Term Paper of Internet Security
Content
1
TERM PAPER OF CSE-404
Topic:-Threats
Submitted to
Mr. Kiran kumar
Submitted by
Brishabh singh Reg no-7450070146 Roll no-34 Section –RA17B1
2
INDEX
Abstract---------------------------------------------------------------------------------3 Introduction---------------------------------------------------------------------------3-4 Sources of Threats-------------------------------------------------------------------5 How threats spread------------------------------------------------------------------5 Types of Computer Security Threats--------------------------------------------6-10 Some important concepts about these threats--------------------------------10-11 Threat Category Weighted -------------------------------------------------------11-11 Tips to protect yourself from malware----------------------------------------12-14 Backup-------------------------------------------------------------------------------14-16 The top 10 computer security threats-----------------------------------------16 Removal of Security Threats---------------------------------------------------16 Conclusion-------------------------------------------------------------------------------17 Reference--------------------------------------------------------------------------------18
3
Abstract:
As Internet and e-mail become an ever-increasing part of our 21st-century lives, the myriad dangers and risks that come with them are increasing too. Make sure you know how to deal with the threats that face us. Security planning is a complex and demanding discipline because of the variety of techniques available for attackers to breach the information security defenses of an organization. The problem is that security plans often focus exclusively on technical countermeasures. However, the human approach termed “social engineering” is often neglected. These attacks are difficult to deal with because the targets may not even realize they are being attacked. The popularity of internet aggravates the threat and gives the virus writers the ideal environment to distribute their viruses, since computer viruses can spread through the universe in a few hours causing distractions to hundreds of thousands of computers around the globe. An abbreviated idea about computer virus nature, history and development, the damage caused by some well known viruses and the different types of computer viruses is explained, also virus writers types, motivations, their point of view towards ethical and legal issues, and the effect of legal penalties on their practice is explained .
1. Introduction
Thereat is defined as a computer program, a person, or an event that violates the security system. A threat causes loss of data and attacks the data privacy. Most of the data of an organization stored inside the computer in very important and more valuable than the computer hardware and software. It can be damaged due to many reasons. You must protect your data from illegal access or from damage. Information systems are quickly becoming the most important tool for facilitating and supporting business activities. Our reliance on these systems means that vast quantities of sensitive and potentially valuable information is created, stored and used by them. The number of technical attacks on these systems has seen an explosive growth ever since their inception, resulting in a myriad of technical safeguards being developed and implemented to stop them. While these safeguards can prevent physical attacks on hardware and software if configured correctly, they cannot control the human element of security. It’s a widely accepted belief that people are the weakest link in any security framework, and this is where social engineering represents a threat. The keyword here is lying, as attacks of this nature exploit common human behavior by praying upon the “credulity, laziness, good manner or even enthusiasm of your staff” (Microsoft, 2006). This notion is supported by many in the security industry. If a firewall was breached due to poor configuration, the person who configured it will most likely face some form of reprimand, but in many cases this will be far less embarrassing than admitting that someone tricked you into giving away the root password to some random person over the phone. Cyber criminals have displayed great interest in the activity of state structures and commercial enterprises. They make attempts at theft and disclosure of confidential information, doing
4
damage to business reputations, breaching business continuity, and consequently breach an organization's information resources. It is not big companies alone who are at risk. Individual users can also be attacked. Using various tools, criminals gain access to personal data (bank account and credit card numbers and passwords), cause your system to malfunction, or gain complete access to your computer. Then that computer can be used as part of a zombie network, a network of infected computers used by hackers to attack servers, send out spam, harvest confidential information, and spread new viruses and Trojans. In today's world, everyone acknowledges that information is a valuable asset and should be protected. At the same time, information must be accessible for a certain user group (for instance, employees, clients and partners of a business). This is why there is a need to create a comprehensive information security system. Today, malicious programs propagate so quickly that antivirus companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many antivirus companies are unable to do this - users often receive updates once they are already infected. USB flash drive:is widely used for storing and transmitting information. It is also an important
transmission route of threats. However, few antivirus products can provide 100% protection against any threats via USB drive, especially for offline computer that is not connected to Internet. This is why there is a need to develop a security system to protect computers against any threats via USB drive. Fortunately, USB Disk Security provides a best solution to solve the problem.
The following are the main threats to data security
• •
• • • • • •
Some authorized user of the data may unintentionally delete or change sensitive data. There are two solutions to this problem. Firstly, the users must be assigned proper rights to minimize such events. Only the authorized user with certain rights may be allowed to delete or modify data after following a step-by-step process. Secondly, periodic backup of data should be taken to recover the deleted data. A proper password protection should be used to use any resource. A log file should also be maintained to keep track of all the activities performed on the data. Some strong encryption algorithm should be used, so that if any one gets access to the data, he could not be able to make any sense out of it. Latest antivirus software should be used to scan all data coming into the organization. Computers and all backing storage devices should be placed in locked rooms. Only authorized users can access these resources. Authorized users must be asked to change their passwords periodically.
5
2. Sources of Threats
A person, a group of people, or even some phenomena unrelated to human activity can serve as an information security threat. Following from this, all threat sources break down into three groups: The human factor. This group of threats concerns the actions of people with authorized or unauthorized access to information. Threats in this group can be divided into:
• •
External, including cyber criminals, hackers, internet scams, unprincipled partners, and criminal structures. Internal, including actions of company staff and users of home PCs. Actions taken by this group could be deliberate or accidental.
The technological factor. This threat group is connected with technical problems - equipment used becoming obsolete and poor-quality software and hardware for processing information. This all leads to equipment failure and often to data loss. The natural-disaster factor. This threat group includes any number of events brought on by nature and other events independent of human activity.
3. How threats spread ?
As modern computer technology and communications tools develop, hackers have more opportunities for spreading threats. Let's take a closer look at them: The Internet : The Internet is unique, since it is no one's property and has no geographical borders. In many ways, this has promoted development of countless web resources and the exchange of information. Today, anyone can access data on the Internet or create their own webpage. However, these very features of the worldwide web give hackers the ability to commit crimes on the Internet, making them difficult to detect and punish as they go. USB flash drives: USB flash drives are widely used for storing and transmitting information. When you use a USB disk that has malicious programs on it, you can damage data stored on your computer and spread the virus to your computer's other drives or other computers on the network.
Types of Computer Security Threats
This page provides basic information on computer security threats. The computer security threats covered here are:
6
• • • • • • • • • • • • •
Viruses Trojan Horses Worms Zombies Phishing Internet Based Attacks Viral Web Sites Spyware, Adware and Advertising Trojans Virus Hoaxes Unsecured Wireless Access Point Bluesnarfing Social Engineering Microsoft Office Document Metadata
Viruses
A software virus is a parasitic program written intentionally to alter the way your computer operates without your permission or knowledge. A virus attaches copies of itself to other files such as program files or documents and is inactive until you run an infected program or open an infected document. When activated, a virus may damage or delete files, cause erratic system behaviour, display messages or even erase your hard disk. A virus may spread through email and instant messenger attachments, through infected files on floppy disks or CD-ROMs, or by exploiting a security flaw in Microsoft Windows. Virus Structure Computer viruses could have two parts at least (search and copy routines) or more depending on how sophisticated it might be, the additional parts will give it a unique characteristic(Ludwing,2002, p.23-24): Search routine: this routine responsibility is to find a stabile target for infection. Copy routine: to be able to infect the target which was found by search routine, the virus must copy itself to the target and this is the copy routine responsibility. Anti-detection routine: this could be part of the search or copy routines or it could be a stand alone routine, the mission of this routine is to avoid detection either by the user or the anti-virus programs. Payload routine this routine vary depending on it’s porous, it could be a joke, destructive or perform a useful task.
7
Trojan Horses:
Trojan horses are programs that appear to serve some useful purpose or provide entertainment, which encourages you to run them. But these programs also serve a covert purpose, which may be to damage files, to place a virus on your computer or to allow a hacker to gain access to your machine. More commonly these days, you can be enticed into running a Trojan by clicking a link on a viral web site or in an email. Trojans that allow a hacker to gain access to your machine, called Remote Access Trojans (RATs), are particularly prevalent at the moment. Over 50% of all spam (unsolicited email) is sent from home or work computers that have been compromised by RATs. A Trojan horse is not a virus because it does not replicate and spread like a virus.
Worms:
Worms are programs that replicate and spread, often opening a back door to allow hackers to gain access to the computers that they infect. Worms can spread over the Internet by expoiting security flaws in the software of computers that are connected to the Internet. Worms can also spread by copying themselves from disk to disk or by email.
Zombies:
A Zombie is a dormant program that lies inactive on a computer. It can be activated remotely to aid a
8
collective attack on another computer. Zombies don’t normally damage the computer on which they reside but can damage other computers. Zombies often arrive as email attachments and when the attachment is opened they install themselves secretly and then wait to be activated.
Phishing:
A Phishing attack is when you are are sent an email that asks you to click on a link and re-enter your bank or credit card details. These emails can pretend to be from banks, Internet service providers, on-line stores and so on, and both the email and the web site it links to appear genuine. When you enter your bank or credit card details they are then used fraudulently.
Internet Based Attacks:
While your computer is connected to the Internet it can be subject to attack through your network communications. Some of the most common attacks include:
• •
Bonk – An attack on the Microsoft TCP/IP stack that can crash the attacked computer. RDS_Shell – A method of exploiting the Remote Data Services component of the Microsoft Data Access Components that lets a remote attacker run commands with system privileges. WinNuke – An exploit that can use NetBIOS to crash older Windows computers.
•
Viral Web Sites:
Users can be enticed, often by email messages, to visit web sites that contain viruses or Trojans. These sites are known as viral web sites and are often made to look like well known web sites and can have similar web addresses to the sites they are imitating. Users who visit these sites often inadvertently download and run a virus or Trojan and can then become infected or the subject of hacker attacks.
Spyware, Adware and Advertising Trojans:
Spyware, Adware and Advertising Trojans are often installed with other programs, usually without your knowledge. They record your behaviour on the Internet, display targeted ads to you and can even download other malicious software on to your computer. They are often included within programs that you can download free from the Internet or that are on CDs given away free by magazines. Spyware doesn’t usually carry viruses but it can use your system resources and slow down your Internet connection with the display of ads. If the Spyware contains bugs (faults) it can make your computer unstable but the main concern is your privacy. These programs record every step that you take on the Internet and forward it to an Ad Management Centre which reviews your searches and downloads to determine your shopping preferences. The Ad Management Centre will build up a detailed profile of you, without your knowledge, and can pass this on to third parties, again without your knowledge. Some Spyware can download more serious threats on to your computer, such as Trojan Horses.
9
Virus Hoaxes:
Virus hoaxes are messages, usually sent by email, that amount to little more than chain letters. They pretend to alert you to the latest "undetectable" virus and simply waste your time and Internet bandwidth. The best course of action is to delete these hoaxes - they can cause genuine fear and alarm in the disabled, elderly and other vulnerable groups.
Unsecured Wireless Access Points:
If a wireless access point, e.g. an ADSL (Broadband) Router, hasn't been secured then anyone with a wireless device (laptop, PDA, etc) will be able to connect to it and thereby access the Internet and all the other computers on the wireless network.
Bluesnarfing:
The act of stealing personal data, specifically calendar and contact information, from a Bluetooth enabled device.
Social Engineering:
Tricking computer users into revealing computer security or private information, e.g. passwords, email addresses, etc, by exploiting the natural tendency of a person to trust and/or by exploiting a person's emotional response.
Example 1: Spammers send out an email about victims of child abuse and provide a link to click in the email for further information or to help the victims. When the link is clicked the spammers know the email address is "live" and add it to their live list which they then use to target their spam. Example 2: A company computer user is tricked into revealing the network password by someone on the telephone who is impersonating the voice of an employee in authority and who has a story of distress.
Microsoft Office Document Metadata:
The average Microsoft Word, Excel, etc document includes hidden metadata with details of who created it, who has worked on it, when it has been amended and quite possibly the text of all those changes as well. Viewing a Word document in a text editor can reveal the metadata in plain text at the start and finish of the document.
4. Some important concepts about these threats
10
What is the difference between a virus and a worm?
A virus is a program that replicates, i.e. it spreads from file to file on your system and from PC to PC. In addition, it may be programmed to erase or damage data. Worms are generally considered to be a subset of viruses, but with certain key differences. A worm is a computer program that replicates, but does not infect other files. Instead, it installs itself once on a computer and then looks for a way to spread to other computers. In the case of a virus, the longer it goes undetected, the more infected files there will be on the computer. Worms, however, create a single instance of their code. Moreover, unlike a virus, a worm code is stand-alone. In other words, a worm is a separate file while a virus is a set of code which adds itself to existing files.
What is a TROJAN and where did the name come from?
The term Trojan refers to the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The classic definition of a Trojan is a program that poses as legitimate software but when launched will do something harmful. Trojans can't spread by themselves, which is what distinguishes them from viruses and worms. Today, Trojans are typically installed secretly and deliver their malicious payload without your knowledge. Much of today’s crimeware is comprised of different types of Trojans, all of which are purpose-built to carry out a specific malicious function. The most common are Backdoor Trojans (often they include a keylogger), Trojan Spies, password stealing Trojans and Trojan Proxies that convert your computer into a spam distribution machine.
What is a DoS attack? What is a DDoS attack?
A Denial-of-Service (DoS) attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for hackers to achieve this. One common method is to flood a server by sending it more requests than it is able to handle. This will make the server run slower than usual (and web pages will take much longer to open), and may crash the server completely (causing all websites on the server to go down). A distributed-Denial-of-Service (DDoS) attack differs only in the fact that the attack is conducted using multiple machines. The hacker typically uses one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines. Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the computer, to install a Trojan or other piece of malicious code.
Spoofing
11 Spoofing is a technique used to hide identity of traffic originator or assume identity of trusted entity or fooling a computer into believing which actually you are not. The most common spoof is email where a hacker pretend to be a different internet address from the one you have just to gain his/her credit card no, passwords, personal information or to theft any identity. Spoofing normally involves sending many packets/messages pretending to be a real legitimate person and spoofed IPs are very hard to back track. There are many different types of spoofing, such as ▪ IP addresses, MAC addresses changing attacks ▪ Link alteration ▪ DNS server spoofing attack ▪ Content theft ▪ E-mail address changing attack
5. Threat Category Weighted
Deliberate Software Attacks Technical Software Failures or Errors Act of Human Error or Failure Deliberate Acts of Espionage or Trespass Deliberate Acts of Sabotage or Vandalism Technical Hardware Failures or Errors Deliberate Acts of Theft Forces of Nature Compromises to Intellectual Property QoS Deviations from Service Providers Technological Obsolescence Deliberate Acts of Information Extortion
Ranking
2178 1130 1101 1044 963 942 695 611 495 434 428 225
Your computer could be at risk if your: Firewalls: Security Updates: Antivirus Software: Are disabled and not properly working Are not up-to-date Is not up-to-date or from a trusted source Is weak, especially for network security
Password:
12
6. Tips to protect yourself from malware
Be mindful of what you are clicking on Many websites that hosts harmful content will use banners and pop up advertisements, pretending to be an error messages or offering you a prize. When you visit these sites harmful content is downloaded into your computer. Avoid being tempted in the first place. Be aware of what you are downloading Don't download software from a website that's full of advertisements, or listings of 'free' programs, these are often fake files. Be cautious and question them, scan them with security software prior to opening or only download programs from reputable or corporate websites. Purchase security software Many users are not aware that using pirated software can not protect user's computer against threats and the pirated software from unauthorized third parties may contain viruses. Be careful before you open your removable media Many malicious programs attack your computers and spread via USB storage. USB Disk Security can protect your computer against any threats via removable media. Update Windows when prompted Microsoft release updates for Windows regularly. They include important security patches and tools. Install them when prompted to patch up security gaps in your operating system, browser or third party software. Take extra care when using Peer-To-Peer programs Since files shared on P2P networks are not policed. Anyone can release anything they want via this medium. As such get into the habit of scanning the files you downloaded before running/executing them. Accept incoming files when you expect them and from people that you know Some threats have the ability to infect machines and automatically send copies of themselves to that user's contact list. It may appear that your friend is sending you a file but it may turn out to be a malicious program propagating itself. Know your File Formats Images usually come in .jpg .jpeg .png .bmp .gif .tif formats. Executables come in .exe .bat .com .dll formats. If someone says they are sending you a photo but the file ends with .exe or .com, please do not open it. They're obviously mistaken or potentially endangering you. Be aware of what's happening
13
There are various places to seek for help and learn more about your computer. It pays to be knowledgeable on your computer, as malicious threats often take advantage of those who are unaware of what's happening.
The key information sought in this study is the identification and ranking of threats to information security. This list presents the result of the study with each category’s corresponding ranking.
14
Backup
User interface elements in User Profile
• • • • • • • • •
Start menu, taskbar, toolbars, desktop shortcuts, the desktop background, and Active Desktop items. My Documents My Music Media play lists maintained by Windows Media Player, Real Player, etc. My Pictures My Download files (containing drivers and installation programs) Favorites Cookies (to avoid looking up all passwords again) Preferences set from inside each Application GUI
15
Other
• •
Email text Application data files and databases (Quicken, TurboTax, etc.).
In the Applications Data\Microsoft\ folder:
• • • • •
Address Book \ %user%.wab and .wa~ backup file. Proof\custom.dic Spell Check custom dictionary. Excel\XLSTART spreadsheets shown at startup. Templates such as Normal.dat used by Word. Media Player presets and play lists.
System State data
• • • • • • • •
Registry settings Component Services (COM+) Class Registration database System boot/start-up files (CONFIG.SYS, AUTOEXEC.BAT, CONFIG.NT, etc.) Performance counter configuration information Certificate Services database (if the computer is a certificate server) Active Directory service and SYSVOL folder (if the computer is a Domain Controller) resource registry checkpoints and the quorum resource recovery log (if the computer is part of a Cluster) DNS zone information (DS integrated and non-DS integrated) (if the computer is a DNS server)
On a SQL Server
Types of MS-SQL data should be backed up:
• •
• •
• •
User databases -- There is more than one type of production database The master database -- It is important to include backup the master database. Master cannot be separated from its transaction log so they have to be backed up together. The MS-SQL msdb database The MS-SQL msdb database supports the SQL Executive service provides a storage area for scheduling information. Because setup installs msdb database and its transaction log on separate devices they can be backed up separately. The distribution database (replication) Distribution servers need to be included.
16
7. The top 10 computer security threats for 2008
The 2008 Olympics is likely to spur a flurry of hacker activity, says Websense Inc, which
specializes in web filtering and security software, releasing the top ten computer security threats for 2008. “Looking at the current attack trends, cyber criminal techniques are evolving quickly and efficiently to not only evade detection, but to steal data and manipulate trusted content such as Web sites and applications," said Dan Hubbard, vice president of security research, Websense, in a media release. "It's critical that organizations and individuals recognize that attackers are changing techniques and launching targeted attacks." The top 10 security threats are: 1. Olympics: New cyber attacks, phishing and fraud 2. Malicious spam invades blogs, search engines, forums and Web sites 3. Attackers use Web's 'weakest links' to launch attacks 4. Number of compromised Web sites will surpass number of created malicious sites 5. Cross-platform Web attacks: Mac, iPhone popularity spurs increase 6. Rise in targeted Web 2.0 special interest attacks: Hackers targeting specific groups of people based on interests and profile 7. Morphing JavaScript to evade anti-virus scanners 8. Data concealment methods increase in sophistication 9. Global law enforcement will crack down on key hacker groups and individuals 10.Vishing and voice spam will combine and increase
11. Removal of Security Threats
Example 1.) 2.) 3.) 4.) 5.) 6.) of how to remove a Sasser Worm: Disconnect from local internet connection Close the running program Activate Windows Firewall Download and Install Patches from Microsoft Website Delete all infected files Reboot your computer
17
11. Conclusion
• Every day, organizations spend fortunes on the latest in high-tech security but fail to consider the small and simple tricks that social engineers employ to their advantage. One problem facing these organizations is the never-ending pursuit of being able to do things faster and cheaper, which often means that obvious risks are overlooked, eventually rendering multi-million dollar technologies useless. An attacker will always follow the path with the least amount of obstacles in it, while some organizations spend a lot of resources planning for unrealistic and catastrophic scenarios. On the other end of the scale, you have organizations that neglect security all together. Mitnick believes it’s a money issue more than anything else, by stating that “a lot of businesses out there don’t see the return on investment, they look at it [security] as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it’s still a hard sell for people” (Mitnick & Simon, 2003). It’s important for both security managers and employees to challenge this mindset, as security can pay off in the long run, but only if it’s done right. One can argue if combating social engineering is even possible, since there will always be users that are susceptible to a well-written scheme. The product of a well-executed security strategy will never be perfect because there is no such thing as perfect security. However, education and consequently increased user awareness can produce positive results in the long run, but only if it’s able to keep users informed and updated on the risks they face. Education through security awareness training is perhaps the most important tool for combating these attacks. The key is to create awareness that empowers your employees to recognize and thwart social engineers before they become a threat. Furthermore, these training programs need to be dynamic and focus on continuous improvement to ensure a return on the investment for the organization. Many in our generation grew up with comics and cartoons. Their heroes and their ideals helped shape our mindset on many subjects. In relation to warfare, G.I. Joe was the one who taught us that “knowing is half the battle”. One can argue that he is correct, as knowledge does equal power in the case of combating social engineers. We now know that social engineering is a serious threat in today‟s environment. With the vast quantities of information organizations strive to protect, security has never been a more relevant topic. We‟ve illustrated that threats that are often ignored can potentially cause irreparable damage. But there is hope: there are many techniques organizations can take into consideration when designing their defenses. Hopefully this knowledge can be used to help mitigate the risks posed by these kinds of attacks. In closing, in order to effectively implement a security strategy, a multi-layered framework should be utilized. Even though technical counter-measures are an important aspect, it‟s important to prioritize the human element of security, as your employees in most cases are both your first and only line of defense.
•
•
•
18
12. References
http://www.microsoft.com/protect/computer/basics.mspx http://www.tech-faq.com/internet-bots.shtml http://antivirus.about.com/b/2006/05/31/whats-a-trojan-horse-virus.htm http://www.pchell.com/virus/sasser.shtml Goodchild, J. (2010, January 11). Social Engineering: The Basics. Retrieved May 15, 2010, from CSO Online: http://www.csoonline.com/article/514063/Social_Engineering_The_Basics King, B. (2006). The Lying Ape: An Honest Guide to a World of Deception. Icon Books Limited. Kotadia, M. (2004, November 1). Greatest security risk: Social engineering, says Gartner. Retrieved May 14, 2010, from ZDNet Australia: http://www.zdnet.co.uk/news/security-management/2004/11/01/greatest-security-risk-socialengineering-says-gartner-39172157/ Microsoft. (2006, August 18). How to Protect Insiders from Social Engineering Threats. Retrieved May 10, 2010, from Microsoft TechNet Library – Security Business Guidance: http://technet.microsoft.com/en-us/library/cc875841.aspx Mills, E. (2008, June 20). Social Engineering 101: Mitnick and other hackers show how it’s done. Retrieved May 20, 2010, from CNET News: http://news.cnet.com/8301-1009_3-9995253-83.html http://www.usdoj.gov/criminal/cypercrime/melissaSent.htm Accessed 5th May 2003. Cronkhite, C. and McCullough, J. (2001) Access Denied :The Complete Guide to Protecting Your Business Online. Osborne: McGraw-Hill.. Dwan, B.(2000) “The Computer Virus –– From There to Here.: An Historical Perspective” Computer Fraud & Security, 2000(12),pp. 13-16 Gordon, S. (1994). “The Generic Virus Writer” http://www.research.ibm.com/antivirus/SciPapers/Gordon/Generic Virus Writer.html Accessed 4th May 2003. Gordon, S. (2000). “Virus Writer: The End of The Innocence” http://www.research.ibm.com/antivirus/SciPapers/VB2000SG.htm Accessed 27th Apr 2003. Hannaford, C. S.( 1995) “Can computer security really make a difference? ”, Managerial Auditing
19
TERM PAPER OF CSE-404
Topic:-Threats
Submitted to
Mr. Kiran kumar
Submitted by
Brishabh singh Reg no-7450070146 Roll no-34 Section –RA17B1
2
INDEX
Abstract---------------------------------------------------------------------------------3 Introduction---------------------------------------------------------------------------3-4 Sources of Threats-------------------------------------------------------------------5 How threats spread------------------------------------------------------------------5 Types of Computer Security Threats--------------------------------------------6-10 Some important concepts about these threats--------------------------------10-11 Threat Category Weighted -------------------------------------------------------11-11 Tips to protect yourself from malware----------------------------------------12-14 Backup-------------------------------------------------------------------------------14-16 The top 10 computer security threats-----------------------------------------16 Removal of Security Threats---------------------------------------------------16 Conclusion-------------------------------------------------------------------------------17 Reference--------------------------------------------------------------------------------18
3
Abstract:
As Internet and e-mail become an ever-increasing part of our 21st-century lives, the myriad dangers and risks that come with them are increasing too. Make sure you know how to deal with the threats that face us. Security planning is a complex and demanding discipline because of the variety of techniques available for attackers to breach the information security defenses of an organization. The problem is that security plans often focus exclusively on technical countermeasures. However, the human approach termed “social engineering” is often neglected. These attacks are difficult to deal with because the targets may not even realize they are being attacked. The popularity of internet aggravates the threat and gives the virus writers the ideal environment to distribute their viruses, since computer viruses can spread through the universe in a few hours causing distractions to hundreds of thousands of computers around the globe. An abbreviated idea about computer virus nature, history and development, the damage caused by some well known viruses and the different types of computer viruses is explained, also virus writers types, motivations, their point of view towards ethical and legal issues, and the effect of legal penalties on their practice is explained .
1. Introduction
Thereat is defined as a computer program, a person, or an event that violates the security system. A threat causes loss of data and attacks the data privacy. Most of the data of an organization stored inside the computer in very important and more valuable than the computer hardware and software. It can be damaged due to many reasons. You must protect your data from illegal access or from damage. Information systems are quickly becoming the most important tool for facilitating and supporting business activities. Our reliance on these systems means that vast quantities of sensitive and potentially valuable information is created, stored and used by them. The number of technical attacks on these systems has seen an explosive growth ever since their inception, resulting in a myriad of technical safeguards being developed and implemented to stop them. While these safeguards can prevent physical attacks on hardware and software if configured correctly, they cannot control the human element of security. It’s a widely accepted belief that people are the weakest link in any security framework, and this is where social engineering represents a threat. The keyword here is lying, as attacks of this nature exploit common human behavior by praying upon the “credulity, laziness, good manner or even enthusiasm of your staff” (Microsoft, 2006). This notion is supported by many in the security industry. If a firewall was breached due to poor configuration, the person who configured it will most likely face some form of reprimand, but in many cases this will be far less embarrassing than admitting that someone tricked you into giving away the root password to some random person over the phone. Cyber criminals have displayed great interest in the activity of state structures and commercial enterprises. They make attempts at theft and disclosure of confidential information, doing
4
damage to business reputations, breaching business continuity, and consequently breach an organization's information resources. It is not big companies alone who are at risk. Individual users can also be attacked. Using various tools, criminals gain access to personal data (bank account and credit card numbers and passwords), cause your system to malfunction, or gain complete access to your computer. Then that computer can be used as part of a zombie network, a network of infected computers used by hackers to attack servers, send out spam, harvest confidential information, and spread new viruses and Trojans. In today's world, everyone acknowledges that information is a valuable asset and should be protected. At the same time, information must be accessible for a certain user group (for instance, employees, clients and partners of a business). This is why there is a need to create a comprehensive information security system. Today, malicious programs propagate so quickly that antivirus companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many antivirus companies are unable to do this - users often receive updates once they are already infected. USB flash drive:is widely used for storing and transmitting information. It is also an important
transmission route of threats. However, few antivirus products can provide 100% protection against any threats via USB drive, especially for offline computer that is not connected to Internet. This is why there is a need to develop a security system to protect computers against any threats via USB drive. Fortunately, USB Disk Security provides a best solution to solve the problem.
The following are the main threats to data security
• •
• • • • • •
Some authorized user of the data may unintentionally delete or change sensitive data. There are two solutions to this problem. Firstly, the users must be assigned proper rights to minimize such events. Only the authorized user with certain rights may be allowed to delete or modify data after following a step-by-step process. Secondly, periodic backup of data should be taken to recover the deleted data. A proper password protection should be used to use any resource. A log file should also be maintained to keep track of all the activities performed on the data. Some strong encryption algorithm should be used, so that if any one gets access to the data, he could not be able to make any sense out of it. Latest antivirus software should be used to scan all data coming into the organization. Computers and all backing storage devices should be placed in locked rooms. Only authorized users can access these resources. Authorized users must be asked to change their passwords periodically.
5
2. Sources of Threats
A person, a group of people, or even some phenomena unrelated to human activity can serve as an information security threat. Following from this, all threat sources break down into three groups: The human factor. This group of threats concerns the actions of people with authorized or unauthorized access to information. Threats in this group can be divided into:
• •
External, including cyber criminals, hackers, internet scams, unprincipled partners, and criminal structures. Internal, including actions of company staff and users of home PCs. Actions taken by this group could be deliberate or accidental.
The technological factor. This threat group is connected with technical problems - equipment used becoming obsolete and poor-quality software and hardware for processing information. This all leads to equipment failure and often to data loss. The natural-disaster factor. This threat group includes any number of events brought on by nature and other events independent of human activity.
3. How threats spread ?
As modern computer technology and communications tools develop, hackers have more opportunities for spreading threats. Let's take a closer look at them: The Internet : The Internet is unique, since it is no one's property and has no geographical borders. In many ways, this has promoted development of countless web resources and the exchange of information. Today, anyone can access data on the Internet or create their own webpage. However, these very features of the worldwide web give hackers the ability to commit crimes on the Internet, making them difficult to detect and punish as they go. USB flash drives: USB flash drives are widely used for storing and transmitting information. When you use a USB disk that has malicious programs on it, you can damage data stored on your computer and spread the virus to your computer's other drives or other computers on the network.
Types of Computer Security Threats
This page provides basic information on computer security threats. The computer security threats covered here are:
6
• • • • • • • • • • • • •
Viruses Trojan Horses Worms Zombies Phishing Internet Based Attacks Viral Web Sites Spyware, Adware and Advertising Trojans Virus Hoaxes Unsecured Wireless Access Point Bluesnarfing Social Engineering Microsoft Office Document Metadata
Viruses
A software virus is a parasitic program written intentionally to alter the way your computer operates without your permission or knowledge. A virus attaches copies of itself to other files such as program files or documents and is inactive until you run an infected program or open an infected document. When activated, a virus may damage or delete files, cause erratic system behaviour, display messages or even erase your hard disk. A virus may spread through email and instant messenger attachments, through infected files on floppy disks or CD-ROMs, or by exploiting a security flaw in Microsoft Windows. Virus Structure Computer viruses could have two parts at least (search and copy routines) or more depending on how sophisticated it might be, the additional parts will give it a unique characteristic(Ludwing,2002, p.23-24): Search routine: this routine responsibility is to find a stabile target for infection. Copy routine: to be able to infect the target which was found by search routine, the virus must copy itself to the target and this is the copy routine responsibility. Anti-detection routine: this could be part of the search or copy routines or it could be a stand alone routine, the mission of this routine is to avoid detection either by the user or the anti-virus programs. Payload routine this routine vary depending on it’s porous, it could be a joke, destructive or perform a useful task.
7
Trojan Horses:
Trojan horses are programs that appear to serve some useful purpose or provide entertainment, which encourages you to run them. But these programs also serve a covert purpose, which may be to damage files, to place a virus on your computer or to allow a hacker to gain access to your machine. More commonly these days, you can be enticed into running a Trojan by clicking a link on a viral web site or in an email. Trojans that allow a hacker to gain access to your machine, called Remote Access Trojans (RATs), are particularly prevalent at the moment. Over 50% of all spam (unsolicited email) is sent from home or work computers that have been compromised by RATs. A Trojan horse is not a virus because it does not replicate and spread like a virus.
Worms:
Worms are programs that replicate and spread, often opening a back door to allow hackers to gain access to the computers that they infect. Worms can spread over the Internet by expoiting security flaws in the software of computers that are connected to the Internet. Worms can also spread by copying themselves from disk to disk or by email.
Zombies:
A Zombie is a dormant program that lies inactive on a computer. It can be activated remotely to aid a
8
collective attack on another computer. Zombies don’t normally damage the computer on which they reside but can damage other computers. Zombies often arrive as email attachments and when the attachment is opened they install themselves secretly and then wait to be activated.
Phishing:
A Phishing attack is when you are are sent an email that asks you to click on a link and re-enter your bank or credit card details. These emails can pretend to be from banks, Internet service providers, on-line stores and so on, and both the email and the web site it links to appear genuine. When you enter your bank or credit card details they are then used fraudulently.
Internet Based Attacks:
While your computer is connected to the Internet it can be subject to attack through your network communications. Some of the most common attacks include:
• •
Bonk – An attack on the Microsoft TCP/IP stack that can crash the attacked computer. RDS_Shell – A method of exploiting the Remote Data Services component of the Microsoft Data Access Components that lets a remote attacker run commands with system privileges. WinNuke – An exploit that can use NetBIOS to crash older Windows computers.
•
Viral Web Sites:
Users can be enticed, often by email messages, to visit web sites that contain viruses or Trojans. These sites are known as viral web sites and are often made to look like well known web sites and can have similar web addresses to the sites they are imitating. Users who visit these sites often inadvertently download and run a virus or Trojan and can then become infected or the subject of hacker attacks.
Spyware, Adware and Advertising Trojans:
Spyware, Adware and Advertising Trojans are often installed with other programs, usually without your knowledge. They record your behaviour on the Internet, display targeted ads to you and can even download other malicious software on to your computer. They are often included within programs that you can download free from the Internet or that are on CDs given away free by magazines. Spyware doesn’t usually carry viruses but it can use your system resources and slow down your Internet connection with the display of ads. If the Spyware contains bugs (faults) it can make your computer unstable but the main concern is your privacy. These programs record every step that you take on the Internet and forward it to an Ad Management Centre which reviews your searches and downloads to determine your shopping preferences. The Ad Management Centre will build up a detailed profile of you, without your knowledge, and can pass this on to third parties, again without your knowledge. Some Spyware can download more serious threats on to your computer, such as Trojan Horses.
9
Virus Hoaxes:
Virus hoaxes are messages, usually sent by email, that amount to little more than chain letters. They pretend to alert you to the latest "undetectable" virus and simply waste your time and Internet bandwidth. The best course of action is to delete these hoaxes - they can cause genuine fear and alarm in the disabled, elderly and other vulnerable groups.
Unsecured Wireless Access Points:
If a wireless access point, e.g. an ADSL (Broadband) Router, hasn't been secured then anyone with a wireless device (laptop, PDA, etc) will be able to connect to it and thereby access the Internet and all the other computers on the wireless network.
Bluesnarfing:
The act of stealing personal data, specifically calendar and contact information, from a Bluetooth enabled device.
Social Engineering:
Tricking computer users into revealing computer security or private information, e.g. passwords, email addresses, etc, by exploiting the natural tendency of a person to trust and/or by exploiting a person's emotional response.
Example 1: Spammers send out an email about victims of child abuse and provide a link to click in the email for further information or to help the victims. When the link is clicked the spammers know the email address is "live" and add it to their live list which they then use to target their spam. Example 2: A company computer user is tricked into revealing the network password by someone on the telephone who is impersonating the voice of an employee in authority and who has a story of distress.
Microsoft Office Document Metadata:
The average Microsoft Word, Excel, etc document includes hidden metadata with details of who created it, who has worked on it, when it has been amended and quite possibly the text of all those changes as well. Viewing a Word document in a text editor can reveal the metadata in plain text at the start and finish of the document.
4. Some important concepts about these threats
10
What is the difference between a virus and a worm?
A virus is a program that replicates, i.e. it spreads from file to file on your system and from PC to PC. In addition, it may be programmed to erase or damage data. Worms are generally considered to be a subset of viruses, but with certain key differences. A worm is a computer program that replicates, but does not infect other files. Instead, it installs itself once on a computer and then looks for a way to spread to other computers. In the case of a virus, the longer it goes undetected, the more infected files there will be on the computer. Worms, however, create a single instance of their code. Moreover, unlike a virus, a worm code is stand-alone. In other words, a worm is a separate file while a virus is a set of code which adds itself to existing files.
What is a TROJAN and where did the name come from?
The term Trojan refers to the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The classic definition of a Trojan is a program that poses as legitimate software but when launched will do something harmful. Trojans can't spread by themselves, which is what distinguishes them from viruses and worms. Today, Trojans are typically installed secretly and deliver their malicious payload without your knowledge. Much of today’s crimeware is comprised of different types of Trojans, all of which are purpose-built to carry out a specific malicious function. The most common are Backdoor Trojans (often they include a keylogger), Trojan Spies, password stealing Trojans and Trojan Proxies that convert your computer into a spam distribution machine.
What is a DoS attack? What is a DDoS attack?
A Denial-of-Service (DoS) attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for hackers to achieve this. One common method is to flood a server by sending it more requests than it is able to handle. This will make the server run slower than usual (and web pages will take much longer to open), and may crash the server completely (causing all websites on the server to go down). A distributed-Denial-of-Service (DDoS) attack differs only in the fact that the attack is conducted using multiple machines. The hacker typically uses one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines. Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the computer, to install a Trojan or other piece of malicious code.
Spoofing
11 Spoofing is a technique used to hide identity of traffic originator or assume identity of trusted entity or fooling a computer into believing which actually you are not. The most common spoof is email where a hacker pretend to be a different internet address from the one you have just to gain his/her credit card no, passwords, personal information or to theft any identity. Spoofing normally involves sending many packets/messages pretending to be a real legitimate person and spoofed IPs are very hard to back track. There are many different types of spoofing, such as ▪ IP addresses, MAC addresses changing attacks ▪ Link alteration ▪ DNS server spoofing attack ▪ Content theft ▪ E-mail address changing attack
5. Threat Category Weighted
Deliberate Software Attacks Technical Software Failures or Errors Act of Human Error or Failure Deliberate Acts of Espionage or Trespass Deliberate Acts of Sabotage or Vandalism Technical Hardware Failures or Errors Deliberate Acts of Theft Forces of Nature Compromises to Intellectual Property QoS Deviations from Service Providers Technological Obsolescence Deliberate Acts of Information Extortion
Ranking
2178 1130 1101 1044 963 942 695 611 495 434 428 225
Your computer could be at risk if your: Firewalls: Security Updates: Antivirus Software: Are disabled and not properly working Are not up-to-date Is not up-to-date or from a trusted source Is weak, especially for network security
Password:
12
6. Tips to protect yourself from malware
Be mindful of what you are clicking on Many websites that hosts harmful content will use banners and pop up advertisements, pretending to be an error messages or offering you a prize. When you visit these sites harmful content is downloaded into your computer. Avoid being tempted in the first place. Be aware of what you are downloading Don't download software from a website that's full of advertisements, or listings of 'free' programs, these are often fake files. Be cautious and question them, scan them with security software prior to opening or only download programs from reputable or corporate websites. Purchase security software Many users are not aware that using pirated software can not protect user's computer against threats and the pirated software from unauthorized third parties may contain viruses. Be careful before you open your removable media Many malicious programs attack your computers and spread via USB storage. USB Disk Security can protect your computer against any threats via removable media. Update Windows when prompted Microsoft release updates for Windows regularly. They include important security patches and tools. Install them when prompted to patch up security gaps in your operating system, browser or third party software. Take extra care when using Peer-To-Peer programs Since files shared on P2P networks are not policed. Anyone can release anything they want via this medium. As such get into the habit of scanning the files you downloaded before running/executing them. Accept incoming files when you expect them and from people that you know Some threats have the ability to infect machines and automatically send copies of themselves to that user's contact list. It may appear that your friend is sending you a file but it may turn out to be a malicious program propagating itself. Know your File Formats Images usually come in .jpg .jpeg .png .bmp .gif .tif formats. Executables come in .exe .bat .com .dll formats. If someone says they are sending you a photo but the file ends with .exe or .com, please do not open it. They're obviously mistaken or potentially endangering you. Be aware of what's happening
13
There are various places to seek for help and learn more about your computer. It pays to be knowledgeable on your computer, as malicious threats often take advantage of those who are unaware of what's happening.
The key information sought in this study is the identification and ranking of threats to information security. This list presents the result of the study with each category’s corresponding ranking.
14
Backup
User interface elements in User Profile
• • • • • • • • •
Start menu, taskbar, toolbars, desktop shortcuts, the desktop background, and Active Desktop items. My Documents My Music Media play lists maintained by Windows Media Player, Real Player, etc. My Pictures My Download files (containing drivers and installation programs) Favorites Cookies (to avoid looking up all passwords again) Preferences set from inside each Application GUI
15
Other
• •
Email text Application data files and databases (Quicken, TurboTax, etc.).
In the Applications Data\Microsoft\ folder:
• • • • •
Address Book \ %user%.wab and .wa~ backup file. Proof\custom.dic Spell Check custom dictionary. Excel\XLSTART spreadsheets shown at startup. Templates such as Normal.dat used by Word. Media Player presets and play lists.
System State data
• • • • • • • •
Registry settings Component Services (COM+) Class Registration database System boot/start-up files (CONFIG.SYS, AUTOEXEC.BAT, CONFIG.NT, etc.) Performance counter configuration information Certificate Services database (if the computer is a certificate server) Active Directory service and SYSVOL folder (if the computer is a Domain Controller) resource registry checkpoints and the quorum resource recovery log (if the computer is part of a Cluster) DNS zone information (DS integrated and non-DS integrated) (if the computer is a DNS server)
On a SQL Server
Types of MS-SQL data should be backed up:
• •
• •
• •
User databases -- There is more than one type of production database The master database -- It is important to include backup the master database. Master cannot be separated from its transaction log so they have to be backed up together. The MS-SQL msdb database The MS-SQL msdb database supports the SQL Executive service provides a storage area for scheduling information. Because setup installs msdb database and its transaction log on separate devices they can be backed up separately. The distribution database (replication) Distribution servers need to be included.
16
7. The top 10 computer security threats for 2008
The 2008 Olympics is likely to spur a flurry of hacker activity, says Websense Inc, which
specializes in web filtering and security software, releasing the top ten computer security threats for 2008. “Looking at the current attack trends, cyber criminal techniques are evolving quickly and efficiently to not only evade detection, but to steal data and manipulate trusted content such as Web sites and applications," said Dan Hubbard, vice president of security research, Websense, in a media release. "It's critical that organizations and individuals recognize that attackers are changing techniques and launching targeted attacks." The top 10 security threats are: 1. Olympics: New cyber attacks, phishing and fraud 2. Malicious spam invades blogs, search engines, forums and Web sites 3. Attackers use Web's 'weakest links' to launch attacks 4. Number of compromised Web sites will surpass number of created malicious sites 5. Cross-platform Web attacks: Mac, iPhone popularity spurs increase 6. Rise in targeted Web 2.0 special interest attacks: Hackers targeting specific groups of people based on interests and profile 7. Morphing JavaScript to evade anti-virus scanners 8. Data concealment methods increase in sophistication 9. Global law enforcement will crack down on key hacker groups and individuals 10.Vishing and voice spam will combine and increase
11. Removal of Security Threats
Example 1.) 2.) 3.) 4.) 5.) 6.) of how to remove a Sasser Worm: Disconnect from local internet connection Close the running program Activate Windows Firewall Download and Install Patches from Microsoft Website Delete all infected files Reboot your computer
17
11. Conclusion
• Every day, organizations spend fortunes on the latest in high-tech security but fail to consider the small and simple tricks that social engineers employ to their advantage. One problem facing these organizations is the never-ending pursuit of being able to do things faster and cheaper, which often means that obvious risks are overlooked, eventually rendering multi-million dollar technologies useless. An attacker will always follow the path with the least amount of obstacles in it, while some organizations spend a lot of resources planning for unrealistic and catastrophic scenarios. On the other end of the scale, you have organizations that neglect security all together. Mitnick believes it’s a money issue more than anything else, by stating that “a lot of businesses out there don’t see the return on investment, they look at it [security] as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it’s still a hard sell for people” (Mitnick & Simon, 2003). It’s important for both security managers and employees to challenge this mindset, as security can pay off in the long run, but only if it’s done right. One can argue if combating social engineering is even possible, since there will always be users that are susceptible to a well-written scheme. The product of a well-executed security strategy will never be perfect because there is no such thing as perfect security. However, education and consequently increased user awareness can produce positive results in the long run, but only if it’s able to keep users informed and updated on the risks they face. Education through security awareness training is perhaps the most important tool for combating these attacks. The key is to create awareness that empowers your employees to recognize and thwart social engineers before they become a threat. Furthermore, these training programs need to be dynamic and focus on continuous improvement to ensure a return on the investment for the organization. Many in our generation grew up with comics and cartoons. Their heroes and their ideals helped shape our mindset on many subjects. In relation to warfare, G.I. Joe was the one who taught us that “knowing is half the battle”. One can argue that he is correct, as knowledge does equal power in the case of combating social engineers. We now know that social engineering is a serious threat in today‟s environment. With the vast quantities of information organizations strive to protect, security has never been a more relevant topic. We‟ve illustrated that threats that are often ignored can potentially cause irreparable damage. But there is hope: there are many techniques organizations can take into consideration when designing their defenses. Hopefully this knowledge can be used to help mitigate the risks posed by these kinds of attacks. In closing, in order to effectively implement a security strategy, a multi-layered framework should be utilized. Even though technical counter-measures are an important aspect, it‟s important to prioritize the human element of security, as your employees in most cases are both your first and only line of defense.
•
•
•
18
12. References
http://www.microsoft.com/protect/computer/basics.mspx http://www.tech-faq.com/internet-bots.shtml http://antivirus.about.com/b/2006/05/31/whats-a-trojan-horse-virus.htm http://www.pchell.com/virus/sasser.shtml Goodchild, J. (2010, January 11). Social Engineering: The Basics. Retrieved May 15, 2010, from CSO Online: http://www.csoonline.com/article/514063/Social_Engineering_The_Basics King, B. (2006). The Lying Ape: An Honest Guide to a World of Deception. Icon Books Limited. Kotadia, M. (2004, November 1). Greatest security risk: Social engineering, says Gartner. Retrieved May 14, 2010, from ZDNet Australia: http://www.zdnet.co.uk/news/security-management/2004/11/01/greatest-security-risk-socialengineering-says-gartner-39172157/ Microsoft. (2006, August 18). How to Protect Insiders from Social Engineering Threats. Retrieved May 10, 2010, from Microsoft TechNet Library – Security Business Guidance: http://technet.microsoft.com/en-us/library/cc875841.aspx Mills, E. (2008, June 20). Social Engineering 101: Mitnick and other hackers show how it’s done. Retrieved May 20, 2010, from CNET News: http://news.cnet.com/8301-1009_3-9995253-83.html http://www.usdoj.gov/criminal/cypercrime/melissaSent.htm Accessed 5th May 2003. Cronkhite, C. and McCullough, J. (2001) Access Denied :The Complete Guide to Protecting Your Business Online. Osborne: McGraw-Hill.. Dwan, B.(2000) “The Computer Virus –– From There to Here.: An Historical Perspective” Computer Fraud & Security, 2000(12),pp. 13-16 Gordon, S. (1994). “The Generic Virus Writer” http://www.research.ibm.com/antivirus/SciPapers/Gordon/Generic Virus Writer.html Accessed 4th May 2003. Gordon, S. (2000). “Virus Writer: The End of The Innocence” http://www.research.ibm.com/antivirus/SciPapers/VB2000SG.htm Accessed 27th Apr 2003. Hannaford, C. S.( 1995) “Can computer security really make a difference? ”, Managerial Auditing
19
