Chat with us, powered by LiveChat Need to present a Discussion with a word count of above 150+ words and each discussion need a separate reference link for sure. 1) End point detection and Response (EDR) (150 w | Wridemy

Need to present a Discussion with a word count of above 150+ words and each discussion need a separate reference link for sure. 1) End point detection and Response (EDR) (150 w

Need to present a Discussion with a word count of above 150+ words and each discussion need a separate reference link for sure.

1) End point detection and Response (EDR) (150 words)

2)VMware carbon Black (Endpoint) ( Need this same topic in two different formats and 2 different URL links as well needed) (150+150 = 300 words)

3)SMishing (150 words)

4)Malvertising ( Need this same topic in two different format like we did previously and 2 different URL links as well needed) ( 150+150 = 300 words)

Need to present a research report on with a word count no more than 70-110 words(not more than the count provided) and should provide a separate 

URL reference link too

  

1) End point detection and Response (EDR). 70-110 words

2) VMware carbon Black (Endpoint) ( Need this same topic in two different formats and 2 different URL links as well needed) (70+70 = 140 words)

3)SMishing 70-110 words

4)Malvertising ( Need this same topic in two different format like we did previously and 2 different URL links as well needed) (70+70 = 140 words+)

 

It is suggested you use a Research Theme to help you stay focused, and to provide continuity throughout your research.  Here is a list of ideas, but this list is not all-inclusive: 

  • Current technologies available to support management functions,
  • Best Practices,
  • Future improvements/technologies, or
  • Other standards related to your specific field.

Note: The content should be in a general words with no technical jargons.

This question is from a cyber security subject so that the matter should relate to cyber security for sure and should connect to readers.

 NO PLAGIARISM STRICTLY 

Each one should be different and no each topic information should be similar to the other topic strictly.

Deadline: 01/26/2023 12PM CST

Security in Computing, Fifth Edition

Chapter 3: Programs and Programming

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

1

Brief Review Chapter 2

Authentication is someone proving who they are

Authorization is about access control

Certification Error

Fingerprint 1

Fingerprint 2

2

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Objectives for Chapter 3

Learn about memory organization, buffer overflows, and relevant countermeasures

Common programming bugs, such as off-by-one errors, race conditions, and incomplete mediation

Survey of past malware and malware capabilities

Virus detection

Tips for programmers on writing code for security

3

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Program Security

This chapter deals with writing of programs and will be built upon in later chapters.

Is a program secure?

What characteristics?

Time to break security

Run for a time without failure

Zero tolerance

Factor of QUALITY

Quantity and types of faults as evidence of quality

4

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Terminology

Bugs: A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.

Error: When a human makes a mistake (non malicious) in performing some software activity, the error may lead to a fault, or an incorrect step, command, process, or data definition in a computer program.

Failure: Is a departure from the system's required behavior.

5

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

5

Types of Flaws

Validation error (incomplete or inconsistent): permission checks

Domain error: controlled access to data

Serialization and aliasing: program flow order

Inadequate identification and authentication: basis for authorization

Boundary condition violation: failure on first or last case

Other exploitable logic errors

6

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Memory Allocation

7

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Much of this chapter requires basic knowledge of how memory is organized, and this is a nice, simple diagram to refresh students on how it works. The key takeaways: code and data separated, with the heap growing up toward high addresses and the stack growing down from the high addresses.

7

Data vs. Instructions

8

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

The same hex value in the same spot in memory can either be a meaningful data value or a meaningful instruction depending on whether the computer treats it as code or data. This will be the basis of the attacks in the following slides.

8

Buffer Overflows

Occur when data is written beyond the space allocated for it, such as a 10th byte in a 9-byte array

In a typical exploitable buffer overflow, an attacker’s inputs are expected to go into regions of memory allocated for data, but those inputs are instead allowed to overwrite memory holding executable code

The trick for an attacker is finding buffer overflow opportunities that lead to overwritten memory being executed, and finding the right code to input

9

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

How Buffer Overflows Happen

char sample[10];

int i;

for (i=0; i<=9; i++)

sample[i] = ‘A’;

sample[10] = ‘B’;

10

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

This is a very simple buffer overflow. 10 bytes to store buffer, but Character B is placed in memory that wasn’t allocated by or for this procedure.

This is a very simple buffer overflow. Character B is placed in memory that wasn’t allocated by or for this procedure.

10

Memory Organization

11

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Similar to the earlier picture on memory organization, only this one shows where the system data/code reside vs. where the program code and its local data reside. This context is important for understanding how an attack that takes place inside a given program can affect that program vs. how it can affect the rest of the system.

11

Where a Buffer Can Overflow

12

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

The memory that’s overwritten depends on where the buffer resides.

Examples of buffer overflow effects in the context of the earlier AAAAAAAAAAB example. The memory that’s overwritten depends on where the buffer resides.

12

The Stack

13

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

13

The Stack after Procedure Calls

14

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

When procedure A calls procedure B, procedure B gets added to the stack along with a pointer back to procedure A. In this way, when procedure B is finished running, it can get popped off the stack, and procedure A will just continue executing where it left off.

When procedure A calls procedure B, procedure B gets added to the stack along with a pointer back to procedure A. In this way, when procedure B is finished running, it can get popped off the stack, and procedure A will just continue executing where it left off.

14

Compromised Stack

15

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Instead of pointing at procedure B in this case, the program counter is pointing at code that’s been placed on the stack as a result of an overflow.

15

Overwriting Memory for Execution

Overwrite the program counter stored in the stack

Overwrite part of the code in low memory, substituting new instructions

Overwrite the program counter and data in the stack so that the program counter points to the stack

16

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Harm from Buffer Overflows

Overwrite:

Another piece of your program’s data

An instruction in your program

Data or code belonging to another program

Data or code belonging to the operating system

Overwriting a program’s instructions gives attackers that program’s execution privileges

Overwriting operating system instructions gives attackers the operating system’s execution privileges

17

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Overflow Countermeasures

Staying within bounds

Check lengths before writing

Confirm that array subscripts are within limits

Double-check boundary condition code for off-by-one errors

Limit input to the number of acceptable characters

Limit programs’ privileges to reduce potential harm

Many languages have overflow protections

Code analyzers can identify many overflow vulnerabilities

Canary values in stack to signal modification

18

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Incomplete Mediation

Mediation: Verifying that the subject is authorized to perform the operation on an object

Preventing incomplete mediation:

Validate all input

Limit users’ access to sensitive data and functions

http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212&parm2=2009Jan17

19

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

19

Time-of-Check to Time-of-Use

Mediation performed with a “bait and switch” in the middle

Example: A student is buying a school book that costs $100. The student removes five $20 bills from a wallet, carefully counts them in front of the seller, and lays them on the table. Then the seller turns around to write a receipt. While the seller's back is turned, the student takes back one $20 bill. When the seller turns around, the student hands over the stack of bills, takes the receipt, and leaves with the book. Between the time the security was checked (counting the bills) and the access (exchanging the sculpture for the bills), a condition changed: What was checked is no longer valid when the object (that is, the sculpture) is accessed.

20

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

20

Time-of-Check to Time-of-Use

Mediation performed with a “bait and switch” in the middle

21

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

To carry out this authorization sequence, the access control mediator would have to look up the file name (and the user identity and any other relevant parameters) in tables. The mediator could compare the names in the table to the file name in the data structure to determine whether access is appropriate. More likely, the mediator would copy the file name into its own local storage area and compare from there. Comparing from the copy leaves the data structure in the user's area, under the user's control. It is at this point that the incomplete mediation flaw can be exploited. While the mediator is checking access rights for the file my_file, the user could change the file name descriptor to your_file, the value shown in Figure 3-3. Having read the work ticket once, the mediator would not be expected to reread the ticket before approving it; the mediator would approve the access and send the now-modified descriptor to the file handler.

21

Race Conditions

22

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Example 1 (no race condition): A booker books the last seat on the plane, and thereafter the system shows no seat available. See next slide to continue.

22

Race Conditions

23

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Example 2 (race condition): Before the first booker can complete the booking for the last available seat, a second booker looks for available seats. This system has a race condition, where the overlap in timing of the requests causes errant behavior.

23

Other Programming Oversights

Undocumented access points (backdoors)

Off-by-one errors

Integer overflows

Unterminated null-terminated string

Parameter length, type, or number errors

Unsafe utility libraries

24

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Malware

Programs planted by an agent with malicious intent to cause unanticipated or undesired effects

Virus

A program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them

Worm

A program that spreads copies of itself through a network

Trojan horse

Code that, in addition to its stated effect, has a second, nonobvious, malicious effect

25

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Types of Malware

26

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Types of Malware (cont.)

27

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

History of Malware

28

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

History of Malware (cont.)

29

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Harm from Malicious Code

Harm to users and systems:

Sending email to user contacts

Deleting or encrypting files

Modifying system information, such as the Windows registry

Stealing sensitive information, such as passwords

Attaching to critical system files

Hide copies of malware in multiple complementary locations

Harm to the world:

Some malware has been known to infect millions of systems, growing at a geometric rate

Infected systems often become staging areas for new infections

30

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Transmission and Propagation

Setup and installer program

Attached file

Document viruses

Autorun

Using nonmalicious programs:

Appended viruses

Viruses that surround a program

Integrated viruses and replacements

31

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Malware Activation

One-time execution (implanting)

Boot sector viruses

Memory-resident viruses

Application files

Code libraries

32

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Virus Effects

33

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Countermeasures for Users

Use software acquired from reliable sources

Test software in an isolated environment

Only open attachments when you know them to be safe

Treat every website as potentially harmful

Create and maintain backups

34

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Virus Detection

Virus scanners look for signs of malicious code infection using signatures in program files and memory

Traditional virus scanners have trouble keeping up with new malware—detect about 45% of infections

Detection mechanisms:

Known string patterns in files or memory

Execution patterns

Storage patterns

https://cybermap.kaspersky.com/

35

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Virus Signatures

36

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Countermeasures for Developers

Modular code: Each code module should be

Single-purpose

Small

Simple

Independent

Encapsulation

Information hiding

Mutual Suspicion

Confinement

Genetic diversity

37

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Code Testing

Unit testing

Integration testing

Function testing

Performance testing

Acceptance testing

Installation testing

Regression testing

Penetration testing

38

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Design Principles for Security

Least privilege

Economy of mechanism

Open design

Complete mediation

Permission based

Separation of privilege

Least common mechanism (no sharing)

Ease of use

39

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Other Countermeasures

Good

Proofs of program correctness—where possible

Defensive programming – to ensure the continuing function of a piece of software under unforeseen circumstances.

Design by contract (DbC) – specify pre-/post- conditions.

Bad

Penetrate-and-patch

Security by obscurity (secrecy of design)

40

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Flaws & Controls

Two classes of security flaws: those that compromise or change data and those that affect computer service.

There are three controls on such activities: development controls, operating system controls, and administrative controls.

Development controls limit software development activities, making it harder for a developer to create malicious programs. These same controls are effective against inadvertent mistakes made by developers. Program controls help produce better software.

The operating system provides some degree of control by limiting access to computing system objects. They limit access as a way of promoting the safe sharing of information among programs.

Administrative controls limit the kinds of actions people can take, and improves system usability, reusability, and maintainability.

41

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

41

Summary

Buffer overflow attacks can take advantage of the fact that code and data are stored in the same memory in order to maliciously modify executing programs

Programs can have a number of other types of vulnerabilities, including off-by-one errors, incomplete mediation, and race conditions

Malware can have a variety of harmful effects depending on its characteristics, including resource usage, infection vector, and payload

Developers can use a variety of techniques for writing and testing code for security

For fun: http://www.fogcam.org/

42

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

42

image2.png

image3.emf

image4.emf

image5.emf

image6.png

image7.emf

image8.emf

image9.emf

image10.emf

image11.emf

image12.emf

image13.png

Microsoft_Word_Document.docx

Code Type

Characteristics

Virus

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Wridemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Related Tags

Academic APA Writing College Course Discussion Management English Finance General Graduate History Information Justify Literature MLA