This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

buffers

dennis koome 23 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

buffers

According to AlHarbi, Khalid, and Xiaodong (2016), buffers are temporary storage regions that hold data for a while when in transit between locations. A buffer overflow happens in the event data exceeds the storage of this temporal memory location (buffer); thus, any attempt by a program to write data in the buffer ends up writing adjacent memory locations. Wang et al. (2013) observe that a buffer overrun can affect all software types due to failure to allocate sufficient space for the buffer or due to malformed inputs. Thus if a transaction overrides an executable code, it could negatively affect the program, making the program behave unpredictably by crashing, generating incorrect results, or producing memory access errors (Iyer et al., 2010).

Cybercriminals can exploit the buffer overrun phenomenon by overwriting the memory location that contains an application, thus changing the program’s execution path, which then triggers a response that can expose private information or damage files. For instance, it is possible to introduce an extra code that instructs the application to gain access to the IT systems. Feifei (2012) adds that an attack is made with the understanding of the program layout, it is possible to feed input that will automatically overrun the overwriting buffer areas that hold executable code; this replaces the existing code with the attacker’s code. For instance, an attacker can overwrite a pointer to gain access and control over the program via an exploit payload (Choi et al., 2010).

According to Choi et al. (2010), the most common buffer overflow attacks include Stack-based buffer overflows and Heap-based attacks. Stack-based buffer overflows make use of the stack memory that only exists during a function execution time. However, the Heap-based attacks involve flooding the memory space allocated for a given program beyond the memory used for the runtime’s current operations’operations (Yadav, Ahmad, and Shekhar, 2011). Heap Smashing attacks overrun a heap buffer to alter the control flow, redirecting the control flow by overwriting pointers stored on the heap. Feifei (2012) also observes that the approach allows software exploitation by implementing assumed variants in dynamically allocated memory.

Similarly, Iyer et al. (2010) add that developers have created some approaches to buffer overruns that exploit software, such as heap smashing, pointer subterfuge, and arc injection. Arc injection refers to the taking into control the code that already exists within the space in the memory; it involves the inserting of a new arc using the installation of an existing function and creates a shell on the compromised machine with the permission of the compromised program. Thus, it is possible to use arc injection to invoke several functions in a small program involving several chained functions.

The pointer subterfuge approach involves the exploitation of leveraging modification of pointer addresses. According to AlHarbi, Khalid, and Xiaodong (2016), this approach is utilized by attackers to divert the control flow of a program by using function pointers as an alternative to hold the return address or create a modification to the program flow by subverting data pointers.

Saito et al. (2016) argue that the primary role of a Cisco Switch is to carry out filtering, forwarding, learning, and flooding. A switch is a layer two device learns and puts into use the source and destination address of frames to create a Media Access Control (MAC) address table; the table is used to forward frames to intended destinations. The filtering function ensures that a switch does not forward the same switch port that receives a frame during flooding (Khalsan and Agyeman, 2018). According to Habibi et al. (2016), the process flooding functions duplicate frames and then sends them to all ports after receiving the frame’s destination address. Further, the NIC of the connected devices receiving the frame generates a response enabling the switch to learn the node through the port and create or update the MAC address table. However, if a frame is sent to an unintended device, the network drops the frame silently (Slowinski, Stancescu and Bos, 2012).

 

Lastly, the forwarding function ensures the frames are forwarded to all the MAC address destinations within the MAC address table; the frames are forwarded through store forward, fragment free, and cut-through (Yadav, Ahmad and Shekhar, 2011).

According to Zhou and Chen (2020), cyber attackers can launch a buffer overflow attack to a Cisco switch by MAC address flooding; this attack feeds loads of ethernet frames into a switch with different source MAC addresses. The primary purpose of attackers is to exploit all the memory locations forcing out the nodes’ authentic addresses from the MAC address table into the buffer. This situation causes flooding of frames received from other ports making it possible to orchestrate a spoofing attack that enables data capture during data transmission using data sniffing tools on the flooded MAC address tables. This situation can lead to the loss of confidential data (Feifei, 2012)

 

Choi et al. (2012) argue that an attacker can also pull the MAC address table through an SNMP. Similarly, a buffer overflow vulnerability in Telnet option handling can also be utilized to launch a crash the process and compel a Catalyst switch to reload; this operation can be made to repeat continuously to produce s denial of service (DOS) attack (Lin, 2013).

4.3.2 Detection and Mitigating Buffer Overflow attack on a Cisco switch mitigated

According to Wang et al. (2013), the researcher observes that when working with source code, it is imperative to pay close attention to where buffers are used, accessed, or even modifies, for instance, the functions that handle input by users or input from any other external sources form a possible vector for exploitation (Choi et al., 2010). A developer needs to understand how buffer overflows work, external monitor inputs or buffer manipulation, and identify the functions that are susceptible to manipulation.

Several mitigation strategies have been proposed to help protect the programs from buffer overrun attacks at the design and requirement level, including a layered approach. These approaches are either embedded in the code or in the programming language that provides build-in-protection (Lin, 2013). The layered approach involves bug mitigation using an interpreted language, leveraging high quality code, and testing public interfaces. The development of programs and applications utilizing interpreted programming language minimize the chance of potential attack due to reduced chances of buffer overruns, including Java, C#, or TLC for Cisco (Zhiyuan and Haiyan, 2010).

According to Zhou and Chen (2020), buffer overflows can be prevented by developing in an environment that ensures high quality code; this means that programmers take part in code review, getting knowledge regarding buffer overflows and the potential exploits as well as running unit tests. Studies have shown that following a defense-in-depth strategy that combines multiple strategies achieves the potential of attaining positive cybersecurity security outcomes (Lin, 2013; Zhiyuan and Haiyan, 2010 and Zhou and Chen, 2020).

Additionally, the current study establishes that several operations and features within the switch can be leveraged to help prevent and mitigate buffer overrun attacks. The study, therefore, proposes the use of port security configuration that caps the number of MAC addresses that can be isolated or learned on the ports available at the destination node. This strategy works on the principle that a relatively smaller MAC address table is arguably “safe and secure” (Lin, 2013; Zhiyuan and Haiyan, 2010).

 

5.0 Discussion and Conclusion

This study aimed to assess the concept of Buffer Overflow attack and how it can be implemented and mitigated on a Cisco switch. The study also investigated the methods, tools, and strategies employed to detect and mitigate these attacks on Cisco switches. The researcher employed a systematic review strategy during the research process. Further, the researcher utilized a thematic analysis; the study results formed the study discussion and conclusion. This section presents the study outcome discussion; the section also points out the study limitations and future directions.

The study demonstrates that buffer overruns are commonly experienced in many network systems. Thes study also shows that a traffic control failure within a Cisco switch causes it to drop buffer traffic (Bishop et al., 2014; Wang et al., 2012; Iyer et al., 2010). However, if on node simultaneously requests data from other nodes within the interconnection of nodes and servers, traffic is released from all the nodes at the same time, the requester switch could cause a delay in traffic if it does not have sufficient buffer capabilities (Gupta, 2012; Feifei, L., 2012 )

This research study has established that frame flooding constitutes the primary vulnerability that attackers always exploit within a CIsco Switch (Alexander, 2017; Zhiyuan and Haiyan, 2010; Choi et al., 2010). Attackers can carry out a denial of service (DOS) attack. When the legitimate information, including MAC addresses, are pushed into the buffer, attackers can exploit the situation by capturing such data and also get hold of important information of transit between nodded within the network; the data access on privileged information can be carried out using ARP spoofing attacks (Dalton, Kannan & Kozyrakis, 2016; Habibi et al., 2015). The study has also shown that the attacker can also reload the Cisco Switch repeatedly to generate a DOS attack. A stack overflow and the possibility of executing arbitrary commands.

The study recommends the deployment of SNMP traps and setting port security as the most effective way to detect, prevent, and mitigate a vulnerability exploit in a Cisco Switch network (Alexander, 2017; Choi et al., 2010; Zhiyuan and Haiyan, 2010). Additionally, the study also recommends installing fixes and patches to eliminate the vulnerabilities of slow attacks to remotely execute code on a compromised switch or a DOS attack. This study identified only 15 sources as primary data sources; it can be argued that due to the small number of the selected sources, the reliability and the validity of the study outcomes can be put into question. However, the researcher employed verifications to ensure the sources’ reliability; thus, the study outcome is arguably reliable and can be replicated.

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask