Security - What is meant by buffer overflow?

You might have heard of some hacks happening from time to time that are caused due to buffer overflow. Buffer overflow is also known as buffer overrun in computer security and programming terminology. It can be considered as an anomaly where the boundary of the buffer is overrun by the program while writing the data to it. When this happens, the adjacent memory is written by the program. Buffer overrun is a special case in which the memory safety rules are violated. Some inputs have been designed for executing the code or changing the way the program works. These inputs can trigger the buffer overflows. This can cause the program to behave in an erratic manner such as causing memory access errors, giving incorrect outputs, causing crash, breaches in the security system. Therefore these are considered to be a source of a number of software vulnerabilities which can be exploited very badly. C and C++ are the most common programming languages that suffer from buffer overflow problems. This is so because these languages do not come with in– built protection against overwriting of data or accessing it in some other part of memory.
These languages don’t have an automatic check on the data that is written in to some array which is more like the in – built type of buffer which lies within the array boundaries. Buffer overflows can be prevented by implementing the bound checks. When the data is written to the buffer, it may also corrupt the data stored in the adjacent memory address destinations because of lack of insufficient checking of boundaries. This can cause a buffer overflow. It may also occur while data is being copied from one buffer to another one without checking whether the data will fit in to it or not. Techniques are available for exploiting the buffer overflow vulnerability. These techniques are different for different architectures, memory region and operating systems. For example, there is a lot of difference between the exploitation on call stack and the exploitation on heap. The below mentioned protective counter measures can be taken:
- Choice of programming language: The language being used does have a profound impact on the buffer overflow occurrence. As mentioned above C and C++ have no built – in protection against this problem but their libraries do provide a number of ways for safe buffering of data and techniques to avoid them. There are languages that provide runtime checking as well as compile time checking, which checks for the possibilities when the program might overwrite the data. Examples are Eiffel, Ada, and Smalltalk etc.
- Use of safe libraries: It is necessary to avoid buffer overflows in order to maintain the degree of correctness of the code. Therefore, standard library functions that are not bound checked should be avoided. There are certain abstract data type libraries that are well tested and centralized enough for performing the buffer management automatically.
- Buffer overflow protection: This mechanism checks for the alteration of the stack when the function returns. If some modification has been made, the program makes an exit with a segmentation fault. Examples of such systems are the stackguard, libsafe, propolice and so on.
- Pointer protection: Buffer overflow involves manipulation of the pointers along with their stored addresses. A compiler extension called the point guard was developed for preventing the attackers from manipulating the pointers and the addresses stored in them reliably. However this extension was not released commercially. A similar version of it was implemented in the Microsoft window’s OS.
- Executable space protection: This method prevents the code execution on heap or stack as an approach to buffer overflow protection. The buffer overflows can be used by the attackers for insert random code in to the program memory. When the executable space protection is in place, the execution of the program will be halted by an exception. 

What are advantages and limitations of Wi-Fi?

The Wi-Fi has its own set of advantages and limitations. 

Advantages of WiFi

- WiFi makes the deployment of local Area Networks or LANs quite cheap.  

- There are some areas where the cables cannot be installed such as in historical buildings and outdoor areas. 

- But these spaces do not have any problem in hosting a wireless LAN.  

- Wireless Network adapters are being built into almost all the laptops by the manufacturers.

- A basic level of service is provided at which different brands concerning and client network interfaces access points that are competing with each other can inter-operate. 

- The products that have been certified by Wi-Fi alliance show back word compatibility. 

- A standard device for WiFi will work at any place in the whole world unlike our phones. 

- The WPA2 or the WiFi protected access encryption is secure provided a condition that the pass phrase used is quite strong.  

- The new protocols use for WMM i.e., Quality of service increase the suitability of the Wi-Fi regarding its use in latency - sensitive applications. 

- WMM is a power saving mechanism that is used for extending the life of the battery. 

Limitations of WiFi

- Inconsistency of the operation and spectrum assignments poses a problem worldwide.  

- The range all the WiFi networks is limited. 

- A wireless access point typically uses a stock antenna having a range of 100 m outdoors and 25m indoors.

- The frequency band is a major factor for producing variations in the range.  

- The range of Wi-Fi with a 2.4 ghz frequency block is better when compared with the 5.0 ghz frequency block Wi-Fi. 

- Some wireless routers come with detachable antennas. 

- These antennas can be removed for improving the range. 

- In their place upgraded antennas can be fitted. 

- The benefit of these antennas is that they have high directional gain at the remote devices. 

- The local regulations limit the maximum amount of power that can be transmitted by a Wi-Fi. 

- The power consumption of Wi-Fi is quite higher than the other standards.  

- This is so because of the reach requirements of the wireless LAN applications.

- There are technologies available that provide a propagation range that is much shorter. 

- One such technology is Bluetooth and has very low power consumption.  

- Other technologies such as zigbee have low power consumption, a long range but provides low data rate. 

- The most commonly used wireless encryption standard is WEP or wired equivalent privacy. 

- Even this standard has been proven to be breakable even if correct configuration is used. 

- This problem was addressed by WPA or Wi-Fi protected access standard to some extent. 

- By default the wireless access points use the encryption free mode. 

- The wireless security is disabled because of which the LAN can be openly accessed. 

What are uses of Wifi?

- Routers sometimes act as a Wi-Fi access point incorporating a cable modem or a DSL modem.

- These routers are installed in buildings and homes for providing Internet access and other inter networking services to the devices that in turn are connected to a either through a cable or wireless. 

- Similarly, there are routers that are powered by battery and they consist of a Wi-Fi access point and a mobile Internet radio modem. 

- Today smartphones come with this as a built-in capability.  

- However, this feature is disabled by the carriers. 

- The carriers might charge extra money for this. 

- The standalone facilities are provided by Internet packs. 

- The places where there is no network access, wifi is used. 

- Using Wi-Fi, a direct communication link between two computers can be established.  

- There is no intermediate point.  

- This type of transmission is termed as ad hoc wifi transmission. 

- This network mode is now very popular with the multi-player game consoles. Examples are:

       > Nintendo DS

       > PlayStation portable

       > Digital cameras

       > Other consumer electronic devices.

- A citywide Wi-Fi plan has been implemented by a number of the cities around the world.  

- In India, the first city to do so was Mysore.  

- The first city in the world was Jerusalem.

- The first city in United States was Sunnyvale in California to offer city-wide wifi. 

- Another type of wifi implementation is campus-wide wifi.  

- A number of colleges in United States have set up this kind of wifi network.  

- The first university to have it was Carnegie Mellon University. 

- Using wifi, the local area Network can be deployed in very less cost.  

- There are places where it is not possible for the physical transmission medium such as cables to reach. 

- In such places wifi network is of crucial importance.  

- Also, wifi can be easily deployed in historical buildings and outdoor areas.  

- Now, because of the increasing popularity of the Wi-Fi, the manufacturers are developing Wireless Network adapters for most of the notebooks and laptops.  

- This eventually led to a fall in the price of the Wi-Fi chip set. 

- Today, the Wi-Fi chip set is economically feasible and is included in most of the devices.  

- There are many brands of client network interfaces and access-points that are competing with each other.  

- These interfaces are able to inter-operate at a basic level. 

- The Wi-Fi certification for the products is issued by wifi alliance. 

- This makes them backwards compatible with each other. 

- A standard Wi-Fi Device is supposed to work anywhere in the world. 

- The encryption standard that is considered secure is the WPA2 or wifi protected access.  

- But, this would work only if the pass phrase that is being used is strong enough. 

- The Wi-Fi has been made more suitable with the use of new protocols such as quality of service.  

- This has made wifi compatible with latency sensitive applications.  

- Nowadays, for extending battery life power saving mechanisms such as WMM are being used.  

- These are the major uses of wifi technology.

- The usage wifi has been limited because of its limited range. 

- Therefore, in order to cover up a large area several intermediate Wi-Fi access-points have to be set up. 

- The variations in the range can be produced by varying the frequency band.  

- Wifi with a small frequency block works better than wifi with a larger frequency block.

- Wifi with the larger frequency blocks are optionally used. 

- The power of wifi network can be harnessed by using high gain direction antennas instead of using detachable antennas.  

- Another factor limiting the performance of wifi transmission is the local regulations. 

- Wifi also requires high power to operate upon. 

- This is a cause of concern for the devices' batteries.

What is a transposition cipher method?

- The transposition cipher method is one of the cryptography methods used for securing the communication from eavesdroppers. 

- This method of encryption shifts the positions of the units or letters of the plain text based up on some regular system so that a permutation of the plain text is generated. 

- This permuted plain text is termed as the cipher text. 

- Thus, the cipher text is generated by changing the order of the units. 

- Mathematically the following functions are used:

Ø  Bijective function: For encryption of the character’s position and

Ø  Inverse function: For decrypting the message

Now we shall see about some of the implementations of the transposition cipher:

1. Rail fence cipher: 

- This form of the transposition cipher has been named so because of the way that it follows for encoding.

- Here, the characters of the plain text are written on the successive rails in a downwards manner of some imagined fence.

- Then, we move upwards once getting to the bottom. 

- For reading the message, it is taken in rows.

2. Route cipher: 

- In this form of transposition cipher, a grid of given dimensions is taken on which the characters of the plain text are written out. 

- Then, the message is read based up on the pattern mentioned in the key. 

- For example, the pattern might be inwards spiral in clockwise direction starting from topmost right.

- The route ciphers may use many keys unlike the rail fence cipher. 

- In fact, the number of keys used for enumerating the messages of reasonable length by modern machinery might be too great. 

- Also, it is not necessary that all the keys might be good in equal terms. 

- Excessive chunks of the plain text might be left if bad routes are chosen. 

- Also, the plain text might be simply reversed, thus giving a clue to the crypt analysts about the routes. 

- The union route cipher is a variation of the traditional route cipher. 

- The difference between the two is that this one transposed the whole words unlike route cipher which transposed individual letters.

- But since transposing the whole words could expose them, they were first hidden by a code.

- The entire null words might be added for adding humor to the cipher text.

3. Columnar transposition: 

- In this form of transposition cipher, a fixed length is determined for the rows in which the message is written. 

- But for reading the message a column by column approach is followed where some scrambled order if followed for choosing the columns. 

- A keyword is chosen which is used for defining the permutation of the columns as well as the width of the rows. 

- The spare spaces might be filled with the null characters in case of the regular columnar transposition. 

- On the other hand, in these spaces are left as such in the irregular columnar transposition cipher. 

- The keyword specifies some order following which the message is read column - wise. 

- The column lengths have to be worked out by the recipient for deciphering the message. 

- This is done based up on division of the length of the message specified by the key length.

4. Double transposition: 

- A single columnar transposition is vulnerable to attacks since the possible lengths of the column and anagrams can be guessed. 

- Therefore, a stronger version of it i.e., the double transposition is followed. 

- This is a two-time application of the columnar transposition. 

- For both the transpositions, either the same key might be used or different keys.

- This was the most complicated cipher before the coming of the VIC cipher. 

- It offered reliable operation under difficult conditions. 

What is a substitution cipher method?

There are two classic methods for cryptography namely transposition cipher method and the substitution cipher method. In this article we shall discuss about the latter one i.e., the substitution cipher method. 

- This method of encoding involves replacement of the units or letters of the plain text with some other units or letters. 

- The encoded text is then called as the cipher text. 

- The replacement of the units is made based up on some regular system. 

- These units might be individual letters, pairs or triplets of letters and so on. 

- On the receiver’s side, an inverse substitution is required for deciphering the text. 

- We can make a comparison between the transposition ciphers and the substitution ciphers. 

- In the former ciphers, the plain text units are rearranged unlike in substitution cipher where units are replaced.

- The order of rearrangement in the transposition ciphers is somewhat more complex than what is followed by the substitution ciphers and the units are not changed.

- On the other side, the sequence of the units remains same in the substitution cipher but they are themselves altered. 

There are various types of substitution cipher as mentioned below:

Ø  Simple substitution ciphers: 

- This involves substitution of the single letters and thus has been termed as the simple substitution. 

- The alphabet can be written out in some order so as to represent the substitution.

- This alphabet is referred to as the substitution alphabet. 

- This alphabet might be revered or shifted or scrambled in some complex manner. 

- In such cases, it is termed as the deranged alphabet or the mixed alphabet. 

- The creation of the mixed alphabets involves writing out a keyword while removing the repeating letters and then rewriting the leftovers in the same sequence. 

- For avoiding the transmission errors, the cipher text is written in block form and the spaces and the punctuation are omitted. 

- This also helps in creating disguises for the boundaries between the words.

Ø Homophonic substitution: 

- This method is followed for increasing the difficulty for the frequency analysis attacks. 

- The frequencies of the letters of the plain text are disguised by homophony. 

- Here the letters of the plain text are mapped to many symbols of the cipher text. 

- Normally the plain text symbols with highest frequencies are mapped with more equivalents when compared to their low frequency counterparts. 

- This leads to the flattening of the frequency distribution which in turn raises the difficulty of frequency analysis. 

- For the invention of larger alphabets a number of solutions are employed. 

- The simplest of these solutions is using a numeric substitution alphabet. 

- Another method uses the variations of the existing alphabet i.e., writing it upside down, or in upper case and lower case etc. 

- Nomenclature is also a variant of the homophonic substitution. 

- The other two types of homophonic ciphers namely straddling checker board and book cipher.

Ø Polyalphabetic substitution: 

- It involves the use of the multiple cipher alphabets. 

- For the facilitation of the encryption process, these alphabets are written out in a big table which is referred to as the tableau. 

- The particular poly alphabetic cipher is defined by the method with which the tableau is filled and the alphabet is chosen. 

- Some types of the polyalphabetic ciphers are:

             1. Beaufort cipher

             2. Gronsfeld cipher

             3. Running key cipher

             4. Autokey cipher

Ø  Polygraphic substitution: 

Here the letters of the plain text are substituted in terms of large groups instead of individual letter substitution.

Ø Mechanical substitution ciphers: 

Some examples of this type of substitution ciphers are enigma, rotor cipher machines etc.

Ø The one-time pad: 

This one is a special substitution cipher which has been proven that it is unbreakable mathematically.

What is Traditional Cryptography?

- Cryptography is the practice that involves study and application of the techniques for making communication secure with the adversaries or the third parties. 

To be more general, it involves construction and the analyzation of the protocols for overcoming the impact of the adversaries and other aspects concerning the information security such as the following:

Ø  Data confidentiality

Ø  Data integrity

Ø  Authentication

Ø  Non – repudiation

- The modern cryptography in contrast to the traditional cryptography intersects the computer science, mathematical and the engineering disciplines. 

There are various applications of cryptography as in the following:

Ø  ATM cards

Ø  Computer passwords

Ø  Electronic commerce

- The traditional cryptography was synonymous with the process of encryption which involves converting the information which is in readable state to such a state in which it appears like utter nonsense. 

- The one who generated the encrypted message also shared the technique for decoding the message only with the desired recipients, thus the unwanted people are precluded from doing so.

- Cryptography is in use since the World War I and the methods that were used then now have become so complex and eventually its application increased. 

- Modern cryptography’s foundation is based up on the computer science and the mathematical theory. 

- The designing of the cryptographic algorithms is done around the computational hardness assumptions. 

- In practice, this makes these algorithms quite hard to break by any third party. 

- However, theoretically it is possible to break in to such a system but for doing so any known practical means are in-feasible.

- That is why, all these schemes are considered to be computationally safe and secure. 

For the following, the continuous adaptation of these methods is required:

Ø  Improvements in the algorithms for the integer factorization.

Ø  Faster computing technology.

- Also, there are schemes that are information – theoretically secure and even with unlimited computing power, these schemes cannot be broken.

- One such scheme is one time pad. 

- Also, the implementation of these schemes is also quite difficult when compared to the schemes that are computationally secure but are theoretically breakable. 

- Traditionally cryptography referred only to the encryption which involves conversion of the ordinary info in to cipher text or unintelligible text. 

- The reverse process of this is decryption. 

- The pair of algorithms that carry out these two processes is called the cipher. - Each instance of the operation of the cipher is controlled by a key which is kept secret between the communicants. 

- The purpose of this key lies in decryption of the cipher text. 

- Earlier the encryption and the decryption process were carried out directly by the ciphers without involvement of any integrity or authentication checks. 

- Before the advent of the modern cryptography, the traditional cryptography was known to be concerned only with the message confidentiality i.e., converting the message from comprehensible text in to incomprehensible text and vice versa. 

- The message was thus unreadable for the eavesdroppers and the interceptors without key. 

- For ensuring the secrecy in the communications, the encryption process was used. 

- But now the field expands far beyond the confidentiality issues.

- It now consists of techniques for authentication and message integrity checking, secure computation techniques, interactive proofs, digital signatures and so on. 

- Earlier two types of classical ciphers were used namely substitution ciphers and the transposition ciphers. 

- The former type involved replacing the letters by some other letters.

- The transposition ciphers involved rearrangement of the letters. 

- Some examples of early ciphers are caeser cipher, atbash cipher etc. 

- The early ciphers were assisted by some other physical aids and devices. 

- Eventually more complex ciphers could be developed with the development of the digital computers. 

- Any kind of data that could be represented in binary format could be encrypted.

How can firewalls secure a network?

Firewalls in computer systems are either software based or hardware based. But they have the same purpose of keeping a control over the incoming as well as the outgoing traffic. 

In this article we discuss about how the network is secured by the firewalls. 

- This control is maintained through the analyzation of the data packets. 

- After analyzation, the firewall’s work is to determine whether to allow these packets to pass or not. 

- This decision is taken based up on some set of rules.

- With this set of rules, a barrier is established by the firewall between the external network that is not considered as secure and trusted and the internal network which is secure and trusted. 

- Most of the personal computer’s operating systems come with a built-in software based firewall for providing protection against the threats from external networks. 

- Some firewall components might also be installed in the intermediate routers in the network. 

- Also some firewalls have been designed to perform routing as well.

There are different types of firewalls which function differently.This classification of the firewalls is based up on the place where the communication is taking place i.e., whether at the network layer or the application layer.

Packet filters or network layer: 

- Firewalls used at the network layer are often termed as the packet filters. 

- This firewall operates at low level of the protocol stack of the TCP/ IP and so does not allow the packets to pass through it unless they satisfy all the rules. 

- These rules might be defined by the administrator of the firewall. 

- These firewalls can also be classified in to two categories namely the stateless firewalls and the state-ful firewall. 

- The former kind use less memory and operates faster in the simple filters, thus taking less time for filtering. 

- These firewalls are used for filtering the stateless network protocols i.e., the protocols which do not follow the session concept. 

- These firewalls are not capable of making complex decisions based up on the state of the communication. 

- The latter kind maintains the context of the active sessions. 

- This state info is used by these firewalls for speeding up the packet processing. 

- A connection is described using any of the properties such as the UDP or TCP ports, IP addresses and so on. 

- If a match is found between an existing connection and the packet, it is allowed to pass. 

- Today firewalls have capabilities of filtering the packets based up on attributes like IP addresses of source and destination hosts, protocols, originator’s netblock, TTL values and so on.

Application layer Firewalls: 

- Firewalls of this type work on the TCP/ IP stack’s application level. 

- All the packets traveling in and out of the application are intercepted by this firewall. 

- This leads to blocking of the other packets also. 

- Firstly, all the packets are inspected for any malicious content for preventing the outspread of the Trojans and worms. 

- Some additional inspection criteria might be used for adding some extra latency to the packet forwarding. 

- This firewall determines whether a given connection should be accepted by a process. 

- This function is established by the firewalls by hooking themselves in to the socket calls for filtering the connections. 

- These application layer firewalls are then termed as the socket filters.

- There way of working is somewhat similar to the packet filters except that the rules are applied to every process rather than connections. 

- Also, the rules are defined using the prompts for those processes that have not been provided with a connection. 

- These firewalls are implemented in combination with the packet filters.

What are the security problems faced by a network?

Making mistakes concerning the network security is very common. The same mistakes are repeated again and again. These problems cannot be solved without changing our working methods. In this article we discuss about some common security problems that are faced by a network.

ØUsing weak and non-complex passwords for accessing the network: 

- Brute forcing is an old school exploit to which many of the system network administrators are open to. 

- The very famous captcha technology has been implemented for correcting this vulnerability of the network security passwords. 

- In the common captcha, the user is required to type in the digits or the letters that are displayed on the screen in some sort of distorted image. 

- This technology has been designed to prevent the network to be accessed by unwanted internet bots.

- However, this is not as safe as it looks. 

- It just gives a false sense to the network admins for countering the brute forcing. 

- Complex password is the solution for this problem. 

- For creating a complex password, more than seven characters need to be combined with special characters and numbers. 

- Apart from the creation of the complex passwords, a password expiration system has to be implemented. 

- This system is for reminding the users for changing their passwords. 

- Also, care should be taken regarding the reuse of the passwords. 

- Cycling of the passwords should not be allowed.

Ø Using server application or software that is outdated: 

- The patches are released by the companies from time to time for ensuring that the system does not become vulnerable to the various threats. 

- Also, new exploits and threats are posed by the hackers that can harm the network if the patches are not properly used. 

- For ensuring the network administrator is kept informed of the new threats, the software or the applications have to be updated regularly.  

Ø Web cookies: 

- Even though the viruses and malware cannot be introduced in to the network through cookies, these cookies can be tracked by some third party cookies for compiling the records of the browsing histories of the individuals. 

- The cookies that are not encrypted pose a major threat because they make the system vulnerable to the cross site scripting (XSS) attacks, thus putting your privacy at risk. 

- The open cookies can provide access to the cookies with the log-in data which can be used by hackers for intruding in to your systems. 

- The solution to this problem is to use the encrypted cookies along with an encoded expiration time. 

- The admins might ask the users to re-log-in before accessing important network directories.

Ø Plain hashes: 

- Hashing is the technique used for indexing and retrieval purposes in the database. 

- In most of the encryption algorithms, the plain hashes are mostly used. 

- A type of encryption is the salt that might be added to the hashes for making the creation of a look-up table that might assist the brute force or directory attacks extremely difficult or let’s say almost impractical. 

- But this works only when large salt is used. 

- Usually a pre-computed look up table might not be used by the attacker in exploitation of the network. 

- This makes the network security system even more complex.

- So even if the attacker is able to break into your system, he won’t be able to access the information from the database. 

- The encryption key should be kept hidden.

Ø Shared web hosting: 

- This service is used by the websites that reside on one same server. 

- Each site is given its own partition. 

- This is economically feasible for most of the systems. 

- But here if the attacker breaches in to system of one website, he can get into other website’s security systems too.