Privacy Scrubber: Means to Obfuscate Personal Data from Benign Application Leakage
|
|
- Shanon Morgan
- 8 years ago
- Views:
Transcription
1 Privacy Scrubber: Means to Obfuscate Personal Data from Benign Application Leakage Michael Walker Youngstown State University One University Plaza Youngstown, Oh USA ABSTRACT A wide range of personal information is distributed over the Internet by benign software applications. These applications have access to user name, host name, a list of components in and attached to the computer and many other pieces of information that can be used for tracking or profiling purposes. These benign applications can and do send such private information to not only the developers, but also to marketing and tracking services. We attempt to locate the most commonly leaked information and to create a means to obscure this information when an attempt to read it is made. A software program that we write called Privacy Scrubber then intercepts access to the personal data being requested by the leaking software. After interception, a randomized value will be returned to the requesting application. A key issue is to prevent any alteration in the running of the leaking software, and to prevent the leakage of personal information. To do this, the information that is generated by the Privacy Scrubber has to return syntactically valid data for the information requested, but randomized to protect privacy. This project has two benefits. One, it identifies some of the most commonly leaked information by benign software applications. Two, it proposes techniques to intercept and replace the leaked information, without altering the execution of the benign software. We will also be writing software to implement these techniques and evaluating the effectiveness of the software when used with frequently used benign applications. This initial project is not meant to be complete in its protection of private information, nor is it meant to defend against all the benign software applications that exist. This Privacy Scrubber is a starting point for a scalable and extensible framework to start the process of protecting a person's private information from benign software leakage, without causing the application to perform abnormally. Categories and Subject Descriptors D.4.0 [Operating Systems]: Security and Protection access controls, information flow controls, invasive software General Terms Security Keywords Windows System Programming, Windows Hooks, Windows API, Filter, Personal Information, Web Tracking Ben Christian Ben Christian Youngstown State University One University Plaza Youngstown, Oh USA bochristen@my.ysu.edu Min Gyung Kang Min Gyung Kang Electrical and Computer Engineering Carnegie Mellon University Pittsburgh PA USA mgkang@gmail.com 1. INTRODUCTION With over 1 billion personal computers in the world [1] and just below 90% of them running a version of Microsoft's Windows Operating System [2] there is a distinct market for software applications that wish to not be classified as malware or a virus, but still wish to gain access to personal information of those using the computer, or just any program's publisher wishing to increase their product's profitability. These benign applications can be in many categories such as instant messengers, productivity tools and anything that is commonly used by nontechnical end-users. In a past audit many of the most commonly downloaded programs from Download.com leaked personal information ranging from host name, user name, geographic coordinates based on Internet Protocol Address and other identifiable personal information[3]. The goal of our project is threefold. First to create a systematic methodology that allows testing of benign applications that harvest personal information then leak it over the Internet. Secondly, to create a program which can filter applications' attempts to access personal information when they are going to leak the resulting information. Finally, to verify that our filtering software works in protecting personal information without altering the execution of the target benign application. The motivation for creating a standard means to test benign applications and the means to filter any that leak personal information is to increase individuals' privacy. Not only does this protect against single instances of personal data being leaked, but it provides a way to protect information that might be used to profile or identify a user on the Internet. Our approach has two distinct sections, the way to detect and the way to defend against the leakage of the personal information. We attempted to make a standard installation method for testing the benign applications. We then intercepted registry access and network traffic for installed applications. After capturing the raw data of what the program intercepts, we will create automatic comparison programs to parse the logs and create human readable output. After locating applications that leak personal information, we will use our software suite to create filters that can be loaded to filter the offending applications on any computer running our protection software. We make two contributions in this paper. The first is the creation of the techniques involved in automating as much as possible the process of locating leaked personal information. The second is the examination of current methods of filtering the Windows API and evaluating which would be most beneficial in reaching our goal of filtering private information without altering the execution of the leaking benign application.
2 The rest of the paper is organized as follows: Problem Details where we will discuss the issues we wish to address with our research. Methodology where we describe the steps we took to work towards a possible solution for the problem. Evaluation where we discuss our results of our project and evaluate the strengths and drawbacks of our approach. Conclusion where we discus the overall results of our research. Future Work where we describe the future directions of research. Finally acknowledgements and references. 2. PROBLEM DETAILS Personal information being leaked onto the Internet can cause several issues for the person who had the information leaked. The information can be used to build a more complete Internet profile of the user and their machine of use. It can also be used to enable Internet tracking and individualized marketing against the user. It can further help someone attempting to steal an individual's identity. A person's user login name or other such private information such as the model of processor running on the machine might not seem like easy things to access. However, we show that a very simple test application with very few lines of code can access this and more very easily. Programs such as Coupons.com's required software to print coupons have been accessing and possibly leaking this personal information onto the Internet. A single person reverse engineered the printer software and found the following: [I] determined that Coupons.com retrieves a wide variety of sensitive Windows registry keys and computer configuration settings including Windows Product ID, Windows CD key, motherboard serial number, and hard drive serial number. These numbers serve to identify a specific individual computer, and these numbers persist over the lifetime of a computer. [4] This level of profiling of someone's Windows System both on the hardware and software side constitutes an extreme level of potential profiling and tracking on the Internet. We see a need for benign applications to have filters applied to them so that they do not access information such as what the Coupons.com printer software deoes when there is the possibility for such information to be leaked outside the computer. 3. METHODOLOGY The following will describe what steps we took to determine which programs were leaking personal information and creating the means to filter those programs. 3.1 Finding Leaking Applications To create a standardized way to test benign applications for leaked personal information we used VMware, a virtual machine, to create an image of a Windows XP SP3 installation with Wireshark, HTTPAnalyzer and Process Monitor installed and running. Wireshark is the world's foremost network protocol analyzer [5]. HTTPAnalyzer allows you to monitor, trace, debug and analyze HTTP/HTTPS traffic in real-time [6]. HTTPAnaylyzer intercepts HTTP traffic before it reaches Window's SSL encryption. Process Monitor is program from Microsoft to provide an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity [7]. We us this for logging what registry access our targeted program makes. We focused our research on the Registry because of the ease of access and wealth of information in itwe dropped all information that was not created by the benign application's processes so as to decrease log files and to focus the saved records. We made separate logs for installation and first run. We then stored all the logs outside the virtual machine and restored the state of VMware to the point before the installation of the tested benign application, so that every application would have the same installation conditions. We tested the top 20 programs from download.com, several of the top instant message clients, and a commonly used software such as itunes. After collection of all the logs from the targeted software applications, we used a self-created script to parse the logs and locate information that was read from the registry and then transmitted over the Internet. We can use these results to create filters for applications so as to protect users with these programs installed. 3.2 Building the Filtering Suite We divided our concentrations about how to make the filter into three portions, determining how to filter the benign application, how to design the program filtering program and finally the actual development of the filtering program Determining How to Filter The Windows API enables interception of Windows API calls by a mechanism called Hooking. Hooking is enabled on all current installations of Windows Operating Systems. However, clear documentation and guides on how to accomplish it have not been updated frequently on the Internet since early in the 2000s. This information is well known by virus, key loggers, malware and other malicious software developers, because it is obvious that they would also wish to employ this mechanism to record personal information or to manipulate the system in their desired way. New information on the subject is not readily available for those wishing to learn more on the subject. The first obstacle to overcome in building the suite was determining which mechanism we would implement. The three main categories of Hooking, the term Microsoft uses for capturing Windows API calls, are: self hooking, user level hooking, and kernel level hooking. Self hooking is when a program filters itself. This method is of no use in our suite's intended goals. Kernel level hooking captures all system calls and therefor can cause extreme system slowdown. Not only that, but if any errors occur in the injection or filtering of the API calls, it can cause the Windows operating system to become non-functional. The last option is what is called user level injection. This is when a program can inject code into another program with the same user rights.
3 Figure 1 After determining the best level of injection we looked to find the best method for actually injecting the filtering code into the leaking benign program. We determined that the optimal method for injecting our code was to use a method by the name of import address table (IAT) table altering. Windows executables have a standardized format called the Portable Executable (PE) Design of the Filtering Suite The hook system that we chose is outdated and contains many deprecated functions and had to be edited to compile in current development environments. After altering the code to the point where it compiled properly, ignoring warnings about deprecated function calls, we had a semi complete framework which to build our filtering suite off of. The suite has 4 programs to it, including a test application for development purposes. The other three portions are a device driver that captures creation of new processes. A hook server which receives the notification of when a new process is created and then alters the IAT of the filter program to include the address to the Hook DLL. The Hook DLL is where the actual filtering takes place. This is the code that will be inserted into the benign application. The code has to be in a DLL because of Microsoft's decision to only allow DLLs to be inserted into other applications. A copy of the hook DLL's code is created in a separate thread than the process it is being attached to. The fact that the filtering code is in a separate thread than the original process creates a race condition where the first portion of the filtered application can process before the filtering thread starts to be executed. Windows file format showed in Figure 1. The Import Table is a list of functions that windows must translate to the address of corresponding external dynamic linked library (DLL) functions. By altering the IAT we can link to our own DLL and thereby enable filtering of Windows API function calls. After determining that our suite was going to insert our filtering code by this method we found a previously written suite that fulfilled all the requirements we had came to to this point so we extended this code to meet our needs[8] Implementing Filtering Each of the three portions of the windows hooking suite: the device driver, the hook server and the hook DLL needed to be updated so that it would compile properly. The project files for these parts had over 100 deprecated function names in each project. Also, the headers were malformed and needed to be corrected before compilation would complete properly. The most important improvement we made to the suite was to implement a filter, filterlist and filterfileaccess classes to be inserted into the design of the suite's framework. This is a key addition to the previous project because previously the filter DLL could only statically filter Windows API calls. This allows a high
4 degree of customization and allows different programs to be filtered in different ways. We created three classes to be included in the code of the hook DLL, shown in Figure 2. The first is filter and is a container for each object's private information with get_ and set_ methods for accessing private information. The next class is the filterlist and creates a data structure to store and quickly search through the filters. The third class is filterfileaccess and allows the saving of a configuration file containing ASCII string represented filters. Finally we also created a test application that accessed several key registry values containing the user name, host name, processor specifications. It also uses the getversion API and the getsystemtime API call to get the version of Windows running and the current date. 4. EVALUATION For the identification of benign applications that leak personal information on to the Internet we were able to create a script which would parse both Process Monitor's and HTTPAnalyzer's logs. This script is able to properly identify values that were read from the registry and then transmitted by HTTP with or without SSL encryption. This script can cause some false positives of values of all zeros which are both read from the registry and transmitted but might be coincidental. The script does properly detect when an application does access the registry for personal information and then transmit it across the Internet. The test application that we crated was able to be filtered when Privacy Scrubber was activated. Our application accessed several unique or semi-unique locations in the Registry, and for each that we created a filter, the values were filtered and the application displayed our desired output instead of the original values. Figure 3 The only value that we do not filter in the test application, shown in Figure 3, is the second one asking for the VendorIdentitifier. The rest we use different filtering methods. We can use static filters hard coded into the DLL, such as with the first and fifth tests. We do not filter the second test to prove that we are not altering every registry call. The 3 rd and 6 th tests are dynamically loaded filters with a static string set as the output replacements. The 4 th test uses a dynamic filter with the output set to be randomized for each access. Out of the programs that we tested. Only the itunes software read from the registry and then transmitted it. It reads the registry from four locations, listed in Table 1, multiple times each and then transmits the host name when a user logs into the online store-front from inside the itunes client. Table 1 HKLM\System\CurrentControlSet\Control\ComputerName\ ActiveComputerName\ComputerName HKLM\System\CurrentControlSet\Services\Tcpip\Paramet ers\hostname HKLM\System\CurrentControlSet\Control\ComputerName\ ComputerName\ComputerName HKCU\Software\Microsoft\Windows Media\WMSDK\General\ComputerName It appears at first glance that common software applications are less commonly accessing personal information from the registry and then transmitting it across the Internet. However, this does not mean the programs we test are not accessing personal information and transmitting it. It is possible that they already have anti-monitoring systems built in to themselves such as, reading registry values then encrypting them inside the program before it is sent to the Windows API for Internet access. There are some limitations to what our Privacy Scrubber will be able to protect against. Firstly, It does not account for any possible anti-iat redirection methods. It also does have an issue where if a API call is made near beginning of an application's execution then sometimes those calls will not be filtered. We assume this is do to a possible race condition of the process's main thread and the thread containing the hook DLL. This will need to be looked into further. Our current screening process lacks enough control to be very useful for extensive testing without tedious hand changing of registry values. This is why we believe using an extended version of Privacy Scrubber to also test software might provide a better platform from which to find applications which violate our desired prohibition on leaked personal information. 5. Conclusion Our project obtained three goals. The first was to create a filter standard which can be used to filter many(if not all) Windows API calls. The second was to create a method for testing for when an applications access personal information by using the Windows API and then transmit that data over the Internet. We accomplished this by using 2 commercially available programs and a custom parsing script to compare the logs. The third goal we achieved was to determine the best way to filter access to the Windows API and to develop a way of implementing our determination.
5 6. FUTURE WORK The research here has laid the groundwork for future research in two areas, improving and testing Privacy Scrubber further and adapting the Privacy Scrubber suite to be used for detection of leaked personal information for the goal of creating filters and auditing software 6.1 Further Privacy Scrubber Privacy Scrubber's code base needs to be rewritten with current development practices and without the large number of deprecated functions that exist in currently. We can also optimize the code for the injected filter DLL when it creates the list of filters loaded into that instance of the DLL. Other issues to address are the race condition that occurs at the beginning of the filtered application's execution. 6.2 Detecting Benign Application Leaks We could see if adapting Privacy Scrubber would allow us to decrease the number of tools required for detecting future benign applications which are leaking personal information. We could implement both the functionality of Process Monitor and HTTPAnalayzer into Privacy Scrubber. We could also build in the functionality to incorporate both functionalities into the same logging format. This could both speed up and simplify the parsing portion of the process. Parsing the logs could also be incorporated into Privacy Scrubber. 7. ACKNOWLEDGMENTS Our thanks to the TRUST program for providing us with an opportunity to participate in this research. We also wish to thank University of California, Berkeley for hosting us during our stay here and providing us with such a productive work environment. Min Gyung Kang and Dr. Dawn Song both deserve our thanks for providing us with such wonderful mentoring and giving us direction for our research. Also special thanks to Dr. Kristen Gates, Beatriz Lopez-Flores and Sheila Humphreys for their support and mentorship in preparing for graduate studies. 8. REFERENCES [1] Garner.com Press Release [2] ComputerWorld.com Windows market share dives below 90% for first time ket_share_dives_below_90_for_first_time [3] Jung, J., Sheth, A., Greenstein, B., Wetherall, D., Maganis, G., and Kohno, T Privacy oracle: a system for finding application leaks with black box differential testing. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27-31, 2008). CCS '08. ACM, New York, NY, DOI= [4] benedelman.org A Closer Look at Coupons.com [5] Wireshark.com About [6] IEinspector.com HTTP Analyzer 5 [7] Microsoft.com Process Monitor [8] CodeProject.com API hooking Revealed
Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
More informationSpyware Analysis. jan.monsch@csnc.ch. Security Event - April 28, 2004 Page 1
Spyware Analysis jan.monsch@csnc.ch Security Event - April 28, 2004 Page 1 Content Definition & types of spyware Statistics Hooks Static vs. dynamic software analysis Test environment for spyware Analysis
More information"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary
Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test
More informationWindows 7, Enterprise Desktop Support Technician
Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse
More informationSecuring Secure Browsers
Securing Secure Browsers SESSION ID: TRM-T11 Prashant Kumar Verma Sr. Consultant & Head (Security Testing) Paladion Networks @prashantverma21 Agenda Browser Threats Secure Browsers to address threats Secure
More informationCourse Description. Course Audience. Course Outline. Course Page - Page 1 of 12
Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge
More informationModule 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day
More informationChapter 14 Analyzing Network Traffic. Ed Crowley
Chapter 14 Analyzing Network Traffic Ed Crowley 10 Topics Finding Network Based Evidence Network Analysis Tools Ethereal Reassembling Sessions Using Wireshark Network Monitoring Intro Once full content
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationSignal Customized Helpdesk Course
Signal Customized Helpdesk Course This course is a combination of modules taken from two Microsoft Courses: 50311A and 50331A. It is geared toward staff who handle helpdesk calls and troubleshoot end user
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationFeatures of The Grinder 3
Table of contents 1 Capabilities of The Grinder...2 2 Open Source... 2 3 Standards... 2 4 The Grinder Architecture... 3 5 Console...3 6 Statistics, Reports, Charts...4 7 Script... 4 8 The Grinder Plug-ins...
More informationDetecting Malware With Memory Forensics. Hal Pomeranz SANS Institute
Detecting Malware With Memory Forensics Hal Pomeranz SANS Institute Why Memory Forensics? Everything in the OS traverses RAM Processes and threads Malware (including rootkit technologies) Network sockets,
More informationMicrosoft Windows PowerShell v2 For Administrators
Course 50414B: Microsoft Windows PowerShell v2 For Administrators Course Details Course Outline Module 1: Introduction to PowerShell the Basics This module explains how to install and configure PowerShell.
More informationIBM Tivoli Monitoring V6.2.3, how to debug issues with Windows performance objects issues - overview and tools.
IBM Tivoli Monitoring V6.2.3, how to debug issues with Windows performance objects issues - overview and tools. Page 1 of 13 The module developer assumes that you understand basic IBM Tivoli Monitoring
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationDeployment Guide Microsoft IIS 7.0
Deployment Guide Microsoft IIS 7.0 DG_IIS_022012.1 TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites... 4 4 Accessing the AX Series Load Balancer...
More informationApplication Compatibility Best Practices for Remote Desktop Services
Application Compatibility Best Practices for Remote Desktop Services Introduction Remote Desktop Services in Windows Server 2008 R2 allows Windows Server to be accessed by multiple users concurrently to
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More information<Insert Picture Here> Oracle Web Cache 11g Overview
Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content
More informationRedline Users Guide. Version 1.12
Redline Users Guide Version 1.12 Contents Contents 1 About Redline 5 Timeline 5 Malware Risk Index (MRI) Score 5 Indicators of Compromise (IOCs) 5 Whitelists 5 Installation 6 System Requirements 6 Install
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
More informationSTREAD CLOUD BACKUP MILITARY-GRADE ONLINE BACKUP BUILT FOR YOUR BUSINESS
STREAD CLOUD BACKUP MILITARY-GRADE ONLINE BACKUP BUILT FOR YOUR BUSINESS STREAD Cloud Backup is an affordable backup and recovery solution for all your mission critical business information on all devices
More informationUSER GUIDE: MaaS360 Services
USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document
More informationTNT SOFTWARE White Paper Series
TNT SOFTWARE White Paper Series Event Log Monitor White Paper: Architecture T N T Software www.tntsoftware.com TNT SOFTWARE Event Log Monitor Architecture 2000 TNT Software All Rights Reserved 1308 NE
More informationWeb Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.
Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
More informationDISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
More informationWhite Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary
White Paper The Ten Features Your Web Application Monitoring Software Must Have Executive Summary It s hard to find an important business application that doesn t have a web-based version available and
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationApplication Security Policy
Purpose This document establishes the corporate policy and standards for ensuring that applications developed or purchased at LandStar Title Agency, Inc meet a minimum acceptable level of security. Policy
More informationMICROS e7 Credit Card Security Best Practices
MICROS e7 Credit Card Security Best Practices General Information About This Document This document is intended to be used as a checklist for purging sensitive credit card data and protecting MICROS e7
More informationUsing a Malicious Proxy to Pilfer Data & Wreak Havoc. Edward J. Zaborowski ed@thezees.net
Using a Malicious Proxy to Pilfer Data & Wreak Havoc Edward J. Zaborowski ed@thezees.net Abstract...3 Malicious Web Proxy...3 Becoming the Proxy...3 ARP Spoofing...3 Static Configuration...3 Web Proxy
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationParasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips
Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Agenda Overview W32/Xpaj analysis Overview of a virtual machine Software protection trends W32/Winemmem analysis W32/Induc
More informationInformation Security for Modern Enterprises
Information Security for Modern Enterprises Kamal Jyoti 1. Abstract Many enterprises are using Enterprise Content Management (ECM) systems, in order to manage sensitive information related to the organization.
More informationLog Insight Manager. Deployment Guide
Log Insight Manager Deployment Guide VERSION: 3.0 UPDATED: OCTOBER 2015 Copyright Notices Copyright 2002-2015 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP Technologies
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationCyan Networks Secure Web vs. Websense Security Gateway Battle card
URL Filtering CYAN Secure Web Database - over 30 million web sites organized into 31 categories updated daily, periodically refreshing the data and removing expired domains Updates of the URL database
More informationHow Are Certificates Used?
The Essentials Series: Code-Signing Certificates How Are Certificates Used? sponsored by by Don Jones Ho w Are Certificates Used?... 1 Web Applications... 1 Mobile Applications... 2 Public Software...
More informationOutDisk 4.0 FTP FTP for Email Users using Microsoft Windows and/or Microsoft Outlook. 5/1/2012 2012 Encryptomatic LLC www.encryptomatic.
OutDisk 4.0 FTP FTP for Email Users using Microsoft Windows and/or Microsoft Outlook 5/1/2012 2012 Encryptomatic LLC www.encryptomatic.com Contents What is OutDisk?... 3 OutDisk Requirements... 3 How Does
More informationNetwork Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper
WP2 Subject: with the CRYPTO-BOX Version: Smarx OS PPK 5.90 and higher 0-15Apr014ks(WP02_Network).odt Last Update: 28 April 2014 Target Operating Systems: Windows 8/7/Vista (32 & 64 bit), XP, Linux, OS
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationINTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY
INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationLASTLINE WHITEPAPER. In-Depth Analysis of Malware
LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).
More informationServer Software Installation Guide
Server Software Installation Guide This guide provides information on...... The architecture model for GO!Enterprise MDM system setup... Hardware and supporting software requirements for GO!Enterprise
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationUser Guide. You will be presented with a login screen which will ask you for your username and password.
User Guide Overview SurfProtect is a real-time web-site filtering system designed to adapt to your particular needs. The main advantage with SurfProtect over many rivals is its unique architecture that
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationWHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email
WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly
More informationA Protocol Based Packet Sniffer
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 3, March 2015,
More informationImplementing HIPAA Compliance with ScriptLogic
Implementing HIPAA Compliance with ScriptLogic A ScriptLogic Product Positioning Paper By Nick Cavalancia 1.800.424.9411 www.scriptlogic.com Table of Contents INTRODUCTION... 3 HIPAA BACKGROUND... 3 ADMINISTRATIVE
More informationlabs Attacking JAVA Serialized Communication By: Manish S. Saindane
ATTACK & DEFENSE labs Attacking JAVA Serialized Communication By: Manish S. Saindane Black Hat Europe 2010 2 Introduction Many applications written in JAVA make use of Object Serialization to transfer
More informationTable of Contents. 2015 Cicero, Inc. All rights protected and reserved.
Desktop Analytics Table of Contents Contact Center and Back Office Activity Intelligence... 3 Cicero Discovery Sensors... 3 Business Data Sensor... 5 Business Process Sensor... 5 System Sensor... 6 Session
More informationMarket Challenges Business Drivers
VeriCentre 3.0 Market Challenges Business Drivers Inability to efficiently or effectively manage mass updates to install base High support costs associated with application rollouts Incomplete download
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationStorage Guardian Remote Backup Restore and Archive Services
Storage Guardian Remote Backup Restore and Archive Services Storage Guardian is the unique alternative to traditional backup methods, replacing conventional tapebased backup systems with a fully automated,
More informationGladinet Cloud Backup V3.0 User Guide
Gladinet Cloud Backup V3.0 User Guide Foreword The Gladinet User Guide gives step-by-step instructions for end users. Revision History Gladinet User Guide Date Description Version 8/20/2010 Draft Gladinet
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationHTTPS Inspection with Cisco CWS
White Paper HTTPS Inspection with Cisco CWS What is HTTPS? Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). It is a combination of HTTP and a
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationOnline Payments Threats
July 3, 2012 Introduction...2 Tested Products...2 Used Configuration...3 Real Malware Inspiration...3 Total Scores Chart...4 Conclusion...4 About matousec.com...4 Detailed Descriptions of Tests...5 Detailed
More informationMobile Device Management in a BYOD World. Jay Cotton Microsoft PFE
Mobile Device Management in a BYOD World Jay Cotton Microsoft PFE Mobile Device Management in a BYOD World Agenda It s a BYOD World What can I do to maintain control? How do these devices connect to Exchange?
More informationControlling and Managing Security with Performance Tools
Security Management Tactics for the Network Administrator The Essentials Series Controlling and Managing Security with Performance Tools sponsored by Co ntrolling and Managing Security with Performance
More informationWeb Traffic Capture. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
Web Traffic Capture Capture your web traffic, filtered and transformed, ready for your applications without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite
More informationSymantec Mail Security for Domino
Getting Started Symantec Mail Security for Domino About Symantec Mail Security for Domino Symantec Mail Security for Domino is a complete, customizable, and scalable solution that scans Lotus Notes database
More informationOverview. Timeline Cloud Features and Technology
Overview Timeline Cloud is a backup software that creates continuous real time backups of your system and data to provide your company with a scalable, reliable and secure backup solution. Storage servers
More informationAssessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements
/ WHITE PAPER Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements The 21 CFR Part 11 rule states that the FDA view is that the risks of falsification, misinterpretation,
More informationWildFire Cloud File Analysis
WildFire Cloud File Analysis The following topics describe the different methods for sending files to the WildFire Cloud for analysis. Forward Files to the WildFire Cloud Verify Firewall File Forwarding
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationSSL Enforcer Documentation
SSL Enforcer Documentation Introduction Install and Uninstall Getting Started Main Settings Options Log Introduction Today a vast majority of Internet activities like social networking, streaming videos,
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationThe Value of Physical Memory for Incident Response
The Value of Physical Memory for Incident Response MCSI 3604 Fair Oaks Blvd Suite 250 Sacramento, CA 95864 www.mcsi.mantech.com 2003-2015 ManTech Cyber Solutions International, All Rights Reserved. Physical
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationFeatures Business Perspective. www.eset.com
Features Business Perspective www.eset.com Endpoint Protection Antivirus / Antispyware Auto-Scan of Removable Media Host-based Intrusion Prevention System (HIPS) Client Antispam Cross-platform Protection
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationSolution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform
More informationUnicenter Desktop DNA r11
Data Sheet Unicenter Desktop DNA r11 Unicenter Desktop DNA is a scalable migration solution for the management, movement and maintenance of a PC s DNA (including user settings, preferences and data.) A
More informationDEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft Outlook Web
More informationWeb Filter. SurfControl Web Filter 5.0 Installation Guide. www.surfcontrol.com. The World s #1 Web & E-mail Filtering Company
Web Filter SurfControl Web Filter 5.0 Installation Guide www.surfcontrol.com The World s #1 Web & E-mail Filtering Company NOTICES NOTICES Copyright 2005 SurfControl plc. All rights reserved. No part
More informationImplementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing
Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing WHITE PAPER Prepared by: Mark Hoffmann Coyote Point Systems Inc. Abstract: This white paper describes
More informationimagepress CR Server A7000 Powered by Creo Color Server Technology For the Canon imagepress C7000VP/C6000VP/ C6000
English imagepress CR Server A7000 Powered by Creo Color Server Technology For the Canon imagepress C7000VP/C6000VP/ C6000 Version 1.0.1 731-01873A-EN Contents Overview... 1 Network... 2 Network Environments...2
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION. Julie Brill Maureen K. Ohlhausen Joshua D. Wright Terrell McSweeny
132 3089 UNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION COMMISSIONERS: Edith Ramirez, Chairwoman Julie Brill Maureen K. Ohlhausen Joshua D. Wright Terrell McSweeny In the Matter of DOCKET
More informationS y s t e m A r c h i t e c t u r e
S y s t e m A r c h i t e c t u r e V e r s i o n 5. 0 Page 1 Enterprise etime automates and streamlines the management, collection, and distribution of employee hours, and eliminates the use of manual
More informationSecurity Evaluation CLX.Sentinel
Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41
More informationMicrosoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE
Microsoft Office Communications Server 2007 & Coyote Point Equalizer DEPLOYMENT GUIDE Table of Contents Unified Communications Application Delivery...2 General Requirements...6 Equalizer Configuration...7
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More information