Cyber security and web protection

Cyber security and web protection

Cyber security 

Cyber security term is used to make data secure from unauthorized access.

Information technology is growing everyday globally and most useful information related to government, banking, online sellers, social media, payment gateways etc all are stored in servers to access confidential data from these servers needed some authentication process to make sure that information on server is accessed by authorized agencies and individuals.


Cyber attacks and malicious software

 Malicious software are the software that are designed  intentionally  to harm your data.
 they are commonly know as malware

 1. Computer viruses:

A virus is a program that can  infect other program by modifying them. the modification includes a copy of the virus program which can then go on to infect other programs.

Types of computer  viruses:

• Boot sector virus:

A virus that infects the boot record on hard drives.

• Macro virus 

A virus that infects documents using application specific macro languages.

•  Companion viruses:

The virus keep the name of program that is supposed to run. so it gives an illusion  to wiser that original program is running, but it infected the original program is excuted after excution of virus that has same 'program name but different extension'.
For Example:  ".exe" file to ".com".

•  Execution program viruses:

Executable virus  make changes in executable program by just inserting its codes with them.

•   Memory resident viruses:

As its  name  emphasize it is a virus that resides in memory all the time .
For Example: An intelligent  memory  resident virus can modify the data from operating system RAM.

Working of viruses
 
After becoming active in the memory virus start monitoring different activities of the system ,such as the disk read /write operation.never press the CTRL+ALT+DEL key combination to reboot a virus defected system , many time  this key combination makes the virus active .
 
List of common computer viruses
 
   1. Bad Boys.
   2. Boot Killers.
   3. Dark Avenger.
   4. Friday 13th.
   5. One Half.
   6. Ping Pong.
  
2. Worm viruses:

worm means ( write one read many)computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus,
it does not need to attach itself to an existing program.

Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately .Worms normally move around and infect other machines through computer netwoWorms normally move around and infect other machines through computer networks.

 The Code Red worm had instructions to do three things:

• Replicate itself for the first 20 days of each month
• Replace Web pages on infected servers with a page featuring the message "Hacked by Chinese"
• Launch a concerted attack on the White House Web site in an attempt to overwhelm it.

3. Trojan horses

 How Do Computers Get Trojan Horses?

 Most trojans are introduced through careless downloading: email or instant messenger attachments   and peer-to-peer files are common culprits. The user clicks on a file, not noting that it has an .exe or other executable file suffix.The program loads and takes root, slowly weeding through the operating system and software.

Some trojans are so advanced that they can tap into an address book, email each person, and attach itself to the outgoing mail.

Trojans can also transmit through networks, especially ones that don't have effective firewall or anti-virus protection. If one trojan is opened from several terminals, the infestation can quickly spread to servers and critical files. From there, thieves can remotely download client credit card information.
Several security breaches with thousands of compromised names have made headlines in the last few years alone.

Cyber security:

Tips to combat viruses, Worms and Trojan Horses on Your Computer

1. Keep the operating system updated

The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date.
This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses.
Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer.

2. Use a firewall

You should also install a firewall. A firewall is a system that prevents unauthorized use and access to your computer.
A firewall can be either hardware or software. Hardware firewalls provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans,
a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.

For individual home users, the most popular firewall choice is a software firewall.  A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.

3. Keep viruses away

1. do not use pirated software.
2. get software from reputed companies.
3. run virus scanner.
4. always keep current version of antivirus software.  


4. List of few Anti-viruses 

1. McAfee
2. Quick Heal
3. Norton
4. AVG
5. K7 total security


Thanks for reading if you have any question add in comments section.

how to check ssl vulnerability

SSL Vulnerability Protection

SSL (Secure Sockets Layer) certificates are an generally used to provide security to your website data transmission . when you visit a website with SSL the site’s SSL certificate enables you to encrypt the data you send, such as credit card information, names or addresses so it can’t be accessed by hackers.

How SSL Works

SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
SSL is divided into two layers which is having four protocols encapsulation for all communication between the client machine and the server.
one layer makes use of TCP directly. This layer is known as the SSL Record Protocol and it provides basic security services to various higher layer protocols.

SSL layer protocols

SSL Record Protocol (Lower level protocol):
it's independent protocol of ssl layer that makes use of the record Hypertext Markup Language (HTTP) protocol.

Another three higher level protocols they are used in the management of SSL exchanges and are as follows:

1. Handshake Protocol.
This protocol is used before any application data is sent this protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.

2. Change Cipher Spec Protocol.
This protocol consists of a message which consists of a single byte with the value 1. This is used to updates the cipher suite to be used on this connection.

3. Alert Protocol.
This protocol is used to convey SSL-related alerts to the peer entity. It consists of two
bytes the first of which takes the values 1 (warning) or 2 (fatal). If the level is fatal SSL
immediately terminates the connection. The second byte contains a code that indicates the specific alert.


As mention above SSL is helps to make website secure in data transmission but SSL also have vulnerabilities and issues.

Two vulnerabilities in SSL found in 2014:


1. The "Apple" bug, affecting recent Mac OS X and iOS devices.
2. The "heartbleed" bug concerning misuse of TLS protocol.

The "Apple" bug

Apple has their own implementation of the SSL security protocol: "libsecurity".
Also referred to as "SecureTransport".
This is used on recent Mac OS X (10.9, used on MacBooks, etc.) and iOS (used on iPhones, etc.).
In February 2014 a large vulnerability was found:the server signature for the shared secret was never validated.

The "heartbleed bug"
Discovered and publicized in April 2014.
Problem is in the "heartbeat" extension of TLS(RFC 6520).
Implementation in OpenSSL is buggy: allowsmemory of system to be read.
Linux and BSD systems rely on OpenSSL, so this bug is VERY widespread.

SSL Attacks

Over the last couple of years, several significant vulnerabilities have been discovered in the SSL protocol most commonly used variants, AES-CBC and RC4. The AES-CBC variant has seen significant crypt-analysis padding oracle attacks  BEAST , Lucky 13 , TIME, and POODLE.

A Man-in-the-Middle Attack:

the attacker using a large number of encryptions of secret data, e.g. a session cookie, JavaScript malware is downloaded from an attacker-controlled website and runs in the victim’s browser, repeatedly sending HTTPS requests to the victim web server. Session cookies are automatically included in each of these

requests in a predictable location, and can thus be targeted in the attack. The attacker, who needs new SSL connections for new RC4 keystream prefixes, can enforce termination of the SSL session after the target encrypted cookie is sent. The browser will automatically establish a new SSL session when the next HTTPS request is sent.

Renegotiation attack:

A vulnerability of the renegotiation that can lead to plaintext injection attacks a gainst SSL 3.0 and all current  For example, it allows an attacker who can hijack an https connection to splice their own requests into the beginning of the conversation the client has with the web server. The attacker can't actually decrypt the client-server communication, so it is different from a typical man-in-the-middle attack.

Protocol downgrade:

A protocol downgrade attacks (also called a version rollback attack) tricks a web server into negotiating connections with previous versions of TLS (such as SSLv2) that have long since been abandoned as insecure.

Previous modifications to the original protocols, like False Start (adopted and enabled by Google Chrome) or Snap Start, reportedly introduced limited TLS protocol downgrade attacks or allowed modifications to the cipher suite list sent by the client to the server. In doing so, an attacker might succeed in influencing the cipher suite selection in an attempt to downgrade the cipher suite negotiated to use either a weaker symmetric encryption algorithm or a weaker key exchange.

Cross-protocol attacks:

DROWN attack

The DROWN attack is an exploit that attacks servers supporting contemporary SSL/TLS protocol suites by exploiting their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.DROWN exploits a vulnerability in the protocols used and the configuration of the server, rather than any specific implementation error. Full details of DROWN were announced in March 2016, together with a patch for the exploit.

BEAST attack:

BEAST (Browser Exploit Against SSL/TLS) for a long-known cipher block chaining (CBC) vulnerability in TLS  an attacker observing 2 consecutive ciphertext blocks C0, C1 can test if the plaintext block P1 is equal to x by choosing the next plaintext block P2 = x ^ C0 ^ C1; due to how CBC works C2 will be equal to C1 if x = P1.

CRIME and BREACH attacks:

CRIME (security exploit) and BREACH (security exploit)
The authors of the BEAST attack are also the creators of the later CRIME attack, which can allow an attacker to recover the content of web cookies when data compression is used along with TLS. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session.

Timing attacks on padding:

Some experts also recommended avoiding Triple-DES CBC. Since the last supported ciphers developed to support any program using Windows XP's SSL/TLS librarlike Internet Explorer on Windows XP are RC4 and Triple-DES, and since RC4 is now deprecated this makes it difficult to support any version of SSL for any program using this library on XP.
A fix was released as the Encrypt-then-MAC extension to the TLS specification, released as RFC 7366. The Lucky Thirteen attack can be mitigated in TLS 1.2 by using only AES_GCM ciphers; AES_CBC remains vulnerable.

POODLE attack:

On October 14, 2014, Google researchers published a vulnerability in the design of SSL 3.0, which makes CBC mode of operation with SSL 3.0 vulnerable to a padding attack (CVE-2014-3566). They named this attack POODLE (Padding Oracle On Downgraded Legacy Encryption). On average, attackers only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages.
In general, graceful security degradation for the sake of interoperability is difficult to carry out in a way that cannot be exploited. This is challenging especially in domains where fragmentation is high.

RC4 attacks:


Despite the existence of attacks on RC4 that broke its security, cipher suites in SSL and TLS that were based on RC4 were still considered secure prior to 2013 because the way in which they were used in SSL and TLS. In 2011, the RC4 suite was actually recommended as a work around for the BEAST attack. New forms of attack disclosed in March 2013 conclusively demonstrated the feasibility of breaking RC4 in TLS, suggesting it was not a good workaround for BEAST.

How to protect your website from SSL attackers:

SSL Labs to test SSL vulnerability:

SSL Labs is a non-commercial service to verify SSL vulnerability it's a collection of documents, tools to better understand how SSL is deployed on your website.

Website:

www.ssllabs.com

Recommended SSL configuration to remove vulnerability from your website.

ssl.conf:

To protect your website from SSL vulnerability make sure ssl.conf  should have proper configuration parameters.

Add Latest SSLCipherSuite:

Step 1: 

Find SSLCipherSuite in ssl.conf file and replace CipherSuite with following SSLCipherSuite. 

SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4"

Step 2:

Find SSLProtocol in ssl.conf file to remove old SSL versions.

To remove vulnerable versions SSL2,SSL3

SSLProtocol all -SSLv2 -SSLv3  

you can also remove old TLS vulnerable versions SSLv2,SSLv3,TLSv1,TLSv1.1

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Step 3:

SSLHonorCipherOrder On

Step 4: 

cve-2016-2107

To remove this vulnerability need to upgrade openssl versoin.

These are some important configuration parameters to verify SSL deployed properly or not.

Thanks for reading if you have any question add in comments section.