.wikipedia.org/wiki/Mac_OS_Xhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Solaris_%28operating_system%29http://en.wikipedia.org/wiki/Linuxhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/Free_softwarehttp://en.wikipedia.org/wiki/Tcpdump#cite_note-0http://en.wikipedia.org/wiki/BSD_licensehttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/TCP/IPhttp://en.wikipedia.org/wiki/Command_linehttp://en.wikipedia.org/wiki/Packet_analyzer -
8/3/2019 Ss Case Study
18/23
The tool can also be run with the -woption, which would allow saving the packet data in toa file for later analysis. The file can be opened using the wiresharktool to interpret therequest and response. The request headers, request body, response body etc. can be viewedin the wiresharktool which would be of great help in analyzing the network problems.
The tool, when not run with the -cflag, will continue capturing packets until interrupted by
a SIGINT signal (typically control-C) or a SIGTERM signal (typically the killcommand); ifrun with the -coption, the packets will be captured until interrupted by a SIGINT orSIGTERM signal or the specified number of packets have been processed.
On finishing the packet capturing, tool will report count of the packets received by the filter.
Here are different usages:
tcpdump -w test.pcap -i eth1 tcp port 6881
The TCP packets the flow over the network interface eth1 and port 6881 would be captured
and stored in the test.pcap file.tcpdump -w test.pcap -i eth1 tcp port 6881 or udp \( 33210 or 33220 \)
The TCP packets the flow over the network interface eth1 and port 6881 as well as UDPpackets on port 33210/ 22220 would be captured and stored in the test.pcap file.
Common uses
Tcpdump analyzes network behavior, performance and applications that generate orreceive network traffic. It can also be used for analyzing the network infrastructure itself by
determining whether all necessaryrouting is occurring properly, allowing the user tofurther isolate the source of a problem.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying thecommunications of another user or computer. A user with the necessary privileges on asystem acting as a routerorgatewaythrough which unencrypted traffic such as TelnetorHTTPpasses can use tcpdump to view login IDs, passwords, the URLs and content ofwebsites being viewed, or any other unencrypted information.
The user may optionally apply a BPF-based filter to limit the number of packets seen by
tcpdump; this renders the output more usable on networks with a high volume of traffic.
Privileges required
In some Unix-like operating systems, a user must have superuserprivileges to use tcpdumpbecause the packet capturing mechanisms on those systems require elevated privileges.However, the -Z option may be used to drop privileges to a specific unprivileged user aftercapturing has been set up. In other Unix-like operating systems, the packet capturingmechanism can be configured to allow non-privileged users to use it; if that is done,superuser privileges are not required.
http://www.wireshark.org/http://www.wireshark.org/http://linux.die.net/man/1/killhttp://en.wikipedia.org/wiki/Router_%28computing%29http://en.wikipedia.org/wiki/Router_%28computing%29http://en.wikipedia.org/wiki/Gateway_%28computer_networking%29http://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Uniform_Resource_Locatorhttp://en.wikipedia.org/wiki/Berkeley_Packet_Filterhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Superuserhttp://en.wikipedia.org/wiki/Superuserhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/Berkeley_Packet_Filterhttp://en.wikipedia.org/wiki/Uniform_Resource_Locatorhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Gateway_%28computer_networking%29http://en.wikipedia.org/wiki/Router_%28computing%29http://en.wikipedia.org/wiki/Router_%28computing%29http://linux.die.net/man/1/killhttp://www.wireshark.org/http://www.wireshark.org/ -
8/3/2019 Ss Case Study
19/23
COMMON USES
When preliminary troubleshooting does not solve a network problem, tcpdump is the onlyutility that gives the details at the packet or frame level.
The tcpdump tool is used to debug the applications which generate or receive networktraffic. It can also be used for debugging the network setup itself, by determining whetherall the necessary routing is occurring properly, allowing the user to further isolate thesource of a problem.
There might be scenarios where the interception and display of the communication ofanother computer. The tool can also be used for such purposes.
The tcpdump is also an excellent tool to help diagnose denial of service (DoS) attacks. TheseDoS attacks are somewhat hard to identify, since they normally consist of allowable traffic,but in a large quantity.
SUPPORTED OPERATING SYSTEMSThe tcpdump does work on most of the Unix-like operating systems: Linux, Solaris, BSD, MacOS X, HP-UX and AIX among others. In these Unix-like operating systems, the tool uses thelibpcap library to capture packets.
There is also a flavor of tcpdump available for Windows which is called as WinDump; thiswindows flavor uses WinPcap, which is an equivalent of libpcap to Windows.
In most of the Unix-like operating systems, the user must have super user (su) privileges touse tcpdump. This is for the security purpose that the packet capturing mechanisms require
elevated privileges. However, this can be overcome by configuring the packet capturingmechanism to allow the non privileged users to use it.
CONCLUSION
While using such a tool that displays network traffic a more natural (raw) way the burdenof analysis is displaced to the human rather than any other application. This approachcultivates continued and elevated understanding of the TCP/IP suite. I strongly advocateusing tcpdump instead of other tools whenever possible for this reason.
-
8/3/2019 Ss Case Study
20/23
ACCESS CODE USING SQL
Security is paramount to database administrators seeking to protect their gigabytes of vital
business data from the prying eyes of unauthorized outsiders and insiders attempting to
exceed their authority. All relational database management systems provide some sort of
intrinsic security mechanisms designed to minimize these threats. They range from thesimple password protection offered by Microsoft Access to the complex user/role structure
supported by advanced relational databases like Oracle and Microsoft SQL Server. This
article focuses on the security mechanisms common to all databases that implement the
Structured Query Language (or SQL). Together, we'll walk through the process of
strengthening data access controls and ensuring the safety of your data.
Server-based databases all support a user concept similar to that used in computer
operating systems. If you're familiar with the user/group hierarchy found in Microsoft
Windows NT and Windows 2000, you'll find that the user/role groupings supported by SQL
Server and Oracle are very similar.
It is highly recommended that you create individual database user accounts for each person
who will be accessing your database. It's technically possible to share accounts between
users or simply use one user account for each type of user that needs to access your
database, but I strongly discourage this practice for two reasons. First, it will eliminate
individual accountability -- if a user makes a change to your database (let's say by giving
himself a $5,000 raise), you won't be able to trace it back to a specific person through theuse of audit logs. Furthermore, if a specific user leaves your organization and you wish to
remove his or her access from the database, you'll be forced to change the password that all
users rely upon.
The methods for creating user accounts vary from platform to platform and you'll have to
consult your DBMS-specific documentation for the exact procedure. Microsoft SQL Server
users should investigate the use of the sp_adduser stored procedure. Oracle database
administrators will find the CREATE USER command useful. You also might want to
investigate alternative authentication schemes. For example, Microsoft SQL Server supports
the use of Windows NT Integrated Security. Under this scheme, users are identified to the
database by their Windows NT user accounts and are not required to enter an additional
user ID and password to access the database. This approach is extremely popular among
database administrators because it shifts the burden of account management to the
network administration staff and it provides the ease of a single sign-on to the end user.
If you're in an environment with a small number of users, you'll probably find that creating
user accounts and assigning permissions directly to them is sufficient for your needs.However, if you have a large number of users, you'll most likely be overwhelmed by the
burden of maintaining accounts and proper permissions. To ease this burden, relational
-
8/3/2019 Ss Case Study
21/23
databases support the notion of roles. Database roles function similarly to Windows NT
groups. User accounts are assigned to role(s) and permissions are then assigned to the role
as a whole rather than the individual user accounts. For example, we could create a DBA
role and then add the user accounts of our administrative staff to this role. Once we've done
this, we can assign a specific permission to all present (and future) administrators by
simply assigning the permission to the role. Once again, the procedures for creating rolesvaries from platform to platform. MS SQL Server administrators should investigate the
sp_addrole stored procedure while Oracle DBAs should use the CREATE ROLE syntax.
Now that we've added users to our database, it's time to begin strengthening security by
adding permissions. Our first step will be to grant appropriate database permissions to our
users. We'll accomplish this through the use of the SQL GRANT statement.
Here's the syntax of the statement:
GRANT
[ON ]
TO
[WITH GRANT OPTION]
Now, let's take a look at this statement line-by-line. The first line, GRANT ,
allows us to specify the specific table permissions we are granting. These can be either
table-level permissions (such as SELECT, INSERT, UPDATE and DELETE) or database
permissions (such as CREATE TABLE, ALTER DATABASE and GRANT). More than onepermission can be granted in a single GRANT statement, but table-level permissions and
database-level permissions may not be combined in a single statement.
The second line, ON , is used to specify the affected table for table-level permissions.
This line is omitted if we are granting database-level permissions. The third line specifies
the user or role that is being granted permissions.
Finally, the fourth line, WITH GRANT OPTION, is optional. If this line is included in the
statement, the user affected is also permitted to grant these same permissions to other
users. Note that the WITH GRANT OPTION can not be specified when the permissions are
assigned to a role.
Let's look at a few examples. In our first scenario, we have recently hired a group of 42 data
entry operators who will be adding and maintaining customer records. They need to be able
to access information in the Customers table, modify this information and add new records
to the table. They should not be able to entirely delete a record from the database. First, we
should create user accounts for each operator and then add them all to a new role,DataEntry. Next, we should use the following SQL statement to grant them the appropriate
permissions:
-
8/3/2019 Ss Case Study
22/23
GRANT SELECT, INSERT, UPDATE
ON Customers
TO DataEntry
And that's all there is to it! Now let's examine a case where we're assigning database-levelpermissions. We want to allow members of the DBA role to add new tables to our database.
Furthermore, we want them to be able to grant other users permission to do the same.
Here's the SQL statement:
GRANT CREATE TABLE
TO DBA
WITH GRANT OPTION
Notice that we've included the WITH GRANT OPTION line to ensure that our DBAs can
assign this permission to other users.
At this point, we've learned how to add users and roles to a database and assign them
permissions as necessary. In the next section of this article, we'll look at the methods for
removing permissions from users.
Once we've granted permissions, it often proves necessary to revoke them at a later date.
Fortunately, SQL provides us with the REVOKE command to remove previously granted
permissions. Here's the syntax:
REVOKE [GRANT OPTION FOR]
ON
FROM
You'll notice that the syntax of this command is similar to that of the GRANT command. The
only difference is that WITH GRANT OPTION is specified on the REVOKE command line
rather than at the end of the command. As an example, let's imagine we want to revoke
Mary's previously granted permission to remove records from the Customers database.We'd use the following command:
REVOKE DELETE
ON Customers
FROM Mary
And that's all there is to it! There's one additional mechanism supported by Microsoft SQL
Server that is worth mentioning -- the DENY command. This command can be used to
explicitly deny a permission to a user that they might otherwise have through a current or
future role membership. Here's the syntax:
-
8/3/2019 Ss Case Study
23/23
DENY
ON
TO
Returning to our previous example, let's imagine that Mary was also a member of the
Managers role that also had access to the Customers table. The previous REVOKE statementwould not be sufficient to deny her access to the table. It would remove the permission
granted to her through a GRANT statement targeting her user account, but would not
affect the permissions gained through her membership in the Managers role. However, if we
use a DENY statement it will block her inheritance of the permission. Here's the command:
DENY DELETE
ON Customers
TO Mary
The DENY command essentially creates a "negative permission" in the database access
controls. If we later decide to give Mary permission to remove rows from the Customers
table, we can't simply use the GRANT command. That command would be immediately
overridden by the existing DENY. Instead, we would first use the REVOKE command to
remove the negative permission entry as follows:
REVOKE DELETE
ON CustomersFROM Mary
You'll notice that this command is exactly the same as the one used to remove a positive
permission. Remember that the DENY and GRANT commands both work in a similar fashion
-- they both create permissions (positive or negative) in the database access control
mechanism. The REVOKE command removes all positive and negative permissions for the
specified user. Once this command has been issued, Mary will be able to delete rows from
the table if she is a member of a role that possesses that permission. Alternatively, a GRANT
command could be issued to provide the DELETE permission directly to her account.
Throughout the course of this article, you've learned a good deal about the access control
mechanisms supported by the Standard Query Language. This introduction should provide
you with a good starting point, but I encourage you to reference your DBMS documentation
to learn the enhanced security measures supported by your system. You'll find that many
databases support more advanced access control mechanisms, such as granting
permissions on specific columns.
top related