Computer system Security

             

Dr. A.P.J. Abdul Kalam Technical University

          Computer security system

Topics to be covered

• • Computer System Security Introduction
  • Introduction
  • Interview with Prof.Sandeep Shukla CSE IIT kanpur
  • What is computer security and what to learn?
  • Learning objectives
  • Sample Attacks
  • The Marketplace for vulnerabilities
  • Error 404 Hacking digital India part 1 chase
  • Computer System Security Module 01
  • Control Hijacking
  • More Control Hijacking attacks integer overflow
  • More Control Hijacking attacks format string vulnerabilities
  • Defense against Control Hijacking - Platform Defenses
  • Defense against Control Hijacking - Run-time Defenses
  • Advanced Control Hijacking attacks
  • Computer System Security Module 02
  • Confidentiality Policies
  • Confinement Principle
  • Detour Unix user IDs process IDs and privileges
  • More on confinement techniques
  • System call interposition
  • Error 404 digital Hacking in India part 2 chase
  • Computer System Security Module 03
  • VM based isolation
  • Confinement principle
  • Software fault isolation
  • Rootkits
  • Intrusion Detection Systems
  • Computer System Security Module 04
  • Secure architecture principles isolation and leas
  • Access Control Concepts
  • Are you sure you have never been hacked Sandeep Shukla
  • Unix and windows access control summary
  • Other issues in access control
  • Introduction to browser isolation
  • Computer System Security Module 05
  • Web security landscape
  • Web security definitions goals and threat models
  • HTTP content rendering
  • Browser isolation
  • Security interface
  • Cookies frames and frame busting
  • Computer System Security Module 06
  • Major web server threats
  • Cross site request forgery
  • Cross site scripting
  • Defenses and protections against XSS
  • Finding vulnerabilities
  • Secure development
  • Computer System Security Module 07
  • Basic cryptography
  • Public key cryptography
  • RSA public key crypto
  • Digital signature Hash functions
  • Public key distribution
  • Real world protocols
  • Basic terminologies
  • Email security certificates
  • Transport Layer security TLS
  • IP security
  • DNS security
  • Computer System Security Module 08
  • Internet infrastructure
  • Basic security problems
  • Routing security
  • DNS revisited
  • Summary of weaknesses of internet security
  • Link layer connectivity and TCP IP connectivity
  • Packet filtering firewall
  • Intrusion detection
  • Concluding remarks

                First quiz answer CSS

                      👇👇👇👇👇

[1] What was the percentage increase in Zero Day Vulnerabilities in the year 2015?

(a) 4%

(b) 50%

(c) 100%

(d) 125%

Answer: (d) 125%

[2] What hacking attacks were mentioned in the lesson?

(a) Hacking in French Election (b) ATM Hacking in India

(c) Denial of Service attack in Turkish Bank

(d) All of the above

Answer: (d) All of the above

[3] Identify the software whose vulnerability is exploited the most?

(a) Android 

(b) Browser

(c) Adobe Flash Player

(d) Microsoft Office

Answer: (b) Browser

[4] The computer vulnerabilities and exploits

databases are maintained by___________

(a) Kaspersky Lab

(b) Symantec Corporation

(c) MITRE Corporation

(d) None of the above

Answer: (c) MITRE Corporation

[5] Which of the following is/are correct with respect to Ransomware?

(a) It is a form of Malware

(b) It encrypts the whole hard drive of the computer, essentially locking the user out of

the entire system.

(c) It locks the system's screen or lock the users' files unless a ransom is paid.

(d) All of the above

Answer: (d) All of the above

COMPUTER SYSTEM SECURITY

[6] Which of the following is considered legal?

(a) Hacking a social media account and sending a private message

(b) Hacking a bank account and siphoning

funds

(c) Hacking a company's security system with permission from the management

(d) All of the above

Answer: (c) Hacking a company's security system with permission from the management

[7] What is the cost of launching Denial of Service attack on a website?

(a) $20/hr

(b) $100/day

 (c) $300/mont

(d) Both A and B

Answer-(d) both A and B

[8] Which of the following is not an advantage of studying Cyber Security?

(a) It gives you the ability to hack a computer system

(b) It allows you to know the ways through

which cyberspace can be breached

(c) Both A and B (d) None of the above

Answer: (d) None of the above

[9] Which of the following is correct for silent banker?

(a) It is a trojan horse

(b) It records keystrokes, captures screens and steals confidential banking credentials

and sends them to a remote attacker

(c) Both A and B

(d) None of the above

Answer: (c) Both A and B

[10] Which of the following is not a part of Security System Centric Design?

(a) Policy

(b) Agreement

(c) Mechanisms

(d) Threat Models

Answer: (b) Agreement

[11] Which of the following is not a goal in the security system design?

(a) Vulnerabilit

(b) Confidentiality

(c) Integrity

(d) Availability

Answer: (a) Vulnerability

[12] Which of the following is most important in design of secure system?

(a) Assessing vulnerability

(b) Changing or Updating System according to vulnerability

(c) Both A and B

(d) None of the above

Answer: (c) Both A and B

[13] Which of the following is correct with respect to Penetration testing?

(a)It is an internal inspection of Applications and Operating systems for security flaws.

(b) It is an authorized simulated cyber-attack on a computer system, performed to evaluate the security of the system

(c) It is hacking a security system of an organization.

(d) All of the above

Answer: (b) It is an authorized simulated cyber attack on a computer system, performed to evaluate the security of the system

[14] Which of the following is to be done to avoid  limitations in threat models?

(a) Making more explicit and formalized threat models to understand possible weaknesses

(b) Making simpler and more general threat

models

(c) Making less assumptions to design a better threat model

(d) All of the above

Answer: (d) All of the above

In this post solution of 1st-week Computer System Security is given.

    

Computer security system solution first quiz

______________________________________________

Computer System Security 2nd quiz Solution

[1] The storm botnet was used for

(a) Phishing

 (b) DDos attack

(C)Hacking

(d) None of the above

Answer(d)  None of the above

Reason for evaluation-  For  spamming 

[2] Which statement  is incorrect for silent banker?

a) It is a trojan horse

(b) It records keystrokes, captures screens and steals confidential banking credentials

and sends them to a remote attacker

(c) Both A and B

(d) None of the above

Answer(c) None of the above

Reason for evaluation - 

(a) and (b) option is correct

[3] Which of the following is true for Stuxnet?

(a) it is a virus 

(b) it is a botnet

(c) it  is  a computer worn

(d) A ransomware

Answer (b)  it is a  computer worn

Reason for evaluation-  stuxnet is Malicioues computer worn 

[4] Which of the following is  incorrect for  the  attack on Target corporation?

(a) It is an example of server-side attack

 (b) More than 140 million credit card

information was stolen in the attack

 (c) The attack happened in 2011

(d) None of the above

Answer (c) The attack happened in 2011

 Reason for evaluation- this is Mentioned in lecture. 

               CSS second quiz solution

[5] Identify the correct bug bounty program name.

(a) Google Vulnerability Program

(b) Microsoft Bug Bounty Program

(c) Mozilla Bounty Program

(d) Pwn2own competition

Answer (d) Pwn2own competition

Reason for evaluation- mentioned in lecture

[6] _________are attempts by individuals to obtain confidential information from you by

falsifying their identity.

(a) Computer viruses

(b) Phishing scams

(c) Phishing trips

(d) Spyware scams

Answer (b) Phishing scams

Reason for evaluation-  marking duplicate of original

[7]  Which of the following is correct for MITM?

(a) It stands for Man-In-The-Middle attack

(b) It happens when a communication

between the two systems is intercepted by an outside entity

(c) It can happen in any form of online communication, such as email, social media,web surfing, etc

(d) All of the above

Answer (d) All of the above

Reason for evaluation-(a) , (b) and (c)  option is correct. 

               CSS  Second quiz solution

[8] Which of the following describes monitoring software installed without your consent?

(a) Malware

(b) Adware

(c) Spyware

(d) Ransomware

Answer (c) spyware

Reason for evaluation- taking access without user

[9] Which type of cyber-attack is commonly

performed through emails?

(a) Trojans

(b) Worms

(C) Ransomware

(d) Phishing

Answer (d) Phishing

Reason for evaluation-look like same as original eamils

[10] If you share too much information on social media, what may you by at risk of?

(a) Identity Theft

(b) Ransomware

(c) Malware

(d) Adware

Answer (a) Identity Theft

Reason for evaluation-  stolen your id

               

           Css quiz solution

Computer System Security 3nd quiz Solution

[1]  which of the following  programming languages  have this common buffer-overflow problem in the  development of application? 

• (a) C, Ruby
• (b) C, C++
• (c)  Python, Ruby
• (d) C, Python

Answer(b) C, C++

Reason :- Generally we use c, c++ programming language to solve buffer-overflow problem in the development of application. 

[2]   which tpye of buffer overflows are common among attackers? 

• (a) Memory-based
• (b) Queue-based
• (c) Stack-based
• (d) Heap-based

Answer(C) Stack-based

Reason:-stack-based buffer-overflow are common among attackers  ,by using what is known as a stack : memory space used to store user input. 

[3]  IN  __________ attack ,Malicious code is pushed into  __________.

• (a) buffer-overflow, stack
• (b) buffer-overflow, queue
• (c) buffer-overflow, memory card
• (d) buffer-overflow, external drive

Answer( a) buffer-overflow, stack

Reason:- Malicious code can be pushed into the stack during the buffer-overflow attack. The overflow can be used to overwrite the return pointer so that the control-flow switches to the malicious code

[4] IN case of integer  overflow , which of the following  option/s /is  are true? 

• (a) It is a result of an attempt to store a value greater than the maximum value an integer can store
• (b) Integer overflow can compromise a program’s reliability and security
• (c) Both A and B
• (d) None of the above

Answer(C) Both A and B

Reason:-according to lecture option (a) and (b) is correct so option (c) is true. 

[5] A string  which contains ____________  parameter/s, is called ___________string.

• (a) Format, text
• (b) Text,  format
• (c)  text and format,  format 
• (d) None of the above

Answer (c) text and format, format

Reason:-  A format string contains text and format parameters  linked see in this example-

       printf (“The show of example is: %d\n”, 773);    

         👇👇👇👇👇👇👇👇👇👇👇👇

Computer System Security 4th quiz Solution

Q:1. If we talk about control hijacking, which of the following is true ?

1. In Buffer overflow attacks, stack based attacks are more common than heap based attack

2. Integer overflow attacks is not a type of control hijacking.

3. Format string vulnerabilities are used to prevent control hijacking.

4.All of the above

Answer:- 4.All of the above

Reason :- All of the above is right answer of control hijacking . 

Q:2. If we mark the stack and heap segement as non executable,

1. No code will execute.

2. return-oriented programming will also not

be able to exploit it.

3. we can prevent overflow code execution.

4. All of the above.

Answer:- 3. we can prevent overflow code execution.

 Reason :-If we mark the stack and heap segement as non executable, we can prevent overflow code execution. because Overflow code execution can be prevented by marking the stack and heap segments as non-executable .

Q:3. If we talk about Return Oriented Programming, which of the following statement is true ?

1. It is a computer security exploit technique

that allows an attacker to execute code in the presence of security defences such as DEP and code signing

 

2. These types of attacks arise when an

adversary manipulates the call stack by taking advantage of a bug in the program, often a buffer overflow.

3. Return-oriented programming is an advanced version of a stack smashing attack. 

4.All of the above

Answer:- 4.All of the above

Reason :-If we talk about Return Oriented Programming the right answer is All of the above because this statement is true .

Q:4. An hardware device interrupt request invokes _________, which handles the interrupt.

1.Instruction Set Randomization

2. Information Storage and Retrieval

3. Interrupt Service Routine

4. Intermediate Session Routing

Answer:-  3. Interrupt Service Routine

Reason :- An ISR (also called an interrupt handler) is a software process invoked by an interrupt request from a hardware device. It handles the request and sends it to the CPU, interrupting the active process. When the ISR is complete, the process is resumed .

Q:5. Which of the following is a method of

randomization?

1.ASLR

2. Sys-call randomization

3. Memory randomization

4.All of the above

Answer:- 4.All of the above

Reason :- ASLR , Sys-call randomization , Memory randomization   is a method of randomization and ISR is not a randomization .

Computer System Security 5th quiz Solution

Q:1. Chroot jail is used to__________ process and its children by __________to the supplied directory name .

1. isolate, changing the root directory

2.change, the name

3.execute, renaming it

4. All of the above

Answer:- (2).change, the name

Reason :- A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. The programs that run in this modified environment cannot access the files outside the designated directory tree. This essentially limits their access to a directory tree and thus they get the name “chroot jail”.

Q:2. Talking about FreeBSD jail, which of the following is true ?

1. It can only bind to sockets with specified IP address and authorized ports

2. It can communicate with processes inside and outside of jail

3. Root is limited (example: cannot load kernel modules)

4. None of the above

Answer :-(2).It can communicate with processes inside and outside of jail

Reason :- The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called jails, all sharing the same kernel, with very little overhead.

Q:3. Which of the following is incorrect for System call interposition?

1. It tracks all the system service requests of processes. 

2. Each system request can be modified or denied.

3. It is impossible to implement tools to trace, monitor, or virtualize processes.

4. None of the above.

Answer:-(3).It is impossible to implement tools to trace, monitor, or virtualize processes.

Reason:- Abstract: System call interposition is a powerful method for regulating and monitoring program behavior. ... A system call correlating method is proposed to identify the coherent system calls belonging to the same process from the system call sequence. 

Q:4. Which of the following is a computer security utility which limits an application's access to the system by enforcing access policies for system calls?

1. systrace

2. NetBSD

3. ptrace

4. None of the above

Answer:- (1).systrace

Reason:- Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities.

Q:5. Which of the following uses a call back mechanism in the kernel module to redirect system calls?

1. systrace

2. ptrace

3. ostia

4. NetBSD

Answer :- (2).ptrace

Reason:- ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace (the name is an abbreviation of "process trace") one process can control another, enabling the controller to inspect and manipulate the internal state of its target.

             

    👉 6nd  quiz solution

Computer System Security Quiz week  6 Solution 

Q:(1).. One of the name of backdoor virus is _____ . once access is enabled, it may hide ______.

(a)..Stealth, files

(b)..Rootkit,traces of unauthorized access

(c)..Hidden Key,unauthorized access

(d)..Worm,unauthorized access

Answer:- (b)..Rootkit,traces of unauthorized access

Reason:- A backdoor virus, therefore, is a malicious code which, by exploiting system flaws and vulnerabilities, is used to facilitate remote unauthorized access to a computer system or program , A rootkit can be used to open a backdoor, allowing hackers into a system.

Q:(2).. A Password cracker is a attack tool. Which of the following is also a type of attack tool ?

(a)..Rootkit Revealer

(b)..Network sniffer

(c)..TDSSKiller

(d)..All of the above

Answer:- (b)..Network sniffer

Reason:- A network sniffer, also known as a packet analyzer, is either software or hardware that can intercept data packets as they travel across a network and its is a type of attack tool .

Q:(3).. knark hides or unhides files or directories. It ?

(a)..uses system call redirection to hide its presence.

(b)..hides TCP or UDP connections.

(c)..is a loadable kernel module.

(d)..All of the above

Answer:- (d)..All of the above

Reason:- knark hides or unhides files or directories. It uses system call redirection to hide its presence,hides TCP or UDP connections,is a loadable kernel module , 

Main Difination :- knark by Creed (creed at sekure dot net) hides files, processes, services, redirect commands, and can give root privileges. ... It can hide processes, files, connections, redirect execution, and execute commands. It hides itself and can remove security modules already loaded.

Q:(4).. Which of following is true for signature-based IDS?

(a)..They can esily detect known attacks.

(b)..They can detect new attacks for which no pattern is there.

(c)..They have high false positive rates.

(d)..All of the mentioned

Answer:- (a)..They can esily detect known attacks.

Reason:- Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from anti-virus software, which refers to these detected patterns as signatures.

Q:5. If we talk about stack based IDS, Which of the following is/are correct ?

(a)..They are integrated with the TCP/IP stack.

(b)..They pulls the packet from stack before OS .

(c)..Both (a). and (b).

(d)..None of the above

Answer:- (c)..Both (a). and (b).

Reason:- Stack Based IDS Stack IDS is a technology, which are integrated with the TCP/IP stack. Stack Intrusion Detection System allows the IDS to be watching the packets, than IDS pull the packet from the stack before the os.

       Thank you guys

Warning⚠⚠⚠⚠

This webpage is made only for education purpose. All the information on this  website is published in good faith and for general information

Any information in this webpage given Wright. But any losses or problem this webpage cyberkiller is not sure. It's won risk.