A Novel Software Architecture for Network Security Testing (PDF ...

Proceedings of the 4th National Conference; INDIACom-2010 Computing For Nation Development, February 25 – 26, 2010 Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi

A Novel Software Architecture for Network Security Testing 1

Rajni Jindal , Puneet Kumar2, Akhil Jindal3, Nikhil Jindal4, Sidharth Chhabra5 and Varunn Kaushik6 1 Asst. Professor, Department of Computer Engineering, Delhi College of Engineering (DCE), Delhi, India 2,3,4,5,6 Student, Department of Computer Engineering, Delhi College of Engineering (DCE), Delhi, India Email: [email protected], [email protected], [email protected], 4 [email protected], [email protected], [email protected] ABSTRACT With increasing technological advances, the number of computer networks is on the rise. Related with bulgeoning number of networks, is the issue of their security. Some common security threats include Denial of service (DOS) attack, unauthorized access, confidentiality breaches and data diddling and even its destruction. To protect the networks from these threats, a number of solutions or tools have emerged in the market. Some of the top-notch security solutions available are: Network Mapper (Nmap), Snort, BurpProxy, Nessus, Wireshark (Ethereal), Netcat and many more. For this study, a list of problems related to network security as faced by people in the field and the corresponding solutions they use to overcome them was compiled. Based on the survey, a software architecture is proposed and a platform independent software has been developed which is capable to find out almost all the top network threats available. To make security vulnerability testing easier we have introduced the concept of many to many mapping between the vulnerabilities and the possible threats. This makes a person having no background of network security, capable of testing his own network without any help. This would probably help towards the network security awareness worldwide. KEYWORDS Network Security, Nmap, Nessus, BurpProxy, Security Software, DOS attack, WireShark, Snort, HTTPS, SQL injection. 1. INTRODUCTION A ``network'' has been defined [1] as "any set of interlinking lines resembling a net, a network of roads, an interconnected system, a network of alliances.'' A computer network now days have become so complicated, vulnerable and important that its security [7][9][14] and safety [15] is a challenge for technology leaders and researchers [2]. Communication networks are used to transfer valuable and confidential information for a variety of purposes. As a consequence, they attract people who intend to steal or misuse the information, or to disrupt or destroy the systems storing or communicating it. Threats to network security are continually changing as vulnerabilities in both established and newly introduced systems are discovered [4], and solutions to counter those threats are needed [13]. Besides, security breaches [3][8] can be very expensive [16] in terms of business disruption and the financial losses that may result,

making organizations to devise effective network security [5] [6] strategies all the more important. The attacks can be classified into active and passive attacks. Common threats include: masquerade or fabrication, message replay, message modification, denial of service (or interruption of availability)[12], gaining unauthorized access, data diddling[11] and even its destruction, SQL injection[10], code injection, E-mail injection, FTP bounce attack, privilege escalation, spoofing, back-door exploit, cross-site scripting, cross-site request forgery and DNS exploitation. New threats are constantly being reported as well. Some of the renowned software solutions currently used for network security testing are Nmap, Nessus, BurpProxy, Wireshark and Snort. Nmap [17] stands for Network Mapper and it is used for tasks such as network exploration and security auditing. It determines what hosts on the network are available and what are the services and OS versions they are running. Burp Proxy [19], an interactive HTTP/S proxy server for attacking and testing web applications, allows the user to intercept, inspect and modify the raw traffic passing in between the end browser and the target web server. It can be used to check for attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows. Wireshark (Ethereal) [20], a packet sniffer, is used for network troubleshooting and analysis to get any level of packet detail one needs. Snort [21], a lightweight network intrusion detection and prevention system, detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behaviour. Nessus [18], a comprehensive vulnerability scanning software, provides functionality beyond testing for known network vulnerabilities. It is clear that there are some good tools available, but the problem with them is that none of them is exhaustive and hence none can act as a complete software solution for any network security problem. At present, to solve a problem, user needs to try out various softwares available. It’s a very tedious job for a network pen tester to use all the available softwares individually and analyze the different results to decide for the threat level. Also these softwares are so technical and difficult to understand that this is not at all feasible for a novice to use them. This proposed method tries to find out a combination of available tools which can act as a complete solution in itself for network security pen testers. Also, a prime objective is that the new software proposed should be easy to use. It should list out the various vulnerabilities in the network with just a buttonclick.

Proceedings of the 4th National Conference; INDIACom-2010

2. PROPOSED SOFTWARE ARCHITECTURE AND SURVEY For this, a survey of many network analysts was undertaken. Figure 1 explains the methodology used in the survey. They were enquired about the specific problems they face in terms of security of their networks. Also, the currently available solutions employed by them were noted. Once the list of problems and the tools to overcome them was ready, the problems were sorted according to their importance. The importance of each problem was decided according to the number of people in the survey that stated it as a problem faced by them. All combinations for a set of tools were studied. Points were given to each set according to the problems they were able to overcome, each weighted by the importance of each problem they solved. After this, a new list was ready with each set specifying the combination of tools in the set and the points allotted to that set. The list was then sorted in decreasing order of the points in each set. In case of equal points, the set with lower number of tools in it, was ranked higher in the list. Now, the top most set in the list was not just the set which solved most of the problems but more importantly, it was the set that solved those problems which were most probable to trouble a system analyst. Hence, if presented as an option, the set of tools is expected to gain instant and widespread acceptance by people in the field. The topmost set in the list compiled also practically contained the most sought after tools in the industry. Now our goal is to find out a universal architecture, with minimum number of tools, capable of solving almost all general problems faced by people in the field today. For taking this factor into consideration, the list was modified further. The number of points of each set was divided by the number of tools in the set. The list was resorted and a new list emerged that was more effective than the previous list set in the sense that it has the least number of tools and is capable of solving maximum number of network security problems faced today. Based on our survey, the tools that can be used to find out maximum number of network security problems are Nmap, BurpProxy and Nessus. These have also featured constantly in the Top Network Security softwares by leading survey organizations [4]. Also, Nmap is a defensive tool while Burp Proxy is more on the attacking side. Thus, by their variety they provide us a perfect match to act as a perfect shield for any network present today. Need of the hour is that network analyst should be freed from the problem of finding, testing and installing various security solutions. We therefore, propose a software architecture developed as full-fledged software named SuperX. Figure 2 gives an overview of the software. The software will be an integrated tool for Nmap, BurpProxy and Nessus in such a way that the features of these tools can be utilized in maximum and easily.

Figure 1. A flowchart explaining the study done To better interpret the results from different tools Inter Process Communication [22] has been implemented. The proposed software does not demand the previous knowledge of network security. Only entering the URL of the target domain displays all the required information e.g. IP address, Ports Open, Connected PC IPs, different connections established by the PC etc. After the required information from all the integrated tools has been extracted, a post processing is done. This is basically a many to many mapping between the observed results and the probable vulnerabilities. This mapping is a result of our survey as discussed earlier. The idea of this predefined mapping is to help a pen tester to verify his observations, thus giving better results. Based on the post processing mapping results the software integrates all the information to give a final conclusion about how vulnerable the target system is. 3. RESULTS AND DISCUSSIONS The proposed software architecture has been developed in the form of a software and the results have been shown in Fig3 and Fig4. The IP addresses of the target host have been removed by us to avoid its misuse. We have encircled the running operation e.g. port scan, SYN stealth scan, traceroute etc. The software is able to find out the IP address, Ports open, PCs connected and many other information using the integrated tools in one go. It is capable of identifying more than 90 percent of the top

A Novel Software Architecture for Network Security Testing

security threats faced in the industry today. It is also capable of integrating the results through inter process communication. In future the IPC can be improved further and ANN can be also implemented in the architecture so that after each run the software can learn in itself and can update its mapping data base. We are also using fuzzy logic in the mapping to make the software run faster. There are also provisions to reduce space complexity of the software by removing some common features from the integrated tools and its time complexity can also be reduced by implementing k-d trees while searching in the mapping database.

Figure 2 4. REFERENCES [1]. The New Lexicon Webser’s Encyclopedic Dictionary of the English Language. New York: Lexicon [2]. Jian Li, Guo-Yin Zhang and Guo-Chang Gu, “Research and experiments of network attack defense system,” IEEE International Conference on Systems, Man and Cybemetics, 2004, vol. 4, pp. 3548-3553. Doi:10.1109/ICSMC.2004.1400892. [3]. Matt Curtin, “Introduction to network security”, March 1997. [4]. Dowd P.W. and McHenry J.T, “Network security: it's time to take it seriously,” Computer, vol. 31, Issue 9, September 1998, pp 24 – 28, doi: 10.1109/2.708446. [5]. J.P. Holbrook, and J.K. Reynolds. “Site Security Handbook,” RFC 1244. [6]. Morrie Gasser, “Building a secure computer system,” ISBN 0-442-23022-2, 1988. [7]. C Kaufman, R Perlman and M Speciner, “Network security: private communication in a public world,” Prentice Hall Press. ISBN: 9780137155880. [8]. William Stallings, “Network security,” Principles and Practice, Prentice Hall, 1999 - www-ist.massey.ac.nz.

[9]. GB White, EA Fisch and UW Pooch, “Computer system and network security,” CRC Press, 1995, ISBN: 0849371791, 9780849371790. [10]. W. G. Halfond, J. Viegas and A. Orso. “A Classification of SQL-Injection Attacks and Countermeasures” In Proc. of the Intl. Symposium on Secure Software Engineering, Mar. 2006. [11]. W. W. Manning, G H White, “Data Diddling and Salami Slicing, Trojan Horses...Can Your Agency Handle Computer Crimes? Police Chief,” Volume: 57 Issues: 4 Dated :( April 1990), pp 46, 48-49. [12]. Alefiya Hussain, John Heidemann, Christos Papadopoulos and “A framework for classifying denial of service attacks,” Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany. [13]. Yen-Hung Hu, “Network attacks and countermeasures,” IEEE SoutheastCon, 2007. Proceedings.22-25 March 2007, pp 181 – 181. doi: 10.1109/SECON.2007.342880. [14]. Matt Bishop, "What Is Computer Security?," IEEE Security and Privacy, vol. 1, no. 1, pp. 67-69, Jan. 2003, doi:10.1109/MSECP.2003.1176998. [15]. William R. Dunn, "Designing Safety-Critical Computer Systems," Computer, vol. 36, no. 11, pp. 40-46, Nov. 2003, doi:10.1109/MC.2003.1244533. [16]. Lawrence A. Gordon and Martin P. Loeb, “The economics of information security investment,” ACM Transactions on Information and System Security (TISSEC), Vol. 5, Issue 4, pp. 438 – 457, November 2002. [17]. Gordon Fyodor Lyon. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA. [18]. The Nessus Attack Scripting Language Reference Guide, 2000. http://www.nessus.org. Burp Proxy Tool Vers. 1.1. 2008. [19]. The http://www.portswigger.net/proxy. [20]. U Lamping and E Warnicke. Wireshark User’s Guide. Wireshark Foundation, 2008 - wireshark.miroirfrancais.fr. [21]. Brian Caswell, James C. Foster, Ryan Russell, Jay Beale and Jeffrey Posluns. Snort 2.0 Intrusion Detection. Syngress Publishing, 2003. [22]. Leslie Lamport, “On interprocess communication. Part II: Algorithms,” Journal of Distributed Computing, Springer, Vol. 1 Number 2(June 1986), pp 86-101 doi: 10.1007/BF01786228.

Proceedings of the 4th National Conference; INDIACom-2010

9.0 FUTURE SCOPE The suggested scheme can be directly plugged into present cheque truncation system in Indian perspective to prevent forgery and alterations in cheques. Moreover, the designed application can only be implemented fully, if each end-user is being provided digital certificate so that server can authenticate the user by PKI instead of username and password.

Figure 3. Result of a vulnerability scan

Figure 4 Result of Vulnerability Scan

Continued from Page No. 194

In this paper we have presented a software-based approach, which combines digital signature technology with robust watermarking technique to achieve authenticity, confidentiality, integrity and restricting alteration and forgery in information. The proposed technique is tested to prevent forgery of signature and alteration of information in cheques.

10.0 REFERENCES [1] RBI department of payment & settlement,” Review of Payment & Settlement Systems. in India. 2006 – 2007”, April 2007, pp 03-07. [2] Staff Reporter, "Bank staffer among three arrested for cheating," THE HINDU, para. 3, July 29,2004. [Online].Available:http://www.hindu.com/2004/07/29/stori es/2004072915260300.htm [Accessed on July, 15, 2009] [3] Staff Reporter, "Two held on forgery charge," THE HINDU, para. 3, April 06, 2007. [Online]. Available: http://www.thehindu.com/2007/04/06/stories/20070406128 20500.htm, [Accessed on May 10, 2008] [4] Aiswarya. A, "3 Held for attempted forgery of cheque," expressindia, para. 3, Jan 13, 2009. [Online]. Available: http://www.expressindia.com/latest-news/3-held-forattempted-forgery-of-cheque/410087/ [last accessed on 19aug-2009] [5] Staff Reporter, "Cheque fraud case: Andhra Bank deputy manager held," THE HINDU, para. 3, July 02, 2009. [Online]. Available: http://www.thehindu.com/2009/07/02/stories/20090702606 00500.htm [Accessed Aug. 18, 2009]. [6] RBI department of payment & settlement, “FAQ on CTS in national capital region” [7] Milton M. Anderson , “The Electronic Check Architecture (FSTC)”, September 29, 1998., Version 1.0.2,pp01-07. [8] National Institute of Standards and Technology, Fips 180, Federal Information Processing Standards, Secure Hash Standard (SHS), April 1993. [9] D.Eastlake .3rd, P.Jones.US , “ Secure Hash Algorithm1(SHA-1), September,2001. [10] Balas Natrajan, “ Robust Public-Key Watermarking of Digital Images”, Computer Systems Laboratory, HPL,97118, October, 1997. [11] B.P.Lathi, “ Modern Digital and Analog communication system”,Oxford University Press , third edition, 1998, pp 406-416. [12] Rafael.C Gonzalez, Richard. E.Woods , “ Digital image processing “Person education, seventh edition(2001), pp111.