Domain Name System (DNS) is the magical ability of Internet hosts to translate the machine-readable IP address numbers like 216.109.112.135 to something meaningful to humans, like www.yahoo.com. A sophisticated hierarchical database system in the Internet is required to accomplish this task. One of the core components of that system is the DNS server, which serves as the translator. For instance, when you type the domain name http://www.yahoo.com into your favorite browser, your computer directs this request to a designated DNS server—usually provided by your Internet Service Provider (ISP)—which helps translate it to the machine-readable IP address 216.109.112.135. This enables your computer to connect your browser software to the correct web server’s website.

If you are interested in knowing the IP address(es) of your DNS server(s), you can access them using Windows 2000/XP/VISTA, by choosing Start -> Run, then typing the word “cmd” in the command window, and clicking OK.

In the command prompt window, type “ipconfig/all” and hit return. This will display a list of network connection information. For example:

From this list, you can see that the DNS server IP addresses are
217.1.32.208 and 215.251.144.126. This machine will query either one of these two DNS servers for any new domain name enquiry.

You may wonder: what if these two DNS servers return a wrong IP address for the domain name you specified? If this happens, you will be re-directed to a wrong site—even though you have typed the correct domain name in your browser.

And this is exactly what a hacker can do. If a hacker attacks a DNS server and maliciously corrupts the information in the DNS server’s database, then all the hosts that rely on this DNS server for domain name resolution could be misdirected to a wrong Internet sever.

This enables the hacker to hijack the Internet connection of the victims. For example, a hacker could re-direct an Internet banking site’s domain name to his or her own server and lure visitors to key in their private login information into this fake website. This allows the hacker to steal this information for the purpose of committing crimes such as identity theft.

Another type of attack involves using similar domain names like paypal.com and paypa1.com. Can you tell the difference between these two domain names? No, we didn’t make a typo! Actually, the first “paypal” ends with a lower-case “l” (L), and the second one ends with the numeral “1” (ONE). In this scenario, the attacker uses various tricks like scam emails to lure the visitors to click a deceptive link in order to direct visitors to their own fake site and obtain private login information as in the first example. The term “phishing” has been coined to describe this type of security breach.

Perhaps the solution to counter these problems is user education. Internet users should be made aware that these kinds of attacks are possible, and learn how to determine that the sites that they are visiting are genuine ones.

Usually, for a website to perform the authentication information exchange with a visitor, such as asking for a visitor’s login information, it will initiate a popular Internet secure communication method called SSL (Secure Socket Layer). You can determine that the website is using this secure method by looking at the address in the address bar: the “https.” part of the address will automatically change to “https.” At that moment, the web server opens an encrypted communication with the visitor by providing its server certificate to your computer. This server certificate can be viewed in your browser by clicking the “padlock” sign. It is usually at the lower right corner (Internet Explorer version 6 and Firefox) or upper right corner beside the address bar (Internet Explorer version 7) of your browser.

If the site is genuine, you can clearly see the site’s URL along with the certificate authority that issues the server certificate (two common certificate authorities are Verisign or Thawte).

Take a look at the well-known Internet banking website, Citicorp. When you pull up the Citicorp banking login screen, click on the padlock as described above to display the website’s certificate. Note that this one is issued by Verisign.

If you click on the option “View certificates” you can view more detailed information of this server certificate:

Here you can verify that the certificate is of the domain “citibank.com” and the certificate has not yet expired.

After completing validation process, you can now safely enter your login information with confidence, because the site is very unlikely a fake site. If you following these steps every time you access a secure web site, you can avoid becoming the victim of a DNS attack.

Tags: Domain Name Server, identity theft hacking

Technorati Tags: DNS, DNS server, ipconfig, domain name resolution, identity theft, phishing, SSL, Secure Socket Layer, https, server certificate, certificate authority, Verisign, Thawte, DNS attack, Domain Name Server, identity theft hacking

TCP/IP (Transmission Control Protocol / Internet Protocol) is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. However, from a security standpoint, it is not inherently secure. To understand why, we must first look at the history of TCP/IP.

TCP/IP was designed more than 30 (thirty) years ago in a research environment. It was the native communication protocol of one of the earliest operating systems in computing history: Unix.

One of Unix’s variants, the BSD (Berkeley Systems Database) Unix developed by the University of California in Berkeley, was first embedded with networking protocol TCP/IP in 1983. At that time, since Unix was mainly used in an academic environment, it was not designed to handle high network traffic. It also was not designed to handle modern business-critical network applications.

Additionally, most of the application-related protocols associated with TCP/IP—such as FTP, TELNET, and SMTP—were designed without consideration of the security issues we face today.

The fundamental weakness of the TCP/IP protocol lies in the IP (Internet Protocol) layer. For example, the IP address of a typical IP packet can be arbitrarily created. There is no method of verifying whether or not a particular source IP address is genuine.

This leads to a possible “IP Spoofing” attack. This is when an attacker pretends to be sending data from an IP address other than his or her own address. As a result, there is no authentication process when using that IP protocol.

Another weakness of the TCP/IP protocol is that the IP layer does not carry any encryption function to preserve the confidentiality and integrity of security functions. This creates the possibility of a serious security breach known as a “man-in-the-middle attack.” In this type of breach, the attacker seizes an IP packet, reads and modifies the upper layers within it, and releases the packet again within the network, passing it back and forth between a sender and receiver.  The sender and receiver involved are unaware an attack is in process.

Hopefully, IPv6 (successor of the traditional IP protocol IPv4) will solve these problems. The IPv6 protocol is equipped with authentication and encryption capabilities, solving the long-standing security problems of IPv4. (Note: The IPv4 protocol uses a four 8-bit address scheme in order to provide 32 bits of address space, whereas IPv6 uses a sixteen 8-bit address structure, creating much bigger 128 bits of address space.) However, the adoption of the IPv6 protocol is unexpectedly slower than was originally anticipated.  Many believe that the “dot-com bubble burst,” which slowed down the acquisition of IPv4 address spaces, is to blame for this delay.

Another explanation points to the widely adopted Network Address Translation (NAT) protocol. This protocol allows an individual, private network to use reserved IP addresses for its hosts in order to access the public Internet before they use a NAT router as a proxy—which requires IPv4 addresses to communicate. The benefit of the NAT protocol for users is that it dramatically reduces the need for unique public IP addresses assigned to each host within a private network for it to access the Internet.

No matter what the real reason for the delay is, it is becoming imperative that we take a serious look at migrating to IPv6. It has been predicted that the number of available Ipv4 addresses will be depleted within the next five years¹. In addition to complying with the limitation of this rigid time constraint, adopting the new IPv6 protocol will also resolve most of the security issues of IPv4, creating more secure networking systems.

¹ Jorgenson, L. (2007) IP address depletion hastens IPv6 adoption Available from: <http://www.searchnetworking.com.au/topics/article.asp?DocID=1267040> [Accessed 25 March 2008].

Tags: IP Spoofing, TCP, 7-layer model

Technorati Tags: TCP/IP, Transmission Control Protocol, Internet Protocol, Unix, BSD, Berkeley Systems Database, University of California in Berkeley, IP, confidentiality, integrity, man-in-the-middle attack, IPv6, IPv4, Network Address Translation, NAT, IP address depletion, IP Spoofing, TCP, 7-layer model

There are many possible physical security threats associated with electrical power supply. A few examples, and ones you may already be familiar with, include :

• Blackout:  a complete loss of power.
• Sag or Brownout:  a decrease in voltage levels, usually of short duration but may last anywhere from fractions of a second to hours.
• Surge: a short-term increase in the level of voltage, generally lasting a fraction of a second
• Spike:  an instantaneous surge causing a tremendous increase to levels of voltage, usually lasting no longer than one-millionth of a second¹.

In order to address these threats to physical security, a secure electrical system for computing equipment must possess the following properties:

1. Dedicated Circuits
2. Physical Access Control must be implemented for:
   • Master Circuit Breakers
   • Transformers
   • Power Distribution Panels and Feeder Cables
3. Emergency Power Off Controls must be installed and accessible by the personnel on-duty
4. Voltage Monitoring/Recording and Surge Protection should be in place

Ensuring Computer Availability through a Backup Power Supply
To ensure that your computer system remains available for use in spite of power supply threats, the power supply has to be made “fault tolerant” through the use of a Backup Power Supply. There are three ways to achieve this:

1. Alternate Feeders
2. Emergency Power Generator
   If using alternate feeders is not feasible, an emergency power generator should be considered as an alternative for mission critical operations. However, this security measure is very costly to maintain and operate. It is advised that a detailed analysis be performed in order to justify the high cost of this security option.
3. Uninterruptible Power Supply (UPS)
   UPS provides just enough time for the computing system to back up data and shutdown before electrical power completely fails. UPS requires regular testing and maintenance work to ensure proper operation.  Additionally, UPS involves the use of hazardous hydrogen gas.

In addition to computing equipment, Backup Power Supply is also needed for the following vital systems:

• Lighting
• Physical Access Control Systems
• Fire Protection Systems
• Communications Equipment
• Telephone Systems
• HVAC

¹Source: University of Connecticut Computer Center (1997), Electrical Disturbances, Available from: http://vm.uconn.edu/~year2000/edisturb.html [Accessed 20 March 2008].

Technorati Tags: physical security, power supply, Blackout, Sag, Brownout, Surge, Spike, Dedicated Circuits, Backup Power Supply, Emergency Power Generator, Uninterruptible Power Supply, UPS, Electrical Disturbances

Work Factor is defined as the amount of effort (usually measured in units of time) needed to break a cryptosystem.

The Work Factor of a cryptosystem is related to its key-length and the working mechanism used (encryption and decryption algorithms). For example, if the brute force attack method is used to break the system (trying all possible combinations of the key), then the work factor is directly proportional to the length of the key. For every addition of one bit to the key length, the time needed (work factor) is doubled.

The biggest threat to an encryption system is perhaps the ever-increasing speed of computers. Let’s consider a popular symmetric encryption—DES algorithm—as an example. According to Schneier, back in 1998 the amount of time required to break a DES 56-bit key Cryptosystem with a $220,000 device was 4.5 days¹.

Moore’s law states that over time, technology increases such that computing devices double their speed every 18-months for the same amount of construction cost. With this being the case, we can now, in 2008, build a similar machine at the same cost of $220,000 that will break the same DES 56-bit key within 64 minutes!

For this very reason, DES was replaced with Triple DES and other advanced encryption algorithms, ending its widespread contribution to encryption applications since its invention by IBM in 1974. The algorithm was perfectly designed to withstand such a long period of practical application challenges, with its only shortcoming being the relatively short key-length: 56 bit.¹ Schneier, B. (1998), A Hardware DES Cracker, Counterpane Systems, Available from: http://www.schneier.com/crypto-gram-9808.html [Accessed 20 March 2008].

Technorati Tags: Work Factor, cryptosystem, brute force attack, symmetric encryption, DES, Schneier, Moore’s law, Triple DES, Hardware DES Cracker

To understand Environmental Physical Control, we need to understand how your HVAC system affects your computing environment. HVAC stands for three words: Heating, Ventilation and Air Conditioning. Your HVAC system controls various environmental factors that must be monitored to ensure that your computing equipment operates effectively.

Temperature: Between 21 and 23 degrees Celsius (70 to 73 degrees Fahrenheit) is the general optimal temperature range for computing equipment to operate.

Humidity: The best relative humidity for computer equipment operation is from 45% to 55% because an environment too humid can cause corrosion.  On the other hand, environments too dry can cause static damage. A static charge of above 20,000 volts is potentially harmful to a system.

Pressurization and Ventiliation: Positive pressurization and ventilation must be maintained in order to keep contaminants from entering the facility. Airborne particulates should be kept at appropriate levels since dust and other contaminants can impact computer hardware operation.

According to Keranen E. (2006), dust particles can contain moisture, organic material such as carbon and various minerals, and/or various chemicals. All of these can affect the reliability and life span of computing equipment.

Integrated circuits (ICs) can suffer from overheating due to the insulating effect of dust as well as suffer from electrical shorts caused by dust across their contacts. The most susceptible ICs are those having a metal lid acting as a heatsink cooling surface. To prevent overheating and failure, this metal surface and heatsink need to be essentially dust-free. Dust acts like an insulating blanket, preventing proper convection cooling.” ¹— E. Keranen (2006) Effects of dust on Computer Electronics and Mitigating Approaches.

In addition to dust, an excess concentration of certain gasses such as ammonia can speed up corrosion inside the electronic components of the system, leading to malfunction.

Some devices such as printers should be located outside of the computing facility. A printer’s toner could generate carbon particles, which are moisture absorbent and combustible, threatening the computing equipment’s security.

Of course, non-smoking policies should be enforced within critical computing facilities in order to reduce fire hazards as well as minimize the pollutants related to smoking.

¹ Keranen E. (2006) Effects of dust on Computer Electronics and Mitigating Approaches. [Internet]. Computer Dust Solutions, Available from.

http://www.computerdust.com/SPECIAL_REPORT_ON_DUST_
EFFECTS_ON_ELECTRONICS.pdf [Accessed 17 March 2008].

Tags: Environmental Controls, Environmental Physical Controls, Pollution

Technorati Tags: HVAC, Heating, Ventilation, Air Conditioning, Temperature, Humidity, Positive pressurization, Airborne particulates, dust, Environmental Controls, Environmental Physical Controls, Pollution

Google hacking refers to the use of Google as a powerful search engine to uncover websites with security bugs and technical issues. Google, with its crawling engine, searches and indexes the content of websites around the world 24/7.  It essentially captures everything from normal website presentation to websites with technical problems, displaying error messages into its database in regard to visitors’ queries.

For example, it is not unusual to see an ASP website displaying errors messages such as:

“InvalidOperationException: Failed to map the path ‘/<Application_Name>/App_GlobalResources/’.”

This error message reveals the server’s application path as well as part of the server’s internal file structure. Experienced hackers can use this vital information to initiate an attack on that system.

Google contains probably the world’s largest collection of snapshots for any website.  It records an enormous number of websites with various error messages like the one above. Anyone who knows how can easily search for the relevant messages with advanced commands in search queries like “inurl:”, which will refine a search to look for particular error messages.

For further information on various advanced search query techniques, click here: http://www.google.com/help/operators.html

Johnny Long, a researcher, writer, and a “white” hacker for web application security, has written a useful book on Google hacking. Find more information by clicking the image:

Tags: Web Applications Security

Technorati Tags: Google hacking, inurl, Johnny Long, Web Applications Security

Many factors should be considered when choosing the best facility for hosting computer equipment. Some of these factors include:

• Local Crime: Is the site a prime area for criminal activities?
• Natural Hazards: Does the location have a high occurrence of flooding, earthquakes, thunderstorms, or other natural hazards?
• Power Supply: Is there a stable power supply for your computing facilities?
• Access: Is the locations easily accessible, for personnel, suppliers, and others needed to access to the location?
• Existing boundary protection: Is the location secure?Security controls such as fencing, adequate lighting, and detection systems, including motion sensor and video surveillance systems, need to be in place. The detection system must be equipped with a reactive system preventing (or at least delay the progress of) intrusion of any trespassers. This can be accomplished with nuisance alarms as well as prearranged response forces, such as the local police or hired security guards.
• Nature of Facility:  Is the facility shared with other tenants?It is critically important that the condition of sharing with co-tenants will not undermine the level of security. Strong security measures need to be in force.

In addition to facility management, we should also consider other factors of physical security. But choosing the right facility in the first place is the foundation for all other physical security controls to be enforced effectively.

Technorati Tags: Natural Hazards, boundary protection, motion sensor, video surveillance systems, nuisance alarms, facility management, physical security

Physical security is the lifeblood of all security controls. If physical security is compromised, all other controls are irrelevant.

Why? Think about it. If someone manages to get into your server, physically accessing your computers, he or she can cause serious damage. Some examples of damage possible can include: removing the hard drives from your computer, stealing computer backup tapes, or simply shutting down the power to your servers. All of these can be accomplished in the blink of an eye, without involving serious technical skills. As we have mentioned before, security is the weakest link in your system. For this reason, we should not overlook physical security.

To understand physical security, we first need to understand physical threats.

The are three types of physical threats:

External physical threats:

• Flooding, lightning, earthquake, wind, tornado, hurricane, ice, fire, chemical

Internal physical threats:

• Fire, environmental failure, liquid leakage, electrical interruption

Human physical threats:

• Theft, vandalism, sabotage, espionage, errors

To prevent these threats from becoming reality, physical security controls should be implemented.  Some examples of effective physical security controls include:

Exterior physical security controls:

• Fences, Barriers

Entrance physical security controls:

• Doors and Gates with Locks

Administrative physical security controls:

• Badges and Escorts

Property physical security controls:

• Monitoring/Detection Systems, Lighting

Environmental physical security controls:

• HVAC System, Power Protection, Water and Fire Protection

All of these controls require detailed and careful planning prior to setting up an office with computing facilities. We will discuss physical controls in more detail later.

Tags: Administrative Physical Security Control, Environmental Physical Security Control, Water Protection

Technorati Tags: Physical security, Flooding, lightning, earthquake, wind, tornado, hurricane, fire, environmental failure, liquid leakage, electrical interruption, Theft, vandalism, sabotage, espionage, errors, physical security controls, HVAC System, Power Protection, Fire Protection, Administrative Physical Security Control, Environmental Physical Security Control, Water Protection

The accountability portion of security control refers to holding system users responsible for their actions by constantly monitoring all activities within the system.

Consistently logging and auditing activities are ways that we monitor the system to ensure proper tracking of computer misuse. For example, as part of the auditing process, the following activities should be logged for effective control and accountability:

• User identification information
• System access time
• Information on system objects being accessed
• Failure login attempts
• System warnings and error messages
• Repeated users’ mistakes

Considering that a system that ensures accountability requires a strong system of authentication, a good access control system should be implemented. If the system has no access control system, logging the above activities could become meaningless.

Keep in mind that system logging must take into account numerous daily network activities. These valid activities need to be distinguished from activities that appear suspicious.  For this reason, an effective clipping mechanism should be in place. This mechanism, which includes setting clipping levels to define acceptable system activities, acts as a baseline for determining system violations.

The goal of monitoring, auditing, and clipping levels is to discover problems before major damage occurs, and to be alerted when a possible attack is underway.  Theoretically, when the clipping mechanism detects that the baseline has been exceeded, an alarm is generated and the system records further information regarding the detected changes in activity. In other words, as soon as the system detects that activities are occurring that fall outside of the predefined acceptable threshold, it notifies the security administrator via e-mail or pager, and generates a log of further activity. This log can then be used to investigate the suspicious activity.

Perhaps a more effective solution would be the use of software that automates the detection of a violation. The most common installation related to system violation is the Intrusion Detection System(IDS). IDS is software customized to collect and analyze system activities. It alerts system administrators of suspicious system activities by using a pre-installed database specifically built to record clipping levels and patterns of system misuse.

Any good system monitoring and auditing process should allow the user to work unimpeded. For security purposes, the user should not know what or how monitoring and auditing is being conducted. However, of course the issue of privacy should also be considered. The monitoring system should comply with local personnel and data privacy laws when carrying out monitoring activities. It is strongly advised that users be notified in advance of possible logging and analysis of their system activities.

Tags: Operations Security Control, Operations Security, Audit, IT Audit, System Auditing, Personnel Privacy Laws, Intrusion Detection System

Technorati Tags: accountability, monitoring, logging, auditing, authentication, access control, system logging, clipping mechanism, clipping levels, system violations, IDS, system monitoring, data privacy laws, Operations Security Control, Operations Security, Audit, IT Audit, System Auditing, Personnel Privacy Laws, Intrusion Detection System

Now we’ll cover some of the administrative aspects of Operations Control.

1. Separation of Duties is a preventative measure that prevents one person from performing a full function from beginning to an end. This policy reduces the possibility of any one person committing an act against policy unless there is collusion amongst two or more people. Since collusion involves the actions of more than one party, an unwanted action is less likely to occur.
2. Job Rotation refers to the policy of constantly changing each person’s role within the business process. This method helps to identify reoccurring mistakes or fraudulent activities, since such activities can be identified and/or corrected by the new person assigned to the same task.  You could consider this policy as a type of “detective control.”A strategy that complements the job rotation tactic is mandatory vacation. This policy allows the administrator to detect potential activities of abuse by forcing staff to leave their current post or capacity on a temporary basis. Again, the worker newly assigned to the task is in a position to identify traces or clues leading to the discovery of abuse by the prior worker assigned to the task.
3. Least Privilege is a policy that requires each individual to be granted the least amount of permission and rights necessary to perform only their assigned duties. In this method, the administrator prevents individuals from performing tasks outside of their assigned duties, which could lead to actions that jeopardizes the security of the company’s system.According to Saltzer and Schroeder [Saltzer 75], every program and every user of the system should operate using the least set of privileges necessary to complete the job.  Primarily, this principle limits the damage that can result from an accident or error.Sometimes, this policy is called  “need-to-know.”   In this scenario, a person is not given access to information unless he or she has a specific need to know it.  In other words, access to the information must be necessary to conduct that person’s official duties.

There are several other controls that should be addressed as well. However, the three fundamental methods we cover here are important administrative controls generally overlooked by many organizations.

Reference:
Saltzer, Jerome H. & Schroeder, Michael D. “The Protection of Information in Computer Systems.” Proceedings of the IEEE 63, 9 (September 1975): 1278-1308.

Tags: Operations Control Techniques, Operations Security

Technorati Tags: Operations Control, Separation of Duties, Job Rotation, mandatory vacation, Least Privilege, need-to-know, administrative controls, Operations Control Techniques, Operations Security