Need for Network Security – Georgia Tech – Software Defined Networking

In addition to having query ID and randomization of that ID, the resolver can randomize the source port on which it sends the query, thereby adding an additional 16 bits of entropy to the ID that's associated with the query. Unfortunately, picking a random source port can be resource intensive and also a network address …

Routing Security – Georgia Tech – Software Defined Networking

The first worm was designed by Robert Morris, Jr.

in 1988.

The worm itself had no malicious payload but, it ended up bogging down the machines that it infected by spawning new processes uncontrollably and exhausting resources.

And at the time it was released, it affect ten percent of all Internet hosts.

It spread, through three different propagation vectors.

The worm tried to crack passwords ,using a small dictionary and a publicly readable password file and also targeted hosts.

That were already listed in a trusted host file, on the machine that was already infected.

This ability to perform remote execution was one way, that the worm was allowed to spread.

The second way that it spread ,was in a buffer overflow vulnerability, In the finger demon.

This was a standard buffer overflow exploid.

And ,if you don't know about buffer overflows, I would urge you to take a computer security coarse.

But essentially, this is a very common attack that makes remote exploits possible, effectively resulting in the ability to run arbitrary code.

At the root level privilege.

The third way that worm spread, was via the debug command in send mail, which is a mail sending service.

In early send mail versions, it was possible to execute a command on a remote machine by sending an SMTP message.

The worm used this, capability to spread automatically.

A key theme that we'll see In the design of other worms, is this use of multiple vectors.

Now any particular worm, may end up using, a different set of vectors depending on the remote vulnerabilities that it's trying to exploit.

But the idea that any worm should be able to exploit multiple weaknesses in a system gives it more ways to spread.

And often also speeds up the propagation of the worm.

This worm design also followed the following general approach, which we see showing up over and over again in worm designs.

First, the worm needs to scan other hosts to find potentially vulnerable hosts.

In the second step, it needs to spread.

By infecting, other vulnerable hosts.

And in the third step, it needs to remain undiscoverable and undiscovered so that it can continue to operate and spread without being removed from systems.

Source: Youtube

DNS Security Quiz Answer – Georgia Tech – Software Defined Networking

Let's talk about how to infer denial of service activity using a technique called backscatter.

The idea behind backscatter is that when an attacker spoofs a source IP address, say on a TCP SYN flood attack, that the replies to that initial TCP SYN from the victim will go to the location of the source IP address.

This replies to forged attack messages are called" backscatter".

Now the interesting thing about backscatter is that if we can assume that the source IP addresses are selected by the attacker at random, and we could set up a portion of the network where we could monitor this back scatter traffic, coming back as SYN-ACK replies to forged source IP addresses.

If we assume that these source IP addresses are picked uniformly at random, then the amount of traffic that we see as back scatter.

Represents exactly a fraction that's proportional to the size of the overall attack.

So for example, if we monitor N IP addresses and we see M attack packets, then we expect to see here N over two to the 32 of the total back scatter packets and hence of the total attack rate.

If we want to compute the total attack rate, we simply invert this fraction.

So for example, in this case, if our telescope were a slash eight, or two to the 24th IP addresses, we would simply multiply our observed attack rate x by two to the 32 divided by two to the 24 or 255.

Source: Youtube

IST451 Software Security and Trusted Systems

This presentation is on chapter ten in thebook, on software security and trusted systems.

The book begins by defining a buffer overflow.

A buffer overflow is a process that stores data in a buffer outside the memory the programmeraside for it.

If you guys have any experience with programming with C++, Java, or whatever,the case may be you guys are already familiar with the buffers, just this memory is beingallocated.

So a buffer overflow is where you are putting data in that buffer but it isactually outside of the memory that the programmers set aside for.

When this happens extra datawill then overwrite the adjacent memory which then can result in erratic program behavior.

A traditional way to understand this is computer security and programming, when a buffer overflowis overrun, it's an anomaly where it processes stored data and the buffer outside the storedmemory the programmer set aside for, the extra data, because it is being overwritten, theexcess data is now overwriting adjacent memory, which may contain other data including programvariables and program full control data.

Consequently as I have already explained this can resultin erratic program behavior including memory access errors, incorrect errors, or results,program termination, like a crash, or a breach of system security.

This is what we are goingto focus on, this is one way hackers get into a system, by using the buffer overflow.

Sothe very easy way to understand this is understanding that a buffer overflow is a condition in aprogram, written by a function that attempts to copy more data into the buffer then itcan hold.

So I think that is a pretty good, so hopefully I've explained what a bufferover flow is well, it is really difficult to get through this chapter without fullyunderstanding this first concept.

So I want to show you how this works in code.

So againif you guys already have a background in coding this will make a lot of sense to you guys.

So on the left hand side you see me code, this is just traditional C code, I have abuffer that is set to the size of 90 bytes, and I am going to print that buffer so theway this works if this is executed it is going to prompt the user to type something, andthen it is going to allocate a buffer to temporarily hold that user input, the user will then typein some data, the program copies user input to the buffer, and then the program will readand print the data in the buffer to the screen.

So this seems rather smooth, no issues here,if the user stays within that allocated space of 90 bytes, but what if the user enters datathat is more then 90 bytes? Well what is going to happen is the program can crash the erroror worse, and this is what buffer overflow is.

So this diagram shows you how this works,it is really important to understand where the input space is and what I am calling theoutput space is, this is where the program communicates to the user, and this is howa hacker can exploit your system.

So at the top is the input space, this is where youallocate the space for your buffer, then at the bottom in the red is your return address,this is when a function of procedures call, in the system it will say data, here.

So whena function ends, it is going to read the return address and let the program return to whereit left off, and depending upon how it operates, depending upon the program it can't show thedata results to the user.

Alright so lets say I have "hello," and I am the user andI put "hello" into the system as you guys can see, it is all good because of the factthat I have more allocated space then the space required for this string "hello.

" Nowin this particular case I put in the stream that exceeds my buffer, and as you can seeI have stuff being held red, and in this output space, the bottom, the local stack is beingoverwritten and the saved frame pointer, and most importantly the return address.

So nowwhat is going to happen when it returns, or when the return address is completed or itis off the stack, it jumps to that address and it starts executing instruction from thereturn address.

So what the attack, what he or she is doing is they have overwritten thereturn address with a pointer to the stack buffer which now contains attacker supplydata.

In an actual stack buffer overflow exploit the string is not having a's it would be shellcode, and we will talk about shell code shortly.

So the shell code that is suitable to theplatform and the desired function.

So if this program has special privileges like if theuser was a super user then the attacker can use this vulnerability to regain super userprivileges on the affected machine.

The attack can also modify internal variable values todisplace some bugs.

SO let me just walk you guys through this so this is clear.

If thea's just represent a's and it was nothing significant then it would still be a problembut your system hasn't been hacked.

Those a's are actually code and it exceeds the allocatedspace so the return address is pointing back to those instructions.

This is how this shellcode is executed by your program.

So shell code is malicious code, it spawns a shellor command prompt in a system, I'm pretty sure you guys all know what a shell code commandprompt is.

This is how hacker's interface into the system.

So it is really importantthat your security policies must prevent overflows to avoid execution of shell code for hackers.

This is the first part of software security, and in my opinion it probably should be it'sown separate course offering because this is very evolved and it is very important.

I want to just hit some of the high notes here, as we continue to get through this semester.

Though now it is important for us, now that we know what a buffer overflow is and howhackers use it to enter your system the question is, well how do we defend against those bufferoverflows? The first way is through compile-time defenses and the second was is run-time defenses.

There are several options with compile-time defense, again if you guys know what programmingis then you know what a compiler is and what compile time, and the difference between runtime or execution time.

So if you want to look at a compile-time to prevent buffer overflowsthe first thing you have to consider the programming languages.

You want to have your variabletype with strong notions.

You also want your compilers enforce range checks automaticallyon all of your variables.

Now of course with this cost there are draw backs to this method.

It results in longer compile times, requires more resources, it also results in longerrun times, your code is further abstracted while doing this.

So again it is an effectivetechnique.

To ward of from having you software exploited, but at the same time the exploitswould be longer compile times then the run times.

The other option is to practice safecoding techniques.

Now this is easier said then done of course but there are a lot of,today most organizations have software development and software engineering practices, and ina lot of cases, I know that when I was in the industry, not all the jobs I had, at leastsome of the programming jobs I had we would program in dyads, so there would be two people.

Usually one person is coding the specs, so this dyad team is given a project and theyare supposed to code up something, and the specks define how the code operates.

One personis going to handle that while the other person is writing air checks and air codes to makesure that the code operates as it should.

Then what we would do after that, once everythingit was good to go we had to submit it to our project manager, and he would run his ownset of tests, his own battery tests to make sure things look good.

He would actually reviewthe code as well, we had documentation procedures.

So it was a very involved process, much differentthen your old school programmer who just sits at a computer in his house and just codesaway.

Now a days most organizations rely on some type of team work when it comes to coding.

But then again still easier said then done because you sacrifice a lot of time in doingthis.

Another technique is using operating systems that are very safe, the one I mentionedhere is the UNIX-like OS, it is considered to be the safest operating system availableonly one remote hole discovered in eight years, 2006, that is pretty safe.

Another policyis, you don't want code for success, you want to always code for ways that things go wrong.

Again this isn't a class where to teach you how to code or how to code properly, hopefullyif you guys are programmers or have programming experience you guys already know some techniques,so I don't want to spend too much time on it now.

I do have some background in the software,one of my first jobs as a programmer and this is way back in the late 90's I was given anassignment to add some code to some of these projects, and this was C code, and every Cfile already had the error messages and the error handling already completed.

So theyalready took care of that first.

Now of course I don't know if that technique makes me practiceas much as it probably should, if you guys are leaders of your own organization I woulddefinitely try to encourage that, because that really helps steer the project in theright way and helps to avoid bugs.

Another technique is graceful failures you alwaysdo something sensible when the unexpected occurs, and never assume the user will dothe right or the expected thing.

I thin if you guys have any background in coding youguys definitely understand that last thing.

The user will always find a way to essentiallyscrew up your code.

So it is always best to make sure that you expect that and you developyou code.

Compile-Time Defenses use language extensions and use of safe libraries.

In doingthis you can actually have range checks to determine the size of the buffer, howeverthe drawback with this is it can not be done for dynamic buffers.

So you can also use librarieswith safer versions.

If you have legacy systems this is going to be a little more difficultand maybe in some cases impossible or at least feasible.

Because old libraries can be problematic,you don't really is depended upon in order for it to function properly so you have tobe very careful with that.

You can always make new libraries but then you are goingto have to rewrite your source code, or scan it, that's very time consuming and you don'treally need all the unintended consequences.

Another solution is to create patches usingdynamic libraries and this is what you see a lot nowadays it doesn't require recompile.

Now we go to run-time defenses.

Most of the compile-time defenses require, other thenthe last one we talked about you to recompile your code.

Now run-time defenses are deployableas an OS update, so any time you guys have to update Windows or Linux, and I am not thatfamiliar with MAC's but I am pretty sure they have the update for that.

Anytime you updatethe OS you are using run-time defenses.

There are several options with this.

So one wayis called executable address space protection, this is where you block the processing theexecutable code on the stack.

So you are going to block the j.



compilers, the C nestedfunctions, Linux signal handlers which would all require special provisions of that nature.

Another run-time defense is address space randomization this is where your address spaceis randomized, so your buffer, your return space is randomized, and because you are doingit, it forces the attacker to guess the location of the buffer in memory, which is really difficultto do.

The next this is guard pages, so this is putting in unwriteable memory between elementsof the stack frame.

So this completes the presentation for chapter ten, again thesetechniques are all available and again in a different course offering you we go intomore detail about what that looks like.

The purpose of this is to just understand whatoptions you guys have to defend against buffer overflows.

Source: Youtube

Why Use Open Source Software? | Security | Zimbra

Really, Commercial Open Source software isabout transparency at the end of the day.

That transparency improves the quality ofthe software which actually ends up improving the security.

This is good because developers,businesses, IT users can actually go in and look at the code, make sure there's nothingin there they don't want to pay for, make sure there aren't any skeleton keys or backdoors as they usually call.

And make sure that patches or upgrades thatare supposed to fix the problem actually fix the problem.

To compare community driven opensource with a commercial open source with community, it's just a development community,they may or may not be wanting to invest time and what you're wanting because you've customfit something to your solutions or your infrastructure.

And with a commercial vendor behind this youactually get the benefit of their value add, their support, and their products to ensurethat the software is ready for market.

We actually did a survey with the Ponemon Institute and one of the things we found was that over half of the IT professionals thatresponded, thought that commercial open source led to better security for applications andit reduced the risks associating with those applications.

And overall it just improvedthe integrity and trust worthiness of those applications.

Commercial vendor they realget the opportunity to take that community transparency that's demanded by an open sourceproduct and layer on additional value through their means, and they can make sure that issuesare handled immediately, quickly.

So I've talked enough today about commercial opensource.

If you want to know more, subscribe to ourYouTube channel or click the link.

Source: Youtube

Omadi Mobile Management: Security Guard Software Overview |

A lot of people in security do thingspretty old school and that's cool.

I love my 8 track by as much as the nextguy, but pencil on paper? Come on! And if you are using a software,how many? One for billing, one for scheduling and don'tforget the ones for tour verification reporting.

It's crazy! There has to be a bettersolution.

There it's it's called Omadi.

It's afully customizable mobile management system.

My company can manage everythingthey do with one application.

And for my job I get touse this nifty mobile app.

Everything I need is right here on myphone.

It's cloud-based so you can access itfrom anywhere.

It even works if I don't I reception.

How secure is the information? That's a fair question.

Everything saved in Omadi is encrypted.

Each user has unique username and password so any changes and revisions are tracked.

So ifI make a change my boss knows it's coming from me.

Rightnow you might be saying well that's all well and good but soundscomplicated don't.

Don't worry, Omadi's got you covered there too.

The app issimple and easy to use and believe me I'm no Einstein.

The forms feel familiarbecause they're your forms digitized.

A lot of the information even auto fills soyour guards will get it down in no time.

Hang on a second.

This guy looks suspicious.

Hey you freeze! We got a runner! Better document this.

Smile! Now Ijust need to add in my John Hancock and done.

Everything updates in real time keeping everyone informed.

It's that easy.

Notonly are they clean and easy to read my boss and our clients automatically get sent a notification about the report with pictures and everything.

Did I mention it's all automated and updated in real time? GPS.

Now this is a cool feature.

My phone's GPS is a great way to keeptrack of my foot patrols.

For even more accurate GPS tracking, I have this little guy which has been pre-programmed my car.

Just plug it in.

and we're good to go.

Our clients love thisinformation as a visual for the great work we do for them.

Now you're probably thinking, a productthis awesome must cost an arm and a leg.

Well you're wrong.

Omadi's sales wizards did a bunch crazymath and figured out that I'll need to increase my productivity by 1.

6 percent.

And Omadi pays for itself.

I did that with the last form I filled out.

Stop paying for softwares that don't communicate with one another.

My handwriting looks like angry chickensscratching on paper.

Now everything I write is legible.

Get Omadi Mobile Management.

It will revolutionize the way you dobusiness.

Trust me, you're going to love it.

It's the future of security.

Source: Youtube

Exchange Anti-Spam, Antivirus & Security Software Solution for Microsoft Exchange Email Server

Need to block email-borne viruses and malware?Need a powerful and effective business spam filtering solution?Need granular, user-based email content policy enforcement?You need GFI MailEssentials, a solution that helps businesses keep their mailboxes clean, all day, every day.

The multi award winning GFI MailEssentials uses 14 advanced emailfiltering technologies and up to five virus scanning engines to protect your mailboxesfrom email-borne malware and spam.

With GFI MailEssentials you can: Block email-borneviruses and other malware It’s antivirus engines are powered by leadingAV brands like BitDefender, Kaspersky, Avira, MacAfee and VIPRE.

GFI’s VBSpam +certified solution evidences that 99.

8% of the emails coming into your network are cleanof spam before they reach your employees’ email client.

So you can be confident thatthe bad stuff is dealt with before it gets past your gateway.

You get a powerful andeffective business spam filter More than 75% of all email received is spam.

That’s a lot of rubbish email to deal with.

GFI’s solution uses 14 email hygiene enginesincluding GFI’s SpamRazer technology, anti-phishing, Bayesian, DNSBL, Greylisting, SPF and moreto ensure a spam and phishing email catch rate of over 99%.

Your can use up to 5 antivirusengines to keep those nasty viruses at bay Multiple antivirus engines drastically reducethe time required to obtain the latest virus definitions, helping you respond faster tothe latest threats.

Since each engine features its own heuristics and detection methods,you gain maximum protection for your email environment.

No other solution offers up to 5 anti virusengines.

You can enforce email policies at differentlevels giving you total flexibility and control GFI MailEssentials’ user-based email contentpolicy feature makes life easier for you when applying policies across the company.

Thegranularity you get enables you to control all content that enters and leaves your networkvia email.

Allow only content you want in your mailboxes.


GFI MailEssentialsfits in your existing environment… not the other way round The beauty of this solution is that it iscompatible with different mail servers, not just Exchange, and it fits seamlessly intowhatever your current setup is – be it physical, virtual, on-premise or hosted in private clouds.

As the IT admin you are in full control.

And you don’t need to invest in more hardwareor software.

Are you ready to join a diverse communityof satisfied users? GFI MailEssentials keeps over 2 million mailboxesfree of spam and malware, to the relief of thousands of businesses around the world.

Here is what our customers say about it: MailEssentials is for companies that are usingtheir own mail servers and are trying to combat things like spam, viruses, malware, that sortof thing coming through their email.

It’s a huge job for most companies and very expensive.

GFI has made it very simple to do with GFI MailEssentials MailEssentials help us filter 99% of incomingSpam email and all malicious code in emails.

The economic benefit of MailEssentials issimple, it’s the best price performance ratio in the market as far as I’m concerned.

Start protecting your company’s email infrastructure,apply world-class email security and block over 99% of spam.

Try your FREE, no obligation30 day trial today.

Source: Youtube

Best Antivirus 2016 – How to Protect Your PC

What's up? Welcome to MyTechMethods.

Inthis video I'll introduce you to the best antivirus in 2016 so you can keepyour Windows computer safe and secure.

All the links to the products Irecommend and mention in this video will be on the blog post and that will belinked in the description below so check that out.

And all the programs that Imention will be compatible with Windows 7, Windows 8, and Windows 10.

What is the best antivirus in 2016? We all know that Windows comes with a free tool calledWindows Defender and that is Microsoft's basic antivirus.

It works ok but it's notthe best so that's why I recommend getting these two other tools that I'mabout to introduce you to.

So my views have not changed since last year.

BitDefender is the best antivirus in myopinion.

They offer good protection and they also offer free edition and paidedition depending on what your situation is.

So if you think you're okwith the free version you can go and try that out.

It offers pretty good protection for a free antivirus and it's one of the best free antiviruses out there.

However ifyou want the best protection and peace of mind of not worrying about havingany viruses then you might as well go with the BitDefender Total Security 2016which is the top of the line package from BitDefender.

It has the most features.

You get the best protection, best performance, it's easy to use, and it willdefinitely save you from any potential headache from your computer gettingbogged down with viruses.

It will keep you safe and optimized.

So BitDefender is myrecommendation for the best antivirus in 2016.

However that's just the antivirus.

You also want an anti-malware program and that's where Malwarebytes comes in.

Malwarebytes will clean and remove protect you from all the other threatsthat Bitdefender or just normal anti viruses don't protect your computer from.

It's definitely one of the best security programs out there right now so it'ssomething I always install on everybody's computer that I work on orfamily members computers.

I always put Malwarebytes on their computer becauseit does a great job of protecting and removing a lot of malware and just likebitdefender they do offer a free version and a premium version and it'svery affordable.

The premium version is like $25 per year so if you want the complete best protection, you want the malicious website blocking, real-timeprotection, hyper scan mode, if you want all those features then go with thepremium version.

But the free version also does a greatjob for basically protecting your computer from spyware, trojans, worms, rootkits,stuff like that.

Here are some things that the premium version of Malwarebytesdoes.

It detects and protects against malware in real time.

It blocks hackingand phishing attempts, schedules automatic scanning, it offers three flexiblescanning modes, and if you're wondering what makes it different, it finds what antivirus doesn't.

It removes what antivirus can't.

It practices self-defense.

It finds rootkits.

It protects you from fake websites and it works fast and leaves a smallfootprint.

So if your computer has an antivirus like BitDefender plus an antimalware like Malwarebytes you should be good.

You should be protected and you shouldn't have to worry about anything.

I also have some other tips for staying safe onlineand you'll find those in the blog post that is linked below so check out the blog post out and you'll see other small tips that I have for you to help you keep safe andsecure online because you definitely don't want to find yourself in a situation where you have a virus.

It's like one of the worst things ever so check out bitdefender,check out Malwarebytes and check out the blog post linked below on my website.

Thank you so much for watching.

I hope this video helps you out.

Make sure you hitthat like button give this video a thumbs up and subscribe to my channel ifyou haven't already.

I will see you in the next video.


Source: Youtube

Mac CCTV DVR Software 1080p HD Security Camera View

The Mac Software for iDVR-PRO CCTV DVRs nowsupports remotely viewing HD security cameras at 1080p video resolution.

Here's the livecamera view in the software.

This is a 16 channel DVR that we're connected to, thathas 12 cameras connected to it.

Cameras 1 through 5 are 1080p resolution security cameras.

Camera 6 is a 720p security camera and the rest are standard definition analog CCTV cameras.

I switch to the four screen view of cameras 1 through 4 so that we can focus on the qualityof the 1080p high definition cameras.

When I switched to a single camera view, theMac software displays the video at the camera's max resolution.

I collapsed the side and bottomwindows in the software to maximize the size of the video.

I can switch the live view tothe next camera by clicking on the single camera icon.

This is one of the cameras that monitors CCTV Camera Pros warehouse.

This camera providesHD video surveillance of our front door building entrance.

I click on the 16 channel grid iconto return to the 16 camera view.

Then, I expand the side and bottom windows to bring theminto view again.

In addition to standard definition CCTV camera, iDVR-PRO surveillance DVRs nowsupport 720p and 1080p high definition security cameras.

The Mac DVR viewer software for iDVR-PROallows users to view all camera types.

In addition to the live security camera viewing,the Mac software also lets users search and playback video that has been recorded on theDVRs hard drive.

If you are using PTZ cameras, the Mac software can control the pan, tilt,and zoom controls.

The Mac software can be used on the same local area network wherethe DVR is located and also remotely over the internet.

For more information, pleasevisit www.



Thank you for watching.

Source: Youtube

Windows CCTV DVR Software 1080p HD Security Camera View

The Windows client software for iDVR-PRO CCTVDVRs now supports remotely viewing HD Security cameras at 1080p video resolution.

Here'sa live camera view in the software.

This is a 16 channel DVR that we're connected to andit currently has 12 cameras hooked up to it.

Cameras 1 through 5 are 1080p resolution analoghigh definition security cameras.

Camera 6 is a 720p resolution AHD security camera andcamera 7 is a 1080p HD-TVI security camera.

Cameras 8 through 12 are standard definitionanalog CCTV cameras.

These controls allow you to switch between the different cameraviews that are supported.

When I double click on a camera, it brings me to that particularcamera's single camera view and the software automatically adjusts the video stream tothe max resolution that the camera supports.

This is one of the 1080p security cameras,so the video stream is adjusted to 1080p resolution.

This camera monitors one of our tech rooms.

This is another 1080p camera but this one has a 180 degree lens.

This particular cameramonitors our sales floor.

This is another 1080p AHD camera that monitorsour warehouse.

Here is another 1080p AHD camera that monitors the front door entrance to ourbuilding.

Here's a 720p resolution AHD camera.

This is a 1080p resolution HD-TVI securitycamera.

I'm going to switch back to the 12 camera view and make the software side menuvisible again.

In addition to standard definition analog CCTV cameras, iDVR-PROs surveillanceDVRs now support 720p and 1080p high definition security cameras.

AHD and HD-TVI high definitionsecurity camera types are both supported.

The Windows DVR viewer software for iDVR-PROallows users to view all of these camera types.

In addition to the live camera viewing, theWindows software also lets users search and play back video that has been recorded onthe DVRs hard drive.

If you're using PTZ cameras, the Windows software can be used to remotelycontrol pan, tilt, and zoom movement of PTZ cameras.

The Windows software can be usedon the same local area network with the DVR is located and also remotely over the internet.

For more information please visit www.



Thank you for watching.

Source: Youtube