System Security

• Buffer overflow also known as a buffer overrun, is defined in the NIST

• A condition at an interface under which more input can be placed into a
buffer or data holding area than the capacity allocated, overwriting
other information.
• Attackers exploit such
• a condition to crash a system or
• to insert specially crafted code that allows them to gain control of the system.
• Programming error when a process attempts to store data beyond the
limits of a fixed –sized buffer
•Overwrites adjacent memory locations
• Locations could hold other program variables, parameters, or
program control flow data
• Buffer could be located on the stack , in the heap, or in the data
section of the process
• Consequences
• Corruption of program data
• Unexpected transfer of control
• Memory access violation
• Execution of code chosen by attacker
• To exploit a buffer overflow an attacker needs
• To identify buffer overflow vulnerability in some program that can be
triggered using externally sourced data under the attacker’s control
• To understand how that buffer is stored in memory and determine
potential for corruption
• Identifying vulnerable programs can be done by
• Inspection of program code
• Using tools such as fuzzing to automatically identify potentially vulnerable
programs
• Buffer overflow attacks can be categorized based on their target and
method of execution:
• Stack-based Buffer Overflow: This occurs when a program writes
more data to a buffer located on the stack than what is allocated,
potentially overwriting return addresses and altering the program's
control flow
• Heap-based Buffer Overflow: This involves overflowing buffers in the
heap, the memory area used for dynamic allocation, which can
corrupt data structures and lead to arbitrary code execution.
Programming language history
• At the machine level data manipulated by machine instruction executed
by computer processor are stored in either the processor’s register’s or in
memory
• Assembly language programmer is responsible for the correct
interpretation of any saved data value
Heap Overflow
• attack buffer located in heap
– typically located above program code
– memory is requested by programs to use in dynamic data structures (such as
linked lists of records)
• no return address
– hence no easy transfer of control
– may have function pointers can exploit
– or manipulate management data structures
Malicious programs
• Malware covers malicious programs which are specifically designed
to delete, block, modify or copy data or to disrupt the performance of
computer an computer networks.
• This class includes viruses, worms, trojans and other programs used
to automatically conduct malicious activity
Worms
• A worm is program that uses computer networks and security holes
to replicate itself.
• Scans the network for another machine that has a specific security
hole and copies itself.
• Use up computer processing time and network bandwidth during
replication.
Characteristics of WORM
• Enhanced targeting
• Enhanced speed
• Enhanced capabilities
• Enhanced destructive power
Strategies to Prevent WORMS
1. Secure Device Firmware & Updates
• Automatic Security Updates – Ensure devices receive regular and automatic
firmware updates to patch vulnerabilities.

• Code Signing – Only allow firmware updates from trusted, verified sources.

•
2. Strong Authentication & Access Controls
• Disable Default Credentials – Force users to change default passwords upon setup.
Enforce Strong Passwords – Implement password complexity rules and encourage
multi-factor authentication (MFA).
•
 Strategies to Prevent WORMS
3. Network Security & Communication Encryption
•Use Encrypted Communication – Implement SSL encryption for data transmission.
•Block Unauthorized Remote Access – Disable Telnet and use secure protocols ( VPNs).
Network Segmentation – Separate IoT devices from critical systems using firewall rules.
4. Built-in Malware Detection & Prevention
• Behavioural Monitoring – Devices should detect anomalous activity (e.g., sudden spikes
in network traffic).

• Rate Limiting – Limit excessive connection requests to prevent rapid worm spread.
Strategies to Prevent WORMS
5. Manufacturer & User Education
• Security by Design – Implement secure coding practices and conduct
regular security audits.
• User Awareness – Educate consumers about firmware updates,
phishing risks, and IoT security best practices.
 Virus
• Computer virus are small software programs that are designed to spread from
one computer to another and to interfere with computer operation.
• A virus might corrupt or delete data on your computer , use your email
program to spread itself to other computers.
• Or even erase everything on your hard disk.
• Viruses are most easily spread by attachments in email messages or instant
messaging messages.
• That is why it is essential that you never open email attachments unless you
know who its from and you are expecting it.
Common signs of Computer Viruses
• Speed of system
• Pop-up windows
• Programs self executing
• Accounts Being Logged Out
• Crashing the device
• Changes to your homepage
• Mass emails being sent from your E-mail accounts
 Phases of computer Worm or Virus
• Dormant Phase: Here, the virus is idle. Its gets activated based on certain
action or event. This is optional phase.
• Propagation Phase: In this phase a virus copies itself and each copy starts
creating more copies of self, thus propagating the virus.
• Triggering Phase: A dormant virus moves into this phase when the
action/event for which it was waiting is initiated
• Execution Phase: This is the actual work of the virus, which could be
harmless or destructive
 Types of Computer Virus
• Parasitic virus: This is the most common form of virus. Such as virus attaches
itself to executable files and keeps replicating. Whenever the infected file is
executed , the virus looks for other executable files to attach itself and
spread.
• Memory-resident virus: This type of virus first attaches itself to an area of
the main memory and then infects every executable program that is
executed.
• Boot sector virus: This type of virus infects the master boot record of the disk
and spreads on the disk when the operating system starts booting the
computer.
• Stealth virus: this virus has intelligence built in, which prevents anti-virus
software programs from detecting it
 Types of Computer Virus
• Polymorphic virus: A virus that keep changing its signature on every
execution, making it very difficult to detect.
• Metamorphic virus: In addition to changing its signature like a polymorphic
virus, this type of virus keeps rewriting itself every time , making its
detection even harder
• Macro virus: this virus affects specific application software, such as WORD,
Excel. These virus affect the document s created by users and spread quite
easily since such documents are very commonly exchanged over email.
There is a feature called as macro these application software programs,
which allows the users to write small useful utility programs within the
documents.
Viruses attack these macros and hence the name macro virus
Protecting your Computer system
• Ensure that your OS is up to date
• To have antivirus software and make sure it has the capability to scan
email and files as they are download from the internet
• Need to run full disk scans periodically
• Use a Firewall
 Basis of WORMS VIRUS
Comparison
Definition A worm is a form of malware that A virus is a malicious
replicates itself and can spread to executable code attached to
different computers via network another executable file which
can be harmless or can
modify or delete data
Objective The main objective of worms is to eat The main objective of virus is
the system resources . It consumes to modify the information
system resources such as memory and
bandwidth and made the system slow in
speed to such an extent that it stops
responding
Host It doesn't need a host to replicate from It requires a host is needed
one computer t another for spreading
Basis of WORMS VIRUS
Comparison
Harmful It is less harmful as compared It is more harmful
Detection and Worms can be detected and removed Antivirus software is used
Protection by the Antivirus and firewall for protection against
viruses

Controlled By Worms can be controlled by remote Viruses cant be controlled

by remote
Execution Works are executed via weakness in Viruses are executed via
the system executable files
Comes from Worms generally comes from the Viruses generally comes
downloaded files or through a from the shared or
network connection downloaded files
Basis of WORMS VIRUS
Comparison
Symptoms • Hampering computer • Pop-up windows
performance by slowing down linking to malicious
it. websites.
• Automatic opening and running • Hampering computer
of programs. performance by
slowing down it.
• Sending of e-mails without your • After booting starting
knowledge of unknown
• Affected the performance of programs.
web browser. • Passwords get
• Error messages concerning to changed without your
system and operating system knowledge.
Basis of WORMS VIRUS
Comparison
Prevention • Keep your operating system and • Installation of Antivirus
system in updated state. software
• Avoid clicking on links from • Never open e-mail
untrusted or unknown websites. attachments
• Avoid opening e-mails from • Avoid usage of pirated
unknown sources. software
• Use antivirus software and a • Keep your operating
firewall. system updated.
• Keep your browser
updated as old versions
are vulnerable to liking
to malicious websites.
Basis of WORMS VIRUS
Comparison
Types Internet worms, Instant messaging Boot sector virus, Direct
worms, E-mail worms, File sharing Action virus, Polymorphic
worms, Internet Relay Chat (IRC) worms virus, Macro virus, Overwrite
are different types of worms. virus, File Infector virus are
different types of viruses.
Examples Examples of worms include Morris Examples of viruses include
worm, storm worm, etc. Creeper, Blaster, Slammer,
etc.
Interface It does not need human action to It need human action to
replicate. replicate.

Speed Its spreading speed is faster. Its spreading speed is slower

as compared to worms.
SQL Injection
• Web based attack
• SQL injection is a code injection technique used to execute malicious
SQL statements.
How SQL injection works?

• Usual Case
How to use SQL Injection?
• Username and password not seen in the URL
 How to prevent SQL Injection?

• Use bind and prepare

method