There are three basic aspects that cannot be ignored when addressing digital security. These include computer security principles, encryption and programming techniques used to achieve security. Digital security is all about information and systems security it’s majorly focused on protecting systems and the information they create, process, transmit and store. This clearly brings out the mostly ignored fact that information in motion is prone to attacks and therefore should be protected. Sniffing and snooping of network systems is a bitter reality that cannot be ignored. These are the main attacks that information in motion could be subjected to. In the event of processing in different stages and through different systems, digital security becomes a crucial need for security to be assured. This calls for stiff measures across the different stages of input, processing, transmission and finally storage (Merkow & Breithaupt, 2000).
Buffer Overflow
Prior to exploring the buffer overflow, an examination of a real life scenario or happening of such an attack could enhance more understanding. Take a case where a user is presented with a form in a website and called upon to fill in the specified fields. After completion, this data is to be passed on to a server that eventually transfers the data to a buffer whose capacity is known. This automatically requires the server to clearly state the capacity of the characters that are to be input into the buffer. If they exceed the maximum capacity f the buffer, then in such a case an overflow is meant to occur (Foster, 2005).
As simple and harmless as it sounds, a buffer overflow is a very dangerous occurrence in any system. Some of the repercussions of a buffer overflow are the possibility that it may lead to a crash of the concerned computer or program. This destabilizes the computer from its performance capabilities and standards as regards speed and effectiveness. Once a computer or program is rendered unavailable by a crash, the attacker achieves the denial of service attack which is one of the worst attacks on any system. Buffer overflows are also commonly known to compromise on the authentication process of an individual that grants them access to various systems. For instance, if the validation for authentication is just a single bit which could fall victim of buffer overflows, then the security of the system stands compromised as anybody can gain access. However, it’s worthwhile noting than not all buffer overflow scenarios can be exploited in conducting an attack. An executable buffer overflow must contain a flaw for it to be executable (Merkow & Breithaupt, 2000).
There is a sure way of eliminating buffer overflows from occurring. When developing codes for programs, programmers are advised to make use f programming languages whose security is considered relatively higher than the rest. Examples of these are Java and C# which are most likely able to detect and eliminate all buffer overflows at the coding stage, preventing future effects after implementation. Languages like C++ and C are the mostly affected by buffer overflows because of the so many unsafe functions they bear and if possible should be avoided for such codes as sensitive as authentication. The safe languages ensure enough memory allocations to all the arrays before executing programs hence low chances of buffer overflow occurrences (Foster, 2005).
Buffer overflow attacks have been in existence since 1970 and according to research it was the most severe attack in 1970. Given the high rise of cyber crime, buffer overflow is thought of to be the most common attack in the near future. This is so because it’s the mostly ignored attack by programmers who go as far as using the unsafe functions despite the availability of safer versions. Use of the NX bit that eliminates buffer overflows should be adopted by the programmers of the day. For this to be guaranteed, program developers and administrators should be trained on the risks of buffer overflows and trained on how to prevent them (Dhillon, 2007).
SQL injection technique
SQL Injection technique is an attack aimed at compromising the capability of servers and hence web applications. Just like buffer overflows, it’s an attack that is based on the vulnerability of the input used in a web setting. The main idea behind the SQL injection technique is to trick the program into executing a code different from the intended one. A successful running and execution of this cod in its intended code is what makes the attack successful. SQL injection technique has a way of reducing the size of its codes so they don’t seem suspicious to the firewalls that are set in place by security experts (Clarke, 2012).
The SQL Slammer is the most common SQL injection that went in record for the attack it caused on so many systems over a very short period of time in 2004. The SQL slammer went into history for having beaten the code red worm that had been experienced in the United States’ Whitehouse earlier in 2001. SQL slammer took only 10 minutes to execute a similar attack that Code red had executed in 15 hours. Slammer’s infections also two folded within every 8.5 seconds causing attacks such as denial of service. SQL slammer focused on an attack on the internet bandwidth that led to an uncontrollable traffic jam in the internet. The basics behind its working was just a random generation of IP addresses and its small size as a UDP packet that made firewalls think it was a genuine transmission. Security experts when building firewalls work on an assumption that small single packets cannot cause any significant harm to the network, hence their focus on the large and suspicious packets. This gave the SQL slammer its way to faster transmissions hence the harm caused (Clarke, 2012).
Off-line dictionary attacks.
Cryptography is a fundamental information security tool used in ensuring vital information security functions; protection of confidentiality and integrity and others. There are various concepts used in cryptography;
There is the aspect of diffusion which basically is the fundamental cipher design principle employed by a double substitution cipher only to spread the plaintext statistics through the cipher text. Diffusion ensures that the output bits depend so much on the input bits and that a slight change in a bit causes a great change to the cipher text. On the other end, confusion is also a cipher design principle, confusion is majorly focused at obscuring the relationship between the plaintext and cipher text. On the basis that a one-time pad is provably secure, a simple substitution cipher and a one-time pad apply confusion in cryptography. It aims at making the relationship between the plaintext and cipher text more complex and involved. It ensures security of the key eve when an attacker has some bits of plaintext-cipher text pairs, by ensuring a change in one bit of the key changes the cipher text completely. Lastly there is the aspect of randomization that is an inference control approach. Inference control attempts to limit the information that can unintentionally leak out of a database due to the legitimate user queries. Randomization as an approach to inference control adds a small amount of noise to data but one that fails to appreciate that noise may cause harm to the legitimate data (Stamp, 2006).
A dictionary attack is a means hacker’s use in going against the cryptography principles to get access to the plaintext. This can be made possible by trying as hard to get access to the decryption key, or alternatively by trying out on all possible alternatives by use of words like those in a normal dictionary. A similar attack to the dictionary attack is the brute force attack. However, the brute force attack tries on so many words following a specific order while the dictionary attack only tries on a list of chosen words hence the term dictionary. Programmers and to some extent users make themselves prone to the dictionary attacks because of the common practice to use very short passwords that are also straightforward. Mixing up the letters in small and caps lock and also adding special characters as part of the password is a sure way to eliminate the dictionary attacks (Langie & Macbeth, 1922).
There are many other attacks that can be enhanced on a system that aim to render the techniques of cryptography ineffective. Such include the collusion attack, chosen plaintext attack and known plaintext attack.
Collusion is a type of attack where the attacker is compelled into using the original object and one or a comparison of several watermarked objects to determine the bits that carry information. To prevent this, cryptographer’s implemented the use of spread spectrum techniques to better hide the information-carrying bits, though this is a scheme that makes the attacking slightly difficult.
There is the chosen plaintext attack whose working lies entirely on the possibility that communication is taking place and packets are being encrypted and sent over. A return of the cipher text to the encrypted data is what makes this attack possible, since it relies on an educated guess of the possible plaintext. In this way the attacker choice of the original text that is to be encrypted and then it’s matching encrypted text is examined. This attack also occurs in cases where the attacker has limited access to the cryptosystem (Langie & Macbeth, 1922).
Another attack is the known plaintext attack that takes place when the attacker has access to some of the plaintext or just makes an educated guess. The known plaintext is then matched to the cipher text, and the cryptography key is derived.
Cryptography is commonly used in digital or electronic signatures. In the computing world, the electronic signatures are used when a transaction needs to be sealed and then related to a particular party. Simply put, digital signatures serve the same purpose as the normal physical signatures. They therefore bear the requirements of the physical signatures, chief among them the unique feature that makes it difficult for any person to successively forge them. They should however be usable and learnable and also gain legal acceptance from the courts and be vested upon with the authority to bind an individual or an organization to a transaction. Cryptography is used to tie the digital signature to the specific document, thus preventing duplication onto another document (Stamp, 2006).
There are various computing techniques that could be put in place to ensure the security of information and systems. Some of these include the different encryption methods, use of intrusion detection systems, use of honey pots and honey nets among others. This paper will discuss the different types of intrusion detection systems and their significance in ensuring digital security.
One major and commonly used intrusion detection scheme is the network based IDS. A network-based intrusion detection system scans network packets at the router or host-level, audits packet information, and sends all the packets that are detected as being potentially dangerous into a file that also bears more information. It’s from this log file that a database of known attacks is created and used to send signals and warnings to security teams for further investigation. These systems are usually positioned strategically, allowing them to watch and monitor files flowing into and out of the network effectively. They operate on the wiretapping concept and focus their monitoring on the headers and content of the transmitted information.
With the increasing rise of internet use, Network-based IDS have become popular to cater for the ever growing traffic. This has led to the need for effective detection systems that can handle voluminous packets effectively and handle the insecurities facing the TCP/IP protocol. There is also a continuous need for tools that can prevent such malicious network activity as: IP spoofing, denial of service attacks and man in the middle attacks ((Schneier, 2000).
There are the hot based IDS whose working is similar to that of the network based IDS just that the former focuses only on the network packets. On the contrary, host-based IDS analyze several areas to determine malicious activities and intrusions. These detection systems checks on several log files: kernel, system, server, network, firewall, among others, and makes extensive comparisons between the logs and against some predetermined and already built basing on the study of commonly known data attacks. These are positioned on particular computers or servers, and can only monitor activities of those areas where they reside.
Another key aim of host-based IDS is verification of the data honor that can be accorded to some of the vital files. It checks a database of sensitive files and creates a checksum of each file, which system administrators will use to evaluate and ensure the integrity of the files is maintained. In case of an anomaly, a signal message is sent to the security administrators for further action (Schneier, 2000).
// A loop based pseudo code to offer service to customers in a bank scenario. WHILEDO loop print “Welcome. Swipe your ATM Here!!!!.” Wait until ATM I swiped. Using card reader gets the account number IF account from a different bank THEN print Wrong Bank ATM card. More charges will apply. print Wish to proceed ?(yes/no)? wait until a YES or NO selection is made IF No THEN print Transaction terminated! wait for 3 seconds continue; // loop starts over ENDIF ENDIF set pin entry times=3; print Enter PIN: read the pin WHILE (validate(account NO, PIN NO) is FALSE) and (pin entry_count < 3) DO allow more entries print 'wrong PIN. Please re-enter:' read pin_code ENDDO IF validate (account_NO, PIN_NO) is FALSE THEN print WRONG PIN NO. Contact BANK. wait for 3 seconds continue; // loop starts over ENDIF
References
Clarke, J. (2012). SQL injection attacks and defense ([2nd ed.). S.l.: Syngress.
CrnkovicÌ, D. (2011). Information security, coding theory and related combinatorics information coding and combinatorics. Amsterdam: IOS Press.
Dhillon, G. (2007). Principles of information systems security: text and cases. Hoboken, NJ: John Wiley & Sons.
Foster, J. C. (2005). Buffer overflow attacks detect, exploit, prevent. Rockland, MA: Syngress.
Langie, A., & Macbeth, J. C. (1922). Cryptography. London: Constable & Co..
Merkow, M. S., & Breithaupt, J. (2000). The complete guide to Internet security. New York: AMACOM.
Schneier, B. (2000). Secrets and lies: digital security in a networked world. New York: John Wiley.
Stamp, M. (2006). Information security: principles and practice. Hoboken, N.J.: Wiley-Interscience.
Stamp, M. (2006). Information security: principles and practice. Hoboken, N.J.: Wiley-Interscience.
