Information Security Student Assessment of Exploits 1 Below is a list of attempts to open a session based on defaults of the system. Sometimes the passwords are easy to guess, and other times they have no passwords (i.e. guest; attempts to hit defaults; dictionary attacks running through a list of common words. This approach might work when passwords are not changed from defaults, making it sometimes easy to break into a system. If you look below, there are some users like FTP, Oracle, Tomcat, ID Linux, Internet, etc which usually indicate server names that connect to other servers. These names are the ID’s that defaulted by many systems (like Oracle’s Database) that connect to a main server, and the password provided could be a default to try to break in. Apr 9 14:32:12 vm-ljsst8 sshd[17365]: Illegal user info from 125.248.144.98 Apr 9 14:32:14 vm-ljsst8 sshd[17367]: Illegal user ftp from 125.248.144.98 Apr 9 14:32:16 vm-ljsst8 sshd[17369]: Illegal user httpd from 125.248.144.98 Apr 9 14:32:18 vm-ljsst8 sshd[17371]: Illegal user dany from 125.248.144.98 Apr 9 14:32:20 vm-ljsst8 sshd[17373]: Illegal user susan from 125.248.144.98 Apr 9 14:32:22 vm-ljsst8 sshd[17375]: Illegal user oracle from 125.248.144.98 Apr 9 14:32:24 vm-ljsst8 sshd[17377]: Illegal user tomcat from 125.248.144.98 Apr 9 14:32:28 vm-ljsst8 sshd[17381]: Illegal user id from 125.248.144.98 Apr 9 14:32:30 vm-ljsst8 sshd[17383]: Illegal user sgi from 125.248.144.98 Apr 9 14:32:32 vm-ljsst8 sshd[17385]: Illegal user postgres from 125.248.144.98 Apr 9 14:32:34 vm-ljsst8 sshd[17387]: Illegal user flowers from 125.248.144.98 Apr 9 14:32:36 vm-ljsst8 sshd[17389]: Illegal user linux from 125.248.144.98 Apr 9 14:32:37 vm-ljsst8 sshd[17391]: Illegal user internet from 125.248.144.98 Apr 9 14:32:39 vm-ljsst8 sshd[17393]: Illegal user server from 125.248.144.98 Apr 9 14:32:41 vm-ljsst8 sshd[17395]: Illegal user nokia from 125.248.144.98 11
Why do we need 2 charts? Consistent, but the average is in the wrong place UCL UCL LCL LCL X-Bar Chart R Chart The average works out ok, but way too much variability between points UCL UCL LCL LCL X-Bar Chart R Chart
Example: Find 10 10 3A 20 3A Shrink to one point 20 20 extend 20 30 10 20 20 30 30 In all three circuits, are the same By KCL, =? How about 3A By current division:
Control Charts for Variables Control Chart Factors Factor for UCL Factor for Factor Control - Special Metal Screw UCL for Size of Charts and LCL for LCL for Sample R-Charts R-Charts R = 0.0020 x - Charts x-Charts (n) (A2) x = 0.5025 (D3) (D4) 2 1.880 UCL = x + A x 2R 3 1.023 LCL 4 x = x - A0.729 2R 5 6 7 0.577 0.483 0.419 0 0 0 0 0 0.076 3.267 2.575 2.282 2.115 2.004 1.924
Example: v(t) = 2000 cos(100t) V V 20000 V Z 20 j50 53.8568.20 Current, I I V 20000 37.14 68.20 A Z 20 j50 Power Factor Complex Power Absorbed 1 1 S VI* 20000 37.14 68.20 2 2 3713968.20 VA 13793 j34483 VA PF cos cos 68.20 0.371 lagging Average Power Absorbed P=13793 W
The Leaky Bucket Algorithm (a) Input to a leaky bucket. (b) Output from a leaky bucket. Output from a token bucket with capacities of (c) 250 KB, (d) 500 KB, (e) 750 KB, (f) Output from a 500KB token bucket feeding a 10-MB/sec leaky bucket.