Major threats and risks
Means of defense
Innovations in this field
And computer crime
Introduction to computer security
Security is an old concept, even older than computers. Security builds trust amongst customers, employee and stakeholders. Security procedures are defined to avoid risk. Just as bank uses the procedures of double-entry bookkeeping, internal audit and external audit to secure its financials, same way bank need to use a series of procedures to protect its IT assets, infrastructure and networks.
Nowhere else is society we put so much faith in technology. Products work to a certain extent, but organizations need processes in place to leverage their effectiveness.
In recent years, computer security term meaning has originated and it was just concern with the security of physical machine with below reasons
To stop stealing or damage to the hardware
To stop stealing or damage to the information
To avoid interruption of service
There were the hard rules for access to these machines room enforced by most organizations, and these rules were often an organization’s only clear computer security measures.
In the following fundamental concept of computer security are presented. Today computer security comes in the ground of information security that is matter-of-fact to computers and networks. To protect all computer based equipments, information and services from any type of risk like unexpected events and natural disasters this field cover all the processes.
In the coming section we teach the target audience i.e. student to let them know how to protect the system against the threats with currently available basic security related awareness training and security related software and hardware. Then we let the students know that formulating and documenting information security policies how much help them in identifying the security risks and whom is responsible for these risks in order to ensure secure system in their domain. These security techniques either software, hardware or in the form of procedure can identify and stop attacks and recover from those risks. One thing to be note here that if you have good understanding of the techniques, knowledge and approach you can do better risk analysis. Remember one thing also while doing the risk analysis also that human beings are the weakest item in the security. As a result, policies and procedures must take people into account.
Computer Security Basics Aspects
Three aspects or basic components of computer security upon which it is based on are confidentiality, integrity, and availability. The understanding of these components in a specified situation is dictated by the requirements of the individuals, customs, and laws of the particular organization.
To hide, keep secret or cover up the information or resources is the name of confidentiality. Since computers are used in the government and industry as well hence there is need to keep information secret. An example of keeping information secret is that we can put restriction on the information that need to access it in military and civilian institutions of the government. This need to know theory is the enthusiasm in computer security by the military’s effort to put into practice it. The same things and ideas can be useful to other firms who want to have their proprietary designs protected. Another example of keep secrets is personal records of all types of institutions.
Now we discuss the techniques that can secure information. One of them is access control method that preserves secrecy by cryptography (cryptography scrambles data to make it beyond your understanding). In cryptography a key is the controls access to the unscrambled data and it’s also become another challenge to secure it. Confidentiality also deals with data continuation and access control methods hide data that should be safe. An additional significant feature of confidentiality is resource hiding. Websites hide information in their configuration file about the systems on which they are hosted since organizations don’t want to let know others about particulars of equipment and resources to be disclosed in case taking time or internet from a service provider. Placing proper access control techniques are effective for these things. There are various techniques other than above related to system that can stop processes from illegally accessing information. If the implemented controls are not effective or fail then there is opposite result in the form of disadvantages like money, time waste and repute.
Now we can say that all the techniques, assumptions and trust which implement confidentiality need supporting services from other systems.
Integrity is the all about truthiness and reliability of data, information or resources. It is generally described as to stop inappropriate or not allow changes to data. The word "Integrity" has two things within it one is data integrity meaning the content of the information and second is origin integrity meaning from which source the data is obtained, often known as authentication. The source from which the information is get should be accurate and credible. This feature of integrity recognized as credibility is vital to the accurate operation of a system.
An example of integrity can be the information is got from wrong source like the information is leak from White House and advertise on newspaper as received that is preserving data integrity; however its source is incorrect that is corrupting origin integrity.
There are two classes in which the integrity can be further categorized in terms of mechanisms one is the prevention mechanisms and second is detection mechanisms.
Prevention mechanisms try to keep the integrity of the data by stopping or restricting every illegal attempt to alter the data or any attempts to modify the data in unlawful behavior. The difference involving these two types of attempts is significant. The earlier way happens if someone tries to modify data but does not have privilege to amend it. The second one happens if someone is allowed to do certain modifications in the data but tries to amend the data in other forms. For instance, consider the accounting system of computer. There are two scenarios in this case, one is to break into the system i.e. breaking IDs and passwords and tries to change the accounting data which is the violation of the integrity of the accounting database. In the second case if the hired accountant is officially authorized to maintain its books but tries to misuse money by transferring it overseas and hiding the transactions then the accountant has tried to modify data in unlawful ways. Satisfactory verification and access controls will normally prevent the get in from the external, but stopping the second type of effort demands very special controls.
Detection mechanisms as the name implies to detect violation of systems events, problems or analyzing the data in the report form not try to prevent violations of integrity. These techniques may disclose the real reason of the integrity breach e.g. a particular part of a file was changed, or they may just details that the file is now corrupt.
Now we can describe that there is significant difference between the confidentiality and integrity. Integrity is all about accuracy and truthiness while confidentiality is about securing the data that may compromise if proper controls are not placed. Integrity includes the things about the source of the data in the current machine or on other machine how it protect others systems in the network, all these are the parts of the integrity of the data. Hence, assessing or measuring integrity is sometimes very complicated, since it depends upon assumptions about the source of the data and about belief in that source.
Availability is defined as the access to the information or resources required are allowed to authorize individuals. Information only has worth when the correct group is able to access it at the accurate times. Trying to access unauthorized data or information so that it becomes unavailable is one type of attack that is known as denial of service attacks. Other things that could affect the availability to vital information may comprise of accidents like power outages or natural disasters e.g. floods.
Threats and risks
Violation of security rules, methods, procedure causes threats. A threat is a possible violation of security. The truth that the violation is happening because of some actions by someone which requires that these violations should be protected against. Those events are known as attacks. When there are threats to systems then confidentiality, integrity and availability matters to count. According to Shirey there are four classes that are the reasons for threats:
Illegal access to information i.e. Disclosure
Acceptance of false data i.e. Deception
Interruption or prevention of correct operation i.e. Disruption
Unauthorized control of some part of a system i.e. Usurpation
There are numerous types of computer security threats in this world. Some threats are harmful while some are harmless even though irritating. There are also few threats which do not do any harm to the computer, but has the potential to clear the information in the bank account.
The following types of computer security threats are described.
It is one of most complex threats for computers. This threat neither replicates nor copies itself; however it can harm or break the security of the system. To install or create this threat in the system it should be send by someone and can appear as a joke program or in any software form. When this malicious software get installed it can create any undesirable situation which can either destruct the computer data or break or compromise the system by giving unauthorized access to the computer which shows the controls are not effective.
Zeus and SpyEye are the accepted banking threats come from the Trojan family. Trojan horses are installed in the systems by presenting the appealing desktop themes or new games to a user.
What can be the Risks If the Trojan gets installed?
Permit or take the control of console of computer by installing the utilities which means that services or ports are enabled or opened.
URL history, Keystrokes, and other data can be collected and relayed to the creator.
Illegal file sharing or spam relay services are installed permitting the creator to distribute or conceal the origin of information.
Trojan when get installed decreases the host’s resistance against vulnerabilities and it can decrease to detect the profiling scan or attack on the network.
A malicious program or code with intend to infect or destroy another program, a document, a partition or boot sector on hard drive so that in the finally victim system cannot function properly. This program or code is executed by replication i.e. by copy the infection to the program which comes in contact.
What can be the Risks from Viruses?
Today different vendor are available which are doing research on the signature of virus. Take the example of Symantec product which has written and included above 10,000 signatures of viruses, still going to discover and updating a new list of viruses on a daily basis. What the virus can do is that sending infection to other program by spreading copies, weaken the system’s security against attack, file deletion on local machine or shared network and can create attack on websites like distributed denial of service.
Boot Sector Virus
This virus is placed on the boot sector also referred as the master boot record of the system. It will be affected during the boot up process and can cause damage significantly. To avoid this, remove all the bootable drive so that this particular virus will not be able to boot.
Previously people thought that system gets infected with virus when executing the EXE files but it can be spread through document file like PDF. To avoid using such documents before you use on system or download from internet, use an online virus scanner to scan first.
Fake Antivirus threat is a very popular threat among Mac user about 10 months ago. Due to the reason that Mac user seldom faces a virus infection, scaring them with message which tells them that their computer is infected with virus is pretty useful where it results them into purchasing a bogus antivirus which does nothing.
A worm is an application that renders as well as enables the allocation of replications by itself. Example of worm is, from one hard drive to some other hard drive, or maybe by replicating on its own making use of electronic mail or a different transfer process. The worm can perform harm in addition to conciliation the protection of the system. It could occur by means of exploitation of system weakness i.e. vulnerability or while the user mouse clicks on a contaminated electronic mail. The risk with worm is that it utilizes the hard drive space by replication process and network bandwidth as well.
The world first Worm "Morris Worm" made by Robert Tappan Morris which affects the system around the network and this worm utilizes a huge network bandwidth.
When there are vulnerabilities in computer systems, operating systems or services, worms can attack on those systems. Contrary to viruses, the usual copying of worms can apparently block networks and weaken recovery measures.
A term given to applications and software programs which steals and log the information by scanning or monitoring the activities on computers known as spyware. For example, spyware programs appears as unwanted pop up ads and browser hijacking to get the personal information (login, passwords or account information), individual files or documents; information like applications running on the computers including habits and internet usage ways.
Spyware programs are hidden (e.g. image files) and don’t show its presence on the user’s systems. These programs get into the computer through banner ad-based software for free to install, redirect or ask to visit the website in the email message to download these spywares, on a malicious pop-up ad that has ActiveX, Java Applets content.
Today spyware target is Microsoft's Internet Explorer but the users of recent Web browser (Mozilla's Firefox and Apple's Safari) are normally not exaggerated by spyware. One of the surveys in 2004 shows that two-thirds of PCs are infected with spyware which forces the EPIC to make decision to install antivirus, antispyware or firewall software to mitigate this threat.
CoolWebSearch, Internet Optimizer (also known as DyFuCa), Zango, HuntBar (also known as WinTools) and Zlob Trojan are few top spyware programs.
Like the spyware, Scareware only scares you in cheating way but not actually the infection. When get installed in the system, it instantly reports the user with hundreds of infections which the systems do not include. It instructs the system user to install and buy a fake anti malware which is the only product that can remove those threats. In this way these Scareware make money as one can see this approach, a different way of scaring someone to buy.
A program which tracks and records keystrokes while one press on the keyboard, and can steal people’s login credential such as username and password information back to the hacker. It is also generally a sub-function of a powerful Trojan.
Keylogger can be one of three types
Software using a hooking mechanism
Kernel /driver Keylogger
Popular Keylogger available are the Invisible Keylogger Stealth, Spector, Blazing Tools Perfect Keylogger and Keysnatch.
This program is intended to bring marketing substance to a customer; frequently taking out the user’s browsing behavior to offer promotion of products the consumer is probably desire. Accordingly numerous users observe this kind of program a bit innocent, lacking in the sense that the information can be gathered and sent to additional parties somewhere else without their permission.
Adware programs like browser hijacking can forward a user’s home page to a different site, to alternate locations or try to manage the user’s Web browser client. Examples of this kind of adware are Xupiter and CoolWebSearch. It is not in fact harmful risk but can be pretty irritating.
A back door is a way of accessibility to a computer system application that bypasses security technologies. A programmer could occasionally put a back door to let the application could be used for troubleshooting or possibly some other requirements. On the other hand, attackers normally work with back doors which they identify or setup on their own, as an element of an exploit. Occasionally, a worm is made to benefit from a back door produced by a previously attack. For instance, Nimda acquired entrance by means of a back door left by Code Red.
When there are vulnerabilities in the systems, then there is another threat available in the form of exploit. It is a type of program that is developed specially to attack targeted weaknesses i.e. the vulnerability in the system. For example when the flash plugin is outdated then the browser is vulnerable to attack. The way to keep away from hitting into exploit is to constantly patch the things since software patches are there to fix vulnerabilities.
Botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection. It mostly infects through drive-by downloads or even Trojan infection. The result of this threat is the victim’s computer, which is the bot will be used for a large scale attack like DDoS.
Looking at the name, a Dropper is designed to drop into a computer and install something useful to the attacker such as Malware or Backdoor. There are two types of Dropper where one is to immediately drop and install to avoid Antivirus detection. Another type of Dropper is it will only drop a small file where this small file will auto trigger a download process to download the Malware.
A fake website which is designed to look almost like the actual website is a form of phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim. Every form sent out from the phishing site will not go to the actual server, but the attacker controlled server.
One of the most famous thing done by Anonymous, which is to send millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing. This kind of trick which is to send a lot of traffic to a machine is known as Distributed Denial of Service, also known as DDoS.
A browser hijacker uses the Trojan Malware to take control of the victim’s web browsing session. It is extremely dangerous especially when the victim is trying to send some money via online banking because that is the best time for the hijacker to alter the destination of the bank account and even amount.
Pharming works more or less like phishing but it is a little tricky here. There are two types of pharming where one of it is DNS poisoning where your DNS is being compromised and all your traffic will be redirected to the attacker’s DNS. The other type of pharming is to edit your HOST file where even if you typed www.google.com on your web browser, it will still redirect you to another site. One thing similar is that both are equally dangerous.
SQL injection does not infect the end users directly. It is more towards infecting a website which is vulnerable to this attack. What it does is it will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the database.