Lecture 7

Question 1

What is Alternate Encodings?

Answer 1

• Has multiple means of encoding
• Unicode used for internationalisation
• Uses 16-bit value for characters
• Uses UTF-8 encodes as 1-4 byte sequences

Canonicalisation

• Transform input > single, standard, minimal representation
• Input is compared with single representation of acceptable input values

Question 2

How is Numeric Input validated?

Answer 2

• Stored in fixed-sized values
• 8, 16, 32, 64 bit integers
• Values can signed or unsigned

Question 3

What is Input Fuzzing?

Answer 3

• A software used for input testing randomly generated data
• Inputs are LARGE
• Inputs determines that it handles abnormal inputs

Disadvantages:

• Bugs trigger by other forms of input would be missed

Question 4

How do you ensure Machine Language Corresponds to Algorithm?

Answer 4

• Issue ignored by most programmers
• Requires comparing machine code + original code
• Slow and difficult ->>>>> EXPENSIVE!!!
• Very high assurance level ‘EAL 7’ requires CHECKING

Question 5

How to Correctly use memory?

Answer 5

• Dynamic memory allocation
• Used to manipulate unknown amounts of data
• Allocated when needed, released when done
• No memory left to run >>>> CRASH/HANG
• Memory leak
• Memory unavailablity on the heap > memory exhaustion
• No explicit support in dynamic memory
• Standard library routines used to _release memory _

Question 6

What is Race condition?

Answer 6

• Synchronisation of access “at the same time”, can lead to loss due to overlapping access/use
• Two or more threads can access shared data and they try to change it at the same time.
  
  • Because the thread scheduling algorithm can swap between threads at any time, you don’t know the order in which the threads will attempt to access the shared data.

Example: Withrdrawing money at the same time

Question 7

What is a Deadlock?

Answer 7

Deadlock occurs when there is a conflict of a shared resource –

“Waiting for another for who is using the same resource”

Question 8

What is Environment Variables?

Answer 8

• Collection of string values that inherits from the parent
• Affects the way a running process behaves
• Included in memory
• Can be modified to pass onto **children **
• Another source of untrusted program input > Corruption!

Question 9

What is the use of Least Privileges?

Answer 9

• Escalates privileges (Gives attackers privileges)
• Least privileges (to run programs to complete function)
• Determines appropriate **user group privileges **(Granted for group or users)
• Ensures the program only modifies files and directories
• Runs macros to know that it is from the legitimate user

Question 10

What is Root/Administrator Privileges?

Answer 10

• Programs with root privileges are a major target of attackers
• Provides the highest levels of system access + control
• Needed to manage access to protect system resources
• Provides isolation between components
• Reduces the consequences of security breech in one component

Question 11

System calls and Standard Library Functions

Answer 11

• Programs use system calls and standard library functions for common operations
• If incorrect behaviour > optimising access to shared resources
• Services become buffered, resequenced

Question 12

How to prevent Race Conditions?

Answer 12

• Programs need to access a common system resource
• Need synchronisation mechanism

Question 13

What is a Lockfile?

Answer 13

Process must create and own the lockfile to gain access to shared resource

Concerns:

• If program ignores the lockfile + shared resource, the system will prevent this
• Implementation

Question 14

How to Safely use Temporary Files

Answer 14

• Programs use temporary files in shared system area
• Must be unique, not shared by others
• Create name using process ID
• Must be secure + use random names

Question 15

What is Malware Countermeasures?

List the 4 main elements of prevention + Threat mitigation

Answer 15

Solution of malware prevention

Four main elements of prevention

• Policy
• Awareness
• Vulnerability Mitigation
• Threat Mitigation

Threat mitigation options:

• Detection
• Identification
• Removal

Question 16

Generations of Anti-Virus software

Answer 16

1. First generation: Simple scanners

• (Requires malware signature to identify the malware
• Limited detection)
  2. Second generation: Heuristics scanners
• Uses heuristics rules
• Integrity checking

  3. Third generation: **Activity Traps**

• Identifies malware by its actions BEFORE infected programs
  4. Fourth generation: Full-featured protection

Question 17

What is Generic Decryption? List what GD scanner contains

Answer 17

Anti-virus detects the complex polymorphic viruses + malware

Run GD scanner which contains:

• CPU emulator
• Virus Signature
• Emulation Control module

Question 18

What is Host-Based Behaviour Blocking Software?

Answer 18

A host computer that monitors the program behaviour in real time for malicious action

• Blocks potential malicious attacks BEFORE it affects the system
• Blocks software in real-time

Question 19

What are the Two types of monitoring software?

Answer 19

Ingres monitors:

• Located at the border between enterprise network and the internet
• Technique: look for incoming traffic to unused local IP address

Engress monitors:

• Located at the engress point of individual LANS + border between the enterprise network + internet

_Monitors traffic signs scanning + suspicious behaviour _

Question 20

What is Worm Countermeasure? What are the 6 defences?

Answer 20

Anti-virus can detect + remove it

Worm defences:

1. Signature-based worm scan filtering
2. Filter-based worm containment
3. Payload classification-based worm containment
4. Threshold random walk, scan detection
5. Rate limiting
6. Rate Halting

Question 21

What are the four lines of DOS Attack Defence?

Answer 21

Four lines of defence against DDoS attacks:

1. Attack prevention + pre-emption
   * BEFORE attack
   
   2. Attack detection + filtering
      
      • DURING the attack
   3. Attack source and traceback and identification
      
      • DURING + AFTER the attack
   4. Attack reaction
      
      • AFTER the attack

Question 22

What is DOS Attack Prevention?

Answer 22

• Block IP directed broadcasts
• Block suspicious services and combination
• Manage application attacks with graphical puzzle

CAPATCHA (Completely Automated Public Turning test to tell Computer and Humans Apart –

to distinguish human request

Question 23

How to respond to DOS attacks?

Answer 23

1. Antispofing
2. Limit filters should be implemented
3. Ideal for network monitors
4. IDS to detect notify abnormal traffic patterns
5. Requires good incident response plan
6. Contact technical for ISP
7. How to respond to attack

Question 24

Steps to responding to DOS Attack

Answer 24

• Identify attack

(Capture + analyse packets
Block attack traffic upstream)

• Have ISP to trace the packet flow back to source
• Implement a plan (Such as a backup server)
• Update incident response plan
• Analyse attack for future response handling