The process of computer security
1 like399 views
The document provides an overview of computer security, emphasizing the importance of preventing and detecting unauthorized access to computer systems. It discusses various threats such as viruses, spyware, adware, and hacking, and their potential impacts on data integrity, confidentiality, and system availability. Additionally, it outlines preventive measures including antivirus software, firewalls, and safe browsing practices to combat these threats.
The process of computer security
- 1. The Process of Computer Security Computer security is the process of preventing and detecting unauthorized use of our computer. Prevention measures help us to stop unauthorized users from accessing any part of your computer system. Detection helps us to determine whether or not someone attempted to break into the system, if they were successful, and what they may have done. We use computers for everything. Although we may not consider our communications "top secret", we probably do not want using our computer to attack other systems, sending forged email from our computer, or examining personal information stored on our computer but intruders (also referred to as hackers, attackers, or crackers) may not care about our identity. Often they want to gain control of our computer so they can use it to launch attacks on other computer systems. Computer security is vital for protecting the confidentiality, integrity, and availability of computer systems, resources, and data. Without confidentiality, trade secrets or personally identifying information can be lost. Without integrity, we can not be sure that the data we have is the same data that was initially sent (ie, altered data). Without availability, we may be denied access to computing resources (ie, a virus that disables the keyboard and mouse). On a grander scale, computer security is important because of national security. An unsecured computer can be unknowingly recruited into a botnet, and the botnet could in turn be used to launch attacks against financial institutions, infrastructure (utility companies), and disrupt communications. Computer Security Threats Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Precision in estimating computer security-related losses is not possible because many losses are never discovered, and others are "swept under the carpet" to avoid unfavorable publicity. The effects of various threats varies considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. 2.1 Virus A software virus is a parasitic program written intentionally to alter the way your computer operates without your permission or knowledge. A virus attaches copies of itself to other files such as program files or documents and is inactive until you run an infected program or open an infected document. When activated, a virus may
- 2. damage or delete files, cause erratic system behaviour, display messages or even erase your hard disk. A virus may spread through email and instant messenger attachments, through infected files on floppy disks or CD-ROMs, or by exploiting a security flaw in Microsoft Windows. Whereas, Macros are simple programs that can be written to automate repetitive tasks in a document or make calculations in a spreadsheet. Macros can be written in documents created by Microsoft Word, in spreadsheets created by Microsoft Excel and in many other kinds of documents. Macro viruses are malicious macro programs that are designed to replicate themselves from file to file and can cause damage to the files on your computer. They spread whenever you open an infected file. For example, The first Internet virus hoax appeared in 1988. Emails were sent out with the subject line stating that a Really Nasty Virus was on its way. The idea of that hoax was laughable and most users realized it wasn't true, but the same can't be said of some later virus hoaxes that spread like wildfire around the internet. The History of Virus Hoaxes details the first virus from the late 1980s and Virus Alert discusses some hoaxes used in later days. In 1994, the Good Times Virus Hoax managed to scare quite a bit of people. The worst thing is that this same hoax is still floating around today, often under the same name. Users were told to delete any email that had this name or a variation in the subject heading. The entry at Wikipedia describes this virus and others similar to it. The Deeyenda virus was a hoax similar to Good Times. Supposedly opening an infected email caused the virus to attach itself to the user's address list and it would also cause destruction to the hard drive. The virus never appeared and there's no evidence that it ever existed. Deeyenda Virus Hoax describes the virus more in depth. 2.2 Spyware / Malware / Adware Spyware programs are applications that compile information about a person or organization without their consent or knowledge. These programs normally steal data about users which could be used for advertising or for other financial gain. The type of information stolen by these programs varies considerably: email login details, IP and DNS addresses of the computer, users' Internet habits or even bank details used to access accounts or make online purchases. Of all the spyware in circulation, the most dangerous examples are those that steal data related to online banking. These are the infamous banker trojans. Adware programs display advertisements associated to the products or services offered by the creator of the program or third-parties. Adware can be installed in a number of ways, in some occasions without users' consent, and either with or without users' knowledge of its function.
- 3. The classification of this type of program is controversial, as there are those who consider it a type of spyware. While this may be true to a certain extent, adware programs, as such, are not used with criminal intent, but to advertise products and services, and the information collected does not include users' bank details, but web pages visited or favorites, etc. Malware, short for "malicious software," is a broad category of software which is installed without your permission to damage your PC or spy on your computer activities. The most common types of malware are trojans, worms and viruses. A trojan is a program that seems harmless or even productive, but is designed to exploit the system where it is run. Worms are self-replicating programs that can be spread through networks of machines with or without the user's intervention. A virus attempts to spread itself by attaching to a host program, and can damage hardware, software or data in the process. Other types of malware are malicious active content, rogue programs and dialers. Trackware is a newer variation of malware that compromises the privacy by tracking, storing and analyzing your browsing patterns. It includes adware, spyware, key loggers and tracking cookies. For example, the word 'spyware' was used for the first time publicly in October 1995. It popped up on Usenet (a distributed Internet discussion system in which users post e-mail like messages) in an article aimed at Microsoft's business model. In the years that followed though, spyware often referred to 'snoop equipment' such as tiny, hidden cameras. It re-appeared in a news release for a personal firewall product in early 2000, marking the beginning of the modern usage of the word. Ad-Aware was originally developed in 1999 to highlight web beacons inside of Internet Explorer. On many websites, users would see a tiny pixelated square next to each web beacon, warning the user that the computer's IP address and other non-essential information was being tracked by this website. Over time, Ad-Aware added the ability to block those beacons, or ads. Ad-Aware no longer makes the user aware of the ads on the screen, instead the program fights spyware, adware, viruses and other malware. With the emergence of computers, malware arose from the dark side. UNIX computers were the first targets. In the 1970s and 1980s, programs known as rootkits were developed. Those who hack systems with criminal intent, known as black hats, used these applications to hide their presence while they had their way with an unsuspecting organization's infrastructure. Early malware was written by hackers trying to make a name for themselves within the black hat community. Today, malware is used by individual black hats as well as crime syndicates to make money--to transfer your money to criminals' bank accounts around the world. 2.4 Hacking
- 4. Hacking is unauthorized use of computer and network resources. The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications. Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target. We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses. Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Syhstems department is not informed of these planned attacks.) Then we work with the customer to address the issues we've discovered. The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store. For example, in year 2002, Italian police arrest 14 suspected hackers who are accused of thousands of computer intrusions, including attacks on the U.S. Army and Navy and the National Aeronautics and Space Administration. They were all members of two hacking groups, called Mentor and Reservoir Dogs. 3.0 Prevention Techniques for Computer Security Threats Virus Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti- virus software application uses to detect viruses. The first, and by far the most common method of virus detection are using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only
- 5. protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect novel viruses that anti-virus security firms have yet to create a signature for. Some anti-virus programs are able to scan opened files in addition to sent and received e-mails "on the fly" in a similar manner. This practice is known as "on-access scanning". Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to recognize the latest threats. One may also minimize the damage done by viruses by making regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives. Spyware / Malware / Adware
- 6. There are several ways to spyware and adware prevention. First avoid some common sites. Some sites are popular for the amount of adware or spyware they install on computers. Some older browsers are susceptible to the hacks used to automate installation. Users are unaware that they has been installed until web browser settings change or random ads pop up on their computer. Some common sites that carry malware are illegal music and video, adult and free software download sites. These sites are unable to receive big-name advertising, such as Google Adsense, so they rely on blackhat methods to bring in revenue. The second way is block Popups. Some websites have popup windows that ask to install software. When canceling, the website installs software anyway. Use popup blocker to avoid the spam windows that are used on these websites. It's also best to avoid any site with these practices. Browsers like Google Chrome, Internet Explorer and Firefox announce when pop-up windows have been blocked. To really play it safe, turn off Java and JavaScript when browsing unknown sites. The methods used to install adware or spyeware on the computer are programmed in these languages. Antivirus software can detect adware and spyware applications. Keeping antivirus software installed and updated regularly helps avoid adware and spyware installation. If the computer appears to have adware or spyware, installing antivirus software like Norton's or McAfee helps clean these issues from the computer. Because of the incredible variety and complexity of a malware infection, prevention is the most effective way to battle malware. The most obvious way of preventing malware infection is to keep a Windows system patched. Most malware exploits flaws or vulnerabilities to infect Windows and its applications. Anti-malware prevention tools are another option for added protection. Nearly all antivirus and antispyware tools compile malware signatures that is detailed descriptions of malware characteristics and behaviors. These applications either block identified threats as they attack a system or quarantine or remove them if the threat has managed to slip by the first line of defense. The best anti-malware tools use an anomaly detection technique as well as signature- based defense methods. These tools can adapt to new types of malware. 3.3 Firewall A firewall is a set of related programs, located at a network gateway server, that is protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a
- 7. proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates. A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface for controlling the firewall. Computer security borrows this term from firefighting, where it originated. In firefighting, a firewall is a barrier established to prevent the spread of fire. 3.4 Hacking For an IT manager, dealing with viruses is just part of the job. They constantly find ways to block viruses from infiltrating the system, quickly remedying the vulnerabilities with patches, or, in the worst cases, recovering from an attack. But falling prey to a hacker or a cracker is much more personal. It implies that there was some kind of vulnerability in the network that allowed an intruder access to the data. Well, as they say, knowledge is power. The more we understand how a hacker operates, the better chances for thwarting intrusions. TechRepublic has offered several articles on the subject of hackers, from what to do to prevent an attack to how to deal with one after it's occurred. Del Smith offers some practical tips about how to keep hackers from getting the system information-information that can let them discover holes in which to reach the data. In "Don't broadcast info about Windows servers to hackers," Del cautions about the kind of information hackers can use to exploit the systems. Michael Mullins weighs in with another tip in "Prevent hacker probing: Block bad ICMP messages." He maintains that, although most network administrators do a fairly good job of filtering TCP and UDP traffic, many forget to filter ICMP traffic. This is dangerous because hackers can use it to map and attack networks, so it needs to be restricted. Robert Bogue offers a three-part series on what actions will help to sort things out in the aftermath of an attack. "You've been hacked: What to do in the first five minutes" focuses on the most immediate actions we must take to secure the system: evaluate, communicate, and disconnect. This includes evaluating (identifying the intruder, identifying the vulnerability, etc.), communicating, and disconnecting. In "You've been hacked: What to do in the first hour," he describes what we need to do to patch all vulnerabilities and get back online. The steps he
- 8. outlines include image the system to preserve a record, evaluate systems to detect tampering, rebuild the compromised systems, patch vulnerabilities and reconnect the systems. 4.0 Conclusion In this assignment, we already covered that what is computer security and varies computer security threats. There are included viruses, spyware, adware, malware and hacking. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Beside, we also discuss varies prevention technique of computer security threats, that is ways to prevent viruses, spyware, adware, malware and hacking. In this assignment, we also discuss how firewall protects our computer. In conclusion, computer security is very important for every computer user.