CYBER SECURITY

SYSTEMS VULNERABILITY AND

SCANNING
1. Explain what is vulnerability.
2. List various types of vulnerability and explain briefly.
3. What is a port and explain how many ports are used regularly?
4. List various port numbers known.
5. Explain Packet Sniffing.
6. List down packet sniffers.
7. What is TCPdump and Windump.
WHAT IS VULNERABILITY.

In computer security, a vulnerability is a weakness which allows an

attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements:
 a system susceptibility or flaw
 attacker access to the flaw
 and attacker capability to exploit the flaw.
Vulnerability is a ‘hole‘ in any software, operating system or service,
that can be exploited by web criminals for their own benefits.
A SECURITY VULNERABILITY IS A WEAKNESS IN A PRODUCT THAT COULD ALLOW
AN ATTACKER TO COMPROMISE THE INTEGRITY, AVAILABILITY, OR
CONFIDENTIALITY OF THAT PRODUCT.

Integrity of Product: means trustworthiness. If the above weakness is

bad enough that it allows exploiters to misuse it, the product is not
integrated enough. There is a question mark as to how safe is the
product.
Availability of the Product: again refers to the weakness whereby an
exploiter can take over the product and deny access to it for
authorized users.
Confidentiality of the Product: is keeping the data secure. If the bug
in the system allows for unauthorized people to collect others’ data,
it is termed vulnerability.
EXAMPLES OF VULNERABILITIES

1. Buffer overflow
2. Lack of input validation
3. Lack of sufficient logging mechanism
4. Fail-open error handling
5. Not closing the database connection properly
6. Integer overflow
7. Format string vulnerability
8. Access Control Problems
BUFFER OVERFLOW

Buffer overflows can cause applications to crash, can compromise

data, and can provide an attack vector for further privilege escalation
to compromise the system on which the application is running.
Any application or system software that takes input from the user,
from a file, or from the network has to store that input, at least
temporarily.
 stack—stores data that is specific to a single call to a particular
function, method, block, or other equivalent construct.
heap—General purpose storage for an application. Data stored in the
heap remains available as long as the application is running
Buffer overflow attacks generally occur by compromising either the
stack, the heap, or both.
LACK OF INPUT VALIDATION
As a general rule, you should check all input received by your
program to make sure that the data is reasonable
Any input received by your program from an untrusted source is a
potential target for attack. (In this context, an ordinary user is an
untrusted source.)
 text input fields
 commands passed through a URL used to launch the program
 audio, video, or graphics files
 command line input
Hackers look at every source of input to the program and attempt to
pass in malformed data. If the program crashes or misbehaves, the
hacker tries to find a way to exploit the problem. Example:
“jail break” iPhones
ACCESS CONTROL PROBLEMS
Access control is the process of controlling who is allowed to do what.
 This ranges from controlling physical access to a computer
 keeping your servers in a locked room,
for example—to specifying who has access to a resource (a file, for
example) and what they are allowed to do with that resource (such as read
only).
Many exploits involve an attacker somehow gaining more privileges than
they should have.
Privileges, also called permissions , are access rights granted by the
operating system, controlling who is allowed to read and write files,
directories, and attributes of files and directories (such as the
permissions
for a file), who can execute a program, and who can perform other restricted
operations such as accessing hardware devices and making changes to the
network configuration
WHAT IS A PORT

In computer networking, a port serves as an endpoint in an

operating system for many types of communication. It is not a
hardware device, but a logical construct that identifies a service or
process.
A port is always associated with an IP address of a host and the
protocol type of the communication, and thus completes the
destination or origination address of a communications session.
A port is identified for each address and protocol by a 1 6 -b i t
number, commonly known as the port number.
CLASSIFICATION OF PORTS

The Internet Assigned Numbers Authority (IANA) is responsible for

the global coordination of the DNS Root, IP addressing, and other
Internet protocol resources. This includes the registration of
commonly used port numbers for well-known Internet services.
 The port numbers are divided into three ranges:
1. Well-known ports: The well-known ports (also known as system
ports) are those from 0 through 1023.
2. Registered ports: Ports 1024-49151 - Registered port:
vendors use for applications
3. the dynamic or private ports :Ports >49151 are the port numbers
that are available for use by any application to use in
PACKET SNIFFING

A packet sniffer, sometimes referred to as a network monitor or

network analyzer, can be used legitimately by a network or system
administrator to monitor and troubleshoot network traffic.
Using the information captured by the packet sniffer, an
administrator can identify erroneous packets and use the data to
pinpoint bottlenecks and help maintain efficient network data
transmission.
 The packet sniffer is also capable of capturing ALL packets
traversing the network regardless of destination.
 By placing a packet sniffer on a network in promiscuous mode, a
malicious intruder can capture and analyze all of the network traffic.
Within a given network, username and password information is
generally transmitted in clear text which means that the information
would be viewable by analyzing the packets being transmitted.
PACKET SNIFFERS
A Packet Sniffer is also known as packet analyzer is a computer
program or piece of computer hardware that can intercept and log
traffic that passes over a digital network or part of a network.
As data streams flow across the network, the sniffer captures
packet
each and, if needed, decodes the packet's raw data, showing the
values of various fields in the packets.
1. Wireshark
2. WinPcap
3. Packetyzer
4. Ip Sniffer
5. CommView
TCPDUMP AND WINDUMP

tcpdump is a common packet analyzer that runs under the command

line. It allows the user to display TCP/IP and other packets being
transmitted or received over a network to which the computer is
attached.
tcpdump is free software, Tcpdump works on most Unix-like
operating systems
tcpdump prints the contents of network packets. It can read packets
from a network interface card or from a previously created saved
packet file. Tcpdump can write packets to standard output or a file.
WinDump, the Windows version of tcpdump, can help you analyze
network traffic to look for signs of active malware