Professional Documents
Culture Documents
N. Ganesan, Ph.D.
Acknowledgements
Chapter Focus
Introduction to computer security Overview of security threats Outline of security measures Summary
Vulnerability
Intentional attacks on computing resources and networks persist for a number of reasons Complexity of computer software and newly emerging hardware and software combinations make computer and the network susceptible to intrusion
It is difficult to thoroughly test an application for all possible intrusions
Security Threats
1. Trojan horse programs 2. Back door and remote administration programs 3. Denial of service 4. Being an intermediary for another attack 5. Unprotected Windows shares 6. Mobile code (Java, JavaScript, and ActiveX) 7. Cross-site scripting 8. Email spoofing 9. Email-borne viruses 10. Hidden file extensions 11. Chat clients 12. Packet sniffing Source: CERT
Cross-site Scripting
A malicious script can be sent and stored by a web developer on a website to be downloaded by an unsuspecting surfer When this website is accessed by a user, the script is transferred to the local web browser Ways of acquiring malicious scripts include following links in web pages, email messages, or newsgroup, using interactive forms on an untrustworthy site, viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags - CERT
Email Spoofing
Email spoofing tricks the user in believing that the email originated from a certain user such as an administrator although it actually originated from a hacker Such emails may solicit personal information such as credit card details and passwords Examining the email header may provide some additional information about the origin of the email
Examaple:
In the above files, the hidden extension is .vbs pertaining to an executable Visual Basic script
Chat Clients
Internet chat applications such as instant messaging applications and Internet Relay Chat (IRC) involve the exchange of information including files that may contain malicious executable codes The same caution that applies to email attachments apply here as well
Packet Sniffing
Packet sniffer programs capture the contents of packets that may include passwords and other sensitive information that could later be used for compromising the client computer For example, a sniffer installed on a cable modem in one cable trunk may be able to sniff the password from other users on the same trunk Encryption of network traffic provides one of the defenses against sniffing
Providing Security
Providing Security
Providing security requires action on two fronts, namely the management and the technical fronts respectively The management aspect relates to organizational policies and behavior that would address security threats and issues The technical aspect relates to the implementation of hardware and software to secure access to computing resources and the network
Management Aspect
Best practice approach is to ensure secure behavior The above can be done by established guidelines for managing, addressing and rectifying security related issues
Technical Aspect
Introduce security related hardware and software to secure access to computers and computing resources
Technical Approaches
From an implementation point of view, the following are some of the steps that could be taken to provide security
Implement security patches and other updates pertaining to an operating system and other venerable software such as the Internet Explorer Install self-monitoring an anti-virus, anti-spam and antihacker and pop-up blocker software Install a firewalls Use encryption wherever feasible
Firewalls
Firewalls are used for controlling access to the computing resources In general, it acts at the network level controlling network access to computing resources Firewalls can be implemented in software as well as in hardware
Encryption
By encryption, the data can be made illegible to the intruder It can be implemented at the network level as well as the client level For example, locally stored data can be encrypted and the network traffic could equally well be encrypted
Web References
firewall.com firewall-net.com firewallguide.com msdn.microsoft.com winroute.com tinysoftware.com sunsite.unc.edu
References
http:// www.howstuffworks.com http://www.microsoft.com http://www.securityfocus.com http://grace.com/us-firewalls.htm http://www.kerio.com/us/supp_kpf_manual. html http://www.broadbandreports.com/faq/secur ity/2.5.1. http://www.firewall-software.com
References
http://www.tlc.discovery.com/convergence/hacker s/hackers.html http://www.tuxedo.org/~esr/faqs/hackerhowto.html http://www.iss.net/security_center/advice/Underg round/Hacking/Methods/Technical/ http://www.infosecuritymag.com/articles/march01 /features4_battle_plans.shtml http://www.nmrc.org/faqs/www/wsec09.html http://www.microsoft.com/. Tim Rains Technical Lead
Networking Team
The End