IT Security Persuasive
In recent times, people have become more technology oriented and a higher level of computer-Internet and human interface has been observed. It may be information or data exchange, banking or online shopping, people regularly share their personal or confidential data through Internet.
Although it has added a lot of conveniences to human lives but Internet has also made everybody susceptible to digital threats. While enjoying the expediency of online banking, the users invariably render themselves to ‘phishing’ attacks.When people download software from the Internet, unknowingly they download ‘malware’ that takes control of their personal computers. Files attached with emails may carry in ‘Trojans’ that might play mayhem with their computers.
However, with proper knowledge and a little more caution, one can prevent the hazards of viruses that might corrupt the system, steal a person’s identity or even disable a computer. Danger defined: Generally, people consider every online threat as an Internet virus.Broadly speaking, a virus is a computer program that not just infects the computers, but also replicates itself and propagates within documents or applications in the user’s computer. It might also corrupt files, make databases inaccessible and pilfer personal data etc.
It can corrupt floppy disks if they are inserted into infected computer. In order to thwart these viruses from distribution and damaging more files or computers, anti-virus programs have been written which either disinfect the computer by deleting such malicious programs and if deletion is not possible, these programs are moved to a vault like location on the hard disk.Most of the viruses these days spread through Internet. This has produced another kind of viruses called worms that move through Intranets and Internet. Then there are Trojans, which can conceal their presence and spy ware, which can steal the data without any knowledge of the user.
(Team Chip 2006) Security Breaches: New threats surface every day, and there is always a possibility for the various digital threats to damage computer systems, causing it to lose important data, interrupt business activities, damaging a company’s reputation or expose it to legal claims from others.The various types of cyber security breaches are: System becomes Inaccessible: In this type of cyber attack, legitimate users are not able to access the systems. The targeted computer or server is overwhelmed from a single source with a stream of messages and thus the genuine traffic is blocked. This totally halts any exchange of information or access through Internet.
Exploit software: These software are available in the market and intruders of different expertise levels use them to determine susceptibility of the targeted systems and gain entry into them.Multiple Attacks to make a system inaccessible: In this variation of the digital attack, coordinated attacks are used from a distributed system of computers instead of a single source. These kinds of attacks are used to spread worms. Time Bombs: These are codes written within the program and are usually inserted when the software is written by the programmer. Such codes become active when an event triggers. On triggering of the event, the code may delete the entire data; crash the system and so on.
The triggering event could be anything like termination of programmer’s job.Sniffers: Sniffers are programs that intercept transmitted data and check each data packet looking for specific information, such as passwords or credit card information. Trojan Horse: Trojans are malicious software that appears as genuine programs. When users run such programs, totally unaware of their real purpose, these programs infect the computer.
Once on the computer, Trojan may strike in multiple ways, ranging from capturing what appears on the screen to keeping a record of what one types. The captured data is then transferred to the writer of that program through Internet.Thus, one is likely to lose some very important and personal information, which can also translate into financial losses. The different types of Trojans include “remote access Trojans”, “data sending Trojans” and “destructive Trojans”. Trojans even have the capability to offset anti-virus programs by changing their coding and hence making it even more difficult to detect them. Spyware: is developed with the objective of stealing information from others’ computers.
These programs can steal information that includes the history of web sites visited; passwords that were used to access secure Internet services, etc.However, spyware cannot reproduce itself but it can surely exploit others’ data for commercial or financial gains. Since this type of program cannot spread by itself, therefore it spreads only when the user chooses to install the software. But nobody would knowingly install such programs, therefore these often get attached on to free shareware programs that are found on free download web sites or free application CDs where spyware is projected as a utility application, for example an internet speed accelerator. (Team Chip 2006)Virus: malicious software, which usually “infects” executable programs, by putting its replica into the file.
These replicated files are executed when the infected file is installed in the memory. The result is that other files also get infected. In contrast to computer worm, a virus depends upon an individual to proliferate. War-Dialing: software that dials successive phone numbers searching for modems.
War Driving: This is a technique of trespassing into wireless computer networks with the help of laptop, transmitter and a remote network adaptor.Worms: a self-sufficient computer program that replicates itself from one computer to another in a network. Worms do not require human intervention for propagation. Worms waste computer time and network bandwidth when they are copying themselves from one system to another, and usually the purpose of spreading is to cause harm.
Using a network, a worm can replicate itself from a single copy to manifold copies in incredibly short time. A worm called “Code Red” replicated itself over 250,000 times in about nine hours on July 19, 2001. This worm created a sort of Internet traffic jam when it began to reproduce itself.Every copy of the worm searched the web for Windows NT or Windows 2000 servers that did not have the “Microsoft security patch” installed. Whenever it located an unsecured server, the worm replicated itself to that machine.
The new copy then searched for other computers to infect. Worms generally take advantage of some kind of security hole in the software or the operating system. The “Slammer” worm, which played havoc in Jan 2003, took advantage of a hole in Microsoft’s SQL server. (Brain) The Code Red usually did three things: • Copied itself to other systems for the first twenty days of every month• Changed Web pages on infected web servers with a new page which had “Hacked by Chinese” written on it.
• It also launched a rigorous attack on the White House Web server with an objective of devastating it. As per the “National Infrastructure Protection Center”: “The Ida Code Red Worm, which was first reported by eEye Digital Security, is taking advantage of known vulnerabilities in the Microsoft IIS Internet Server Application Program Interface (ISAPI) service. Un-patched systems are susceptible to a “buffer overflow” in the Idq. dll, which permits the attacker to run embedded code on the affected system.This memory resident worm, once active on a system, first attempts to spread itself by creating a sequence of random IP addresses to infect unprotected web servers.
Each worm thread will then inspect the infected computer’s time clock. Upon successful infection, the worm would wait for the appointed hour and connect to the www. whitehouse. gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.
whitehouse. gov (198. 137. 240.
91)”. The U. S. government had to alter the IP address of “www.
whitehouse. gov” to avert this particular threat from the worm. Economic Implications:While the World Wide Web, mobile computing and online media can help small firms compete with bigger companies, this digital paraphernalia also attracts risk. It is estimated that the “Mydoom” worm damaged nearly a quarter-million computers in just one day in January 2004.
In 1999, a virus called “Melissa” was so dominant that it enforced a complete shut down of e-mail systems of companies like Microsoft. The “ILOVEYOU” virus in 2000 had an equally overwhelming effect. (Brain) In 2003, a worm called Slammer, released to infect the Internet, temporarily damaged millions of computers around the world and slowed down large computer networks.Three servers maintaining the Internet crashed due to the worm. One big US banking company had to temporarily shut down nealy thirteen thousand of its ATMs.
Another global airline company could not sell tickets through Internet. Emergency services in Seattle got hampered as nobody could answer emergency calls due to failure of computer systems. (Wikipedia 2007) Slammer had caused an information jam. According to CyberSource, a firm involved into e-commerce and fraud prevention, in 2006, North American businesses suffered a loss of $3 billion due to online payment fraud.
Accordingly, last year, 97 percent of firms used fraud detection tools. (Frommer 2007) Hackers normally seek information like credit card and bank account details. They might also try use on other’s broadband Internet connection and turn the targeted computer into a “spam e-mail server” or artificially increase traffic to their own websites (Frommer 2007) Response to Cyber Attacks: Large organizations have their teams ready in case of any security breach. Such incidents disrupt normal working and create some intensity of crisis.
A Response Team is a group of professionals who are trained to counter the security threat or incident.The purpose of the team is to investigate the cause and resolve the matter. Normally such teams include a person from the senior management, a technical person and communications person to keep others updated on the situation. In case of supposed cyber crime or violations of user policies, the team gets activated. The teams have well defined measures for incident response, including the scenarios when law enforcement authorities should be called. (Pendyala) This team responsibility includes: 1.
Analysis of the data to determine the cause or source of the security breach e. g.human or program error, or deliberate action), and its consequences; 2. Using effective controls to save other systems and networks from the potential threats. 3.
Controlling the problem at the origin and thus protecting other systems and networks. 4. Data recovery and bringing normalcy in the network operations. 5. Planning corrective actions for future to prevent such happenings. The cyber security team should note that what commences as a gathering of facts for violation of organizational policy, these violations may turn out to be collection of proofs for more severe violations.
Computer might have been used for criminal activities, which can turn out to be a serious matter. For example, if a company employee is discovered to be using the company computer to write and release malicious programs to hack into other computers, it may result in civil/criminal prosecution. (Pendyala) CYBER FORENSICS “Computer forensics is defined as the use of an expert to preserve, analyze, and produce data from volatile and non-volatile media storage. This is used to encompass computer and related media that may be used in conjunction with a computer”. (Meyers, Rogers 2004).
Cyber forensics is a newly surfaced and upcoming field, which can be explained as the research of digital substantiation as an out come of cyber security breach. It involves compilation and examination of digital data within an analytical process. Cyber forensics involves the investigation and analysis of a computer to determine the potential of legal evidence. Computer forensics is a comparatively new field for the courts also and many of the prevailing laws used to bring to court cyber crimes, legal instances, and practices related to computer forensics are in a state of change.New court rulings are issued that affect how computer forensics is applied. (US-Cert 2005) Following steps need to be observed by the Cyber forensic experts as detailed by Judd Robbins in “An Explanation of Cyber forensics”: – “No possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to investigate the computer” – “No possible computer virus is introduced to a subject computer during the analysis process”.
– “Extracted and possibly relevant evidence is properly handled and protected from later mechanical or electromagnetic damage”. – ?? ”A-continuing chain of custody is established and maintained”.- “Business operations are affected for a limited amount of time, if at all”. – “Any client-attorney information that is inadvertently acquired during a forensic exploration is ethically and legally respected and not divulged”. Avoiding Digital Threats: If somebody is really worried about traditional viruses, then the best solution is using a more secure operating system like UNIX since hardly one hears about cyber attacks on these operating systems.
For comparatively unsecured operating systems, it’s prudent to use anti-virus software. One can also install programs e. g. “NoAdware”, “ErrorDoctor”, “Spynukke”, “AdAware”, etc as anti-spyware and Adware.
One must also take cautions while downloading files from Internet including mail attachments. Avoid downloading mail attachments with extensions like . exe, . com, . scr, .
bat, or . pif. (Team Chip 2006) Strong and long password using upper and lower cases with digits and special characters is always helpful. Latest operating systems like Windows and Mac OS X have in built “firewalls”, which provide some security against hackers. If there is any critical customer data in the system, then it’s advisable to use encryption software.
Premium versions of Windows Vista allow encrypting the whole hard disk with “BitLocker”, and Mac OS X matches the said feature with “FileVault”. (Frommer 2007) However, a company’s own employees can be just as harmful as trespassers. But their access on company computers can always be restricted. Companies should record all outgoing e-mails and whenever any employee resigns or is terminated, they should be denied access to any account.
Last and the most common blunder that needs to be avoided is losing one’s own laptop or smart phone.ReferencesBrain, Marshall; How Computer Viruses Work; accessed on Oct. 10, 2007 from http://computer. howstuffworks.
com/virus. htm Brain, Marshall; How Computer Viruses Work;accessed on Oct. 12,2007 from http://computer. howstuffworks. com/virus1.
htm CIOL(2007);Alarming rise in digital threats:June 27,2007 accessed on Oct. 13, 07 fromhttp://www. ciol. com/content/2760797823.
aspx Frommer, Dan(2007); The Top Five Digital Threats To Your Business; Forbes. com; June 14,2007; accessed on Oct. 13, 07 from http://www. forbes.