Please use this identifier to cite or link to this item:
http://hdl.handle.net/123456789/361
Title: | Designing Masking Ruleset for Hiding Operating System Identity |
Authors: | Singh, Manmeet |
Supervisor: | Singh, Maninder |
Keywords: | Network Security;Masking Ruleset;Forensics;Security |
Issue Date: | 5-Jun-2007 |
Abstract: | Computers have virtually revolutionized every sphere of our life. The rapid growth in the development of computers focused primarily on making the computer easy to use i.e. usability. The idea was to make computer easy to use for all sections of society. The rapid growth did not emphasize much on the security of the Computer system thereby rendering system as vulnerable to attacks. Had security been considered earlier in the development of computer system, our systems would have been more secure these days. Thus the preference of usability over security has made system more prone to attacks. Further, Internet has made hacking much easier. The skill level required for hacking has gone down considerably. One can easily get exploits for latest vulnerabilities and threats. Almost all the attacks are operating system specific and sometime application version specific. All the vulnerabilities are generally indexed based on the operating system. From a hacker’s point of view, it is important to know which operating system is running on the target machine. Thus determining the operating system running on the remote machine is a key step to the hacking process. From the Network administration point of view, it is important that various key machines i.e. Web server, Mail server, etc in the network are properly masked from easy operating system detection. Masking the operating system is a must in case of zero day attacks. Operating system fingerprinting makes use of the fact that different operating system vendors implement the TCP/IP stack in different ways thereby providing the attacker with enough opportunity to detect the Operating system running on the system. Various tools are available that can reveal remote operating system with great degree of accuracy and in minimum time. Specially crafted packets are sent to remote machine and the response is compared to database thereby revealing the running operating system. Default configuration of a computing system can easily reveal the underline operating system. Thus it’s important that the operating system is masked from easy detection. Intrusion prevention system (IPS) is one such way that masks the operating system from easy detection. An IPS makes use of rules that governs which packet to accept and which one to reject. IPS is not a substitute for a Firewall. Instead an IPS works along with the firewall. Firewall basically deploys rules for incoming and outgoing packets. IPS can further investigate the packets for Intrusions. Various rules can be designed that makes that will make sure that all attempts for operating system detection are treated as Intrusions, various specially crafted packets are dropped, logged and appropriate action taken against intruding machines. |
Description: | M.E. Software Engineering (Thesis) |
URI: | http://hdl.handle.net/123456789/361 |
Appears in Collections: | Masters Theses@CSED |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Designing Masking Ruleset for Hiding Operating System Identity Manmeet Singh 8053113 ME(SE).pdf | 852.43 kB | Adobe PDF | View/Open Request a copy |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.