Intelligent platform management interface protocol security

Master's Project (M.S.) University of Alaska Fairbanks, 2014The Intelligent Platform Management Interface (IPMI) is a protocol that allows administrators to manage servers remotely. Hardware vendors including Dell, HP, Supermicro, IBM, Lenovo, Fujitsu and Oracle support IPMI though a Baseboard Management Controller (BMC) which can either be integrated into the motherboard or purchased as a pluggable module. The BMC runs silently alongside other components of the server and provides a lower level of hardware access than the Operating System (OS). This allows support for features like power cycling the server, mounting virtual media and accessing a remote console. The failure of BMC vendors to produce a more secure product, along with the inherent flaws of the IPMI protocol, increases the need for these systems' security capabilities to be evaluated. The IPMI protocol and various vendor implementations of the BMC has been the subject of recent scrutiny, and initial investigation has raised concerns about the security properties of these components. This project focuses on evaluating specific IPMI supported hardware and software setup in an environment modeled to simulate real use, for the explicit purpose of evaluating the security of the system. This project presents: several methods by which unprivileged users can gain remote access to the system, a list of best practices for proper configuration, a guide to clearing configuration settings before decommission, and a basic Metasploit module to scan for BMC related services

Windows security sandbox framework

Software systems are vulnerable to attack in many different ways. Systems can be poorly implemented which could allow an attacker access to the system through legitimate means such as anonymous access to a server or security controls and access lists can be configured incorrectly which would allow an attacker access to the system by exploiting a logic flaw in the systems configuration. These security vulnerabilities can be limited by implementing software systems properly or in a more restrictive manner. Sandboxing an application allows for interception of a processes system call for verification against a defined policy. A system call can be allowed or denied based on the function being called or can have parameters analyzed and verified against a defined policy. This paper presents a sandboxing framework for Microsoft Windows operating systems. The framework is written entirely in python and uses a modular design which allows for small and simple policies. Profiles can exist for processes which automatically load user policies for a sandbox process --Document

HTTP Attack Detection using N-gram Analysis

Previous research has shown that byte level analysis of HTTP traffic offers a practical solution to the problem of network intrusion detection and traffic analysis. Such an approach does not require any knowledge of applications running on web servers or any pre-processing of incoming data. In this project, we apply three n- gram based techniques to the problem of HTTP attack detection. The goal of such techniques is to provide a first line of defense by filtering out the vast majority of benign HTTP traffic. We analyze our techniques in terms of accuracy of attack detection and performance. We show that our techniques provide more accurate detecting and are more efficient in comparison to a previously analyzed HMM-based technique

A Comprehensive Security Assessment Toolkit for HealthCare Systems

This research identifies the critical need for conducting a comprehensive information security assessment of any healthcare system. This effort is vital to establish and maintain compliance of security and privacy in healthcare organizations. The paper presents a novel framework and toolkit for security assessment to establish and maintain regulatory compliance. Furthermore, the paper lays out the design of a comprehensive, automated tool set to gain insight about electronic healthcare information system vulnerabilities in the system. The research then investigates various mitigation techniques to secure a healthcare information system and its electronic health records. Furthermore, as validation the proposed toolkit is evaluated in a real-world HIMSS 6 [1] healthcare organization and their over 20 partnering clinical practices

Using HTML5 to Prevent Detection of Drive-by-Download Web Malware

The web is experiencing an explosive growth in the last years. New technologies are introduced at a very fast-pace with the aim of narrowing the gap between web-based applications and traditional desktop applications. The results are web applications that look and feel almost like desktop applications while retaining the advantages of being originated from the web. However, these advancements come at a price. The same technologies used to build responsive, pleasant and fully-featured web applications, can also be used to write web malware able to escape detection systems. In this article we present new obfuscation techniques, based on some of the features of the upcoming HTML5 standard, which can be used to deceive malware detection systems. The proposed techniques have been experimented on a reference set of obfuscated malware. Our results show that the malware rewritten using our obfuscation techniques go undetected while being analyzed by a large number of detection systems. The same detection systems were able to correctly identify the same malware in its original unobfuscated form. We also provide some hints about how the existing malware detection systems can be modified in order to cope with these new techniques.Comment: This is the pre-peer reviewed version of the article: \emph{Using HTML5 to Prevent Detection of Drive-by-Download Web Malware}, which has been published in final form at \url{http://dx.doi.org/10.1002/sec.1077}. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archivin

Intrusion detection and management over the world wide web

As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat

Some ethical hacking possibilities in Kali Linux environment

This paper deals with the problem of ethical hacking and security of computer systems. When we talk about security of an information system, we actually mean the primary three attributes of the system: confidentiality, integrity and availability. There are various approaches with aim to identify existing security weaknesses and security assessment. One of them is using Kali Linux operating system with its integrated effective tools specially adapted to the realization of various types of attacks. The paper gives a general overview of some Kali attacking possibilities on client and server side and highlights their specificities. The undoubted benefit of this operating system is a large collection of different hacking tools in one place which significantly facilitates vulnerability assessment and security testing