Johnson Francis IY5512 Coursework 4 1.

Many software vendors continue to design and create software at alarming rates, with little attention paid to security. They start to worry about security only after their product has been publicly broken by someone or flaws have been identified. Then they quickly release a patch that seeks to fix such vulnerabilities. This is known as the penetrate-and-patch and there are many problems to this approach to security. Among them are the following: Developers can only patch problems which they know about. Attackers may find problems that they never report to developers. Patches are rushed out as a result of market pressures on vendors, and often introduce new problems of their own to a system. Patches often go unapplied, because system administrators tend to be overworked and often do not wish to make changes to a system that "works." As we discussed earlier, system administrators are generally not security professionals. Designing a system for security, carefully implementing the system, and testing the system extensively before release, presents a much better alternative. 2. Two principles that aid secure software development: Secure software by default this states that software should fail securely i.e. failure of the software should not lead to security vulnerabilities e.g. a firewall that continues to operate when the log disk is full could lead to a failure to detect a critical security event. Secure software by simplicity from a design perspective, simple software are easier to test and analyze, also vulnerabilities are more easily detected and corrected. Security features should also appear simple, else users will circumvent them. 3. Buffers are sections of memory allocated for temporary data storage, they could contain anything from a character string to an array of integers. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. Writing outside the bounds of a block of allocated memory would overwrite the program space of the next program in memory and this can corrupt data, crash the program, or cause the execution of malicious code. An attacker could deliberately initiate a buffer overflow so as to manipulate results,

modify security relevant data, run security relevant code, etc. attractive targets are IP addresses and security settings. 4. Two ways in which risks from buffer overflow are reduced are: Input validation a program should always check that input supplied to it from an external source is of the appropriate type and size, and that it contains appropriate characters. No eXecute (NX) bit this is a technology used in CPUs to segregate areas of memory for use by either for storage of processor instructions (or code) or for storage of data. It is used to prevent certain types of malicious software from inserting their code into another program's data storage area and running their own code from within this section (the buffer overflow attack). 5. Type safety means using a programming construct that imposes certain rules or restrictions on specific data held by variables and how the data can be used so as to protect against bugs caused by type errors. A type error is caused by a discrepancy between differing data types and usually results from attempts to perform operations on values that are not of the appropriate data type e.g. adding a string of characters to an integer and assigning to a variable of type int. So, we should always strive to write typesafe code which is code that is free from type errors at run-time. Type safety helps make software more secure by ensuring: Prevention of Illegal operations: For example, we can identify an expression 3 / "Hello, World" as invalid, because the rules of arithmetic do not specify how to divide an integer by a string. Memory safety: Wild pointers can arise when a pointer to one type object is treated as a pointer to another type. For instance, the size of an object depends on the type, so if a pointer is incremented under the wrong credentials, it will end up pointing at some random area of memory. Prevention of Buffer overflow: Out-of bound writes can corrupt the contents of object already present on the heap. This can occur when a larger object of one type is crudely copied into smaller object of another type. Logic errors originating in the semantics of different types: For instance, inches and millimeters may both be stored as integers, but should not be substituted for each other or added. A type system can enforce two different types of integer for them. Ref: http://en.wikipedia.org/wiki/Type_safety

9.

A virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going as attachments in the email. A worm is similar to a virus by design and spreads from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. The main difference therefore, is the ability of a worm to replicate itself without any human action unlike the virus which requires human action to spread.

10.

Examples of a worm and a virus: Anna/ VBS.SST@mm Worm: On 11 Feb 2001, a malicious program was released that was contained in an attachment to e-mail. The attachment purported to be a picture of a 19-year-old Russian tennis player, Anna Kournikova, but the attachment was actually a computer worm. The attachment had the file name AnnaKournikova.jpg.vbs. The file type .jpg is commonly used for graphic images, such as photographs. However, the real file type was .vbs, which is an executable file, a computer program written in Microsoft Visual Basic Script. The Anna worm did the following two things on a victim's computer: sends one copy of the worm to each e-mail address in the victim's Microsoft Outlook address book. on 26 Jan of each year, it displays the homepage of an innocent computer store on the victim's web browser. The Anna worm rapidly spread amongst computers, particularly in North America, on 12-13 Feb 2001. While the Anna worm was relatively benign (e.g., it did not damage any files on the victim's computer), it still caused harm by clogging the Internet with many copies of itself and by requiring each victim to remove it from his/her computer.

Melissa Virus: The Melissa virus was released on 26 March 1999 and was designed to infect macros in word processing documents used by the Microsoft Word 97 and Word 2000 programs. The innovative feature of the Melissa virus was that it propagated by e-mailing itself to the first fifty addresses in the Microsoft Outlook e-mail program's address book. This feature allowed the Melissa virus to propagate faster than any previous virus. The virus arrived at each new victim's computer disguised as e-mail from someone who they knew, and presumably trusted. The Melissa virus propagated in two different ways: On PCs running the Microsoft Outlook 97 or 98 e-mail program, the Melissa virus used the Outlook program to send an e-mail containing an attachment, with a filename like list.doc. This file contained a Microsoft Word document with a macro, and a copy of the Melissa virus was inside the macro. When this e-mail was received by someone who had Microsoft Word on his/her computer (even if their computer was an Apple Macintosh), and the recipient clicked on the attachment, the document would open and the Melissa virus would automatically infect Word's normal.dot template file, thus infecting the recipient's computer. Infected Microsoft Word documents could be transmitted by floppy disks, usual e-mail sent by victim, etc. When such infected documents were opened in Microsoft Word, the Melissa virus would automatically infect Word's normal.dot template file, thus infecting the recipient's computer. Ref: http://www.rbs2.com/cvirus.htm