Page 104 - DCAP309_INFORMATION_SECURITY_AND

Page 104 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY

P. 104

Information Security and Privacy

Notes information from the running program. There are two solutions: the first is to have the IDS walk
the stack to find out the program’s call state before permitting a system call, which greatly
increases the accuracy. The second has the IDS that is altering the binaries to numerous function
calls send information about their incantation to the IDS system.
The other chief drawback is the incapability to manage multi-threaded programs without an
overt method to detect the incidence of a thread switch. This is not a difficulty for most UNIX
programs, but is a major problem if one would like to apply this method to Windows systems,
which rely more heavily on user threads. Yet the same performance-enhancing solution of
program annotation can be used to conquer this drawback by transmitting when thread switches
happen.
A Code Red-style worm would be able to divide into a system sheltered by such an IDS, but the
potential harm would be greatly restricted. It would be simple to deface Web pages by replacing
the routines that transport the content to pages that return erroneous content although even
though they may act identically at the system call level. As such behavior is not included in the
original program, the IDS would discontinue the program before harm could be done.

Task Discuss the drawbacks of Intrusion Detection by Program Analysis technique.

Self Assessment

Fill in the blanks:
13. To avoid highly injurious “superworms” or hackers by means of unknown or unpatched
exploits, unusual solutions are required that are intended to avert and react to .................
attacks, instead of known attacks.
14. ................. is a method to generate Java-like sandboxes for dynamically-loading random
code in a language-neutral manner.
15. The ................. executes a static analysis of the program to generate an abstract, non-
deterministic automata model of the function and system calls.



Caselet CERT-in to Empanel Network Security Auditors

N a bid to tackle cyber attacks and make information systems foolproof, Indian
Computer Emergency Response Team (CERT-in) has decided to empanel ‘security
Iauditors’ who would identify vulnerabilities in the network infrastructure of various
companies and organisations.
According to sources, the agency has already invited bids from IT security firms and
expects to finalise the companies by March-end.
“We had a strong response to the initiative and as many as 35-40 companies have responded.
We have set up a technical evaluation committee, which is currently scanning the
applications,” sources added.
The companies appointed would be responsible for undertaking infrastructure audits and
work towards identifying network vulnerabilities or gaps, they said. These firms will
Contd...

98 LOVELY PROFESSIONAL UNIVERSITY

99 100 101 102 103 104 105 106 107 108 109