Monday, October 25, 2010
Chennai-I m nOt lOving It...!!
thought that it would be like any other metro city's in India,but i was seriously dissapointed.
Belive it, the place is good but there is an tremendous food problem here and People love to speak in tamil specially when they know that you dont know the language.
Rest is fine here...As usal ......
Miss u Kolkata....!!!!:)
Thursday, August 5, 2010
The Coming Storm - Cloud Computing and Digital Investigations
While there are numerous security concerns being discussed by various cyber security "Czars," there seems to be little if any discussion about how the cloud will affect digital forensic investigations. Just off the top of my head I can think of several concerns that are generic to the concept of cloud computing to say nothing of specific concerns related to specific implementations or hardware and software applications.
Some basic questions are related to:
a) Jurisdiction - which sovereign nation or nations has/have authority?
b) Ownership - who actually owns the data in question?
c) Expectations of privacy - what will be the standard for reasonable expectations of privacy in the cloud?
d) Location of evidence - where do we even begin to look for data that may be classified as evidence for the investigation?
e) International cooperation - will countries housing/storing the data be willing to cooperate during an investigation?
f) Localized evidence - what artifacts will be left on the client machine?
To me these seem like obvious questions/concerns that we need to think about, debate and start working toward some answers. As I stated in the opening paragraph, the cloud is being touted as the greatest thing since "sliced bread," whether this is actually the case or not.
We as investigators will soon find ourselves truly immersed in the world of "virtual" evidence; a very sobering thought. One can only imagine how a judiciary who has trouble wrapping its mind around the concept of e-mail, will be able to keep up with the various technical solutions that make up the concept of cloud computing.
It behooves the digital forensics community to weigh in on discussions related to cloud computing and provide input as to what this latest technology savior will eventually become.
Monday, July 5, 2010
The Google Cyber Attacks: Teaming Up With US Intel To Fight Crime
n mid-December of 2009, internet giant Google detected a high-level attack targeted at its corporate infrastructure, leading to theft of the company’s intellectual property. About twenty other Silicon Valley companies were also targeted in the attack which originated from China.
Although Google has not directly accused the Chinese government of being directly involved in the cyber attacks, the company has threatened to pull out of the Chinese market and sources say that investigators are looking into the possibility of the attack being backed by Beijing. Meanwhile, the search company is in the process of formulating an agreement with the National Security Agency (NSA) whose help it has enlisted in keeping future intrusions at bay.
Through this tie-up, the spy agency will attempt to evaluate the weak points in Google’s hardware and software systems as well as gauge the sophistication of the adversary so as to understand how the perpetrators got access to the sensitive data. As per cyber laws, every company has the legal authority to reveal as well as conceal information for the purpose of ensuring privacy. Taking advantage of this fact, Google will reportedly share information on the types of malevolent codes used in the attacks, but withhold propriety data and user information. According to the Washington Post, the NSA is reaching out to other government agencies with expertise in cyber defense to help out in the Google investigation.
Wednesday, June 30, 2010
How Hackers Exploit Protocols
When two layers on the same node communicate, or when peer layers communicate, they rely on a well-defined protocol and precisely stated message formats. The protocol states who initiates the connection, how the session is terminated, the order of messages, what to do if an error occurs, and other characteristics of the session that are necessary for the exchange to succeed. A protocol also can be thought of as an algorithm because most protocols are defined as state machines.
As with other algorithms, order is important. If you want to bake a cake, getting the right ingredients is just one part of the process. Mixing and cooking the ingredients in the right order are required to achieve an edible result. The same is true for network communications protocols. If one half of the session decides to get creative with the protocol, the results will not be guaranteed.
Getting the order of messages right is important, but you also need to format the messages properly. A baking recipe is useless if the order of the steps is clear, but the steps are not accurately defined. For example, if the recipe is incorrectly copied from a friend and asks for one unit of butter instead of one unit of flour, you will end up with a different dessert. Similarly, in network message exchanges, if message integrity cannot be guaranteed, any dialogue between the peers will not succeed.
Designing a secure distributed protocol is more of an art than a science. When someone at your site invents a new distributed security protocol, alarm bells should sound. Unless this person is knowledgeable and has studied a number of references, a better-than-average chance exists for the protocol to have weaknesses.
Here are some examples from real-world situations:
- A distributed authentication protocol was designed using a challenge-response technique, but the challenge and the response were the same value. A hacker impersonating the recipient could just replay the challenge when asked for the response.
- A protocol was designed to accept incoming messages of a fixed length. Unfortunately, the program did not check the length of incoming messages (sound familiar?) and, because the system was a public Web server, any anonymous user on the Internet could crash the site.
Both of these examples appeared in commercial products developed by well-known companies with corporate offices on the West Coast. Network security is a complex beast. The merit badge for network security is earned only after years of study and trial-and-error. Designing network protocols is tough. Designing a new network security protocol is for experienced practitioners only.
Remote Access Network Security
Remote access networking is a necessity for any company that wants to remain competitive. However, it poses a security threat because it creates an openness that leaves valuable corporate resources vulnerable to attacks from unexpected directions. These attacks are launched for several reasons such as intellectual challenge, revenge, and greed. Regardless of the reason, an attack can sometimes be very costly to the company. For example, the intruder can gain access to company confidential files, corrupt company records, inject computer viruses into the network, or reconfigure the network. For these reasons, remote access network security is mandatory for companies with remote login facilities. A corporate network that provides remote access must provide enough security to authenticate users and protect the network resources from unauthorized access.
This article presents an overview of the security mechanisms used in remote access networks. The article discusses the types of attack that a network can be vulnerable to and the security services that are provided in a network. The first step in providing these services is to render data unintelligible to an unauthorized user through the process of encryption. The authorized user recovers the original data from the encrypted data through the inverse process of decryption. The article also covers Web security.
The network security market has become a major segment of the networking market. The information presented in this article is only an overview, but it attempts to provide an extensive and fairly comprehensive discussion on the subject.
Security Issues in Remote Access Networks
A network that can be accessed from remote locations is vulnerable to different types of attacks. The goal of network security is to prevent these attacks, which can be launched in a network in the following ways:
Network Packet Sniffing
This is an attack in which a program monitors the traffic on a network in order to gather user login names and passwords used to access the network. Sniffing can be foiled by scrambling user names and passwords. The process is called encryption and will be discussed later in this article.
IP Spoofing
IP spoofing is an attack in which an intruder is able to fake an IP address so that data sent over the Internet appears to be generated by an authorized user inside the network. The intent may be, for example, to conduct unauthorized business with a company’s clients. IP spoofing is particularly useful to an intruder in source routing. In source routing, the route taken by a packet from its source to its destination is specified in the packet’s header. In a network that supports source routing, the intruder can specify the source route and the receiver can send a reply under the pretense that the intruder is a legitimate user.
Brute Force Attack
This is an attack in which an intruder tries to crack passwords by trying every possible combination of characters until a match is found.
Man-in-the-Middle Attack
This is an attack in which an intruder places himself or herself between two communicating parties who believe they are interacting with each other. Unfortunately, the intruder is snooping and relaying information from one user to the other.
Denial-of-Service Attack
This attack is not aimed at gaining access to a corporate network. Instead, it focuses on making network service unavailable by crashing, jamming, or flooding the network. It is an attack that is difficult to prevent because as long as a network is connected to the Internet anyone can disrupt it.
Trojan Horse Attack
This is an attack in which software that appears to be harmless attaches itself to an authorized program. However, the software can monitor login user names and passwords and pass the information to the intruder. It can also generate viruses that damage data in host machines.
Social Engineering Attack
This is an attack in which the intruder poses as an employee, such as the network administrator, in order to gain unauthorized access to the network. For example, a remote access caller may contact the help desk late at night to request a password to access the network. In this case, the intruder is inadvertently given the password.
Basic Security Services
A good security system should provide services that help simplify the task of managing the security of corporate information assets. These services include authentication, data integrity, confidentiality, access control, and non-repudiation.
Authentication
Authentication verifies that a user is exactly who he or she claims to be. It provides the basis for access control in networks and other computer systems. Different authentication schemes are used for onsite and remote users. The most common authentication scheme for onsite users is the combination of user ID and password. For remote access users, the more common authentication schemes include restricted address, incoming call ID, callback, PAP, Challenge Handshake Authentication Protocol (CHAP), and Remote Authentication Dial-In User Service (RADIUS).
Restricted Address
In this service, a list of remote network addresses is stored in a database located in the corporate network. When a user dials into the network, the network address originating the call is checked against the list. If it is on the list, the call is allowed; otherwise, it is denied.
This scheme prevents unauthorized users from accessing sensitive resources, but it has some drawbacks. It validates the equipment rather than the user, meaning that any stolen equipment can be used to gain access to the network. In addition, it assumes that network addresses are statically assigned. Therefore, it cannot be used in environments where network addresses are dynamically issued by a DHCP server because an equipment’s IP address may change each time it requests an IP address.
Basic Networking Terminology
1. Networks and networking
A network is an intricately connected system of objects or people. Networks are all around us, even inside us. Your own nervous system and cardiovascular system are networks. The cluster diagram in the figure shows several types of networks; you may think of others.
Notice the groupings:
* communications
* transportation
* social
* biological
* utilities
2. Data networks
Data networks came about as a result of computer applications that had been written for businesses. . However, at the time when these applications were written, businesses owned computers that were standalone devices and each one operated on its own, independent from any other computers. Therefore, it became apparent that this was not an efficient or cost effective manner in which to operate businesses.
They needed a solution that would successfully address the following three questions:
1. how to avoid duplication of equipment and resources
2. how to to communicate efficiently
3. how to set up and manage a network
Businesses recognized how much money they could save and how much productivity they could gain by using networking technology. They started adding networks and expanding existing networks almost as rapidly as new network technologies and products were introduced. As a result, the early 1980s saw a tremendous expansion in networking and however, the early development of networks was chaotic in many ways.
By the mid-1980s, growing pains were felt. Many of the network technologies that had emerged had been created with a variety of different hardware and software implementations. Consequently, many of the new network technologies were incompatible with each other. It became increasingly difficult for networks that used different specifications to communicate with each other.
One early solution to these problems was the creation of local area networks (LANs). Because they could connect all of the workstations, peripherals, terminals, and other devices in a single building, LANs made it possible for businesses using computer technology to efficiently share such things as files and printers.
As the use of computers in businesses grew, it soon became obvious that even LANs were not sufficient. In a LAN system, each department or company is a kind of electronic island.
What was needed was a way for information to move efficiently and quickly, not only within a company, but from one business to another. The solution, then, was the creation of the metropolitan area networks (MANs) and wide area networks (WANs). Because WANs could connect user networks over large geographic areas, they made it possible for businesses to communicate with each other across great distances.
3. Data Networking Solutions
For your studies, most data networks are classified as either local area networks (LANs) or wide area networks (WANs). LANs are usually located in single buildings or campuses, and handle interoffice communications. WANs cover a large geographical area, and connect cities and countries. Several useful examples of LANs and WANs appear in the figure; these examples should be referred back to whenever there’s a question about what constitutes a LAN or WAN. LANs and/or WANs can also be linked by internetworking.
Distance Between CPUs | Location of CPUs | Name |
0.1 m | Printed Circuit board. | Motherboard |
1.0 m | Milimeter | Computer System Network |
10 m | Room | Local Area Network |
100 m | Building | Local Arena Network |
1 km | Campus | Local Arena Network |
100 km | Country | Wide Area Network |
1,000 km | Continent | Wide Area Network |
10,000 km | Planet | Wide Area Network |
100,000 km | Eart-moon Syatem | Wide Area Network |
4. Local area networks
One early solution to these problems was the creation of local area networks (LANs). Because they could connect all of the workstations, peripherals, terminals, and other devices in a single building, LANs made it possible for businesses using computer technology to efficiently share such things as files and printers.
Local area networks (LANs) consist of computers, network interface cards, networking media, network traffic control devices, and peripheral devices. LANs make it possible for businesses that use computer technology to share, efficiently, such items as files and printers, and to make possible communications such as e-mail. They tie together: data, communications, computing, and file servers.
LANs are designed to do the following:
* operate within a limited geographic area
* allow many users to access high-bandwidth media
* provide full-time connectivity to local services
* connect physically adjacent devices
There are many online resources for gaining the most recent information on LANs. Take a moment to browse some of these sites.
* Communications Week
* Data Communications
* InfoWorld
* Network Magazine
* LAN Times
* Network Computing
5. Wide area networks
As computer use in businesses grew, it soon became apparent that even LANs were not sufficient. In a LAN system, each department, or business was a kind of electronic island. What was needed was a way for information to move efficiently and quickly from one business to another.
The solution was the creation of wide area networks (WANs). WANs interconnected LANs, which then provided access to computers or file servers in other locations. Because WANs connected user networks over a large geographical area, they made it possible for businesses to communicate with each other across great distances. As a result of being networked or connected, computers, printers, and other devices on a WAN could communicate with each other to share information and resources, as well as to access the Internet.
Some common WAN technologies are:
* modems
* ISDN (Integrated Services Digital Network)
* DSL (Digital Subscriber Line)
* Frame relay
* ATM (Asynchronous Transfer Mode)
* The T (US) and E (Europe) Carrier Series: T1, E1, T3, E3, etc.
* SONET (Synchronous Optical Network)