Computer Security Basics

1
Computer Security Basics

• - The security mentality.
• - Security illusions.
• - Hear the whispering of a network ghost.
• - Coding is not a privilege it is a gift.
• - Security ! Cryptography.
• - Information
• Session by Amr Ali
• http//amr-ali.co.cc/
• amr.ali.cc_at_gmail.com

2
The Security Mentality

• - Being aware of some system vulnerabilities is
  not just something you read in the books or gain
  experience in along the years, it is the ability
  to think like a thief, and being a good one
  requires lots of training and dedication.
• - Ever entered a shopping mall and looked for all
  the security cameras and tried to figure their
  deaf spot? That sort of conscious is what makes a
  good security aware mentality.
• - There is two important sides to build up your
  security mind, first lots of reading must be
  done, read stories about hackers intrusions, read
  lots technical books, maybe a couple of research
  papers as well, not only that, you might also
  want to implement some of the ideas that are
  floating around and see if they are feasible , it
  is honestly all about research. Think of it as an
  endless journey.
• - Learn how to attack to be able to defend -

3
Security Illusions

• - Everyone saw that little gold lock on SSL
  encrypted HTTP connections, right? Think you are
  secure? Well, think again. That little lock is
  nothing but the illusion of being secure. A well
  crafted monkey-in-the-middle attack could do the
  job. Google for dsniff.
• - Indeed this is not only valid for SSL
  connections, the idea is that security comes from
  completeness and since nothing is complete there
  will be always a way in, however there is a
  difference between theory and practicality, in
  theory nothing is secure, but in practicality a
  well established security policy and a talented
  security team in any network could make it near
  impossible to break in.
• Check out ... http//tinyurl.com/sslmitm

4
Network Ghosts

• - Ever had this feeling of inconformity?
  Something is not right? If you didn't, you need
  to get more sensitive sensors for network ghosts.
• - Running arp -vn in your terminal could easily
  show you a MITM attack in effect.
• - Looking up a domain that you know the IP
  address for beforehand could show a possible DNS
  Spoofing attack.
• - The point is that being sensitive to the
  slightest change of behavior in your network is
  the first line of defense against any attack, the
  faster and the smarter you deal with an attack
  the faster you will recover from it, and even
  better, if you reached that high level of
  sensitivity towards your network, you could
  easily terminate live attacks.

5
Coding is A Gift

• - Many professional programmers simply ignore
  security due to ignorance or whatever it might
  be, but only then, you hand an attacker a gateway
  to your system or network on a silver plate.
• - OpenSource makes finding this vulnerability and
  fixing it a lot easier, so you don't even have to
  face the consequences, however closed source
  applications could have vulnerabilities for years
  after the product release and no body would know
  until it gets exploited, and only then you will
  have to face the consequences on a large scale.
• - We will discuss a vulnerability called Buffer
  Overflow this kind of vulnerability is now
  considered history, however there are derivatives
  that still exist. So we are going to discuss this
  simple form of a BOF. This also requires GCC and
  GDB installed on the system you run this code on.
  Please note that I've coded this on a Debian
  Lenny amd64 machine, your output might differ
  from mine.

6
Coding is A Gift

• - For example, here is a C code that has a BOF
  vulnerability, this kind of vulnerabilities are
  rare nowadays, however similar more trickier
  permutations exist that cause the same effect,
  which is running an arbitrary code in memory...
• vuln.c
• 01 include ltstdlib.hgt
• 02 include ltstdio.hgt
• 03 include ltstring.hgt
• 04
• 05 int main(int argc, char argv)?
• 06
• 07 char buffer10
• 08
• 09 strcpy(buffer, argv1) / Vulnerable code
  /
• 0A printf(buffer)
• 0B return 0
• 0C
• EOF

7
Coding is A Gift

• - In the previous C code we saw one ... oops I
  mean two vulnerabilities, yes there are two
  vulnerabilities in that code, not only one. Here
  is a hint, the second one is called Format
  String Vulnerability. Now back to our BOF
  vulnerability, I'll do the following in my
  terminal, note that I'm running a x86_64
  system...
• gcc -ggdb vuln.c -o vuln
• gdb -q ./vuln
• (gdb) r (perl -e 'print \x41x10,\x45x14')?
• Starting program /tmp/vuln (perl -e 'print
  "\x41"x26')?
• Program received signal SIGSEGV, Segmentation
  fault.
• 0x00007fdb70d00500 in __libc_start_main () from
  /lib/libc.so.6
• (gdb) x/20 rsp
• 0x7fff2f2538c0 0x00000000 0x00000000 0x00000000 0
  x762f2e00
• 0x7fff2f2538d0 0x006e6c75 0x41414141 0x41414141 0
  x45454141
• 0x7fff2f2538e0 0x45454545 0x45454545 0x45454545 0
  x48535300
• 0x7fff2f2538f0 0x4547415f 0x505f544e 0x333d4449 0
  x00373534
• 0x7fff2f253900 0x4d524554 0x6574783d 0x53006d72 0
  x4c4c4548

8
Coding is A Gift

• - As we can see there are exactly 10 bytes in
  green of 0x41 (0x41 A) and other 14 bytes in
  red of 0x45 (0x45 E) so we see that we
  successfully written 14 bytes in memory which is
  allocated for only 10 bytes, that's what cause
  the buffer overflow. Now you all ask yourselves
  that is cool and amazing but what use overflowing
  the stack memory with some code if the program
  crashes? Well the answer is very simple, the
  program crashes because we overwritten the EIP
  register or RIP (x86_64 platforms) with nonsense
  bytes which should represent a memory address, so
  it's really all our fault, now if we carefully
  crafted a shellcode with the right memory
  addresses to jump to our code, we could easily
  run an arbitrary piece of code to achieve
  whatever we want.
• - I must say that this sounds easy, but in
  reality it is much harder than just that, so good
  luck hunting for one. I also advice that all of
  you coders go to smashthestack.org and play with
  the IO challenges, they are not the easy type,
  and you will learn tons from them. I'm at level
  12 -)?

9
Security ! Cryptography

• - Cryptology is a science that have two sub
  sciences, one is Cryptography and the other is
  Cryptanalysis, the former is the science of
  building encryption algorithms, in the other hand
  Cryptanalysis is the science of breaking those
  algorithms. Now Cryptography does not mean
  secure, it doesn't mean that you are encrypting a
  file and sending it over a public network that
  your file is secure, not at all.
• - Security describes the state of a system of
  components, a particular operation, or a
  transaction of being secure on a virtual scale,
  using Cryptography only increases that scale, so
  say encrypting the file would give that file a
  security measure of 15, and making sure that the
  system or the key is not compromised is another
  12, if there is an authentication system that
  verifies the sender and the receiver that would
  give another 10, also if this encrypted tunnel
  is immune to network attacks that would give 11
  etc. So the point is Cryptography is just a
  component in a system of components.

10
Information

• - Security News And Information -
• - SmashTheStack - http//smashthestack.org/
• - DarkNet - http//darknet.org.uk/
• - SecurityFocus - http//securityfocus.com/
• - SANS Institute - http//sans.org/
• - CERT - http//cert.org/