Unit-II

Confidentiality Policies:
Confinement Principle ,Detour Unix
user IDs process IDs and privileges
More on confinement
techniques ,System call interposition
Error 404 digital Hacking in India part
2 chase ,
VM based isolation
,Confinement principle ,Software
fault isolation
Rootkits ,Intrusion Detection
Systems

What is confinement technique?

Uses encapsulation techniques to structurally guarantee that at most one activity at a
time can possibly access a given object. ... Define methods and classes that establish
leak-proof ownership domains so that one thread (at a time) can ever access a confined
object.

What is the main purpose for process confinement?

To protect the server applications, it is necessary to protect all related processes.
We propose a behavior-based process confinement method that restricts irregular
process behavior. This method prevents the process behavior from violating given rules,
called Context-Sensitive Policies (CSP).

What is confinement CSS?

Confinement is a mechanism for enforcing the principle of least privilege. The
problem is that the confined process needs to transmit data to another process. The
confinement needs to be on the transmission, not on the data access. ... Even time can
be used to transmit information.

Error 404

 The HTTP 404, 404 not found, 404, 404 error, page not found or file not found error message is
a hypertext transfer protocol (HTTP) standard response code, in computer network communications,
to indicate that the browser was able to communicate with a given server, but the server could not
find what was requested. The error may also be used when a server does not wish to disclose
whether it has the requested information.
 The website hosting server will typically generate a "404 Not Found" web page when a user attempts
to follow a broken or dead link; hence the 404 error is one of the most recognizable errors
encountered on the World Wide Web.
 Virtual machine
What is virtual machine in simple words?
A virtual machine is a program on a computer that works like it is a separate
computer inside the main computer. ... It is a simple way to run more than one operating
system on the same computer. A very powerful server can be split into several smaller
virtual machines to use its resources better.

A virtual machine is a computer file, typically called an image, that behaves like an actual
computer. It can run in a window as a separate computing environment, often to run a different
operating system—or even to function as the user's entire computer experience—as is common on
many people's work computers.
Which is the best virtual machine?
Best virtual machine software of 2021
 VMware Workstation Player.
 VirtualBox.
 Parallels Desktop.
 QEMU.
 Citrix Hypervisor.
 Xen Project.
 Microsoft Hyper-V.

What is VM based isolation in CSS?

Temporal isolation or performance isolation among virtual machine (VMs) refers to the
capability of isolating the temporal behavior (or limiting the temporal
interferences) of multiple VMs among each other, despite them running on the same
physical host and sharing a set of physical resources such as processors, memory ...

What is confinement technique?

Uses encapsulation techniques to structurally guarantee that at most one activity at a
time can possibly access a given object. ... Define methods and classes that establish
leak-proof ownership domains so that one thread (at a time) can ever access a confined
object.

What is confinement in security?

Confinement is a mechanism for enforcing the principle of least privilege. The
problem is that the confined process needs to transmit data to another process. ... The
confinement mechanism must distinguish between transmission of authorized data and
the transmission of unauthorized data.

Software fault isolation

Fault isolation is the practice of designing systems such that when "something bad"
happens, the negative consequences are limited in scope. Limiting the scope of
problems reduces the potential for damage and makes systems easier to maintain.

The typical method of fault isolation is to create boundaries between system

components, and ensure that the effects of faults don't cross the boundaries or that
they are limited. Examples of isolation boundaries are:

 Process Isolation
 Machine. When applications are running on separate computers, a crash of
one of the applications (or an entire machine) is less likely to affect other
applications.
 Device. With some hardware technologies, such as RAID, data is written to
multiple physical devices, so that if one of those devices fails, the data is still
available.

Fault isolation can also be achieved to some extent using an IsolationLayer. However,
whenever multiple components are running in the same process or are accessing a
common resource, there is a potential for one component causing problems for the
others.

Note that for fault isolation to have benefit, it is necessary that components be
designed in such a way that they can function, or at least shut themselves down
cleanly, in the absence of a failed component.
A Redundant Array of Independent Disks (RAID) is a collection of hard drives, one or more controller
cards, and embedded software to increase the reliability and redundancy of data storage on hard
drives. RAID comes in multiple flavours offering improved performance and/or improved data reliability.

A chroot on Unix operating systems is an operation that changes the apparent root directory for
the current running process and its children. A program that is run in such a modified
environment cannot name (and therefore normally cannot access) files outside the designated
directory tree.
ROOTKIT VIRUS

A ROOTKIT VIRUS IS A TYPE OF VIRUS THAT CAN BE HIDDEN

DEEP INSIDE YOUR COMPUTER AND REMAIN UNDETECTABLE
WHILE CAUSING HAVOC IN THE BACKGROUND. ROOTKIT
VIRUSES CAN AFFECT ANY KIND OF COMPUTER, INCLUDING
WINDOWS AND MAC BASED SYSTEMS.

REMOVING A ROOTKIT IS A COMPLEX PROCESS AND TYPICALLY

REQUIRES THE USE OF SPECIALIZED TOOLS, SUCH AS THE
TDSSKILLER UTILITY FROM KASPERSKY LAB THAT CAN DETECT
AND REMOVE THE TDSS ROOTKIT. IN SOME CASES, IT MAY BE
NECESSARY FOR THE VICTIM TO REINSTALL THE OPERATING
SYSTEM IF THE COMPUTER IS TOO DAMAGED

A ROOTKIT IS A COLLECTION OF COMPUTER SOFTWARE,

TYPICALLY MALICIOUS, THAT IS DESIGNED TO GRANT AN
UNAUTHORIZED USER ACCESS TO A COMPUTER OR CERTAIN
PROGRAMS. ONCE A ROOTKIT IS INSTALLED, IT IS EASY TO
MASK ITS PRESENCE, SO AN ATTACKER CAN MAINTAIN
PRIVILEGED ACCESS WHILE REMAINING UNDETECTED.

WHAT DOES A ROOTKIT DO?

Creates Backdoor Access

Rootkit functionalities are specifically designed for creating backdoor access. Hackers know that in
order to create backdoor access, administrative privileges are required. The normal authentication of
the computer must be bypassed; otherwise, creating a backdoor successfully won’t take place. This
is accomplished by altering the security setting, usually, disabling the anti malware software or
antivirus.
A rootkit having administrative privileges can easily modify the security setting and disable anti
malware software, allowing hackers to create backdoor access without being exposed. Eventually,
they take over the computer without the user’s knowledge.

Some hackers turn the computer into a zombie computer that can be used to commit cyber attacks.
It also allows hackers to monitor computer activities and steal personal information. That’s what is a
rootkit virus for.

Prevents Malware Removal

Due to a rootkit’s unique ability, it is often bundled with other types of malware, such as Zeus
viruses, ransomware, and banking trojans. All three are classified as dangerous because they can
steal sensitive data and encrypt valuable files.

Typically, a rootkit conceals the malware and its activities to carry out its goal. If the malware is
detected, rootkit prevents its removal. You may spot the malware, but uninstalling it will be difficult,
as your access will be denied. You need to get rid of the rootkit first, and that may require a specific
rootkit remover or worse, an operating system reinstallation.

HOW TO PREVENT A ROOTKIT

Upon learning what is a rootkit virus for and how harmful it can be for your computer, you must also
know how to prevent rootkits.

#1. Avoid Downloading Illegal Software

Do you know what is a rootkit virus often disguised as? Cracked software. Users who download
cracked software may accidentally install a rootkit on their computers. It is advisable to download
legitimate software only.

#2. Avoid Opening Suspicious Emails

Most malware, including a rootkit, are distributed by a malicious email. This technique is called spear
phishing. Through a spam email, hackers can install a rootkit on random computers. This is how a
rootkit virus is often concealed.

By creating emails that look authentic, hackers can trick users into downloading and installing a
rootkit on their computers. When the user downloads the infected attachment, a rootkit installs
silently in the background.

#3. Keep Software Up to Date

A rootkit can also be installed through system vulnerabilities, which is a result of running outdated
software. System vulnerabilities can be exploited by hackers. Using exploit kits, they scan devices
for system vulnerabilities to insert rootkits and other types of malware. Don’t skip software updates,
as they protect you from a rootkit infection.

#4. Scan URL

 If you suspect that a website is malicious or you want to verify its reputation, scan the URL. Using
a website scanner, you can check the reputation of the website. Unfortunately, legitimate websites
with poor cyber security can get infected with a rootkit.

Hackers inject malicious software on the website without the website owner’s knowledge. When the
user visits the website, a rootkit installs in the background. So, always verify the website reputation
because you know what is a rootkit virus capable of.

#5. Install Anti Malware Software

Anti malware software is designed to protect the PC’s system by detecting and
blocking malware before it reaches the computer. Now that you know what is a rootkit virus, never
let it onto your computer by installing anti malware software. However, you need to find anti malware
software equipped with rootkit detection, as a rootkit can easily evade the detection of traditional anti
malware software.

Conclusion

Knowing what is a rootkit virus and how to prevent one is essential, as a rootkit is dangerous to your
computer. Getting infected with a rootkit could mean an operating system reinstallation. Protect your
computer with reputable anti malware software.

An Intrusion Detection System (IDS) is a system that monitors network

traffic for suspicious activity and issues alerts when such activity is discovered.
It is a software application that scans a network or a system for harmful activity
or policy breaching. Any malicious venture or violation is normally reported
either to an administrator or collected centrally using a security information and
event management (SIEM) system. A SIEM system integrates outputs from
multiple sources and uses alarm filtering techniques to differentiate malicious
activity from false alarms.
Although intrusion detection systems monitor networks for potentially malicious
activity, they are also disposed to false alarms. Hence, organizations need to
fine-tune their IDS products when they first install them. It means properly
setting up the intrusion detection systems to recognize what normal traffic on
the network looks like as compared to malicious activity.
Types of Intrusion Detection Systems (IDS)
 Active and passive IDS. ...
 Network Intrusion detection systems (NIDS) and Host Intrusion detection systems
(HIDS) ...
 Knowledge-based (Signature-based) IDS and behavior-based (Anomaly-based) IDS.