DOCSLIB.ORG

Nessus Training Session 1 - Installation, Configuration, and Maintenance

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Nessus Training Session 1 - Installation, Configuration, and Maintenance Nessus Training Session 1 - Installation, Configuration, and Maintenance Prepared by Ramsey Dow <[email protected]> for NWACC Contents Prerequisites for Nessus Installation Nessus Software Activation Code Scan server Installation Ubuntu Server 13.04 Windows Server 2012 R2 Maintenance and Troubleshooting Verifying that Nessus is running Starting, stopping and restarting the Nessus daemon Checking your plugin feed Updating your plugin feed Managing users from the command line Updating your shell environment for Nessus Refreshing Tenable policy templates Upgrading Nessus Uninstalling Nessus Useful Web Sites and Resources Nessus Vulnerability Scanner Other Security Tools National Vulnerability Database Vendor Resources Prerequisites for Nessus Installation Note: The Useful Web Sites and Resources section at the end of this handout has a list of all of the important URIs referenced herein. Please keep that attachment handy as you work through the instructions contained herein. Nessus Software First, you must acquire the software. Download the correct distribution package from Tenable’s Nessus download page. Browse to http://www.tenable.com/products/nessus/select-your-operating-system Right click to expand the operating system of your choice Download the appropriate package (typically 64-bit in this day and age) Click on the Agree button to initiate the download Be sure to confirm the integrity of the installation package by comparing the downloaded file’s MD5 checksum with the one listed in the MD5.asc file. Download https://static.tenable.com/marketing/MD5.asc Verify the hash of the file you downloaded with that in the MD5.asc file I tend to use md5deep, a freely available cryptographic hashing utility. (Don’t let the name fool you, it does SHA–256, too.) md5deep -m MD5.asc * 2>/dev/null The -m switch invokes matching mode, which prints the full pathname of every file with a matching hash in the match file, MD5.asc. It should go without saying, but do not use files that fail this integrity check. Here we can see that the Ubuntu version I downloaded is OK: � ~/Downloads $ md5deep -m MD5.asc * 2>/dev/null /Users/ramsey/Downloads/Nessus-5.2.3-ubuntu1110_amd64.deb Activation Code You need to have an Activation Code handy. Recently, scanner activation has been made an integral part of the installation process. If you don’t have an Activation Code then you won’t be able to complete the installation process. If you have a ProfessionalFeed then you will have received this code in an email from Tenable. You can also get it from the Tenable Support Center. If you are just experimenting you can install Nessus Home instead of the commercial version. You can pick up an Activation Code from the Nessus Home page. A brief word is in order about Nessus Home. It is similar to the commercial version of Nessus, but is definitely missing some plugins. Notably absent are the SCADA plugins and the robust compliance checking system. In addtion, Nessus Home can only scan 16 IPs at a time. Recently, Nessus Home scans have started complaining when scanning non-RFC 1918 address space. Complaints aside, Nessus still scans these addresses. Scan server Nessus can be installed on a wide variety of contemporary operating systems, including FreeBSD, Solaris, several flavors of Linux, and Windows. For this training we will be installing Nessus on both Ubuntu Server 13.04 and Windows Server 2012 R2. Nessus is a Linux application and it definitely runs best on Linux. Lots of people run Nessus on Windows, however, so we will definitely be taking a look at that. Because of its heritage, Nessus operates better on Linux, especially when scanning large networks (e.g., 10,000+ hosts). I definitely recommend running the Nessus server on Linux. A Nessus scan server should be configured with a minimum of 2 GiB of RAM. If you plan to scan large numbers of hosts then 4 GiB would be better. Nessus stores data from past scans. You can delete historical scan data, but keeping it on the server allows you to browse it, filter on it, modify results, and produce differential reports. I recommend configuring your Nessus scan server with about 64 GB of disk. Nessus runs fine in a VM. Just make sure that its network adapter is bridged or problems will ensue. Finally, Tenable recommends against running a host-resident firewall on your Nessus server. It is certainly possible, but might cause problems. I run a kernel-resident packet filter on Casaba’s Internet-facing Nessus scanner and we have no problems. Installation Ubuntu Server 13.04 These instructions detail how to install Nessus on Ubuntu Linux. The installation process is slightly different with each supported operating system. The Nessus 5.2 Installation and Configuration Guide has detailed instructions for each supported platform. These instruction assume a fresh Nessus install. Refer to Upgrading Nessus in the Maintenance and Troubleshooting section, hereafter, for details on performing an upgrade installation. Make sure that you have satisfied all of the requirements: You have the right Nessus distribution package You have the right kind of Activation Code You have a properly configured server on which to deploy Nessus Now you need to get the software on to your server. I use scp: scp Nessus-5.2.3-ubuntu1110_amd64.deb [email protected]:. Finally, login to the server and install Nessus as root. sudo dpkg -i Nessus-5.2.3-ubuntu1110_amd64.deb Wait while Nessus to finish installing itself. Eventually you will receive a notice to browse to https://localhost:8834/ to complete the installation. (Actually, it will refer to the hostname, but localhost will work fine.) Browse to https://localhost:8834/ and follow the instructions. First you will be prompted to enter the name and password for the Nessus administrator. On the next screen you will have to enter your Activation Code. After your scanner instance has been successfully activated it will begin to download the latest plugin set from Tenable’s plugin distribution servers. There are over 50,000 plugins, so the installation may take ten minutes or so to run to completion. Eventually you will be presented with the Nessus login screen. Windows Server 2012 R2 These instructions detail how to install Nessus on Windows Server 2012 R2. These instruction assume a fresh Nessus install. Refer to Upgrading Nessus in the Maintenance and Troubleshooting section, hereafter, for details on performing an upgrade installation. Make sure that you have satisfied all of the requirements: You have the right Nessus distribution package You have the right kind of Activation Code You have a properly configured server on which to deploy Nessus A couple of additional notes apply to Windows installations. First, antivirus and antimalware software might flag Nessus as hostile. If that happens, temporarily disable protections for the duration of the installation. Second, you need to disable IE Enhanced Security Configuration for administrators for the duration of the installation. This step is required because part of the Nessus installation process is browser-driven. Failure to disable IE Enhanced Security Configuration for the Administrator user will prevent the installation from succeeding. Run Server Manager Click on Local Server Find IE Enhanced Security Configuration, currently set to on Click on on Disable it for Administrators Click the OK button You can safely re-enable IE Enhanced Security Configuration for administrators after the browser-based portion of the installation has run to completion (i.e., when the login screen first appears). The actual installation process follows and is straightforward. Double-click the Nessus-5.2.3-x64.msi installer pacakge Click the Next > button Accept the license agreement and click the Next > button Accept the default installation location and click the Next > button Confirm the installation by clicking the Install button Click the Yes button when asked to elevate privileges Opt to install custom NDIS layer drivers if asked Click the Finish button when the install completes Note that you will only be asked to install NDIS layer drivers once. If you uninstall and then reinstall Nessus you won’t be asked again. Unfortunately, this is the case with the video, so we aren’t prompted as to whether we want to allow NDIS driver installation. When you perform your install you will be asked. Respond affirmatively. This driver is required for low- level packet manipulation. After the installer is dismissed, IE will attempt to load http://localhost:8834/. You will be prompted to connect via SSL instead. Click on the supplied link. WARNING: If you navigate away from the installation sequence before you specify the Nessus administrator’s user name and password then your installation will be broken. In such a case the fastest way to rectify things is to uninstall and then reinstall Nessus. IE will warn you that the site’s certificate is self-signed. Click the Continue to this website (not recommended) link. Click the Get started > button Enter a user name and password for your Nessus administrator user. I tend to use my name, but you can name the account anything you want. Click the Next > button when you are ready to proceed. Now you will be prompted to enter your Activation Code. Clicking the Next > button will trigger an outbound connection to Tenable activation servers. Click the Optional Proxy Settings button if you need to specify a web proxy. Click the Next > button when ready. Once your scanner instance is activated you will need to click the Next: Download plugins < button. There are over 50,000 plugins, so the download will take about 10 minutes or so on a reasonable network. Once all plugins have been downloaded the browser will refresh to the scanner’s login page.
Load more

Recommended publications
  • Faster File Matching Using Gpgpus
    Faster File Matching Using GPGPUs Deephan Mohan and John Cavazos Department of Computer and Information Sciences, University of Delaware Abstract We address the problem of file matching by modifying the MD6 algorithm that is best suited to take advantage of GPU computing. MD6 is a cryptographic hash function that is tree-based and highly parallelizable. When the message M is available initially, the hashing operations can be initiated at different starting points within the message and their results can be aggregated as the final step. In the parallel implementation, the MD6 program was partitioned and effectively parallelized across the GPU using CUDA. To demonstrate the performance of the CUDA version of MD6, we performed various experiments with inputs of different MD6 buffer sizes and varying file sizes. CUDA MD6 achieves real time speedup of more than 250X over the sequential version when executed on larger files. CUDA MD6 is a fast and effective solution for identifying similar files. Keywords: CUDA, MD6, GPU computing, File matching 1. Introduction compression level with the root being the final hash computed by the algorithm. The structure of a Merkle tree is shown in File matching is an important task in the field of forensics and Figure 1. In the MD6 implementation, the MD6 buffer size information security. Every file matching application is driven determines the number of levels in the tree and the bounds for by employing a particular hash generating algorithm. The crux parallelism. of the file matching application relies on the robustness and integrity of the hash generating algorithm. Various checksum generation algorithms like MD5[1], SHA-1[2], SHA-256[3], Tiger[4], Whirlpool[5], rolling hash have been utilized for file matching [6, 7].
    [Show full text]
  • 2017 W5.2 Fixity Integrity
    FIXITY & DATA INTEGRITY DATA INTEGRITY DATA INTEGRITY PRESERVATION CONSIDERATIONS ▸ Data that can be rendered ▸ Data that is properly formed and can be validated ▸ DROID, JHOVE, etc. DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? Storage: hardware issues ▸ Physical damage, improper orientation, magnets, dust particles, mold, disasters Storage: software issues ▸ "bit rot", "flipped" bits, small electronic charge, solar flares, radiation DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? Transfer/Retrieval ‣ Transfer from one operating system or file system to another, transfer across network protocols, ▸ Metadata loss: example – Linux has no "Creation Date" (usually "file system" metadata) Mismanagement ▸ Permissions issues (read/write allowed), human error DATA PROTECTION VERIFICATION DATA PROTECTION VERIFICATION ▸ Material proof or evidence that data is unchanged ▸ Material proof or evidence that data is well-formed and should be renderable ▸ Example: Different vendors write code for standard formats in different ways DATA PROTECTION VERIFICATION Verify that data is well-formed using... DATA PROTECTION VERIFICATION Verify that data is well-formed using... ▸ JHOVE ▸ DROID ▸ XML Validator ▸ DVAnalyzer ▸ NARA File Analyzer ▸ BWF MetaEdit WHOLE-FILE CONSISTENCY FIXITY FIXITY BASIC METHODS Manual checks of file metadata such as... FIXITY BASIC METHODS Manual checks of file metadata such as... ▸ File name ▸ File size ▸ Creation date ▸ Modified date ▸ Duration (time-based media) FIXITY ADVANCED METHODS FIXITY
    [Show full text]
  • Security 1 Lab
    Security 1 Lab Installing Command-Line Hash Generators and Comparing Hashes In this project, you download different command-line hash generators to compare hash values. 1. Use your Web browser to go to https://kevincurran.org/com320/labs/md5deep.zip 2. Download this zip archive. 3. Using Windows Explorer, navigate to the location of the downloaded file. Right-click the file and then click Extract All to extract the files. 4. Create a Microsoft Word document with the line below: Now is the time for all good men to come to the aid of their country. 5. Save the document as Country1.docx in the directory containing files and then close the document. 6. Start a command prompt by clicking Start, entering cmd, and then pressing Enter. 7. Navigate to the location of the downloaded files. 8. Enter MD5DEEP64 Country1.docx to start the application that creates an MD5 hash of Country1.docx and then press Enter. What is the length of this hash? (note: If you are not working on a 64 bit machine, then simply run the MD5deep.exe 32 bit version). 9. Now enter MD5DEEP64 MD5DEEP.TXT to start the application that creates an MD5 hash of the accompanying documentation file MD5DEEP.TXT and then press Enter. What is the length of this hash? Compare it to the hash of Country1.docx. What does this tell you about the strength of the MD5 hash? 10. Start Microsoft Word and then open Country1.docx. 11. Remove the period at the end of the sentence so it says Now is the time for all good men to come to the aid of their country and then save the document as Country2.docx in the directory that contains the files.
    [Show full text]
  • NCIRC Security Tools NIAPC Submission Summary “HELIX Live CD”
    NATO UNCLASSIFIED RELEASABLE TO THE INTERNET NCIRC Security Tools NIAPC Submission Summary “HELIX Live CD” Document Reference: Security Tools Internal NIAPC Submission NIAPC Category: Computer Forensics Date Approved for Submission: 24-04-2007 Evaluation/Submission Agency: NCIRC Issue Number: Draft 0.01 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET NATO UNCLASSIFIED RELEASABLE TO THE INTERNET TABLE of CONTENTS 1 Product ......................................................................................................................................3 2 Category ....................................................................................................................................3 3 Role ............................................................................................................................................3 4 Overview....................................................................................................................................3 5 Certification ..............................................................................................................................3 6 Company....................................................................................................................................3 7 Country of Origin .....................................................................................................................3 8 Web Link ...................................................................................................................................3
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • A User Space Multi-Variant Execution Environment
    Orchestra: A User Space Multi-Variant Execution Environment Babak Salamat Todd Jackson Andreas Gal Michael Franz Department of Computer Science University of California, Irvine Irvine, CA 92697, USA Technical Report No. 08-06 May 2, 2008 Abstract In a Multi-Variant Execution Environment (MVEE), several slightly different versions of the same program are executed in lockstep. While this is done, the environment compares the behavior of each version at certain synchronization points with the aim of increasing resilience against attacks. Traditionally, the monitoring component of MVEEs has been implemented as an OS kernel extension, which monitors the behavior of the different instances of the application from inside the kernel. As a result, the monitor becomes a part of the trusted code base for the entire system, greatly increasing the potential repercussions of vulnerabilities in the monitor itself. We describe a MVEE architecture in which the monitor is implemented entirely in user space, eliminating the need for kernel modifications. We have implemented a fully functioning MVEE based on the proposed architecture and benchmark numbers show that the performance penalty of the MVEE on a dual-core system averages about 20% relative to unprotected execution without the MVEE. 1 Introduction Despite major efforts by software vendors to secure networked desktop and server sys- tems, and despite many years of research and development of tools for detecting se- curity vulnerabilities at different phases of application development as well as runtime vulnerability detection, viruses, worms and bot nets continue to be the single largest threat for critical cyber infrastructure. Security vulnerabilities in software permit at- tackers and their attack vehicles to compromise, take control of and misuse remote computer systems for various malicious purposes, including theft of electronic infor- mation, relaying of spam emails, or coordinated distributed denial of service attacks.
    [Show full text]
  • Unix Computer Forensics
    Honeynet2_book.fm Page 347 Thursday, April 29, 2004 11:09 AM UNIX Computer Fo12rensics Brian Carrier In the last chapter, we discussed the basics of computer forensics. In this chapter, we discuss the details for analyzing a UNIX system that is suspected of being compromised. The analysis should identify the evidence you’ll need to determine what the attacker did to the system. This chapter assumes that you have already read the basics provided in Chapter 11, so you should read that chapter first if you haven’t already. As Linux is accessible to many and frequently used as a honeynet system, this sec- tion will focus on the details of a Linux system. The concepts discussed apply to other UNIX flavors, but some of the details, such as file names, may differ. All sections of this chapter include examples from the Honeynet Forensic Challenge, which was released in January of 2001. While the actual rootkits and tools that were installed on this system are now outdated, the approach to analyzing the system is the same. The Challenge images are still commonly used because they are the best public example of an actual incident. You can download them from http://www.honeynet.org/challenge and they are included with the CD-ROM. The tools used in this chapter are all free and Open Source. Therefore, anyone can perform the techniques presented and analyze the Forensic Challenge images. 347 Honeynet2_book.fm Page 348 Thursday, April 29, 2004 11:09 AM C HAPTER 12 UNIX COMPUTER FORENSICS This chapter begins with Linux background information, such as file systems and system configuration.
    [Show full text]
  • The Krusader Handbook the Krusader Handbook
    The Krusader Handbook The Krusader Handbook 2 Contents 1 Introduction 14 1.1 Package description . 14 1.2 Welcome to Krusader! . 14 2 Features 17 3 User Interface 21 3.1 OFM User Interface . 21 3.2 Krusader Main Window . 21 3.3 Toolbars . 21 3.3.1 Main Toolbar . 21 3.3.2 Job Toolbar . 23 3.3.3 Actions Toolbar . 23 3.3.4 Location Toolbar . 23 3.3.5 Panel Toolbar . 23 3.4 Panels . 24 3.4.1 List Panel . 24 3.4.2 Sidebar . 25 3.4.3 Folder History . 26 3.5 Command Line / Terminal Emulator . 26 3.5.1 Command Line . 26 3.5.2 Terminal Emulator . 27 3.6 Function (FN) Keys Bar . 27 3.7 Folder Tabs . 28 3.8 Buttons . 28 4 Basic Functions 29 4.1 Controls . 29 4.1.1 General . 29 4.1.2 Moving Around . 29 4.1.3 Selecting . 30 4.1.4 Executing Commands . 30 4.1.5 Quick search . 31 4.1.6 Quick filter . 31 The Krusader Handbook 4.1.7 Quick select . 31 4.1.8 Context Menu . 31 4.2 Basic File Management . 32 4.2.1 Executing Files . 32 4.2.2 Copying and Moving . 32 4.2.3 Queue manager . 32 4.2.4 Deleting - move to Plasma Trash . 33 4.2.5 Shred Files . 33 4.2.6 Renaming Files, Creating Directories and Link Handling . 33 4.2.7 Viewing and Editing files . 33 4.3 Archive Handling . 34 4.3.1 Browsing Archives . 34 4.3.2 Unpack Files .
    [Show full text]
  • What Is Digital Forensics (Aka Forensic Computing)?
    Digital Forensics for Archivists: Fundamentals Instructor: Christopher (Cal) Lee University of North Carolina at Chapel Hill September 22, 2016 Greeley, CO 1 Digital Archives Specialist (DAS) Curriculum and Certification Program offered by SAA: . Foundational Courses—must pass 4 . Tactical and Strategic Courses—must pass 3 . Tools and Services Courses—must pass 1 . Transformational Courses—must pass 1 . Course examinations are administered online. 2 1 Agenda . Welcome and introductions . Motivation and scope . Technical background . Representation Information . File systems and file management . Extracting data from media . Tools and methods . Conclusions, questions, discussion 3 Welcome and Introductions 4 2 Motivation and Scope Applying Digital Forensics to Archival Work 5 Many archivists know how to process this stuff: Source: The Processing Table: Reflections on a manuscripts internship at the Lilly Library. https://processingtable.wordpress.com/tag/archival-processing/ 6 3 How about processing this stuff? Source: “Digital Forensics and creation of a narrative.” Da Blog: ULCC Digital Archives Blog. http://dablog.ulcc.ac.uk/2011/07/04/forensics/ 7 Same Goals as When Acquiring Analog Materials Ensure integrity of materials Allow users to make sense of materials and understand their context Prevent inadvertent disclosure of sensitive data 8 4 Same Fundamental Archival Principles Apply Provenance • Reflect “life history” of records • Records from a common origin or source should be managed together as an aggregate unit Original Order Organize and manage records in ways that reflect their arrangement within the creation/use environment Chain of • “Succession of offices or persons who have held Custody materials from the moment they were created”1 • Ideal recordkeeping system would provide “an unblemished line of responsible custody”2 1.
    [Show full text]
  • First Responders Guide to Computer Forensics: Advanced Topics
    First Responders Guide to Computer Forensics: Advanced Topics Richard Nolan Marie Baker Jake Branson Josh Hammerstein Kris Rush Cal Waits Elizabeth Schweinsberg September 2005 HANDBOOK CMU/SEI-2005-HB-003 Pittsburgh, PA 15213-3890 First Responders Guide to Computer Forensics: Advanced Topics CMU/SEI-2005-HB-003 Richard Nolan Marie Baker Jake Branson Josh Hammerstein Kris Rush Cal Waits Elizabeth Schweinsberg September 2005 CERT Training and Education Unlimited distribution subject to the copyright. This report was prepared for the SEI Administrative Agent ESC/XPK 5 Eglin Street Hanscom AFB, MA 01731-2100 The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange. FOR THE COMMANDER Christos Scondras Chief of Programs, XPK This work is sponsored by the SEI FFRDC primary sponsor and the Department of Homeland Security. The Software Engi- neering Institute is a federally funded research and development center sponsored by the U.S. Department of Defense. Copyright 2005 Carnegie Mellon University. NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder.
    [Show full text]
  • Using Open Source and Free Tools for AV Digital Preservation Workflows
    Tools for Smaller Budgets: Using Open Source and Free Tools for AV Digital Preservation Workflows Kara Van Malssen Senior Consultant AVPreserve Originally published in AV Insider, Issue 2, September 2012 https://www.prestocentre.org/library/resources/av-insider-2-preservation-times-precarity Digital preservation of audiovisual material is a complex, resource intensive undertaking. The essential functions of audiovisual archives demand skilled staff, specialised hardware and software, and carefully managed workflows. In an era of constraint and austerity, it is harder and harder to argue for the necessary funds for equipment, services, and staff. For smaller archives, finding a sustainable approach to long-term digital AV preservation is especially tricky. Archiving and preservation consists of technology, people and policies. For technology in particular, digital AV archives are largely indebted and beholden to a few sizable industries: cinema, broadcast, and information technology. Commercial interests catering to the aforementioned industries have produced a seemingly attractive toolset that has the potential to provide archives with the ability to apply their policies in service of preservation-oriented workflows. Yet, even in the hands of larger well-resourced organisations, employing these tools can be challenging and resource intensive. How can smaller, resource-constrained AV archives efficiently apply cost effective tools and technologies to their workflows? Though at first glance all tools of the heavyweight industries mentioned above appear very expensive and proprietary, this is not necessarily the case. Often, simple, free and open source tools make up an important part of the landscape. Large hardware manufacturers, software developers, and IT experts regularly utilise various forms of open source technology.
    [Show full text]
  • UNIVERSITY of CALIFORNIA, IRVINE Multi-Variant Execution
    UNIVERSITY OF CALIFORNIA, IRVINE Multi-Variant Execution: Run-Time Defense against Malicious Code Injection Attacks DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Computer Science by Babak Salamat Dissertation Committee: Professor Michael Franz, Chair Professor Tony Givargis Professor Stephen Jenks 2009 Portion of Chapter 1 c 2009 ACM Portion of Chapter 2 c 2009 ACM Portion of Chapter 3 c 2009 ACM Portion of Chapter 4 c 2008 IEEE All other materials c 2009 Babak Salamat To the love of my life, Anahita, and my parents, Parvin and Siamak ii TABLE OF CONTENTS Page LIST OF FIGURES vi LIST OF TABLES viii ACKNOWLEDGMENTS ix CURRICULUM VITAE x ABSTRACT OF THE DISSERTATION xii 1 Introduction 1 1.1 No Symmetrical Attacks . 4 1.2 Dissertation Outline . 6 2 The Multi-Variant Monitor 7 2.1 Monitor Security . 10 2.2 System Call Execution . 11 2.3 Skipping System Calls . 14 2.3.1 Writing Back the Results . 15 2.4 Monitor-Variant Communication . 16 3 Inconsistencies and Non-determinism 21 3.1 Scheduling . 21 3.2 Synchronous Signal Delivery . 24 3.2.1 Effectiveness . 28 3.2.2 Example Scenarios . 28 3.2.3 Implementation . 31 3.3 File Descriptors . 32 3.4 Process IDs . 34 3.5 Time . 36 3.6 Random Numbers . 36 3.7 False Positives . 36 4 Automated Variant Generation 38 4.1 Reverse Stack Growth . 39 4.1.1 Stack Pointer Adjustment . 41 iii 4.1.2 Function and Sibling Calls . 43 4.1.3 Returns and Callee-Popped Arguments .
    [Show full text]