• Home
• Store
• Past Posts
• Articles
  • Asking for a pay rise
  • Resignation
  • Asking for a Promotion
  • Getting a Green Card
• Contact us
• search

Subscribe

TCP vs UDP

The difference between TCP and UDP that causes UDP to be called unreliable is that TCP establishes a virtual circuit, it establish a permanent connection between two parties and ensures end to end sequenced communication after which it breaks the circuit allowing for other connection requests to develop their own virtual circuits unlike UDP that doesn’t establish any virtual circuit sessions or even sequence or guarantee error free communication.

 These circuits allow for an acknowledgement flag. TCP periodically sends an acknowledgement flag or signal which is a hash value of previously sent data from the sender to the receiver. If the receiver’s computed hash value doesn’t match the sender’s hash value then the server asks the sender to resend the last batch of data. This provides for error detection and correction and reliable and error free communication.

UDP can be reliable if one programs it to number the packets it sends over the network. This will allow for the receiver to know when certain packets have not been received and thus request for retransmission i.e. it can provide for error detection and correction and also programming UDP to request for acknowledgment from the receiver is another way of making UDP reliable.

Encapsulation allows TCP to work with IP protocols in the following way; an application may create a message e.g. an email message. This message is then passed to a lower layer the presentation layer, this layer encapsulates the message and adds its own header and footer and then passes to another lower layer. When it reaches the transportation layer, TCP establishes a logical connection between the two communicating devices. It then passes the information to the network layer that has the IP protocol, IP provides for routing information but doesn’t guarantee delivery, it only provides IP addressing and packet fragmentation but doesn’t provide for accuracy checking, all this is the responsibility of the TCP. This information is encapsulated and passed over to the data link layer and finally the physical layer for transmission.

Rootkits

A rootkit is software that allows a hacker to gain access to a system using a user account and increase their privileges to the same level as the administrator or sometimes they exploit the vulnerabilities in the operating system to hide the execution of certain processes running in the background.  A root kit modifies the system kernel so that it can gain access to the system or evade authentication procedures on the established system, after gain access to the system it can then be able to do what it wants from key logging activities, changing of application system resource priorities to creating backdoors in the system

Rootkits are difficult to detect because they hide these processes and even the task manager cannot see these processes. Even when a network administrator runs netstat, he cannot see the opened connection established by a rootkit. Many root kits are developed or programmed to circumvent the antivirus programs and antispyware programs that don’t have current updates. (Stewart, 2004)

SQL injection attack

SQL injection attack uses malicious code to take advantage of security vulnerability in a database or web based applications. These attacks are carried out using sql commands and can have serious implications like controlling the sql server or elevating their privileges thus controlling the database with an administrator’s privilege allowing one to add, edit and even drop tables. (http://www.stardeveloper.com/articles/display.html?article=2008112501&page=1)

An Sql attack can be prevented by implementing sanitization techniques such as defining what type of value is expected  and using functions like replace(str, “’”, ”””) when expecting a string value as user input or getsecureval(cstr(param),”’”, “””) when accepting user input from cookies. Both these methods will replace any single apostrophe entered by sql injection attacks to a double quote thereby producing an error.

 one can also use the Clng() when expecting numeric values to be entered by the user, this converts the user input into numeric by first analyzing if it can be converted, if malicious code is put instead will it produce an error.Most web developers tend to focus more on security holes of the operating system or the web server that the website will run on forgetting the programming language like sql used to develop the database of that website. 

Security policy: standards, guidelines and procedures

A security policy would allow us to have a guide or a broad view of the guidelines, rules and procedures that are needed to protect our wireless technology. We need the security policy because it identifies what needs to be protected, how access, audits and reporting are to be handled. Example:  Internet access will be given to staff that only need it for their work.

A standard is developed from a security policy and it deals with specifics about an issue. We need standards because they describe an issue in detail and this provides for the possibility of audits i.e. ability to audit whether a standard is being followed or me. Example: every user must ensure they have a strong password.

A Guideline provides the how in implementing a standard. “It helps an organization to implement and maintain standards” (Dulaney, 2009). Example:  passwords for access to the wireless internet need to be 8 characters long and must consist of characters and numbers.

A Procedure is developed to provide a step by step instruction on how to accomplish or implement a guideline. It helps users know how to go about following the rules set by the organization.

Example: press CLT, ALT and DEL simultaneously.  Select change password, then enter old password and then enter new password twice. Password need to be 8 characters long and must consist of characters and numbers. Click ok to apply the changes.

References

Stewart M, Tittel E, Chapple M (2004). CISSP study Guide, Sybex

White G, Conklin W M A (2009) Comptia Security+, McGraw Hill

Dulaney E (2009) Comptia Security+  study guide 4^th Edition

Symmetric key Vs Asymmetric encryption

Symmetric encryption uses one shared key to encrypt and decrypt a document. This key is known to both the sender and receiver. While asymmetric encryption, each user has two keys one private only known to themselves and the other one public and known to everyone.

Symmetric encryption does not provide for non repudiation, since any person with access to the shared key can both encrypt and decrypt a message, so one cannot tell where it originated from, unlike asymmetric encryption where the use of a private key to sign a message allows for non repudiation of the message.

In symmetric encryption, key distribution is a problem since one has to find a secure means of exchanging the secret key unlike asymmetric encryption where people just need to make their public key known to anyone who wants to communicate with them.

Symmetric encryption provides for a fast method of communication and also lends itself to hardware implementation which provides for even higher operational speeds unlike asymmetric encryption which is slow because of the complicated math involved in generating the keys.

Symmetric key encryption algorithm is not scalable because it requires each potential pair of communicators to have a shared secret key thus making it hard for large groups to communicate e.g. two users would need one key, three users would need 3 keys, four users would need 6 keys etc unlike asymmetric encryption that that requires new users to only generate a pair of keys.

Intrusion detection system Vs Intrusion prevention systems

Intrusion detection system (IDS) is a system that monitors the network for any suspicious activity or external attacks that are aimed at interrupting the normal working of the network or the computer systems. IDS have sensors that monitor audit logs, external communication, and any suspicious activity. An analyzer examines these activities and normally compares these activities to known attack patterns, it then classifies them and alerts systems administrator in case an activity is considered an attack.

Intrusion prevention systems (IPS) monitors the network for suspicious activity, malicious programs or attacks and can block or redirect the traffic as it comes (in real time). IDS only monitors and reports, it doesn’t block suspicious activity. An IPS also has a sensor and an analyzer that monitors the network traffic as it comes in and this traffic is analyzed against known attack signatures or “bad” traffic patterns. When an attack is recognized, the connections can be reset, blocked, quarantined or the offending packet can be dropped and an alert generated and sent to the system administrator.

  The main advantage of an IPS over IDS is that IPS can block, reject and drop suspicious traffic while IDS can only report or alert the administrator about the suspicious traffic.

 Another advantage is that an intrusion prevention system (IPS) can decrypt encrypted traffic for further inspection and monitoring unlike an intrusion detection system which doesn’t have this ability so encrypted traffic passes through without inspection.

An Intrusion prevention system (IPS) interacts with traffic in real time i.e. as it occurs and thus it’s able to prevent attacks in real time unlike an Intrusion detection system (IDS) that sits passively and watches the traffic but does not interact with it.

The disadvantage of an IPS over IDS is usually the price, an IPS costs much more than an IDS and this is because it has added functionality and it is a newer technology compared to IDS.

Factors influencing FAR & FRR in Biometrics

FAR in biometrics stands for false acceptance rate, it is the ratio of type 2 errors (when an invalid person is authenticated) to valid authentications. While false rejection rate (FRR) is the ratio of type 1 error (when a valid person is not authenticated) to valid authentications. (Gollmann, 2006)

FAR and FRR are influenced by the following factors:

Sensors being too sensitive causing a valid subject or person not to be authenticated, the sensors can also be insensitive thus causing an invalid subject or person to be authenticated.

Poor picture quality caused by poor lightning in a facial recognition system can also cause problems in biometrics systems thus increasing the rate of FAR and FRR errors.

Another influencing factor in FAR and FRR can be worn out fingerprints that can cause poor quality templates to be obtained during enrollment, this can increase the FAR and FRR.

Noisy surroundings especially in voice recognition can also affect the enrollment process and increase changes of errors in biometrics systems.

The equal error rate (EER) is when the FRR and FAR are equal or close to equal. It is used to measure the performance and accurate of the biometric device. A tradeoff between FAR and FRR can be reached by having a lower FAR and a higher FRR or vice versa. The device with sensitivity closest to the ERR is consider more accurate.  Shown below is a Graph of FAR and FRR errors showing the ERR point

 

 

Reference

Stewart M, Tittel E, Chapple M (2004). CISSP study Guide, Sybex

Gollmann, Dieter (2006).Computer security, John Wiley & Sons

http://www.bromba.com/faq/biofaqe.htm#DefinitionderFRR

Authentication methods

What you do and where you are, are important authentication methods that should be used in combination with the other three authentication methods (What you know, what you have, and who you are). This two authentication techniques are important because they increase the security of the system e.g.  Where you are restricts access to the system based on the logical location of an individual or computer thus making hacking difficult and cumbersome unless you are in that same location or terminal.  What you do restricts an individual to a particular job role thus it makes it difficult to access full information only partial data can be accessed in case of a security breach.

Also authentication methods tend to improve as new techniques come up thus these two new techniques can be seen as more secure than the previous authentication methods i.e. something you know e.g. password or PIN is easier to crack than something you have e.g. smart card which can be overcome by theft, which makes it less secure than something you are e.g.  Biometric systems like fingerprint and voice patterns. What you do  restricts a person to a particular job role thus only partial information can be accessed if there is a security breach and where you are restricts access to a system to a particular location thus it makes it harder for someone to break into the systems unless they work from the same location as the authenticated individual.

Examples of authentication methods

What you know: This authentication method utilizes passwords, maiden names, passphrase etc. e.g.  When log into your personal computer with your password then you utilize this technique.

What you have:  this method or technique utilizes something that a person has possession of e.g. a key to a lock. The key is something you have and as long as you don’t lose it or its not duplicated then you can be the only one with access. A smart card is also another example of what you have; it can be used to gain access to a building, room or systems.

Who you are: this technique involves the using physical characteristics of an individual e.g. voice recognition systems, retina pattern, hand geometry etc. an example of this technique is accessing an sensitive military installation and using the retina pattern as an authentication method for accessing the building.

What you do: this technique involves a task or a specific action that you have to accomplish, it can also be your job role. E.g. in online banking systems one can type a passphrase as a means to authenticate yourself and access the system. Also in a database system a person can log in and only have access to a particular portion of the database e.g. a purchasing agent can only access inventory data and not sales or financial data.

Where you are: This authentication technique takes into account where an individual logs in i.e. from a certain location or from a certain terminal. E.g. if the helpdesk function of AT&T is outsourced to India, then  helpdesk workstations should be allowed to access enterprise wide systems only from India and nowhere else.

• Recent Posts

  • TCP vs UDP
  • Rootkits
  • SQL injection attack
  • Security policy: standards, guidelines and procedures
  • Symmetric key Vs Asymmetric encryption
  • Intrusion detection system Vs Intrusion prevention systems
  • Factors influencing FAR & FRR in Biometrics
  • Authentication methods
  • How project scope contributes to project success
  • Reasons for decomposing a project

Copyright © 2008 Lecture Notes · VarsityLecture by Admin · Login