Vikten av säkra nätverk

Ihlström, Pontus

January 2011

The purpose of this thesis is to show how to use vulnerability testing to identify and search for security flaws in networks of computers. The goal is partly to give a casual description of different types of methods of vulnerability testing and partly to present the method and results from a vulnerability test. A document containing the results of the vulnerability test will be handed over and a solution to the found high risk vulnerabilities. The goal is also to carry out and present this work as a form of a scholarly work.The problem was to show how to perform vulnerability tests and identify vulnerabilities in the organization's network and systems. Programs would be run under controlled circumstances in a way that they did not burden the network. Vulnerability tests were conducted sequentially, when data from the survey was needed to continue the scan.A survey of the network was done and data in the form of operating system, among other things, were collected in the tables. A number of systems were selected from the tables and were scanned with Nessus. The result was a table across the network and a table of found vulnerabilities. The table of vulnerabilities has helped the organization to prevent these vulnerabilities by updating the affected computers. Also a wireless network with WEP encryption, which is insecure, has been detected and decrypted.

Sårbarhet

kartläggning

exploit

Nessus

metasploit

Exploring Vulnerabilities in Networked Telemetry

Shonubi, Felix, Lynton, Ciara, Odumosu, Joshua, Moten, Daryl

10 1900

ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / The implementation of Integrated Network Enhanced Telemetry (iNET) in telemetry applications provides significant enhancements to telemetry operations. Unfortunately such networking brings the potential for devastating cyber-attacks and networked telemetry is also susceptible to these attacks. This paper demonstrates a worked example of a social engineering attack carried out on a test bed network, analyzing the attack process from launch to detection. For this demonstration, a penetration-testing tool is used to launch the attack. This attack will be monitored to detect its signature using a network monitoring tool, and this signature will then be used to create a rule which will trigger an alert in an Intrusion Detection System. This work highlights the importance of network security in telemetry applications and is critical to current and future telemetry networks as cyber threats are widespread and potentially devastating.

Telemetry

Exploit

Metasploit

Intrusion Detection System (IDS)

Bluetooth Threat Taxonomy

Dunning, John Paul

22 December 2010

Since its release in 1999, Bluetooth has become a commonly used technology available on billions of devices through the world. Bluetooth is a wireless technology used for information transfer by devices such as Smartphones, headsets, keyboard/mice, laptops/desktops, video game systems, automobiles, printers, heart monitors, and surveillance cameras. Dozens of threats have been developed by researchers and hackers which targets these Bluetooth enabled devices. The work in this thesis provides insight into past and current Bluetooth threats along with methods of threat mitigation. The main focus of this thesis is the Bluetooth Threat Taxonomy (BTT); it is designed for classifying threats against Bluetooth enabled technology. The BTT incorporates nine distinct classifications to categorize Bluetooth attack tools and methods and a discussion on 42 threats. In addition, several new threats developed by the author will be discussed. This research also provides means to secure Bluetooth enabled devices. The Bluetooth Attack Detection Engine (BLADE) is as a host-based Intrusion Detection System (IDS) presented to detect threats targeted toward a host system. Finally, a threat mitigation schema is provided to act as a guideline for securing Bluetooth enabled devices. / Master of Science

Intrusion Detection

Taxonomy

Security

Bluetooth

Exploit

Automated Reflection of CTF Hostile Exploits (ARCHES)

January 2019

abstract: As the gap widens between the number of security threats and the number of security professionals, the need for automated security tools becomes increasingly important. These automated systems assist security professionals by identifying and/or fixing potential vulnerabilities before they can be exploited. One such category of tools is exploit generators, which craft exploits to demonstrate a vulnerability and provide guidance on how to repair it. Existing exploit generators largely use the application code, either through static or dynamic analysis, to locate crashes and craft a payload. This thesis proposes the Automated Reflection of CTF Hostile Exploits (ARCHES), an exploit generator that learns by example. ARCHES uses an inductive programming library named IRE to generate exploits from exploit examples. In doing so, ARCHES can create an exploit only from example exploit payloads without interacting with the service. By representing each component of the exploit interaction as a collection of theories for how that component occurs, ARCHES can identify critical state information and replicate an executable exploit. This methodology learns rapidly and works with only a few examples. The ARCHES exploit generator is targeted towards Capture the Flag (CTF) events as a suitable environment for initial research. The effectiveness of this methodology was evaluated on four exploits with features that demonstrate the capabilities and limitations of this methodology. ARCHES is capable of reproducing exploits that require an understanding of state dependent input, such as a flag id. Additionally, ARCHES can handle basic utilization of state information that is revealed through service output. However, limitations in this methodology result in failure to replicate exploits that require a loop, intricate mathematics, or multiple TCP connections. Inductive programming has potential as a security tool to augment existing automated security tools. Future research into these techniques will provide more capabilities for security professionals in academia and in industry. / Dissertation/Thesis / Masters Thesis Computer Science 2019

Computer science

Capture the Flag

Computer Security

Exploit Generation

Exploit Reflection

Inductive Programming

Association rules for exploit code analysis to prevent Buffer Overflow

Li, Chang-Yu

01 August 2007

As the development of software applications and Internet, the security issues that come with get more serious. Buffer Overflow is an unavoidable problem while software programming. According to the advisories of each year, they show that many security vulnerabilities are from Buffer Overflow. Buffer Overflow is also the cause of intrusion made by hackers. The users of software applications usually depend on the software updates released by software venders to prevent the attacks caused by Buffer Overflow. So before applying software updates, that how to avoid attacks to software and prolong the save period of software is an important issue to prevent Buffer Overflow. By collecting and analyzing the exploit codes used by hackers, we can build the overall pattern of Buffer Overflow attacks, and we can take this pattern as the basis for preventing future Buffer Overflow attacks. Association rules can find the relations of unknown things, so it can help to build the common pattern between Buffer Overflow attacks. So this work applies association rules to build the pattern of Buffer Overflow attacks, and to find out the relations of system calls inside the exploit codes. We experiment and build a group of system call rules that can differentiate the attack behavior and the normal behavior. These rules can detect the Buffer Overflow attacks exactly and perform well in false positives. And then they can help to do further defenses after detecting attacks and alleviate the seriousness of Buffer Overflow attacks to computer systems.

system call

association rules

Buffer Overflow

exploit code

Cybersecurity of remote work migration: A study on the VPN security landscape post covid-19 outbreak

Einler Larsson, Lukas, Qollakaj, Kushtrim

January 2023

Background. The pandemic outbreak commenced a large migration of employees from all kinds of industries from previously working in an industrial or office environment to working from home. The remote migration allowed many kinds of work to continue as usual even during a pandemic. A common tool to use when working remotely is a Virtual Private Network (VPN) that allows remote workers to connect to a Local Area Network (LAN) at the company office. Which further grants the remote worker secure access to organizations resources and services. This remote work setup has increased the complexity of the company networks and therefore also magnified the attack surface for cyber threat actors. Objectives. The objective of this thesis involves studying how the VPN security landscape looks like after the pandemic outbreak. Answering questions related to how the attacks on VPNs changed in numbers, which techniques and tactics the adversaries use against VPN security systems and then, for the thesis to “bite itself in the tail”, investigate countermeasures that can further improve the VPN security. Methods. One research method is used in two different fashions to satisfy the objectives. The research method is a Systematic Literature Review (SLR). The first SLR involves research on secondary data reports, published by cyber companies, cyber experts, or cyber departments of large IT organizations. The second SLR involves qualitative research by reading research papers related to how VPN security can be improved.  Results. In direct consequence of the remote work migration the number of VPN attacks have increased. The vulnerabilities found in VPN systems have been used extensively where even national cybersecurity organizations have urged companies to patch systems. Advanced Persistent Threat (APT) groups have leveraged the published vulnerabilities by exploiting unpatched systems and established persistent and defense-evasive access to networks that remote workers connect to with VPNs. To counter these threats and to harden the VPN systems and private networks, there are recommendations involving countermeasures such as enforced Multi Factor Authentication (MFA) and adding multiple defense layers in private networks. Conclusions. This thesis concludes that the covid-19 pandemic outbreak was the root cause to the huge remote work transition which in turn caught 99% of all organizations and home networks off guard when it comes to VPN security for remote workers. This caused huge opportunities for threat actors and state sponsored adversaries which is the main reason for the increased number of cyberattacks post covid-19 outbreak. Cyber adversaries exploited every vulnerability, bug, and misconfiguration they could find by conducting tactics and techniques like phishing, ransomware, exploiting VPN vulnerabilities and performing DDoS-attacks to the best of their abilities. This caused huge damage to organizations, governments, healthcare, and militaries all around the world. In order to increase VPN security for remote workers, small, medium or big organizations, we have developed a new VPN hardening framework.

Cybersecurity

Remote work

VPN

Exploit

Hardening

Computer Sciences

Datavetenskap (datalogi)

Physiological Arousal Predicts Increased Directed Exploration Under Stress

LaFollette, Kyle J.

27 January 2023

No description available.

Psychology

acute stress

explore-exploit

decision-making

uncertainty

Skicklighet i förhållande till målsättning och spelares motivation till att fuska / Skill in relation to goals and players motivation to cheat

Ahlgren Löfvendahl, Roy

January 2018

I det här arbetet ställs prestationsmål mot skicklighetsmål för att hitta motivationer kring fuskande i kompetitiva dataspel. För att definiera fusk så förklaras många aspekter av spel som ofta används för fuskande. Från brytande av regler satta av utvecklare, turneringar, eller andra involverade grupper, till ambiguös utnyttjning av buggar och glitchar. För att undersöka motiveringar till fuskande antas det att om skicklighetsnivån hos en spelare inte når upp till skicklighetskravet i ett spel så ökar chansen för fusk. En 1 mot 1 spelare mod till spelet Starcraft 2 skapades, där 2 testare ställs inför en duell. Under matchen så får den förlorande spelaren valet av att fuska, därefter intervjuas alla testare i par och de får reflektera och motivera. De flesta var emot fuskande, men många valde ändå att fuska i artefakten. Konceptet med prestationsmål och skicklighetsmål kan vidareutvecklas och testas på fler sätt än i detta arbete, vilket uppmuntras.

Fusk

Fuskande

Motivation

Glitch

Exploit

Bug

Målsättning

Computer and Information Sciences

Data- och informationsvetenskap

Evaluating Kismet and NetStumbler as Network Security Tools & Solutions.

Ekhator, Stephen

January 2010

ABSTRACT Despite advancement in computer firewalls and intrusion detection systems, wired and wireless networks are experiencing increasing threat to data theft and violations through personal and corporate computers and networks. The ubiquitous WiFi technology which makes it possible for an intruder to scan for data in the air, the use of crypto-analytic software and brute force application to lay bare encrypted messages has not made computers security and networks security safe more so any much easier for network security administrators to handle. In fact the security problems and solution of information systems are becoming more and more complex and complicated as new exploit security tools like Kismet and Netsh (a NetStumbler alternative) are developed. This thesis work tried to look at the passive detection of wireless network capability of kismet and how it function and comparing it with the default windows network shell ability to also detect networks wirelessly and how vulnerable they make secured and non-secured wireless network. Further analysis where made on captured network source packets using wireshark (a network analyzer). The discovery of MAC addresses, IP address, data frames, SSID’s by kismet and netsh and the further exposure of management traffic with wireshark is a source of concern given that such useful network parameters in the hands of an experienced hacker would be a valuable information that could be used in hacking into any network computer. Introduction to kismet and netstumbler application and their inherent capabilities in network detection is given an in depth look at the beginning of this work. A wide range of definitions and concepts of wireless technology application and uses as it applies to wireless networks, supported devices, security standards and protocols, firewalls and ad-hoc networks, wardriving and its legality, types of authentication, the Linux kernel, special TCP/UDP ports, the drone and third party firmware were all given an in depth look. kismet download and configurations on linux based OS and the netsh utility fucntionalities was explained for the purpose of clarity. Captured management data packets were opened with wireshark and management data frames found within the packets were analysed. Also, a look at the different file types and results of captured management traffic were displayed. Some of the challenges encountered in the course of this work were discoursed in details and comparison between kismet and netsh was done from the perspective of the vulnerability of a network and the poor channel hopping capability of kismet. / The thesis is about deploying Kismet application software to capture wireless networks, analysis the capture data packets if there is any vulnerability and then compare the results with NETSH captures . NETSH is a Netstumbler alternative which comes as default in Windows vista.

data

traffic

exploit

kismet

netsh

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT

Wanderydz, Kristoffer

January 2012

This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state. The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming. Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application.

Web

Spring

Security

Application

Exploit

Vulnerabilities

Secure

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik