Computer Security

Contents

 

1.Computer Security

Introduction

Computer security is the process of preventing and detecting unauthorized use of a computer. Prevention measures helps to stop unauthorized users (also known as "intruders") from accessing any part of the computer system. Detection helps to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

Who are intruders and why they want to gain access of other computers?

Intruders (also referred to as hackers, attackers, or crackers) may not care about the identity. Often they want to gain control of the computer so they can use it to launch attacks on other computer systems.

By controlling the computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if user has a computer connected to the Internet only to play the latest games or to send email to friends and family, the computer may be a target.

Intruders may be able to watch all actions on the computer, or cause damage to the computer by reformatting the hard drive or changing the data.

7.1 Computer Security Tools

Firewalls

A firewall is a device that limits access to the system from the outside. A firewall may be a software program running on computer or it may be a piece of hardware outside the computer: but since they allow some applications (e.g. web browsers) to connect to the Internet, they don’t protect against some unmatched vulnerabilities in these applications. The firewall screens any attempts to access user system and only allows access that user decide to allow. In this way much vulnerability that could be used to gain unauthorized access to the user system are eliminated.

Cryptographic techniques

 It can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified. Strong authentication techniques can be used to ensure that communication end-points are who they say they are. Secure crypto processors can be used to leverage physical security techniques into protecting the security of the computer system.

Anti-virus software:

It consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).It can detect a wide range of threats, including worms, phishing attacks, root kits, Trojan horses and other malware.

Antivirus software typically uses two different approaches to accomplish this: examining (scanning) files to look for known viruses matching definitions in a virus dictionary, and identifying suspicious behavior from any computer program which might indicate infection.

Passwords:

Passwords are the most common tool for restricting access to computer systems.

Backups:

It is a way of securing information; they are another copy of all the important computer files kept in another location. These files are kept on hard disks, CD-R, CD-RWs, and tapes. Backup may also involve using one of the file hosting services that backs up files over the Internet for both business and individuals.       

Encryption:

It is used to protect the actual message form the eyes of others. It can be done in several ways by switching the characters around, replacing characters with other, and even removing characters from the message.

Intrusion-detection systems:

It can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network.

Pinging:

The ping application can be used by potential crackers to find an IP address is reachable. If a cracker finds a computer, they can try a port scan to detect and attack services on that computer.

7.2 Virus

A virus is a program that runs on a system against the owners or user's wishes and knowledge. Viruses have one or more methods they use to spread. Most commonly they will attach a file to an e-mail message and attempt to trick victims into running the attachment.  

It reproduces its own code by attaching itself to other programs in such a way that the virus code is executed when the infected program is executed.

Viruses are programs just like any other on the computer. They consist of instructions that the computer executes. What makes viruses special is that they do their “job” by placing self-replicating code in other programs, so that when those other programs are executed, when more programs are “infected” with the self-replicating code. “Self-replicating code” is simply a program that copies itself to other programs. This self-replicating code, when triggered by some event, may do a potentially harmful act to the computer-but this is strictly optional.

Types of Virus

Computer viruses are a specific type of program written deliberately to cause harm to someone’s computer or to use that computer in an unauthorized way. There are many forms of malicious software; the different types of malicious software are:

Worms

A worm is a self-reproducing program that does not infect other programs as a virus will, but instead creates copies of it, which in turn create even more copies. These are usually seen on networks and on multi-processing operating systems. Each new copy will create more copies quickly clogging the system. Due to the copying nature of a worm and its capability to travel across networks which results in (most cases is that the worm consumes too much system memory or network bandwidth), causing Web servers, network servers and individual computers to stop responding.

Trojans

A Trojan program acts like the Trojan horse of Greek Mythology. A destructive code (such as a logic bomb or a virus) is hidden inside a useful program. When this useful program is running, the destructive part will attack the computer in some way. It may erase the FAT and directory.

Logic Bombs

Just like a real bomb, a logic bomb will lie dormant until triggered by some event. The trigger can be a specific date, the number of times executed, a random number, or even a specific event such as deletion of an employee’s payroll record. When the logic bomb is triggered it will usually do something unpleasant. The range is from changing a random byte of data somewhere on your disk to making the entire disk unreadable.

The changing of random data on disk may be the most insidious attack since it would do a lot of damage before it would be detected.

Measures to Prevent from Virus

1) The best defense against a worm is to have either a personal firewall on the system or be behind a corporate firewall.

2) Patching the system with updates to fix the vulnerabilities. Patching is the act of downloading updates to the vulnerable operating system or application and applying the update to the program.

3) Continually running anti-virus software which may detect worms. This is not the best defense against worms however because sometimes the worm can infect the system before the anti-virus software can detect it.

4) Do not open the email attachments which are not expected. Viruses come with some very nasty messages to trick the user into opening the attachment.

CYBER CRIME

It contains all criminal offences which are committed with the aid of communication devices in a network. This can be for example the Internet, the telephone line or the mobile network.

Although the term cyber crime is usually restricted to describing criminal activity in which the computer or network is an essential part of the crime, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity.

Hacker

In a security context, a hacker is someone involved in computer security/insecurity, or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge. He is a person who breaks into computers, usually by gaining access to administrative controls.

Examples

  • Spamming and copyright crimes, particularly those facilitated through peer-to-peer networks.
  • Unauthorized access (i.e., defeating access controls), malicious code, and denial-of-service attacks.
  • Theft of service (in particular, telecom fraud) and certain financial frauds.
  • Hacking, “phishing”, identity theft, online gambling, and securities fraud.