Vrazlivіst software security. Intelligent scanning

In some cases, the vindication of inconsistencies is motivated by zasosuvannya zasobіv rozrobіv razrobіnogo pojzhennia, yakі zbіlshуut rizik appearing in the software code of defects of the sabotage type.

Conflicts are announced after adding third-party components to the software warehouse, either in free code (open source). Someone else's code is often hacked "like є" without real analysis and testing for security.

Do not turn off the presence and presence of the team of programmers-insiders, as it is possible to bring in the product that is being created, additional undocumented functions or elements.

Classification of the irritability of programs

The strife is blamed for the pardons that were blamed at the stage of designing and writing program code.

Fallow at the stage of appearance, the appearance of the problem is divided by the volatility of the design, implementation and change.

1. Pardons, allowed during the design, are easier to show and use. Prices - inaccuracies of algorithms, bookmarks, inconvenience in the interface between different modules and protocols in interaction with the hardware part, the introduction of non-optimal technologies. Ї іsuongennya є SUMPITY LABORY PROJECT, THEN NORMA AS SHO WONY MOURSE MAYS PERFORMED IN NORMATING VIPADKOV - FINED, ON THE PLAYED DISTRICT DESHOOL DIATING ABOUT DATING ABOUT ABOUT ABOUT DIATING RELAGE KILKOSTІ DAVODADOVO OBLANDNAYA, SHO SHO EXCHANGE TO CHAIN ​​TO SHEYTHIVA ACCEPT OF MІZHEREME EKRAN.
2. The inconsistency of the implementation is revealed at the stage of writing programs or in the implementation of security algorithms. Tse - incorrect organization of the enumeration process, syntactical and logical defects. If there is a risk, it will cause the buffer to be rewritten, or the fault of another kind will be blamed. Їhnє manifestation takes a lot of time, and the liquidation of the transmission of the correction of the singing lines of the machine code.
3. Pardons of the configuration of the hardware part and PZ are heard more often. By expanding these reasons, there is a lack of research and the availability of tests for the correct work additional functions. Up to the category level, you can also add too simple passwords and overrides without changing the appearance of the record for promotion.

According to the statistics, especially often volatility is shown in popular and wide-ranging products - floor and mobile. operating systems, browsers.

Riziki vikoristannya in different programs

Programs that know the most frills are installed on all computers. From the side of cyber-malicious people, there is direct zatsіkavlenіst at the request of similar waters and written for them.

Shards from the moment of manifestation of inconsistency to the publication of the correction (patch) take a lot of time to finish, there is little chance of infecting computer systems through a breach in the security of the program code. If so, it’s enough to just open once, for example, a shkidlivy PDF file with an exploit, after which the attackers deny access to data.

Infection in the rest of the day follows the following algorithm:

• Koristuvach otrimuє according to email a phishing list from a source that instills confidence.
• The sheet has a file with an exploit.
• If you try to try to open a file, then your computer will be infected with a virus, a trojan (encoder) or another malicious program.
• Cyber-locks restrict unauthorized access to the system.
• Theft of valuable data is expected.

The studies carried out by various companies (Kaspersky Lab, Positive Technologies) show that it is practical to add on, including antiviruses. Therefore, the ability to install software product To avenge the various degrees of criticality, the arch of the temple.

To minimize the number of breaks in the PZ, it is necessary to win the SDL (Security Development Lifecycle, safe life cycle of development). SDL technology wins to reduce the number of bugs in programs at all stages of their creation and support. So, under the hour of design software fahіvtsі s ІB and programs model cyberthreats with a method of searching for different areas. In the course of programming, the process will turn on automatic reservation, which once again reminds about the potential wadi. Rozrobniks should significantly limit the functions that are available to unfailing coristuvachas, which will change the surface of the attack.

In order to minimize the infusion of strife and clashes in them, it is necessary to follow the rules:

• Quickly install fixes (patches), which are released by retailers, for add-ons, or (more importantly) enable automatic mode update.
• If possible, do not install summative programs, whose quality is technical support call out the question.
• Vykoristovuvaty special scanners of strife or special functions of anti-virus products, as they allow you to pardon security and update software security.

Broken down at the given hour large numberіnstrumentalnyh zasobіv, priznachenih for avtomatizatsії poshuk vrazlivost programs. In these articles, deeds from them will be looked at.

Entry

Static code analysis - the analysis of software security, which is carried out on the external code of the program and is implemented without typing after the program.

Software security often avenges various inconsistencies through pardons in program codes. Forgiveness, allowances for the expansion of programs, in certain situations, cause the programs to crash, therefore, the normal operation of the programs is disrupted: one often blames the change and maintenance of data, the program’s bug and the system. The greater number of quibbles is connected with the wrong processing of data, the restraining of calls, which is not enough for the judgment of their re-verification.

For the manifestation of vicariousness, there are various instrumental tools, for example, static analyzers. exit code programs, looking around at these stats.

Classification of strife zakhistu

If the correct robotic program fails on all possible input data, it will mighty appearance about strife zakhistu (security vulnerability). Vrazlivіst zakhistu can be brought to the point where one program can vikoristovuvatisya for podlannya zahistu zahistu the entire system as a whole.

Classification of strife zahistu stalely according to program pardons:

• Buffer overflow. Tsya inconsistency vinikaє through vіdsutnіst control over the exit between the array in memory for the hour of watching the program. If a large package of data is overwritten by the buffer of the bordered rozmіru, instead of third-party memory, it will be overwritten, and there will be a crash and an emergency exit from the program. Over time, buffer expansion in the process memory is divided into stack buffer overflow (stack buffer overflow), buffer overflow (heap buffer overflow) and static data areas (bss buffer overflow).
• The tainted input vulnerability. The inconsistencies of the "zipped input" can be blamed on the inputs, if the data, which is entered in a shorthand way, is transferred without sufficient control to the interpreter of the current titled movie (call the Unix shell or SQL). In any case, the koristuvach can set the input data in such a way that the launch interpreter will call the wrong command, as the authors of the various programs have passed.
• Pardons of format strings (format string vulnerability). Tsey type quirkiness zahistu є subclass of quirkiness "zipsovannogo introduction". Vіn vinikaє through the lack of control of parametrіv when vikoristanny functions format input-output printf, fprintf, scanf and so on, the standard movie library Cі. These functions accept as one of the parameters of a character string that sets the format for entering or displaying the upcoming arguments of the function. If you can set the type of formatting, then this inconsistency can be blamed as a result of a nearby blocking of the row formatting functions.
• The difference is like a legacy of pardons of synchronization (race conditions). Problems associated with rich tasks lead to a situation called "race camp": a program that is not protected from a richly tasked medium, you can consider that, for example, winning over it for an hour of work and files is impossible to change another program. Like a naslіdok, an evil-doer, who at the same time pіdmіnyає vmіst tsikh working files, can impose programs vikonnannya sevnyh diy.

Zvichayno, krіm rehabilitated, іsnuyutі іnshі klasi strife zakhistu.

Overview of key analyzers

For the manifestation of strife in the programs, the following instrumental tools should be installed:

• Dynamic taxes. Tools that allow you to carry out the adjustment of the programs in the process of vikonannya.
• Static analyzers (static analyzers). Tools, like victorious information, accumulated for an hour of static analysis of the program.

Static analyzers indicate for those months in the program, in which there may be a pardon. These suspected fragments of the code can avenge a pardon, so they appear absolutely safe.

At this stati, it is necessary to look at a number of static analyzers. Let's take a look at the report of skins from them.

Curation of strife - tse identification, assessment, classification and choice of solution for the adoption of strife. The foundation of the conflict management and the repository of information about the conflict, one of them is the conflict management system of "Perspective Monitoring".

Our solution to control the appearance of information about conflict in operating systems (Windows, Linux/Unix-based), office and application software security, software control, protection of information.

Jerela danih

The data base of the Influence Management System of the “Prospective Monitoring” software is automatically populated from the following ports:

• Bank of data security threats (BDU BI) FSTEC Russia.
• National Vulnerability Database (NVD) NIST.
• Red Hat Bugzilla.
• Debian Security Bug Tracker.
• CentOS Mailing List.

This is also the best way to automate the method of improving our base of quibbles. We have developed a web crawler and a parser of unstructured data, as if today we are analyzing over a hundred different foreign and Russian dzherels in a row key words- groups in social networks, blogs, microblogs, ZMI, dedicated information technologies that security of information security. As far as the tools know, that they tell the minds of a joke, the analyst manually checks the information and enters it into the base of inconsistencies.

Software annoyance control

With the help of the Contention Management System, retailers can control the occurrence and occurrence of corruption in third-party components of their software.

For example, Hewlett Packard Enterprise's Secure Software Developer Life Cycle (SSDLC) model controls third-party libraries as one of its central functions.

Our system detects the presence of inconsistencies in parallel versions/builds of the same software product.

Do it like this:

1. The retailer provides us with a list of third-party libraries and components that are found in the product.

2. Today we are reviewing:

b. chi z'appeared methods of adoption before the manifestation of quips.

3. Sponsoring the retailer, thus changing the status or the scoring of quirkiness, depending on the given role model. This means that different groups of retailers in the same company will omit notifications and bachimitize the status of inconsistencies only for that product, over which stench is practiced.

The frequency of notifications by the Control System of the volatility is quite good, but if the CVSS-scoring shows more than 7.5, the retailers will remove the negainity of the message.

Integration with ViPNet TIAS

The ViPNet Threat Intelligence Analytics System software and hardware complex automatically detects computer attacks and detects incidents on the basis of the attackers in different dzherel podiya information security. The main source for ViPNet TIAS is ViPNet IDS, which analyzes the incoming and outgoing network traffic for the help of the bases of the AM Rules rules for the development of "Prospective Monitoring". Actual signatures are written for detecting the exploitation of inconsistencies.

If ViPNet TIAS detects an IB incident, in which case an influx has been exploited, then the incident card for the SCS will automatically enter all the information related to the inconsistency, including methods for compensating for a negative influx.

The incident management system helps in the investigation of IB incidents, providing analysts with information about indicators of compromise and potential damage to the information infrastructure by the incident.

Monitoring the presence of inconsistencies in information systems

One more scenario of the variation of the control system of the conflict is a re-verification for the better.

Zamovnik is self-formed by self-supporting methods, or we will split it with a script of the translation installed on the node (workstation, server, DBMS, PAK SZI, mereveve possession) system and application software components that transmit the transfer to the SMS and receive notifications about the manifestation of irritability and periodic notifications about their status.

Vidminnosti System for extended scanners of quirks:

• Do not require the installation of monitoring agents at the nodes.
• Do not create a trend on the border, the fragments of the architecture of the solution itself are not transmitted by agents and servers of scanning.
• I don’t create a desire for possession, shards of alternating components are created system commands or a lightweight script from the output code.
• Including the possibility of a round of information. "Perspective monitoring" cannot reliably identify anything about the physical and logical development, or the functional recognition of the node in the information system. The only information that fills between the controlled perimeter of the castle is a txt-file from the transfer software components. The whole file is pereveryaetsya on utrimannya that zavantazhuetsya in SUU by the deputy himself.
• For the robotic system, we do not need oblique records at the control nodes. The information is collected by the administrator of the university according to the name.
• Safe exchange of information with ViPNet VPN, IPsec or https.

Connecting to the “Prospective Monitoring” strife management service helps the deputy vikonati vimog ANZ.1 “Showing, analysis of strife information system that promptly adopting innovations of obfuscations” instructed by the FSTEC of Russia No. 17 and 21. Our company is a licensee of the FSTEC of Russia for activities technical zahist confidential information.

Vartist

Minimum cost - 25,000 rubles per river for 50 connections to the system

The best way to look at this problem is that it is the company's responsibility to react swiftly if the program is inconsistent. Tse vymagaє, schob installed programs, components and patches for additional automation tools and standard tools. Іsnuyut galuzeví zusillya zі standardizatsії software tags (19770-2), which are XML files, embedded with an addendum, a component and / or a patch, that is, they identify the installed software, and the part of a component or a patch, like an addendum, is partly stinky. The tags provide authoritative information about the view, version information, the list of files in the file name, the safe hash of the file and the expansion, which can be used to confirm that the program is installed on the system, and that the two files are not affected by third parties. Numbers are signed digital signature seer.

If you are aware of the difference, IT-projects can win their own software for managing assets for negligent display of systems from different software security and can get used to upgrading systems. Tags can be part of a patch or updated, which can be tweaked to reverse what a patch is. Such as Vikrotovati so-vіddіli, Yak National Domain of Dones NIST NIST, Yak Square Governance, ICA ICTUMENTS Assets, so Scho, Yak Tіlki Misitious Budge, Kompanіyu in NVD, IT-Vіddіl Mozhe Nygiaino Porіvnyati Novі until now.

There is a group of companies that work through a non-profit organization called IEEE/ISTO called TagVault.org (www.tagvault.org) with the US standard for standard implementation of ISO 19770-2, so as to allow this level of automation. As long as the mit ts tags, which prove their implementation, are better for everything, they will be binding for the software sold to the US government at some point in the nearest future.

To that, vreshti-resht, garnoy practice is not a publication about those, yakі programs that specific versions of the software in vicoristovuєte, but it can be more difficult, as it was planned earlier. Do you want to reconsider that you have an accurate, current software inventory that is regularly updated from a list of inconsistencies, such as NVID and NVD, and that IT-Viddil can live in negligible data for repair, in order to Antivirus scans and other methods of blocking the middle, accept, it will be more convenient to compromise your middle, and if / if it happens, then it will not be revealed by a three-time hour.

At startup smart scanning The Avast program will check the PC for the presence of such types of problems, and then we will suggest options for fixing them.

• Viruses: files that can clean up bad code that can interfere with the security of your PC's productivity.
• In spill PZ: programs that require updating, which can be used as intruders to access your system
• Browser extensions with a bad reputation: Browser extensions that sound like they are installed without your knowledge and affect the productivity of the system.
• Invalid passwords: passwords, which must be chosen for access to one oblіkovogo record on the Internet can be easily hacked or compromised.
• Merezhev threat: the susceptibility of your fence, which may allow attacks on your fence attached to the router.
• Problems with productivity: objects ( non-required files that programs, problems, connected with improvements), so they can change the robots of the PC.
• Conflicting antiviruses: anti-virus programs installed on the PC at once from Avast. Availability of kіlkoh antivirus programs improves the PC robot and reduces the effectiveness of the anti-virus infection.

Note. The solution to the same problems, as they appear during the hour of intellectual scanning, may mean a different license. Revealing uncommon types of problems can be included in.

The manifestation of the identified problems

Zeleny ensign instructed the scanning area to show that there were no problems associated with it. The red cross means that the scan revealed one of the few problems.

To look at specific information about identified problems, click on the element Check everything. Intelligent scanning show the information about the skin problem and show the possibility of correcting it negligently by clicking on the element Virishiti, otherwise, sprout tse pіznіshe, having pressed Skip the whole croc.

Note. You can scan logs for antivirus in the scan history, go to which one you can by selecting Zahist Antivirus.

Carrying out the parameters of the smart scan

To change the smart scan settings, select Customized Zagalni Intelligent scanning and tell me, on the presence of any of the listed types of problems, you want to visualize intellectual scanning.

• Viruses
• Outdated software
• Superbud browser
• Merezhev threat
• Problems from confusion
• Problems with productivity
• Invalid passwords

For zamovchuvannyam all types of problems are mentioned. To apply a re-verification for the presence of a singing problem at the hour of the intellectual scan, click the button Noted order by the type of problem, so you can change the Vimkneno.

Press Nalashtuvannya order from writing Scanning on virus to change the scan settings.