Docstoc

SECURITY ISSUES_ THREATS AND SOLUTIONS

Document Sample
SECURITY ISSUES_ THREATS AND SOLUTIONS Powered By Docstoc
					SECURITY ISSUES, THREATS AND SOLUTIONS

A Paper Presented By

The Department Of Information & Communication Technology NATIONAL UNIVERSITIES COMMISSION

TOPICS
1. INTRODUCTION 2. WHAT IS A VIRUS? 3. TYPES OF VIRUSES: EXAMPLES OF SOME LATEST THREATS 4. WAYS OF INFECTING THE SYSTEM 5. PROTECTING YOUR SYSTEM AGAINST MALWARE 6. CONCLUSION

1.0 INTRODUCTION
OPERATING SYSTEM CP/M MS-DOS MS Windows 1.0 MS Windows 2.0 MS Windows 3.0 MS Windows 3.1 MS Windows 95 MS Windows 98 MS Windows 2000 MS Windows XP MS Longhorn (code name) DATE OF RELEASE Mid 1970’s 12 August 1981 20 November 1985 1987 22 May 1990 6 April 1992 24 August 1997 25 June 1998 2000 2001 Due for release in 2005




        

1.1 INTRODUCTION:
 In the USA, out of 70,000 corporate networks surveyed in January 2001, 3 hackers made 6,000 attempts each month to gain access to corporations  More than 60,000 viruses have been identified, and 500 new ones are created every month  Most organizations will regularly encounter virus outbreaks.  No one who uses computers is immune to viruses.

1.2 INTRODUCTION
 More than 87% of all viruses enter the enterprise via email  A single email attachment or execution of a virus from the Internet or email can lead to widespread infection in a matter of hours and can result in costly downtime.

 There is no way to measure the actual value of information rendered unrecoverable by a malware program

2.0 WHAT IS A VIRUS?
 A computer virus is a program that has the unique ability to replicate  A virus is a hidden, self-replicating section of computer software, usually malicious logic that propagates by inserting a copy of itself into and becoming part of another program.  A virus cannot run by itself. It relies on its host program to run to be activated  It is a form of infection that can remain dormant within a computer system, a hard disk, or software program for some time until triggered by particular events such as a particular date or number of keystrokes  The first instances of viruses in the PC environment were recorded in 1986. The number grew from 6 in 1988 to over 600 viruses in 1992

2.1 WHAT IS A VIRUS? :
 Unusual error messages  Illegible output

SYMPTONS

 An entire database or hard disk is erased

 Sudden decreases in memory or disk capacity and degradation of the overall performance of the computer

 Unusual sound effects, musical tones, irregular or obscene on-screen messages

plus

2.2 OTHER FORMS OF MALICIOUS

SOFTWARE (A.K.A. MALWARE)

Other forms of malicious programs which do not replicate themselves are:  TROJANS: Trojans cause damage, perform unexpected or unauthorized actions which would compromise the security of systems and sometimes lead to loss of valuable data  WORMS: A Worm is a program that attacks the operating system (OS) and consumes memory and disk space in the process. The worm uses the OS or one of its components like E-mail to spread.

3.0 TYPES OF VIRUSES:
1. Melissa Virus/Worm:

 In 1998, attacked millions of computers worldwide
 Affected Microsoft Email with a statement reading ”This is the document that you requested”  It captured authentic address book names as a means to spread the virus  Microsoft was virtually down for two days.

3.1 TYPES OF VIRUSES:
EXAMPLES OF SOME LATEST THREATS
2. WORM_BUGBEAR.A
   Propagates via shared network folders and email Terminates anti-virus programs Acts as a backdoor server application i.e. allows remote users to connect to infected systems and obtain information, manipulate files, and execute programs on the infected systems. Sends out system passwords Fakes the FROM field and obtains the recipients for its email from email messages, address books, and mail boxes on the infected system Generates the filename for the attached copy of itself Can also cause print jobs to accumulate in network printer queues

   

EMAIL MESSAGES CONTAIN NO MESSAGE BODY AND MAY HAVE ANY OF THE FOLLOWING AS SUBJECTS:  Interesting...  $150 FREE Bonus!  Introduction  25 merchants and rising  its easy  Announcement  Just a reminder  bad news  Lost & Found  CALL FOR INFORMATION!  Membership Confirmation  click on this!  My eBay ads  Confirmation of Recipes…  New bonus in your cash account  Correction of errors  New Contests  Daily Email Reminder  new reading  empty account  Payment notices  fantastic  Report  free shipping!  SCAM alert!!!  Get 8 FREE issues-no risk!  Sponsors needed  Get a FREE gift!  Tools For Your Online Business  Greets! update  hello!  Warning!  history screen  Your Gift  I need help about script!!!  Your News Alert

3.1 TYPES OF VIRUSES:
3.
  

W32.HLLW.Deloder
Discovered on March 08, 2003 the worm attempts to connect to a target host using TCP port 445. Upon successful connection, the worm attempts to copy, delete, and change the attributes of files to read-only

4. VBS.Krim.F@mm
    Also known as Bloodhound.VBS.Worm Discovered on March 07, 2003 Worm sends itself to all the contacts in the Microsoft Outlook Address Book Also attempts to format the C drive, by adding a command to the Autoexec.bat file

5.
 


W32.Bibrog.B@mm
Discovered on March 06, 2003, A mass-mailing worm that uses Microsoft Outlook to send itself to all the contacts in the Outlook Address Book When the worm is executed, it opens a program that looks like a shooting game. And may also change your Windows wallpaper.

6.W32.HLLW.Daboom@mm
   Discovered on March 07, 2003 A mass-mailing worm that replicates by email Sends itself to the addresses it finds in the Windows Address Book and in the .htm and .html files stored in the Internet Explorer cache Also contains backdoor Trojan capabilities which permit unauthorized access to an infected computer



7.  

Backdoor.Plux Discovered on March 06, 2003 The Trojan opens a listening port on your computer. This action could allow a hacker to remotely control your computer.

8. VBS.Lunnet.A  Discovered on March 06, 2003  A worm that attempts to spread using the filesharing networks  Also adds a command to the Autoexec.bat file to format the hard drive the next time you start the computer

3.1 TYPES OF VIRUSES:
9.  Ganda The Ganda virus exploits the public interest in the war against Iraq It comes as an e-mail attachment with a variety of subject lines such as "Spy pics" and "GO USA !!!!“ Can send itself to all addresses in Microsoft Outlook as well as attempting to shut down anti-virus products It is suspected to have been written in Sweden, as hidden inside the virus is a grievance with the Swedish educational system "Coded by Uncle Roger in Hõrnsand, Sweden, 03.03. I am being discriminated by the Swedish school system (sic). This is a response to eight long years of discrimination."







4.0 WAYS OF INFECTING THE
SYSTEM


From one computer to another by using an infected diskette By downloading information from another contaminated system Sending and receiving emails







Downloading data or program files from the Internet

5.0 PROTECTING YOUR SYSTEM

AGAINST MALWARE
A. Backups Data destruction is one of the side-effects found in viruses. It is therefore highly advisable to backup so as to guard against the inevitable component failures and the resulting loss or corruption of data. B. Indiscriminate use of disks It is the responsibility of PC users to ensure that floppy diskettes or writable CDs from unknown or suspicious sources are not used on their systems as infections could be introduced through these sources.

C.

DO NOT OPEN SPAM MAILS Virus writers are becoming ever more cunning in how they persuade people to open infected messages. The rule here is:
If you are not sure of the sender, it is best practice to delete the mail rather than attempt to read it and get your system infected.

DO NOT OPEN UNSOLICITED E-MAILS

D. CHOOSE A GOOD PASSWORD It is not advisable to use easy to remember passwords such as dictionary words and English or religious names. Combinations of upper and lower case letters, numbers, and symbols usually produce good passwords that are very difficult to guess. Example:

· · ·

$40&yc4f wsR!vst?
“Money for nothing and your chicks for free”
“workshop students aRe not very sleepy today”

A vernacular statement

E.

Disconnect from the Internet when not accessing When not browsing the Internet, disconnect network cable to prevent access by hackers

the

F. Empty the recycle bin periodically Whenever you delete a file, it goes to the recycle bin. A “bad” file, even when deleted could still trigger off an attack. Emptying the recycle bin completely eliminates the files from your system.
G. Disable the Windows Scripting Host Functionality This is to prevent viruses like VBS_LoveLetter from running, so that they cannot activate, spread or cause damage to files. The Windows Scripting Host (WSH) which is installed by default on Windows or Internet Explorer should be disabled. A typical PC does not need it to function normally.

H. DO NOT HIDE FILE EXTENSIONS OF KNOWN FILE TYPES
All Windows Operating Systems, by default, hide the known file extensions in Windows Explorer. This feature can be used by virus writers and hackers to disguise malicious programs as some other file formats, such as text, video or audio files. For example, a malicious program file named "readme.txt.exe" is displayed as "readme.txt" in Windows Explorer thereby tricking users into clicking the "text" file and then into inadvertently running the malicious file. To avoid this confusion, you are recommended to change the Windows Explorer setting to "Not hide the File Extension of known File Types.“

I.

SET INTERNET EXPLORER SECURITY TO AT LEAST "MEDIUM“ By default, the Internet Explorer Security Setting is set to "Medium." However, there had been many systems where the security system was changed to "Low" by a virus, Trojan, or hacker. In this regard, we encourage every user to ensure that their security setting is set to at least "Medium", as this will reduce the risk of accidentally running a malicious file.

At the "Medium" security level, Internet Explorer will prompt users before running potentially unsafe content.

J. Require a Prompt Before Opening Mail Attachments It is advisable that Internet users save files to the local hard drive and then scan them with an up to date anti-virus product (instead of double-clicking over the incoming email file attachments).

K. Apply All the Latest Microsoft Security Updates
In order to close security holes that have been discovered since Windows was shipped and installed, we advise everyone to visit the Microsoft Update Website at http://windowsupdate.microsoft.com Please follow the on-line instructions on how to update your system. Security updates will help prevent hackers from accessing your system and prevent viruses from running on your system. Windows 98,2000, or XP users can also use the Windows Update feature to get all the latest security updates. Simply click "Start" and then select "Windows Update"

L.

CHANGE THE CMOS BOOT-UP SEQUENCE
Most PCs are configured as delivered from the manufacturers to boot from drive A: and only if there is no disk in the drive to boot from drive C:.
If a user leaves an infected disk in the floppy drive, the PC will become infected as the result. Changing the PC to boot from drive C: completely eliminates the danger from pure boot sector viruses. You can request the IT professionals in the Commission to confirm the boot sequence setting

I. INSTALL A GOOD ANTI-VIRUS
A good security tool must be able to detect and block the infected documents or clean them before the email reaches the addressee.

Additionally, the anti-virus solution should notify the recipient and/or network administrator of the email-borne virus. This way, viruses are stopped in their tracks before they do any harm and senders can be alerted that their systems are infected.

6.0

CONCLUSION

Users whose systems have been attacked by viruses or Trojans can tell better about the pains they went through in the, sometimes futile, effort of trying to recover or re-build their lost (and important) data. Therefore safe computing practices, in as much as they do not replace the use of antivirus, make it more difficult for malicious code to enter or execute on client systems. These safe computing practices will add a protective layer of defense to prevent viruses from running inadvertently.

THANK YOU


				
DOCUMENT INFO