Universal Plug and Play and Its Weaknesses - Assignment Example

? INFORMATION SECURITY here] of [Due paper] Answer Part Universal Plug and Play (UPnP) and its Weaknesses Introduction Before discussing the technical security issues associated with universal plug and play devices, let us get a better understanding of what these devices actually are. Universal Plug and Play (UPnP) refers to a protocol standard that enables communication between network-enabled devices and computer systems. Some of the main devices in which universal plug and play devices are used include printers, media servers, routers, digital video recorders (DVRs), computers, and even security cameras (Vaughan-Nichols 2013). Although this protocol allows devices to communicate with each other easily, but the network-enabled devices have a number of weaknesses in them that have make the networks exposed to attacks (Westervelt 2013). “The United States Computer Emergency Readiness Team (US-CERT) is warning about weaknesses in the Universal Plug and Play protocol” (Westervelt 2013, p. 1). The reason behind the warning is a recent research about the security flaws in universal plug and play devices which has identified some protocol vulnerabilities and configuration errors in the use of UPnP devices. According to the report, 81 million universal plug and play devices expose themselves to the internet and nearly 16 million devices of those have the tendency of allowing attackers to intrude into the systems by making the firewall ineffective (Moore 2013). In this paper, we will cover some of the main issues associated with the universal plug and play devices and the ways that can be used to overcome the risk of hackers’ attacks. The discussion will support the statement that technology usually gets deployed in a hurry without proper consideration of the harms associated with it. 2. Weaknesses Although plug and play devices allows easy communication between devices, there also exist some major weaknesses related to network security protocol. Researchers have shown that nearly 40 to 50 million network-enabled devices face risk because of universal plug and play protocol vulnerabilities (Moore 2013). UPnP allows communication between devices, such as, printers, routers, smart TVs, media players, webcams, and network-attached storage (NAS). The three main security flaws bringing millions of users under risk of attack include programming issues in SSDP raising the risk of execution of arbitrary code, exposure of private networks to attacks because of exposure of plug and play control interface, and crashing of the service because of programming bugs in HTTP, UPnP, and SOAP (Moore 2013). Disabling the universal plug and play protocol is one way to prevent the attacks the risk of which is always associated with the use of UPnP devices. Most of the vendors usually do not have any plan of updating their vulnerable devices. Therefore, organizations need to use Metasploit modules and ScanNow UPnP tool to identify vulnerable media servers, printers, and other UPnP devices (Blevins 2013). One of the main weaknesses of universal plug and play devices is that trust on all other communicating devices which in most cases are not trustworthy. There is no software that can check whether the devices with which UPnP devices communicate are prone to attacks or not. Moreover, buffer overflows are also an issue regarding the use of UPnP devices (Schmehl 2002). An effective way to overcome this issue is the blocking of the UPnP at the Internet gateway. After doing this, link to any system outside the LAN should be blocked using the firewall in such a way that it does not access the ports 1900/UDP anymore. In case of Windows system, those ports are 2869/TCP. Along with this, UPnP on the router should also be turned off (Vaughan-Nichols 2013). As Raikow (2001, p. 1) states, “an attacker could gain complete control of an entire network of vulnerable machines with a single anonymous UDP session”. The attack not only provides the hacker with an access to all files and data stored in the system but also provides the required capacity to the hacker to install unnecessary files and software in the system along with recording all keystrokes of the user of the system. Attackers can infiltrate the targeted network and attached systems by gaining unauthorized access as the result of communication between UPnP devices. Given the threat of attacks associated with the universal plug and play security flaws, it is the responsibility of the system administrators to take effective measures to mitigate those risks. They need to respond quickly and undergo an effective short term procedure which include the steps like checking every perimeter firewall in order to ensure that the UPnP traffic is being blocked properly because traffic from the internet can be harmful, checking the wireless access points to block all UPnP traffic, and installing some authentic and reliable intrusion detection software to stop suspicious and unauthorized attempts to entering the network (Raikow 2001). These are just some of the ways to deal with the security loops present in the universal plug and play devices. Information technology specialists need to come up with more reliable methods to prevent all sort of UPnP risks. As far as the role of the government is concerned, the U.S. government has already placed its demand of disabling the universal plug and play feature available on the router (Callaham 2013). Flaws have been found in the network protocol and its implementations which have made millions of UPnP devices prone to network attacks. This is the reason why the US Department of Homeland Security is advising the users of universal plug and play devices to disable the protocol (Vaughan-Nichols 2013). Conclusion Major UPnP issues have been identified since 2001 which need a proper resolution in order to make UPnP devices free of security threats. “A lot of routers are still shipped with grave security bugs, including involuntary onion routing, remote root exploits, and complete remote control over firewalls” (Vaughan-Nichols 2013). Currently, new exploits are coming into the fame where security flaws in Universal Plug and Play devices are turning up into dangerous issues for the systems. To overcome these issues and risk of threats, individuals and businesses need to replace systems that are not able to disable the use of UPnP protocol (Moore 2013). Similarly, consumers also need to take appropriate steps to disable the UPnP function on mobile broadband devices and home routers. References Blevins, B 2013, The body count is new, but UPnP security issues are embarrassingly old, viewed 03 December 2013, Callaham, J 2013, US Government: disable Universal Plug and Play on routers due to hacker threat, viewed 03 December 2013, Moore, H 2013, Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play, viewed 02 December 2013, Raikow, D 2001, Serious XP flaws: What to do now, viewed 02 December 2013, Schmehl, P 2002, The Microsoft UPnP (Universal Plug and Play) Vulnerability, viewed 02 December 2013, Vaughan-Nichols, S 2013, How to fix the UPnP security holes, viewed 02 December 2013, Westervelt, R 2013, Universal Plug And Play Flaw Impacts Millions of Devices, viewed 03 December 2013, Summary: Security News (01/10/2013) Two key issues have been discussed in this podcast. First was about Java version 6, whereas the second issue was of NSA. Java has cropped up with boring regularity where oracle is not supporting java version 6. Moreover, it poses some big issues as right now approximately 50 percent of the Java users are still using java 6 as the programming language. Second issue discussed in the security news was much more profound and relates to what has already been discussed. That was about Edward Snowden’s exposure of suspected NSA involvement in the past going back to what is suspected that NSA was involved in some serious spying issues. It has also been found that NSA has engineered into some standard crypto software which are a means of breaking encryption easily. Moreover, RSA has also been discussed in the news which is the premiers of cryptography organizations. Software engineers do not prefer using NSA now because of the issues that have appeared in the scene. Although NSA has been trusted for a long time but now the time has come that it should be reviewed. The speaker has urged to use Wikipedia and Google to do more research for these issues. Summary: Security News (03/10/2013) This security news includes discussion on three key issues, which include Apple’s latest capacitive finger scanning, Microsoft SharePoint, and outdated adobe reader. Apple’s touch id technology which features in the latest versions 5s and 5c has raised some issues. This is about capacitive finger scanning technology. The question is that how reliable and secure is capacitive finger scanning is in terms of providing an authenticating access to device. The capacitive approach requires touch pad which is a sensitive area to touch. Questions have been raised by hackers about the vulnerability of this technology to attacks. Microsoft share point is also an issue which needs proper discussion. The questions that come in mind regarding this include what is SharePoint, who are the users of it, and what are problems with it. Outdated adobe reader is also a key issue related to security. Adobe has been widely used software for opening ‘.pdf’ files but has become a focus of hackers these days. With the passage of time, some alternatives for this application have appeared in the market but the point of concern is that whether those alternatives are equally safe for use or not. Summary: Security News (10/10/2013) The regular cycle of patches that Microsoft undergoes is an operational issue and is of profound importance. It illustrates the sort of technology in use and we do not see the things getting better in terms of patches, fixes, and repairs that companies like Microsoft and Adobe. For example, automatic update is a key issue in this regard. Repairing unique vulnerabilities involve code execution vulnerabilities and are being exploited by the hackers. Therefore, this is really critical for security engineers to understand the prioritization of the patches. These issues need to be dealt on urgent basis because they are operational issues which may cause many negative effects for users. Encryption is also a key issue. Opening an email in an open system raises privacy concerns. Encryption is a powerful tool but giving this tool in the hands of hard to trust people is a key concern. FBI has been behaving in a really worrying way in this regard. Encryption provides the whole basis for our security and anything that makes that process unsecure should be an area of concern for the security professionals. Breaking the privacy of individuals and organizations is a big issue which needs proper consideration and workout. Summary: Security News (17/10/2013) This week the instructor discussed the issue of Java version 7.0 which contain nearly 51 vulnerabilities which are remotely exploitable which makes them a really serious security concern. If we compare Java and JavaScript, we come to know that Java is heavily used as a web language, whereas JavaScript is embedded in the web pages. There is a Do Not Track issue in this version. Obviously, we do not want us to be tracked on what we have been doing on the computer system. Third issue is about Truecrypt which is open source software and is a robust method for encrypting data. Data encryption has always been a key area of concern. Should we trust Truecrypt or not is the issue which needs a proper workout. Along with these three issues, the instructor also talked about the backdoors which been found in the firmware. This is serious because delay routers are used in enterprises and in private settings. Having a backdoor in the home based wireless router can cause serious harms for the computers associated with the network. There should be a proper security mechanism which can ensure complete privacy of such networks. Summary: Security News (24/10/2013) This week the instructor discussed the issue of Project Shield which is a free system by Google. This is actually a distributed denial of service protection system and provides protection to the denial of service attacks. It mitigates the risk of such attacks. It has proven successful in doing all this by providing free protection to expression online. The technology provides the facility to the websites to use Google’s infrastructure to serve their content without actually moving their hosting location. The main purpose of this service is to help small enterprises stand up to the distributed denial of service attacks and protect them from being taken offline because of the attacks. The instructor has also discussed the issue of malware which does things like browser hijacks, changing the browser settings, and installation of menu bars. Cryptolocker malware is a nasty malware the instructor talked about in this podcast. This malware is a carefully crafted one and uses good encryption and clever techniques to avoid being blocked down. It uses a random looking preregistered domain names which makes it difficult to identify the server from this malware is being channeled. This issue needs to a careful consideration in order be dealt successfully. Summary: Security News (31/10/2013) This week the instructor discussed the issue of linkedin.com which is offering a new service called intro. This has raised a few concerns. For example, it has made linkedin to act a proxy email server which means the emails will be sent to linkedin and then to the intended users. Now, this is really an area of concern because getting emails from some other source instead of the direct source can leak some private data. Cryptolocker has also been discussed in the podcast. It is also a very dangerous data stealing scam. Individuals, as well as businesses are being affected by cryptolocker because the precious files are being getting decrypted by the hackers who are not making their way easy to be tracked. Security experts need to come up with some anti-decryption software as soon as possible to overcome this issue. In the podcast, the main emphasis was on encryption issues that users face while encrypting their data using connections, such as, Google server forms, SSL connections through Google servers, Google accelerator, and other similar services. Google is also not happy with all this and is working to deal with these issues properly. Summary: Security News (07/11/2013) This week the instructor discussed the topic of emergency out of band patch. This is based around the .tif files which are widely used because they use compression technique on image files. Users can get their computers infected if their emails consist of embedded .tif files. It affects windows Office including the latest versions. The issue here is what Microsoft patch can do to prevent this problem from occurring. The second issue discussed in the podcast include exploit of breach of Adobe which happened some time ago. Three million to a hundred and thirty million records have been stolen which contained email addresses and passwords. Adobe has been involved in this bad practice by getting the passwords in an encrypted form and storing them in the database. This issue has occurred recently, therefore, a proper resolution needs to be done in this regard. The third thing discussed in the podcast was cryptolocker which has infected many security organizations because cryptolockers looks at mapped network drives. Cryyptolocker checks the data stored in the databases and encrypts it raising security concerns for the organizations. Cryptolocker Prevent and automatic updating version can be used to some extent to prevent this problem. Summary: Security News (14/11/2013) This week the instructor discussed the issue of fixed vulnerabilities in Microsoft updates. For example, whether tiff issue has been fixed or not is one of the questions. Attackers can exploit the vulnerability of TIFF images by convincing users to open well crafted images in their emails which consequently provides access to hackers. Attackers usually use beautifully crafted images and their own fake websites to gain control of the users’ personal systems. Microsoft is working to overcome this issue though Microsoft Active Protections Program (MAPP) though complete resolution stage is yet to be reached. Another item discussed was bitcoin which is a cryptographic currency that ensures untraceable transactions. Many companies make use of this system to make transactions. However, the issue here is that malware developers, hackers, and organized crime agencies can use the vulnerability of this system to do bank robberies. For example, a Denmark-based Bitcoin internet payment system has undergone a denial of service attack as attackers gained unauthorized access to a number of transactions. BIPS is therefore working to identify the hackers using a digital forensic investigation. More efforts need to b e made in this regard to overcome this issue completely. Summary: Security News (21/11/2013) This week the instructor discussed Calomel which provides a Firefox add-on and color-coded security validation of SSL connections. The Calomel validation 0.64 provides enhanced security using message authentication code, bulk cipher, key exchange, and signature. The security issues regarding cryptolocker have again been discussed again in this podcast. For example, thousands of United States IPs have been affected by cryptolocker. There were no backups for the affected data because of which the effects were really bad for users. Another issue was the second operating system embedded into every Smartphone, such as, android or IOS. This operating system is known as the radio or base-band operating system which controls the cell phone function of phones. The issue is that this system is vulnerable to security flaws because of which hackers are using this system to intrude into the phones. The HTTP2 has also been discussed in the news. Due to security concerns, many websites are using HTTPS which are SSL-based connections. Another issue discussed in the news was open source compiler code GCC which is used widely in open source programming. The compiler’s optimizer has been involved in removing secure coding practice code making it a big security issue related to GCC. Summary: Security News (28/11/2013) This week the instructor discussed Border Gateway Protocol (BGP) which related to TCP/IP. It is basically a security protocol and enables movement of packets to their destinations. Massive hijacking has been raised as an issue involving man in the middle attack based on the BGP’s look-up tables. BGP’s routing data dissemination pose some security concerns regarding the use of this protocol. The vulnerabilities can be used to raise issues like misuse of network resources, packet delays, and misdelivery of user traffic. The second topic discussed in the podcast was the illustration of exploitation of Blackshades remote access tool. The source code for this tool got leaked into a public domain linked with a hacker which raised the security concerns for Microsoft Windows users regarding this code. The latest news is that Blackshades is still being used by the hackers as a remote access to intrude into the computer systems and manipulate the files stored in the systems. U.S., U.K., and India are three countries that hold that most number of cases in which computers have been infected by the Blackshades. Some serious efforts need to be made to prevent the attacks by cyber criminals through the Blackshades malware program. Read More