NOTE-ST-20:-

Q1a) SECURITY GOALS:-

Secrecy and Confidentiality:-

1. A secure computer system must not allow information to be disclosed to anyone who is
not authorized to access it.
2. For example, in highly secure government systems, secrecy ensures that users access
only information that they are allowed, by the nature of their security clearances, to
access.
3. Similarly, in business environments, confidentiality ensures the protection of private
information (such as payroll data) as well as sensitive corporate data (such as internal
memos and competitive strategy documents).

Accuracy, Integrity, and Authenticity

1. A secure computer system must maintain the continuing integrity of the information
stored in it.
2. Accuracy or integrity means that the system must not corrupt the information or allow
any unauthorized malicious or accidental changes to it.

Availability

1. A secure computer system must keep information available to its users.

2. Availability means that the computer system's hardware and software keeps working
efficiently and that the system is able to recover quickly and completely if a disaster
occur.

Q2c)Access Control Methods

An interesting problem with security is that not only must information be protected from
outsiders, it must sometimes be protected from insiders as well. For instance, patient information
in a doctor's office can be accessed by medical staff, and in fact in an emergency should be
readily available. However, vendors who visit the office must not be allowed to see it, nor should
cleaners or facility maintenance personnel. Keeping information stratified inside an
organization is a form of access control. Various methods that control access to network
environments are described in the following sections.

Discretionary access control

1. In an operating system, discretionary access control (DAC) can be used to restrict file
access to certain users or groups.
2. In a network environment, DAC may restrict access to certain remote users and/or
systems.
 3. A particular network service might be available only to a certain group, which might be
defined in a network environment as a particular Internet address (e.g., all the users of a
particular system in the network).

Role-based access control

1. In many cases, it is not so much the person as their position in the organization that
determines whether or not they should have access to a given record or file.
2. Engineers rarely need access to payroll data. They would likely look up coworkers'
salaries, get jealous or gloat, and perhaps post the information on the Internet somewhere.
3. To separate information by department rather than by person is called role-based access
control.

Mandatory access control

1. Every system in a trusted network must label its data with security attributes (e.g.,
sensitivity labels, information labels, login IDs, etc.). This way, the sensitivity of the data
will be recognized if the data is sent to another system. Because different networks
support different security policies, these labels are not necessarily in the same format.
2. In certain types of secure networks, each system may effectively have a label. Mandatory
access control keeps TOP SECRET data, for example, from being sent over the network
to a system labeled as SECRET.
3. It is actually quite challenging to insure that no TOP SECRET documents are read by
persons with only SECRET clearance, a condition called read down.
4. Similarly, it must be made impossible for persons with SECRET clearance to save
documents with a TOP SECRET classification (write up).
Q2.a)Email Protocols:-

1. SMTP-SimpleMailTransferProtocol
2. POP3 – PostOfficeProtocol
3.IMAP-InternetMessageAccessProtocol
4.HTTP-HyperTextTransferProtocol

Simple Mail Transfer Protocol

1. The SMTP is designed to transfer email messages reliably and efficiently, again without
regards to the particular computers or operating systems encountered along the way.
2. It does this by setting up a channel between the initial sender and a receiver, which can
be either the ultimate destination or some waypoint.
3. Once the transmission channel is established, the mail sender issues a MAIL command,
which identifies the sender and states that there is traffic to send.
4. If the mail receiver can accept mail, it responds with an OK reply.
5. The mail sender then sends a RCPT command identifying the mail recipient.
6. If the mail receiver can accept mail for that recipient, it responds with an OK reply. If not,
it responds with a reply rejecting that recipient (but not the whole mail transaction).

• The mail sender and mail receiver may negotiate with several recipients. When the
recipients have been negotiated, the sender sends the mail data. If the SMTP receiver
successfully processes the mail data, it responds with an OK reply.
• In the case that mail is sent to an intermediary stop, or waypoint, the process is repeated.
If the mail receiver is the intended destination, the message is forwarded to a mailbox for
storage until the recipient calls for it with her mail client.
• Mail that can't be delivered because of incorrect or invalid addresses are returned with a
note from whichever mail server determined the problem, stating that delivery was
impossible.
• The SMTP system works so well that email has become an important means of doing
business. This same reliability, however, is its undoing. Email is normally transmitted in
the clear, which means that a host that pretends to be an email relay can access all email
that passes through it; mail could then be copied or modified. When an attacker suspects
that a user or administrator is getting suspicious, it is relatively easy to disconnect the
relay and lay low. The flow of message receipts and returns may be delayed but will
likely not be disrupted because of the self healing nature of the robust SMTP protocol.
• Further, it is very easy to create an email message that looks as if it was sent from
someone other than the true sender. This can create problems in its own right (for
example, a university student notifies everyone in a class that a certain test has been
cancelled, and the message appears to emanate from the professor's computer). This also
makes it easy to formulate an attack that sends tens of thousands of emails out to various
addresses on the Internet, valid or not, using the spoofed return address of someone you
wish to annoy or attack. As the emails bounce off the bad recipient addresses, your target
will get a flood of annoying messages saying that the address is no longer valid. A few of
the addresses will be valid, so your victim may get a couple of irate responses from
legitimate but uninterested recipients as well.
Q2.b)

SSL:-
Secure Sockets Layer (SSL) is used to establish a secure communication connection
between
two TCP-based machines. This protocol uses the handshake method of establishing
a session.
The number of steps in the handshake depends on whether steps are combined
and/or mutual
authentication is included. The number of steps is always between four and nine,
inclusive,
based on who is doing the documentation.

This session will stay open until one end or the other issues a command to close it.
The
command is typically issued when a browser is closed or another URL is requested.
As a security administrator, you will occasionally need to know how to configure SSL
settings for a website running on your operating system. You should also know that
in
order for SSL to work properly, the clients must be able to accept the level of
encryption
that you apply. Internet Explorer 5.5 and later, as well as Netscape 4.72 and later,
can
work with 128-bit encrypted sessions/certificates. Earlier browsers often needed to
use
40- or 56-bit SSL encryption. As an administrator, you should push for the latest
browsers
on all clients.
80 marks

Q3c)

Servers can be attacked just as easily as clients, or perhaps more readily. Servers have the
dual disadvantage of having to be exposed to many users, and possibly also to the
Internet.

Buffer overflows

1. One of the most serious attacks against a server involves causing an intentional buffer
overflow.
2. Although the arrangement varies slightly from computer to computer and from
operating system to operating system, in most computers, RAM memory is organized
by roping off a piece for the operating system, then roping off a section to be used for
temporary variable storage called the stack.
3. Above the stack is cordoned off yet another section of memory, this one called the
heap, after which is the memory storage spot for code waiting for execution.
4. If one of these areas, often the stack, suddenly grows too large, it may overwrite the
area above it. This is called smashing the stack.
5. When this happens the values that were stored in those regions are changed to
whatever was being written into memory at the time the overwriting occurred. This
may cause the computer to behave erratically or to crash.
6. If the values designed to be overwritten are chosen with extreme care, they may
actually end up being stored, as if they were instructions. They may execute the next
time the computer reads those memory locations. This is one way to inject arbitrary
code into the server; such code could be instructions that allow an attacker to take
over the computer.
7. Curative: The defense against buffer overflows is good programming practice. No
user input should ever be permitted without first verifying that it is of the correct
length and that it contains no characters that may be invalid or that may be
misinterpreted.
Q2.b
80marks
6 MARKS
Security policies:-
Secure system planning and administration is the human side of computer security.
Even in a highly trusted system, security isn't automatic. Administrators need a
written guideline, spelled out beforehand, that clearly outlines what steps to take
and what procedures to follow in the pursuit of security.
Security policies require procedures. Security procedures include holding regular
security audits, and implementing rules such as separation of duties and use of two-
man controls. To insure people know how execute security procedures requires
security training. To make sure people actually follow policies and procedures
requires oversight and enforcement. For there to be enforcement, management
must be involved. Management, after all, sets the policies.
PROCEDURES:-
1. Setting Security Rules for Employees: Some aspects of security are
simply good management. Be sensible about who you hire, what computer
resources you let them use, and what you do when they leave your
organization.
2. Training Users: No matter how diligent and careful a system administrator
you are, you can't underestimate the ability of your users to undermine your
efforts. The users in your organization have to take some responsibility for
security. Teach your users how to use the hardware and software, be sure
they understand your organization's security policy, and impress upon them
the importance of observing good security practices.
3. Performing Backups: Backups of your system and all the data stored on
your system are absolutely essential if you expect to be able to recover from
a disaster.
4. Performing a Security Audit: It's a good idea to check on the security of
your system by performing periodic security audits. A security audit is a
search through your system for security problems and vulnerabilities. Check
your system files and any system logs or audit reports your system produces
for dangerous situations or clues to suspicious activity.
 This might include:- Accounts without passwords, Accounts with easily guessed
passwords, Group accounts, Suspicious user activity

5. Separation of Duties: Separation of duties is the principle that it's better to

assign pieces of security-related tasks to several specific individuals. If no one
user has total control of the system's security mechanisms, no one user can
completely compromise the system. This principle is related to another
important security principle that of least privilege, the idea that the users and
the processes in a system should have the least number of privileges and for
the shortest amount of time needed to do their work.

GUIDELINES:-

SAFE COMPUTING:- Security features and trusted systems do a lot to make

your computer environment a secure one. Here's a collection of general hints
for protecting your computer and your data.

1. Follow the rules, make sure your work habits are secure, and don't try to bypass
security. Taking a few extra minutes to protect your login, your password, and your
data is a pretty good bargain compared with trying to reconstruct your work and deal
with the consequences if PCs or files are stolen, lost, or damaged.
2. Never leave your computer, workstation, or terminal unattended. If you're going out to lunch,
log out first. The easiest way for someone to crack a system is simply to use your account.
3. Sanitize the hard drives on old computers before you discard them.
4. Use any security controls and products available to you. These may include locks, security
boards, and software packages and features.
5. All data theft does not have to be electronic. Be careful about leaving sensitive documents
within easy access.