1
00:00:02,540 --> 00:00:06,790
Let's mention some aspects that you should be able to pay attention to at all times.

2
00:00:08,900 --> 00:00:16,610
The first typical problem is embedding a password inside an application code even if it seems weird.

3
00:00:16,610 --> 00:00:18,680
Situations like this still take place

4
00:00:23,540 --> 00:00:29,130
an application producer can still save a password in the code for good.

5
00:00:29,170 --> 00:00:32,910
This means that changing the password is tricky.

6
00:00:32,950 --> 00:00:40,620
It requires essentially a software update and it's very easy to sniff the password out.

7
00:00:40,640 --> 00:00:46,840
There's a number of copies of the software that are publicly available.

8
00:00:46,860 --> 00:00:49,750
It's easy to take a copy home and spend some time to check.

9
00:00:49,860 --> 00:00:58,360
For example using Process Monitor if a password is transmitted or saved somewhere assume that the password

10
00:00:58,360 --> 00:01:00,270
is not forwarded externally.

11
00:01:02,390 --> 00:01:08,680
At any rate you can view directly the data structures of the program.

12
00:01:08,730 --> 00:01:11,940
All you need to be able to do this is to have a debugging permission

13
00:01:15,550 --> 00:01:18,070
a classic example could look something like this.

14
00:01:19,200 --> 00:01:23,060
There's a function that verifies if a user who has logged on is an administrator

15
00:01:25,930 --> 00:01:30,740
these examples that are discussed now are real and derive from existing applications.

16
00:01:32,820 --> 00:01:35,330
The verification procedure looked as follows.

17
00:01:38,020 --> 00:01:40,320
The password was TR 4 or 5.

18
00:01:40,320 --> 00:01:48,040
JH and back arrow 1 s exclamation point or a similar value.

19
00:01:48,060 --> 00:01:51,310
This is a pretty strong password.

20
00:01:51,390 --> 00:01:53,670
It's complicated and difficult to remember.

21
00:01:55,520 --> 00:02:01,340
Definitely not easily crackable but it doesn't strengthen security at all since it's impossible to change

22
00:02:01,340 --> 00:02:01,740
it.

23
00:02:03,390 --> 00:02:06,440
All program users share it.

24
00:02:06,490 --> 00:02:09,290
You should really try to avoid this type of problems.

25
00:02:13,210 --> 00:02:17,600
The second typical problem is using default are blank passwords for common applications

26
00:02:22,410 --> 00:02:29,250
a source of this problem is likely the fact that an application has to have an original password a password

27
00:02:29,250 --> 00:02:32,730
is provided to protect accounts created an installation.

28
00:02:32,740 --> 00:02:37,920
But if a setup service doesn't enforce password change there's a high risk that a number of users will

29
00:02:37,920 --> 00:02:42,490
continue to use the default password.

30
00:02:42,570 --> 00:02:46,760
The same risk applies not only to software but also to network devices as well.

31
00:02:48,560 --> 00:02:54,640
As a result of this practice staggeringly popular Internet Web sites contain databases of default passwords

32
00:02:57,410 --> 00:03:04,980
one search databases maintained by search and search dot net as you can see at the time of preparing

33
00:03:04,980 --> 00:03:06,860
the presentation here.

34
00:03:07,050 --> 00:03:12,180
There were 461 vendors and almost 2000 default passwords available in the database

35
00:03:15,000 --> 00:03:18,440
the internet certainly offers even bigger databases of this sort.

36
00:03:20,040 --> 00:03:25,050
This suggests that even if you purchase an expensive application that is secure well designed and used

37
00:03:25,050 --> 00:03:32,000
for critical enterprise operations anyone who purchased it as well may know your password since your

38
00:03:32,000 --> 00:03:35,480
unchanged password is the default password for this application.

39
00:03:37,810 --> 00:03:45,540
How can you identify if you're in a risk group read user manuals carefully.

40
00:03:45,640 --> 00:03:50,920
If after first log on you are required to provide a given password or a administrator's password is

41
00:03:50,920 --> 00:03:51,910
provided.

42
00:03:52,760 --> 00:03:55,450
This is a signal that should set off a red flag.

43
00:03:57,720 --> 00:04:02,520
It's even worse if supported vendor data says that if you can't run the application or can't log on

44
00:04:03,180 --> 00:04:06,790
you should call a help desk to retrieve your password.

45
00:04:06,820 --> 00:04:08,610
Why should the support center know it.

46
00:04:10,670 --> 00:04:14,850
After all the password is supposed to be the exclusive password to your application.

47
00:04:20,650 --> 00:04:26,240
A lesson to be learned is that it's vital to change passwords in everything running your networks in

48
00:04:26,240 --> 00:04:31,520
all programs web applications routers and manage switches.

49
00:04:31,600 --> 00:04:36,220
If you neglect this the security level of your system will practically drop to zero.

50
00:04:39,380 --> 00:04:44,730
The third source of the threat is requiring administrative permissions.

51
00:04:44,740 --> 00:04:52,260
This is a widespread problem that has recently thankfully started to be addressed by software producers.

52
00:04:52,270 --> 00:04:56,300
This is partially due to the advent and popularity of 64 bit systems

53
00:04:59,220 --> 00:05:04,690
a number of programs including those produced by major producers and companies can only be run in Windows

54
00:05:04,690 --> 00:05:06,280
by an administrator.

55
00:05:07,970 --> 00:05:12,650
The programs in question aren't simply low level programs that can be assumed to need the permissions

56
00:05:12,650 --> 00:05:14,060
for some reason.

57
00:05:14,060 --> 00:05:21,550
For example a CD emulator this category can even include image editing software that for some reason

58
00:05:21,550 --> 00:05:28,310
won't run unless it's granted administrative privileges This usually is due to some programming bugs

59
00:05:28,310 --> 00:05:34,080
in the application.

60
00:05:34,080 --> 00:05:41,620
The bug could potentially look something like this a program wants to access a selected text file.

61
00:05:41,640 --> 00:05:47,240
Nothing unusual programs read and write to files all the time.

62
00:05:47,480 --> 00:05:55,570
But for whatever reason this program demands full control access even though it only requires the read

63
00:05:55,630 --> 00:05:57,820
write and exit permissions.

64
00:05:57,820 --> 00:06:00,400
It demands to be granted all existing permissions

65
00:06:02,910 --> 00:06:08,730
default folder ACL lists are usually determined in such a way that gives a standard user the permission

66
00:06:08,730 --> 00:06:12,490
to modify folders but not to have full control over them.

67
00:06:13,980 --> 00:06:20,590
This user can't for example take ownership of a folder because the above portion of the code is included

68
00:06:20,590 --> 00:06:22,470
in the program for no reason.

69
00:06:22,720 --> 00:06:30,240
The program doesn't run under standard user permissions most programming bugs originate in applications

70
00:06:30,240 --> 00:06:35,700
attempting to refer to files folders or system registers that specific users do not have permissions

71
00:06:35,700 --> 00:06:41,250
to access.

72
00:06:41,270 --> 00:06:46,050
If a software producer does not plan on patching the problem you can do it on your own.

73
00:06:47,400 --> 00:06:53,610
So this internal suite tools will be healthfulness process explorer in particular as well as process

74
00:06:53,610 --> 00:07:02,200
monitor in one of the earlier lectures process monitor was covered extensively when you run this utility

75
00:07:02,560 --> 00:07:06,370
you'll be able to monitor all activity of a selected process.

76
00:07:06,430 --> 00:07:12,860
In this case of this program you'll know what registry key is and what folders the program tries to

77
00:07:12,860 --> 00:07:16,230
access and see if the attempts were successful or failed.

78
00:07:18,680 --> 00:07:23,620
If there's an error you'll be able to see if it's a permissions error.

79
00:07:23,810 --> 00:07:31,380
If it is simply granted appropriate permissions to a specified registry keys in folders the program

80
00:07:31,380 --> 00:07:38,050
should operate without problems after that until you do this the program will not be secure.

81
00:07:41,270 --> 00:07:48,060
One of the most common problems is that applications have a longer lifetime than operating systems few

82
00:07:48,060 --> 00:07:55,020
of us still use a 10 year old operating system in the world of computers 10 years amounts to 50 years

83
00:07:55,020 --> 00:07:58,540
in the automotive industry.

84
00:07:58,570 --> 00:08:01,370
You don't come across running cars that are 50 years old.

85
00:08:02,800 --> 00:08:07,530
Users have grown so accustomed to it that they don't even think of updating it or replacing it with

86
00:08:07,530 --> 00:08:09,240
a newer model.

87
00:08:09,250 --> 00:08:13,690
It's become a fixed value in an enterprise.

88
00:08:13,690 --> 00:08:17,830
This means that we will not be able to update the environment in which it operates.

89
00:08:19,900 --> 00:08:25,630
Sooner or later it might turn out that the application only runs on specified systems or runs on a newer

90
00:08:25,630 --> 00:08:27,140
edition of the system.

91
00:08:27,190 --> 00:08:35,050
But for example without service pack 3 you've previously witnessed that earlier Windows systems Windows

92
00:08:35,060 --> 00:08:39,590
XP not legacy additions are vulnerable to a number of attacks

93
00:08:42,140 --> 00:08:44,850
user credentials are likewise not well protected

94
00:08:47,360 --> 00:08:49,510
service packs are released for a reason.

95
00:08:51,280 --> 00:08:56,200
One of the major reasons is to secure systems to eliminate known holes and flaws.

96
00:08:57,350 --> 00:09:00,590
Their role is not to add to system functionalities.

97
00:09:00,590 --> 00:09:04,500
This is done by feature packs.

98
00:09:04,610 --> 00:09:09,650
You can for example read on an application vendor's website that the newest version of your purchased

99
00:09:09,650 --> 00:09:16,800
product is not compatible with the latest security update issued last month by company x.

100
00:09:16,910 --> 00:09:20,660
All you can do is to install it and test it at your own responsibility.

101
00:09:23,150 --> 00:09:27,590
Vendors can also warn you that they have revealed that their product is unstable after a service pack

102
00:09:27,590 --> 00:09:32,620
3 is installed.

103
00:09:32,650 --> 00:09:38,410
If this is the case you should get rid of the application as soon as possible.

104
00:09:38,420 --> 00:09:43,940
This is the only way to convince software manufacturers to respect their customers and to show consideration

105
00:09:43,940 --> 00:09:52,630
for your security this module presented some typical problems focusing on problems related to application

106
00:09:52,630 --> 00:09:54,480
security.

107
00:09:54,630 --> 00:09:59,810
We've assumed that an administrator will not overlook critical problems and threats of this sort and

108
00:09:59,810 --> 00:10:05,300
we'll know how to react to them or at least will know that the problem requires quick steps to solve

109
00:10:05,300 --> 00:10:05,650
it.

110
00:10:07,510 --> 00:10:08,010
Thank you.