Ethical Hacking and Defence for Buffer Overflow -myassignmenthelp

Question: Discuss about theEthical Hacking and Defence for Buffer Overflow. Answer: Introduction Ethical hacking is a way through which weaknesses and vulnerabilities are located in computer systems and other information technology infrastructures and buffer overflow is a part of this concept. This report is aimed to look into the risks associated with Buffer Overflow attack, which leads to a failure in program either while allocating sufficient memory for an input string or while testing the length of a string, if they are within the valid range (Bishop et al., 2012). This is where the hacker takes advantage of the loophole through submission of a larger input to the program meant to allocate buffer input and modify the close variables, resulting in the program to hop on to unintended places or even get the programs instructions replaced by the arbitrary code. The risks and remedial measures are discussed along with the detailing of how the exploit was developed. Discussion Risks And Remediation Advice There are several kinds of buffer overflows, most popular ones being Heap Buffer Overflow and Format String Attack. The risks associated with this kind of attack are: They target the input fields of web servers, web applications and desktop applications, leading to the systems getting crashed. Buffer overflows allow attackers to get hold of the systems, take control through unauthorized access (Chen et al., 2013). Compromise the integrity of original data In spite of these risks, there are certain remedial measures, which can help protect the systems from getting attacked by Buffer Overflow. Some of the measures are as follows: Validation of all input data can help prevent systems from getting attacked by the problems of Buffer Overflow. Checking Bounds can help prevent buffer overflows though this requires extra code and processing time. An effective way to avoid the problem of buffer overflow is by coding in a safe and secured manner. Security has to be kept in mind while designing an application. Usage of safe libraries is another way to detect any attempt to run illegal and irrelevant code on the stack. Libsafe Library is an example of a safe library which finds a way of protecting calls to these functions by interchanging the unsafe functions that are implemented in the shared glibc library with safer versions (Fouque, Leresteux Valette, 2012). How the exploit was developed? Buffer Overflow is an exploit which takes benefit of a program that lies on a users input. There are two main types of buffer overflow attacks, heap based and stack based. Stack based attack is a more common attack as compared to Heap based attack. Heap based attack is not common due to the complexity involved with them. In a stack-based buffer overrun, the program which gets exploited uses a memory object known as stack to store user input (Fu Shi, 2012). During that situation, a return memory address is written to the stack by the program and input of the user is placed on that. Through processing of the stack, the input of the user gets sent return address mentioned by the program. Conclusion Through this report, the mechanism of buffer overflow attack, what leads to the attack, how the preventing measures can be implemented, has been discussed. Abiding by the mentioned steps and measures would help avoid computer systems from getting exploited by the menace of Buffer Overflow. References Bishop, M., Engle, S., Howard, D., Whalen, S. (2012). A taxonomy of buffer overflow characteristics.IEEE Transactions on dependable and secure computing,9(3), 305-317. Chen, G., Jin, H., Zou, D., Zhou, B. B., Liang, Z., Zheng, W., Shi, X. (2013). Safestack: Automatically patching stack-based buffer overflow vulnerabilities.IEEE Transactions on Dependable and Secure Computing,10(6), 368-379. Fouque, P. A., Leresteux, D., Valette, F. (2012, March). Using faults for buffer overflow effects. InProceedings of the 27th Annual ACM Symposium on Applied Computing(pp. 1638-1639). ACM. Fu, D., Shi, F. (2012, November). Buffer overflow exploit and defensive techniques. InMultimedia Information Networking and Security (MINES), 2012 Fourth International Conference on(pp. 87-90). IEEE.