CS Assignment 1 PDF

Preview

Summary

Computer Security Assignment 1...

Description

Computer Security Assignment 1

Introduction When a computer is first bought the customer thinks their device is secure. Users store a magnitude of data on their personal computer systems, a lot of which is private, personal or confidential, and in the wrong hands could cause a vast amount of harm (Bishop, 2003). This harm can be economical but also social. Different security and computer errors can cause a large amount of damage, and the most overlooked cause of error is human error (Wood & Banks, 1993). However, human error is not the only cause, computers have operation system issues, software issues and configuration issues, which require constant maintenance and updates in order to defend the integrity of the computer system. These issues and examples of them are explained and discussed in this report, as well as providing proof of these issues and a description from analysing a preloaded virtual machine, with supporting references and vulnerability database entries.

Results Operating System Issues The operating system is a resource allocator which manages and allocates resources. It is also the control program which executes user programs and the operation of input and output devices. Finally, the operating system can be considered the kernel of the computer as it is the one program running at all times (Silberschatz, Galvin & Gagne, 1998). Security issues within the operating system can occur from settings being changed, default settings in place. Issue 1. Microsoft XP Professional SP2 user permissions issue

Explanation Microsoft XP Professional, Service Pack 2, is the actual operating system of the virtual machine. A user permissions issue is found in this version of the operating system that allows local users to access restricted files and change registry settings. It occurs because different directory and subdirectories, namely System Restore and System Volume Information, have an insecure access control list. This is an issue for the novice end user as it means guest accounts can access certain admin privileges without authorized permissions.

Supporting References CVE-2002-2324

Computer Security Assignment 1

Software Issues Productive applications that users can use is known as software. The user is enabled to complete tasks using programs more efficiently (Curley, n.d.). Applications software are designed for specific tasks to be achieved. Software itself refers to the set of electronic program instructions for performing a task. Issue 1. KeePass 1.29 Vulnerability

2. uTorrent 3.2.3 Vulnerability

Explanation KeePass is software that works as a password manager. These passwords are stored in an encrypted *.KDB file. A search path vulnerability allows local users to gain privileges by having a Trojan horse file within the KDB directory. The likelihood of this occurring is average as the complexity of the vulnerability is moderately difficult, but the score of the vulnerability is 6.9 out of 10. To novice end users, this means that malware could affect the integrity of their system and steal their private passwords. uTorrent is a torrent client that allows peer-to-peer file sharing, usually for illegally obtained files. There is a vulnerability in this version of uTorrent installed on the virtual machine that allows remote attackers to inject command lines parameters and execute arbitrary commands via a crafted URL using the bittorrent or magnet protocol. The exploitability and impact score by the CVE database is 9.3 out of 10, very high which means the importance of defending the novice end user is crucial. The complexity of the vulnerability is medium which means the likelihood of an attacker using this method is medium. The impact that novice end users must be aware of is that the vulnerability allows

Supporting References CVE-2010-5196

CVE-2015-5474

Computer Security Assignment 1

3. ICQ 5 Vulnerability

4. MSN 4.7 Vulnerability

5. TrueCrypt 5.1a Vulnerability

unauthorized disclosure of information, unauthorized modification and disruption of service. ICQ is an online messaging application. Version 5 of the software has multiple SQL injection vulnerabilities via different fields in the edit_profile action. These injections can cause remote attackers to have unauthorized access, violation of partial confidentiality, integrity and availability, disclosure of information and disruption of service. The impact and exploitability score of the vulnerability is at 6.8 which is a medium score not overly crucial but still important for end users to understand the need to update their software. The complexity of the vulnerability is medium therefore the likelihood of the attack occurring is average or medium. MSN is another online messaging application. Version 4.7 of the software while running on Windows XP has the vulnerability that allows remote attackers to cause denial of service (DoS) attacks via a flood of SIP Invite requests. The impact and exploitability score for this issue is 5 out of 10, putting the vulnerability at medium risk and likelihood. However, novice end users should be aware of all potential vulnerabilities that their system has. TrueCrypt is a hardware encryption device that encrypts all the data on the hard disk drive on the computer with a master password. Version 5.1a has the vulnerability that allows local users to gain privileges. The impact and exploitability score for this issue was 7.2 out of 10, which is high and of crucial importance to the

CVE-2008-3191

CVE-2007-3436

CVE-2007-2553

Computer Security Assignment 1

6. Windows Media Player 9 Vulnerability

7. Internet Explorer 6 Vulnerability

novice end user. How the vulnerability works is not as of much importance as alerting the impact of the vulnerability, which may urge the end user to make a change or create a solution. The impact of this vulnerability includes remote attackers gaining administrator access, complete confidentiality, integrity and availability violation, unauthorized disclosure of information and disruption of service. Windows Media Player is an application that allows users to play different types of media such as audio, video, and images. Version 9 of this application installed on the Virtual Machine has a high impact and exploitability vulnerability score, 9.3 out of 10, which is of high concern to the novice end user. This vulnerability causes unauthorized disclosure of information, unauthorized modification and disruption of service. Remote attackers can execute arbitrary code via crafted media content known as a “Media Player Remote Code Execution Vulnerability”. The likelihood of this attack is high as one of the requirements of the vulnerability is that the victim must voluntarily interact with the attack mechanism, which most of the time the novice end user will do by accident. Internet Explorer is a discontinued web browser developed by Microsoft. Version 6 of this application has a vulnerability that allows attackers to determine the existence of local files. This attack is known as an “Internet Explorer Information Disclosure Vulnerability”, as the only impact of the vulnerability is the unauthorized disclosure of information. The impact and exploitability score for this

CVE-2010-0268

CVE-2015-2410

Computer Security Assignment 1

8. Winamp 5.666 Vulnerability

9. Adobe Reader 6.0

vulnerability was 4.3 out of 10, at medium level not being overly crucial for novice end users to worry about as remote attackers cannot modify anything locally. Winamp similar to Windows Media Player, is a media playing application that allows users to view images, videos and audio. Version 5.666 of this application which is installed on the Virtual Machine has the vulnerability of causing disruption of service. Remote attackers can cause denial of service and memory corruption and crashes via a malformed .FLV file. The impact and exploitability score result was 4.3 out of 10, at medium level not being overly crucial for novice end users to worry about as remote attackers cannot modify anything locally. Adobe Reader is an Adobe Systems application that allow users to open, view, create, and manipulate *.PDF files. Version 6 of this application has a security vulnerability that allows remote attackers to gain user account access, partial confidentiality, integrity and availability violation, unauthorized disclosure of information, and disruption of service. In technical terms, attackers can execute arbitrary code via a file with a long extension that is not normally handled by Adobe Reader triggering a buffer overflow. The impact and exploitability score is 7.5 out of 10, which is incredibly high and novice end users need to be incredibly aware of this vulnerability. The most crucial part of the vulnerability that end users should worry about is that it provides user account access.

CVE-2014-3442

CVE-2004-0632

Computer Security Assignment 1

Configuration Issues Configuration is user influenced changes to the default system settings. It is the arrangement of different options or elements. Configuring or changing different values determines the environment of work and productivity for different users (Microsoft, 2016). Issue Explanation 1. Password hint When logging into the Virtual Machine the help function password hint help function gives away the password too easily, when the purpose of the hint function is to help users remember their password. The password hint function should be a word or phrase that allows the end user to vaguely remember their password, however this phrase or word must not give the password away to other users. In this case, on the virtual machine the password is spelt backwards and said it is spelt backwards, easily giving the password away. This is a security issue as it means anyone who checks the password hint help function can easily gain access to the admin account. The likelihood of this weak password help function resulting in a security breach is incredibly high as the hint gives the password basically for the admin login. The admin password is set as “password”. 2. Admin Besides the security issue with the password password hint help function, the actual password itself is an entirely different security issue. “password” is the most used password in the world and one that can be cracked or brute force attacked incredibly easily. “password” is also sometimes the default password for different network devices and other operating systems, but in the case of Windows XP there is no default administrator password. The likelihood of a security breach is high as the password is so basic and highly used, and remote attackers will possibly try this password string first. This is a concern to the novice end user as their administrator privileges on their account can be compromised, as well as their confidential and private data, simply because their admin login password

Supporting References (Microsoft, n.d.)

(Storm, 2015).

Computer Security Assignment 1

3. KeePass master password location

4. Firewall is of

5. Automatic updates of

is weak. As mentioned earlier, KeePass is a password manager application that looks after all passwords on the virtual machine. The list of passwords is protected by a master password which shouldn’t be any where on the machine, as that would defeat the purpose of having a password manager at all. However, the user has placed a “master.txt” file in my documents, which contains the master password for decrypting and unlocking other passwords from KeePass such as ANZ banking details. The likelihood of security breach is incredibly high as the master password for the KeePass password manager is written in plaintext in my documents. This means that there is no layer of defence hardening the security of the master password. This is a big concern for novice end users as they probably do not understand that storing passwords and master passwords in plaintext is a big issue. The issue is that the firewall is turned off. This mean that data packets can unrestrictedly move freely in and out of the network. This is a security issue as not just expected traffic, but malicious traffic and data can travel through the network and device, putting it at risk. As the firewall is completely turned off, the likelihood of malicious data circulating the network is high, as no defence mechanism is in place. Automatic updates mean that the operating system will connect to the internet and when notified for any new updates or versions of software it will automatically self-update. As automatic updates are turned off, this becomes a security issue as when vulnerabilities in the system are discovered they are patched by developers who then release updates. If these updates are not regularly applied manually than the system will be full of security issues and vulnerabilities putting the end user at risk.

(Mackay, 2009).

(Ranbe, 2008).

(Spector, 2012).

Discussion From investigating the virtual machine, different issues across operating system, software and configuration was found. However, the spread of this issues is quite important.

Computer Security Assignment 1 Only one issue for the operating system was discovered, and five found for configuration issues, whereas there were nine issues found for software. Out of all of the issues, only ten had CVE (Common Vulnerabilities and Exposures) database entries. With these database entries, there was impact and exploitability scores for each vulnerability. The lowest score entries were 4.3 which was given both to Winamp 5.666 and Internet Explorer 6, whereas the highest entries were 9.3 given both to Windows Media Player 9 and uTorrent 3.2.3. The most common impact from vulnerabilities across all of the software issues was unauthorized disclosure of information and disruption of service.

Conclusion As discussed throughout this report, the virtual machine has multiple different operating system, software and configuration issues. These issues are measured on a level of impact by the Common Vulnerabilities and Exposures (CVE) database as well as discussed more in-depth by the National Vulnerability Database (NVD). In total fifteen security issues were discovered, with one being an operating system issue, nine being software issues and five being configuration issues. For the safety and security of the novice end user, education and understand is crucial for these issues to be fixed or avoided. It can be concluded that the virtual machines have been preloaded with many vulnerable application software’s, and that user configuration has caused different security vulnerabilities. The selection of operating system and maintenance of it is also crucial to be understood by the novice end user.

Reference List 1. Bishop, M. (2003). What is computer security? IEEE Security & Privacy, 1(1), 67-69. 2. Common Vulnerabilities and Exposures. (2016). Retrieved 2nd September 2016 from http://cve.mitre.org 3. Curley, C. (n.d.). What is Applications Software? – Definition, Examples & Types. Retrieved 2nd September 2016 from http://study.com/academy/lesson/what-is-application-software-definitionexamples-types.html 4. Mackay, C. (2009). Why are plaintext passwords bad, and how do I convince my boss that his treasured websites are in jeopardy? Retrieved 1st September 2016 from http://stackoverflow.com/questions/1197417/why-are-plain-textpasswords-bad-and-how-do-i-convince-my-boss-that-his-treasur 5. Microsoft. (2016). Desktop Configuration. Retrieved 2nd September 2016 from https://technet.microsoft.com/en-us/library/cc978230.aspx 6. Microsoft. (n.d.). Password hints. Retrieved 1st September 2016 from https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/ en-us/ua_c_password_hints.mspx?mfr=true 7. National Vulnerability Database. (2015). Retrieved 2nd September 2016 from https://nvd.nist.gov/home.cfm 8. Ranbe, R. (2008). What Happens if a Firewall is Diabled? Retrieved 31st August 2016 from http://smallbusiness.chron.com/happens-firewall-disabled62134.html 9. Silberschatz, A., Galvin, P. B., & Gagne, G. (1998). Operating system concepts (Vol. 4). Reading: Addison-Wesley. 10. Spector, L. (2012). Should I Turn Off Automatic Updates? PCWorld. Retrieved 31st August 2016 from

Computer Security Assignment 1 http://www.pcworld.com/article/254647/should_i_turn_off_automatic_updates_ .html 11. Storm, D. (2015). Worst, most common passwords for the last five years. Computer World. Retrieved 1st September 2016 from http://www.computerworld.com/article/3024404/security/worst-most-commonpasswords-for-the-last-5-years.html 12. Wood, C. C., & Banks, W. W. (1993). Human error: an overlooked but significant information security problem. Computers & Security, 12(1), 51-60....