Trojan is a type of the malicious program that disguised as a legitimate software. This programs can provide unauthorized access to the user’s computer. The name came from the Ancient Geek story. The working is also like similar. The way they disguised the horse to invade the troy.
There are two components of the Trojan
Overt component: Overt component can be seen or in the form dis-tractor to the users. It comes in the games, freeware software and dis-tractor software. Covert component: Covert component cannot be seen or is in the hidden form. It is usually perform by the hacker or pen tester to gain access to the victims computer by BackDoors, RootKits, KeyLoggers, Spyware
Different types of the Trojans
Virtual Network Computing Trojan (VNC)
Remote Access Trojan (RAT)
Different Infections Techniques
Physically installing on the computer
Browser(Through the different script like java-script on the browsers)
Detecting the Trojan
Monitor the common ports used by Trojans (PORTS)
Check the different process whether it is legitimate or not(Running Process)
Monitor authorized or unauthorized drivers (Drivers)
Scan different services running (Services)
Using different scanner to detect the viruses(Scanners)
Since though Email Attachment viruses can be transferred (Blocking the certain Email attachment)
Blocking certain instant messaging (shutdownInstant Messaging)
Security Technical Implementation Guide (STIG)
Restricting some the port and authorizing some of the ports (Blocking Ports)
Monitoring the system by hashing files or from the networking level like intrusion detection system (Monitor Integrity)
Trusted sources (Installing software though trusted sources)
Cross-Site Request Forgery is another web based attack. For the basic understanding, Suppose a user’s browser may be running a script from a good site and also malicious script from a bad site. This can happen when the user has logged into the good site and kept the session alive. For examples the user has logged into Gmail and has not logged off and Similarly the user may be browsing the other sites include bad site that sends the malicious script to the browser. The malicious script can then forge a request to the good site using the user cookie. but they do not know that the request was not sent by the user.
Figure : 1
In the figure above, the user logs in and establish session with good site, and keep session alive. Similarly, the user browses a bad site and runs malicious script on the browser. The malicious script forged request to the good site.
Examples of XSRF
A user logs into bank.com forget to logged off. The session cookie remain in the browser. If the user is phished to visit a malicious website attacker.com which sends an HTML page that contains a hidden I frame that include the malicious content, that the HTML page with action will be performed on the bill payment form of bank.com. In this way the malicious script forged the request on be half of user without knowing the users. Just for understanding you can see the script below.
<form name = BillPay Form action=http://bank.com/BillPay.php>
<input name=recipent value=badguy>….
The following pictures depicts more.
Source: GaTech OMSCS – CS 6035: Introduction to Information Security
At first my source of writing is from udacity, intro to information security. for more information we can view from the udacity website.
When you have something of value and there is a risk to it. But in the today world we have more value to the data or information. the threat is a possible danger that exploit our weakness and therefore causes harm
Cyber Assets at Risk
we need to develop a security mindset:
> Cyber criminals
> Nation States
Vulnerabilities and Attacks:
> Security Breach
> Vulnerabilities are in software, networks, humans
lets take a real world examples: Target Store Breach
> what is of value – credit card data
> what is threat source – criminals
> what was vulnerability – phishing was used to obtain credentials of the network
The following figures with the relationship of threats, vulnerabilities, attack and Risk will demonstrate more.
fig: Relationship of Threats, Vulnerabilities, Attacks, and Risk
What should we do in Cyber Security
Make threats go away – Not really practical
Reduce vulnerabilities – Will never go away
But, we can follow the CIA principles.
> Confidentiality: It is roughly equivalent to privacy. The ability to hide information from those people unauthorized to view it.
> Integrity: It involves maintaining the consistency, accuracy and trustworthy of data. the data must not be changed in transit and should take some measures to ensure that the data cannot be altered by authorized people
> Availability: it is important to ensure that the information is accessible to authorized people all the times. we can view short video about CIA
In the web application, the common problem is that all the users inputs are untrusted. Some security measures need to be taken by application to defend themselves from attack. So to handle user access to the application ‘s data and functionality to prevent users from gaining unauthorized access, handling the user input to the application from causing malformed input undesirable behavior, handling attacker and taking suitable defensive measures, managing the application itself by enabling administrators to monitors activities and configure functionality
In any application the central security requirement is controlling the user’ access to its data and functionality. There are different kinds of users some are authenticated users, some are anonymous, some are administrative. The application should be handled so that users can reads the emails own not of others. The following security mechanisms can be used to handle the application.
> Session management
> Access control
The authentication mechanisms is basic way to handle the user access. Authenticating is the process of knowing who he/she claims to be. Authentication used in application by basically with the user name and password. In the security critical application like for bank, there can be additional credential or multistage login processes. for the higher security requirement other authentication model may be used based on client certificates, smart cardsor challenge response tokens. The authentication process should be carefully handled because any flaws in design and implementation. Flaws can be taken advantages by the attacker to use to guess user name and bypass password and unauthorized access to sensitive data and functionality.
The another task for handling the users are session management. First I want to explain session. After successfully login into application user access different pages and makes series of HTTP request from its browser. At the same time different user some are authenticated and some anonymous try to login the application. So to identify the different users. The application meet the way to create the session for each user and issuing the user a token that identifies the session. Session itself is data Structure held on the server that track the state of the user interaction with application. When the user receive the token, submit it back to the server in subsequent HTTP request enabling the application to associate with that users. When the users does not make request for certain time then the session is expired.
In the term of attack, attacker can use other tokens to authentication and use application. similarly another areas of attack is knowing the how the tokens are generated. Attackers can guess tokens to access different others user tokens.
Access control also called authorization is the process to access the particular resources to be granted or denied. Authorization and authentication are different things. From the authentication it can be known the which kinds of the users are and according to the types of users the resources are granted or denied that is authorization or access control. So access control is important part of application. Omitting the access control check part causes attacker to gain unauthorized access to data and functionality.