Friday, January 26, 2007

Discussion topic 1

This is a note to all the students in the class: Kindly post a scenario of what would happen when a computer lies and discuss your thoughts in detail about your specific scenario as to how it may affect the security of the overall system.

12 comments:

Anita said...

An example of a lie:

Phishing Attack – This kind of cyber attack usually done through e-mail containing hyperlink of fraud website or fraud web links.
It is usually done in finance institutions. A user receives an email from a bank (hacker). The email usually contains spoofed images and logos to trap the user to trust and it also contains a hyperlink requesting user to validate his bank account number or credit card number and its validity. But actually the web page which looks valid directs the user to some malicious web page with spoofed data and content.

A normal user unaware of such malicious activity is trapped by providing personal and valid information about the bank details.

Anita

Yuri said...

The level where the lie is situated (whether its at the application layer, network layer or another layer seems to affect the scope of potential damage resulting from the lie. For example, the phising example is one where a user actually has to respond to the lie providing sensitive information for the lie to possibly have a damaging effect. In the case where the lie lies at a lower layer (the networking layer), possibly spoofing an IP, could result directly in denial of service or rerouting sensitive information without the need for error on the part of the user.
A spoofing attack can compromise the security of a single machine or an entire network. If the spoofed address is that of a gateway or router, all traffic from the targeted machines is compromised.
Combining lies at different levels like spoofing and phishing can create scenerios where a desitnation is indistinquishable for a host from a maliciously spoofed destination made to look like the orginal destination.

Robin.Huang said...

A hacker is one who specializes in work with the access control mechanisms for computer and network systems. This includes individuals who work toward maintaining and improving the integrity of such mechanisms. However, the most common usage of hacker in this respect refers to someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators.

Nevertheless, there are some highly skilled and malicious hackers as intruders may influence the financial institutions, even against national security.

Sherman said...

What if a DNS/Proxy Server lie?

Consider the scenario of online banking via world wide web, the security of the overall system normally relies on the security of the password (e.g. the passwords must come from a high entropy distribution, the user host is free from any key-logger or any similar malicious program) and the mechanism of the authentication (e.g. cannot reveal any partial information about the actual password -- usually enabled by SSL, against replay attack and dictionary attack, etc.). However, if the computer acting as the DNS server lies, user entering says www.hsbcusa.com will be redirected to some malicious site that looks the same as a real site but only aims to trap users' passwords). An average computer user is usually unaware of the DNS mechanism, and simply believes that typing www.hsbcusa.com in the browser will let them go to the right site. A more informed user may try to notice whether there is a small lock icon appeared in the browser when logging information is sent, but it does not imply that the server is the real one. As a result, a lying DNS server will compromise the security of the overall system. A similar situation will occur if the proxy server lies. Again, it cannot be easily noticed by an average user.

Rhishikesh said...

The blackhole attack is a general attack that relies on falsification. In blackhole attack, a malicious AS injects malicious routing information to attract traffic that would otherwise not flow through it, thus gaining control of a path. An example of this attack is AS 7007 incident, where, due to a misconfiguration, an AS announced short routes to many destinations, causing global connectivity problem for two hours

Anita said...

An Interesting scenario:

How worms can change the working of your computer?

Have you ever come across a situation when controlling computer is not in your hand? It’s damn slow and you don’t know what’s going on?
You check task manager processes to find for weird processes. You can’t find any.
You decide to check for executable files in the system folder but you can’t discover any.
Now you are about to apply the setting to see hidden files and folders but your “folder options…” option in the tool is erased.
Now you go to command line and type the command to view hidden files and folders, but even this doesn’t show any interesting results.
Now you check the registry settings for running processes, but when you are about to open registry editor, your computer restarts. What could it be?
It is due to worms called “WORM_RONTOKBR.AC” and “NendangBro.com”.
These worms spread by attaching a copy of itself to email messages, which it sends to its target recipients.

Lakshminarayanan Subramanian said...

Any thoughts on how one would avoid a Phishing attack?

Anita said...

According to me the most efficient way to avoid Phishing attacks is through user awareness.
Apart from this the user should use updated versions of browsers such as firefox 2 and internet explorer 7, which includes Phishing filters. The patches for the browser must be up to date.
There are many softwares used to find fraud sites. One can also check the authenticity of website at www.dnsstuff.com.

Lakshminarayanan Subramanian said...

dnsstuff.com is cool! How does it work? Anyone knows?

Merin said...

Banks are implementing an interesting way to enhance the security of web sites.

They use pictures to help to validate the authenticity of the web site. The customers is given a set of images and asked to select one. The customers will always see that picture on their bank's web site before they login. If the customer follows a bogus link to what they think is their banks web site, their selected picture won't be seen and the customer refuses to enter their login details. There by, reducing the phising attacks

Bank of America actually implements this concept.

Brinsley D'Cunha said...
This comment has been removed by the author.
Brinsley D'Cunha said...

A recent joint study between Harvard and the Massachusetts Institute of Technology had 60 internet banking users visit Boston. These were all customers of one bank, using the picture verification for enhanced security. In a controlled environment they were asked to login to their bank's web site and conduct transactions. This was a bogus web site, with no picture to verify. Of the 60 users, 58 proceeded even though there was no picture. Instead they saw a message that the site was undergoing maintenance. The message even had a conspicuous typographical error.

So I guess this idea that Bank of America endorses is not full proof