Visit blogadda.com to discover Indian blogs

Saturday, March 16, 2013

Ramayana: Lessons for Network Security


Ramayana an epic battle between good and evil teaches us various lessons about life, but does Ramayana have any lessons for network security.   I have made a miniscule attempt at emulating Ramayana to the cyber scenario to find out.
Our story begins from the eve of the day Ram was to be made proprietor of company Ayodhya. On that eve, Manthara an internal employee of the company Ayodhya, social engineers the mind of  Kaikeyi the wife of  Dasaratha into jealousy which makes her to invoke the ambigious agreement Dasaratha  made with her a long time ago. According to the agreement, Rama should be exiled from the company of Ayodhya for fourteen years and her son Bharata should be made the proprietor of the company. Dasaratha accedes to the demands of Kaikeyi and Rama agrees to his father’s decrees and leaves the company. Lakshmana and Sita follow him.  Meanwhile Bharata who is on a visit to his relative knows about the events in the company, returns and performs forensics  and finds about the scheme of his mother and Manthara. He refuses to lead the company and visits Ram and requests him to return to the company to which Ram disagrees.  When he sees Rama is determined to abide by the agreement he carries Rama’s sandals to be used as company’s logo. 
Rama, Sita and Lakshmana journey south to Panchvati where they set up their own computer network. Surphanaka sister of Ravan the manager of all powerful company Lanka used to live in Panchvati. She was a malicious hacker and a scamster, fraudster. She tries to lure Rama while chatting into marrying her. Rama disagrees citing he already has a beautiful wife. When rejected she becomes furious and starts to launch a DOS against Sita. Lakshmana the network admin quickly prevents this and defaces Surphanaka’s site. Dejected by this, Surphanaka seeks help of her black hat brothers Khara and Dushana. Both brothers launch various attacks against Ram and Lakshmana but are defeated.  Surphanaka asks her brother Ravana for help. 
Ravana becomes furious about the defacement of his sister’s site. He decides to steal the identity of Sita to teach Rama a lesson. For this he devises a procedure. He takes the help of Maricha an expert in impersonation attacks. Maricha creates a Trojan named “golden deer” and introduces it into Rama’s network. Sita falls for the golden deer and asks Rama to fetch it. Lakshmana warns that the deer maybe a Trojan but by then Rama already chases the deer hurriedly instructing Lakshman to take care of Sita. When Rama writes an exploit to attack the deer it discloses its impersonation, relays a msg with impersonated identity of Rama to Sita and Lakshman. Sita believes this and asks Lakshman to help his brother. Lakshmana was confident that this was an impersonation but fails to convince Sita. As a last resort, he keeps Sita under the protection of host based IPS (lakshman rekha) and instructs her not to disable the IPS at any cost.  Ravana who was already remotely watching what was happening till then creates a phishing page of a hermit asking for charity. Sita proceeds to make a transaction from the protected system but fails. She disables the IPS and starts the transaction. As soon as she begins to make the transaction, a pop up appears claiming it is Ravana and Sita’s identity is instantly stolen. As Rama and Lakshmana return, they find Sita missing. They perform an intense search but can’t find Sita’s identity. 
  As they sit in distress, they get a message from Jatayu.  Jatayu is a friend of Dasaratha and an expert at sniffing the network. When they reach Jatayu he tells them that he saw packets containing Sita’s identity passing through the network he was sniffing and tried to do a Janus attack to retrieve the data but was prevented and disarmed by Ravana. They learn about the path the packets took from Jatayu and start conducting a firewalk. While conducting firewalk, exploits from system belonging to a person named Kabandha begins to attack their systems. Ram takes control of the system of Kabandha and summons him. Then Kabandha explains to Ram how his system has been taken over by a bot and asks Ram to restore it to its previous state. After Ram restores his system, he advises Ram to go to Sugriva’s company in Rishyamukha if he wants to retrieve Sita’s identity.  Rama and Lakshmana reach Rishyamukha. On detecting their presence, Sugriva sends Hanuman to enquire about their purpose. Hanuman uses social engg to know about the purpose of their arrival. Then Hanuman introduced the brothers and narrated their story. He then told Sugriva of their intention to come to him. Sugriva asks Rama to help him in defeating his brother Vali, the owner of the company Kishkindha in a cyber battle for him to help him. Vali and Sugriva were good friends before but became enemies during their cyber battle with a giant. Vali had a specific talent of being able to use half of his enemy’s exploits and resources against the enemy itself in a cyber battle. Sugriva challenges Vali for a cyber battle. During the battle Rama uses a backdoor to gain access to Vali’s system and defeat Vali. Sugriva becomes the owner of Kishkindha. As soon as he becomes the owner of Kishkindha Company he orders his programmers and it security professionals to start information gathering about the identity of Sita.  Kishkindha’s information gathering team follows trails left by Sita’s identity and find out the path taken by the packets to a network of Mahendra hills. When they start their recon in Mahendra hill network, they come to know from Sampati a passive sniffer that Sita’s identity packets went into Ravana’s network of Lanka. Their recon came to a standstill as Lanka’s network was guarded by a firewall, the invincible sea. Angada the team leader of the recon team asked “Who can bypass the firewall?”  Hanuman decides to give a try. After some data diddling, data enlargement and data shrinking he bypasses the firewall, passes through the IPS undetected, and gets access to the root domain. Then he does directory traversal to search for Sita’s identity. Then in a domain named Ashoka he finds Sita’s identity under protection. He bypasses the protection and uses Rama’s public key previously given to him by Ram to authenticate. He tries to retrieve the identity but realizes that only Ram is authorized to perform actions on the identity. He gets just read permissions on Sita’s identity.  Before leaving, he decides to teach Ravana a lesson by destroying data and bringing down systems in the Ashoka domain. Personnel intervene only to lose access to their systems. Indrajit the son of Ravan gains upper hand over Hanuman. Popups appear on the systems warning Ravan to deliver Sita’s identity. 
Ravana was furious about the intrusion and the pop up and asks Indrajeet to infect the payload with malicious code so that it infects the Hanuman’s system on way back. Vibishana, ISO27001 information security analyst and risk and compliance assessment officer objects with this. Unfortunately the payload goes wild and infects many machines in Ravana’s network and brings down many machines. Hanuman then reported his hacking attempt to Ram and discloses the private key for non repudiation to Ram.
Kishkindha’s cyber army moves to Mahindra hills adjacent to the network of Lanka and set up their base there. Rama summons his cyber army commanders and sought their suggestions to bypass the firewall protecting the network of Lanka.
When Ravana got information that Rama was setting up his network at Mahendra hills and was preparing for a cyber war on his company, he summoned all his network admins and IT managers who unanimously decided to fight Rama to the DOS. For them, Lanka’s network was impenetrable and their admins undefeatable. Vibishana the risk and compliance officer disagreed with this.  He advises Ravana to return the stolen data and restore peace between the companies. Ravana becomes furious and suspends him from the company. Vibishana joins Rama’s company and becomes the closest advisor to Rama in the cyber war.
Rama decides to code a Root kit to bypass the firewall to get access to network of Lanka. He social engineers Varuna the Maker of the firewall for three days to find any zero day vulnerabilities in the firewall. Nala, Kishkindha’s root kit expert starts coding the rootkit along with the help of thousands of programmers. The stupendous code takes five days to complete. After getting access to networks on the Lanka’s forest, Rama asks his Public Relations Officer Angada to mail a warning to Ravana. “Return the identity or face destruction.”
Ravana disagrees. The cyber war begins. Rama’s cyber army starts attacking the perimeter security of forest of Lanka. The cyber battle continued for a long time. Exploits after exploits were coded and many systems on both sides were brought down. The network in between was filled with exploits and viruses. 
When Ravana’s cyber army was losing, Indrajit son of Ravana takes command. He had the exceptional talent of writing stealthy viruses. He writes the code SERPENT which locks down the systems of Rama and Lakshmana. Receiving no command from the domain controller, Kishkindha’s cyber army is disoriented. Garuda antivirus company which has a history of disabling the serpent virus comes to Rama’s help and unlocks their systems.
Ravan joins the cyber war and executes his exploit Shakti against  Lakshmana’s system which shuts it down. Rama then brings down the carrier of the payload of Ravana leaving him helpless. Lakshmana’s system soon recovers. 
Ashamed of losing to Rama, Ravana decides to use Kumbhakarna his brother. Kumbakarna is the designer of an invincible logic bomb that is active for six months of the year and disables itself for the rest of the six months. On hearing about the cyber war Kumbakarna tinkers with his logic bomb and starts attacking the Rama’s network. The logic bomb destroys many systems and is virtually unstoppable by many antivirus. Hanuman tries to tame the logic bomb but fails. Kumbakarna targets Rama’s system ignoring attacks from others. Rama who initially faces difficulty facing Kumbakarna finally brings down the command center of the logic bomb with a special exploit that brings down Kumbakarna’s system.
After the defeat of Kumbakarna, Ravana summons Indrajeet who promises to defeat the enemy quickly.
Indrajeet begins attacking Rama and Lakshmana with his stealthy exploits and fake IP addresses. Rama and Lakshmana find it difficult to target Indrajeet as they can’t trace his IP address. Indrajeet soon finds vulnerability in Lakshmana’s system and brings it down. Sushena the Backup and Restore expert of  Kishkindha deduces that Lakshmana’s system is in deep hibernation and can only be restored by a special software named Sanjibani found in the company Gandhamadhana’s  database. Hanuman hacks into Gandhamadhana’s software store and downloads the software. Lakshmana’s system recovers and he rejoins the cyber war.
This time Indrajeet plays a trick on Rama and his cyber army. He anonymously sends them a video of he destroying Sita’ identity. Seeing this, Rama collapses. Vibishana explains to Rama that this was only a trick and Ravan would not allow Sita’s identity to be destroyed at any cost. Vibishana further explains to Rama Indrajeet’s trick may only be a cover to buy him some time to find any zero day vulnerability present in Rama’s system and he would soon code an exploit to take advantage of the vulnerability. The best time to defeat Indrajeet would be to find him when he is coding the exploit in the night time.
Lakshmana, Hanuman and Vibishana stay overnight on their systems trying to locate Indrajeet. Just before Indrajeet was about to complete his exploit Lakshman finds his IP address and attacks it. After series of exploits, Indrajit’s system is brought down.
Despaired by defeat of his son, Ravana becomes furious and turns on his domain controller and challenges Rama. Ravan’s system is protected by ten honeypots and Rama finds it difficult to determine which the original system is. Vibishana comes to help Rama and tells him which the original system is. Rama scans Ravana’s system and uses his exploit Brahmastra to bring down Ravan’s system. Lanka was defeated. Rama scans the Sita’s identity for any infections using the antivirus ‘fire’ and then retrieves it. Thus came to an end the cyber war.
Now what lessons does this cyber Ramayana teach us.
1. Social engineering seems to be the most dangerous attack. Manthara used it to change the owner of the company Ayodhya  overnight,  Rama uses it to find a vulnerability in the firewall “sea”.
2.  Most threats to the network emanate from internal employees. Ex: Sita(shouldn’t have disabled the IPS),  Vibishana(Was there anything he didn’t know about Lanka’s network.)
3. No network is 100% secure.Any firewall can be breached. Ex: Ravan thought that Ram could not cross the sea.
4. Beware of Trojans.
5. Last but not least, employees just listen to your admins for security of your company.



Tuesday, February 19, 2013

Why would someone hack me?


Please don’t read this.
Most internet users don’t even care when they read news of someone hacking someone and those left excluding the most above may get the thought “Why would someone hack me?”. What would they get?  I was one among the many common internet users who thought so. My internet activities mostly included social networking, reading news,browsing etc. I have no data in my computer which can be considered sensitive by any nature.  I don’t even have a bank account so there was no question of online transactions. So why would someone hack me?  Many internet users would agree with me. Recently I asked two of my friends about how they feel about falling victim to hacking. First one nonchalantly replied “what will they get by hacking me?”. Now this was not the answer I expected from him. He regularly does online transactions, has so many personal data in his PC that can be termed secret if not sensitive.
          Now why would someone hack? Many ordinary users think (or maybe they just assume) that hackers hack only to get something (read money, data etc). This is true of course but money and data are not the only things that crackers ( I really have  strong reservations for using the word ‘hacker’ for someone who hacks with a malicious purpose) are after. Some hack for your bandwidth, some to make your PC  a part of their botnet and some just for the simple reason why you are reading this far even after the sentence at the beginning of this article in bold instructing you not to read this. Yes, the challenge drives many of them to hack you, well atleast it drives me. Now what is a botnet? A botnet is a group of computers working as a bot( you know bot, don’t you?If not just google it.).  If your computer becomes part of a bot, the cracker can control your system at his whims and fancies. He can use your system to perform a DDOS(Distributed Denial Of Service) on any other system or he can launch an attack from your system, using your resources and most dangerously your IP address.
      Well I didn’t tell you what my second friend told me, did I? He told me he had an antivirus (hopefully updated) and a firewall. Having an antivirus and firewall is ok but this is just not enough. Having a firewall is just like having a watchman at your gate. He may stop some stranger trying to enter your gate but not some well known friend of yours who comes to meet you with an evil intention to hit you hard whatever may be the reason. I am not really telling you that the firewall is useless but only that it is only a part of the solution.
   To really protect you from crackers, apart from installing antivirus and firewall, it is necessary to do something more like,
·        Don’t click on any new and suspicious links in your email.
·        Perform full system scanning regularly.
·        Use netstat to see the connections your computer is making(who knows you may already be a part of the botnet)
·        If you regularly perform online banking, use virtual keypad for typing( who knows there is already a key logger installed on your system)
·        Scan USB devices each time it is attached to your system.
·        See what ports are open on your system. Use netstat or online tools like this one below.This gives you a idea of what an outsider(read crackers) can see about your system.
              http://www.ipfingerprints.com/portscan.php

Well I would not say this tips are the end and the final solution to protect yourself from crackers but they can help you to be aware of whats happening with your system.