Docstoc

SECURITY OF THE INTERNET

Document Sample
SECURITY OF THE INTERNET Powered By Docstoc
					SECURITY OF THE INTERNET                                                            cannot get access to the network or specific services provided on the                         program that would connect to another computer, find and
I.    OVERVIEW OF INTERNET SECURITY                                                 network, they experience a denial of service.                                                 use one of several vulnerabilities to copy itself to that
      A.      What is Internet Security?                                                     To make information available to those who need it and who                           second computer, and begin to run the copy of itself at the
   As of 1996, the Internet              Among them are the risks                   can be trusted with it, organizations use authentication and                                  new location.
   connected an estimated 13 million     that valuable information                  authorization.                                                                                          The original code and the copy would then repeat
   computers in 195 countries on         will be lost, stolen,                               Authentication is proving that a user is whom he or she claims                       these actions in an infinite loop to other computers. This
   every continent.                      corrupted, or misused.                     to be. That proof may involve something the user knows (such as a                             “attack tool" caused a geometric explosion of copies to be
                                                                                    password), something the user has (such as a "smartcard"), or                                 started at computers all around the ARPANet. As a result,
   The Internet is not a single                 If information is recorded          something about the user that proves the person's identity (such as a                         10% of the U.S. computers connected to the ARPANet
   network, but a worldwide                     electron-ically and is              fingerprint).                                                                                 effectively stopped at about the same time.
   collection of loosely connected              available on networked                       Authorization is the act of determining whether a particular                                   By that time, the ARPANet had grown to more than
   networks that are accessible by              computers, it is more               user (or computer system) has the right to carry out a certain activity.                      88,000 computers and was the primary means of
   individual computer hosts in a               vulnerable than if the              Authentication and authorization go hand in hand. Users must be                               communication. With the ARPANET effectively down, it was
   variety of ways.                             same      information     is        authenticated before carrying out the activity they are authorized to                         difficult to coordinate a response to the worm.
                                                printed on paper and                perform.                                                                                                Many sites removed themselves from the ARPANet
    Along with the convenience and              locked in a file cabinet.                    Security is strong when the means of authentication cannot                           altogether, further hampering communication and the
    easy access to information come                                                 later be refuted - the user cannot later deny that he or she performed                        transmission of the solution that would stop the worm.
    new risks.                                                                      the activity.                                                                                           The Morris worm prompted agencies to fund a
        B.      Basic Security Concepts                                                      This is known as non-repudiation.                                                    computer emergency response team, now the CERT®
           Three basic security concepts important to information on the                  C.       Why Care About Security?                                                       Coordination Center, to give experts a central point for
  Internet are confidentiality, integrity and availability. Concepts relating                It is easy to gain unauthorized access to information in an                          coordinating responses to network emergencies.
  to the people who use that information are authentication,                        insecure networked environment, and it is hard to catch the intruders.                                  Other teams quickly sprang up to address computer
  authorization and non-repudiation.                                                         Security-related information can enable unauthorized                                 security incidents in specific organizations or geographic
  Confidentiality (Loss of)                                                         individuals to get access to important files and programs, thus                               regions. Within a year of their formation, these incident
           When information is read or copied by someone not                        compromising the security of the system                                                       response teams created an informal organization now
  authorized to do so, the result is known as loss of confidentiality.                       The consequences of a break-in cover a broad range of                                known as the Forum of Incident Response and Security
           For some types of information, confidentiality is a very                 possibilities: a minor loss of time in recovering from the problem, a                         Teams (FIRST).
  important attribute. This is particularly true for banks and loan                 decrease in productivity, a significant loss of money or staff-hours, a       1989:           The ARPANET officially became the Internet and moved
  companies, hospitals, or agencies that offer services such as                     devastating loss of credibility or market opportunity, a business no                          from a government research project to an operational
  psychological counseling or drug treatment.                                       longer able to compete, legal liability and the loss of life.                                 network; it had grown to more than 100,000 computers.
  Integrity (Loss of)                                                           II.       HISTORY                                                                                 Security problems continued.
           Information can be corrupted when it is available on an              1969:           The Internet began as a project funded by the Advanced                                      Although the Internet was originally conceived of and
  insecure network. When information is modified in unexpected ways,                            Research Projects Agency (ARPA) of the U.S. Department                            designed as a research and education network, usage
  the result is known as loss of integrity. Unauthorized changes are                            of Defense. As more locations with computers joined the                           patterns have radically changed. The Internet has become a
  made to information, whether by human error or intentional tampering.                         ARPANet, the usefulness of the network grew.                                      home for private and commercial communication, and at
  Availability (Loss of)                                                        1986:           The first well-publicized international security incident was                     this writing it is still expanding. Increased reliance on the
           Information can be erased or become inaccessible, resulting                          identified. A simple accounting error in the records of                           Internet is expected over the next five years, along with
  in loss of availability. This means that people who are authorized to                         systems connected to the ARPANet led to uncover an                                increased attention to its security.
  get information cannot get what they need.                                                    international effort, to connect to computers in the US and       III.     NETWORK SECURITY INCIDENTS
           Availability is often the most important attribute in service-                       copy information. These U.S. computers were not only at                        A network security incident is any network-related activity with
  oriented businesses that depend on information (e.g., airline                                 universities, but at military and government sites all over the       negative security implications. This means that the activity violates an
  schedules and online inventory systems).                                                      country.                                                              explicit or implicit security policy.
  Non-repudiation                                                               1988:           The ARPANet had its first automated network security                           Incidents come in all shapes and sizes. An intrusion may be a
           Availability of the network itself is important to anyone whose                      incident, referred to as "the Morris worm". A student at              comparatively minor event involving a single site or a major event in
  business or education relies on a network connection. When a user                             Cornell University (Ithaca, NY), Robert T. Morris, wrote a            which tens of thousands of sites are compromised.
                                                                                                                      1
              A typical attack pattern consists of gaining access to a user's                    similar to an account compromise, except that the        C. Incidents and Internet Growth
     account, gaining privileged access, and using the victim's system as a         Root         account that has been compromised has special                           Since the CERT® Coordination Center began operating in
     launch platform for attacks on other sites.                                    Compro       privileges on the system; “root” is derived from an            1988, the number of security incidents reported to the center has
              It is possible to accomplish all these steps manually in as little    mise         account on UNIX systems that typically has                     grown dramatically, from less than 100 in 1988 to almost 2,500 in
     as 45 seconds; with automation, the time decreases further.                                 unlimited, or "superuser", privileges.                         1995, the last year for which complete statistics are available as of
     When reading accounts of incidents, note that different groups may                                                                                         this writing. Through 1994, the increase in incident reports roughly
     use different criteria for determining the bounds of an incident.                                                                                          parallels the growth of the size of the Internet during that time
A.                   Sources of Incidents                                                             a program that captures data from                                  The data for 1995 and partial data for 1996 show a slowing
              It is difficult to characterize the people who cause incidents. An    Packet Sniffer    information packets as they travel over the               of the rate at which incidents are reported to the CERT/CC
     intruder may be an adolescent who is, a college student who has                                  network: user names, passwords that travel                (perhaps because of sites' increased security efforts or the
     created a new software tool, an individual seeking personal gain, or a                           over the network in clear text.                           significant increase in other response teams formed to handle
     paid "spy" seeking information for the economic advantage of a                                   goal is to prevent legitimate users of a                  incidents). However, the rate continues to increase for serious
     corporation or foreign country.                                                Denial of         service from using it; may "flood" a network              incidents.
              An incident may also be caused by a disgruntled former                Service           with large volumes of data or deliberately       D. Incident Trends
     employee or a consultant who gained network information while                                    consume a scarce or limited resource.                              In the late ’80s and early ’90s, intrusion was fairly
     working with a company. An intruder may seek entertainment,                    Exploitation of   attackers can forge their identity, they may              straightforward. Intruders most often exploited relatively simple
     intellectual challenge, a sense of power, political attention, or financial    Trust             be able to gain unauthorized access to other              weaknesses, such as poor passwords and misconfigured systems
     gain.                                                                                            computers.                                                that allowed greater access to the system.
              One characteristic of the intruder community as a whole is its        Malicious         a general program that would cause                                 Intruders with little technical knowledge are becoming more
     communication. Intruders identify and publicize misconfigured                  Code              undesired results on a system; users are not              effective as the sophisticated intruders share their knowledge and
     systems; they use those systems to exchange pirated software, credit                             aware of the program until they discover the              tools.
     card numbers, exploitation programs and the identity of sites that                               damage.                                          1. Intruders' Technical Knowledge
     have been compromised, including account names and passwords.                                    Malicious code includes Trojan horses,                             Intruders examine source code to discover weaknesses in
              By sharing knowledge and easy-to-use software tools,                                    viruses, and worms.                                       programs. Programs written for research purposes (with little
     successful intruders increase their number and their impact.                                     Trojan horses and viruses are usually hidden              thought for security) or written by new programmers become widely
           B. Types of Incidents                                                                      in legitimate programs or files that attackers            used, with source code available to all. Once intruders gain access,
                         Incidents can be broadly classified into several kinds:                      have altered to do more than what is                      they can examine this code to discover weaknesses.
              the probe, scan, account compromise, root compromise,                                   expected.                                                          Intruders use Trojan horses to hide their activity from
              packet sniffer, denial of service, exploitation of trust, malicious                     Worms are self-replicating programs that                  network administrators. They also encrypt output from their activity,
              code and Internet infrastructure attacks.                                               spread with no human intervention after they              such as the information captured by packet sniffers. Even if the
                           characterized by unusual attempts to gain access                           are started.                                              victim finds the sniffer logs, it is difficult or impossible to determine
          Probe            or discover information about the system;                                  Viruses are also self-replicating programs,               what information was compromised.
                           sometimes followed by a more serious security                              but usually require some action on the part      2. Techniques to Exploit Vulnerabilities
                           event, but are often the result of curiosity or                            of the user to spread to other programs or                         The most widely publicized of the newer types of intrusion is
                           confusion.                                                                 systems.                                                  the use of the packet sniffers. Other tools are used to construct
                           simply a large number of probes done using an                              These sorts of programs can lead to serious               packets with forged addresses. Intruders also "spoof" computer
          Scan             automated tool; can sometimes be the result of a                           data loss, downtime, denial of service and                addresses, masking their real identity and successfully making
                           misconfiguration or other error; often a prelude to                        other types of security incidents.                        connections that would not otherwise be permitted.
                           a more directed attack.                                                    These rare but serious attacks involve key                         With sophisticated technical knowledge and understanding
                           unauthorized use of a computer account by                Internet          components of the Internet infrastructure                 of the network, intruders are increasingly exploiting network
          Account          someone; might expose the victim to serious data         Infrastructure    rather than specific systems. Infrastructure              interconnections. Infrastructure attacks are even more threatening
          Compro           loss, data theft, or theft of services.                  Attacks           attacks affect a large portion of the Internet            because legitimate network managers and administrators typically
          mise                                                                                        and can seriously hinder the day-to-day                   think about protecting systems and parts of the infrastructure rather
                                                                                                      operation of many sites.                                  than the infrastructure as a whole.
                                                                                                                                                       3.       Intruders’ Use of Software Tools
                                                                                                                  2
              Tools available to launch an attack have become more                          a wide range of subclasses, which intruders often exploit using their           system from home or while traveling, using encryption,
      effective, easier to use and more accessible to people without an                     own attack tools.                                                               authentication for issuing accounts, configuration, and monitoring.
      in-depth knowledge of computer systems. People who have the                  3.       Weaknesses in System and Network Configurations                          3.     Security Practice
      desire but not the technical skill are able to break into systems.                             Vulnerabilities in the category of system and network                          System administration practices play a key role in network
              The trend toward automation can be seen in the distribution                   configurations are a result of the way these components are set up              security. Checklists and general advice on good security practices
      of software packages containing a variety of tools to exploit                         and used. Products may be delivered with default settings that                  are readily available. Below are examples of commonly
      vulnerabilities. These packages are often maintained by competent                     intruders can exploit.                                                          recommended practices:
      programmers and are distributed complete with version numbers                                  An example of a faulty configuration that has been exploited        Ensure all accounts have a password and are difficult to guess.
      and documentation.                                                                    is anonymous File Transfer Protocol (FTP) service.                                                 Be vigilant in network use and configuration,
IV.   INTERNET VULENRABILITIES                                                                       When sites misconfigure their anonymous FTP archives,                                          making changes as vulnerabilities become
              Vulnerability is a weakness that a person can exploit to                      unauthorized users can get authentication information and use it to                                     known.
      accomplish something not authorized or intended. Vulnerabilities                      compromise the system.                                                                             Regularly check with vendors for the latest
      may be caused by engineering or design errors, or faulty                     V.       IMPROVING SECURITY                                                                                      available fixes and keep systems current with
      implementation.                                                                                In the face of vulnerabilities and incident trends, a robust                                   upgrades and patches.
A.    Why the Internet Is Vulnerable                                                        defense requires a flexible strategy that adapts to the changing                                   Audit systems and networks, and regularly
              Many early network protocols that now form part of the                        environment, well-defined policies and procedures, the use of                                           check logs. Many sites that suffer computer
      Internet infrastructure were designed without security in mind.                       robust tools and constant vigilance.                                                                    security incidents report that insufficient audit
              Because of the inherent openness of the Internet and the                               It is helpful to begin a security improvement program by                                       data is collected, so detecting and tracing an
      original design of the protocols, Internet attacks in general are quick,              determining the current state of security at the site. Integral to a                                    intrusion is difficult.
      easy, inexpensive, and may be hard to detect or trace.                                security program are documented policies and procedures, and                Safeguard your passwords!
              Many sites place unwarranted trust in the Internet. It is                     technology that support their implementation.                               1.    Do not use passwords that refer to easily obtainable personal
      common for sites to be unaware of the risks or unconcerned about             A.       Security Policy, Procedures, and Practices                                        information, such as your name, address, phone number, or
      the amount of trust they place in the Internet.                              1.       Security Policy                                                                   birthday.
              Finally, the explosive growth of the Internet has expanded                             A policy is a documented high-level plan for organization-         2.    Avoid using common words.
      the need for well-trained and experienced people to engineer and                      wide computer and information security. It provides a framework for         3.    Passwords should be at least eight alphanumeric characters –
      manage the network in a secure manner.                                                making specific decisions, and is the basis for developing secure                 combine upper and lower case letters, numbers, and symbols,
              Because the need for network security experts exceeds the                     programming guidelines and procedures for users and system                        Passwords are “CasE SenSITive”! e.g. 2fjm0x@Ic.
      supply, inexperienced people are called upon to secure systems,                       administrators to follow.                                                   4.    Ideally, use a different password for each service you register
      opening windows of opportunity for the intruder community.                                     Factors that contribute to the success of a security policy              with. For sensitive accounts, such as financial services, change
B.    Types of Technical Vulnerabilities                                                    include management commitment, technological support for                          your passwords frequently.
              The following taxonomy is useful in understanding the                         enforcing the policy, effective dissemination of the policy, and the        5.    Never ever disclose your passwords. Don’t have your computer
      technical causes behind successful intrusion techniques, and helps                    security awareness of all users.                                                  “remember your password”.
      experts identify general solutions for addressing each type of                                 Technological support for the security policy moves some           E.    Security Technology
      problem.                                                                              responsibility for enforcement from individuals to technology.                            A variety of technologies have been developed to help
1.    Flaws in Software or Protocol Designs                                                 Technical options that support policy include (but are not limited to)            organizations secure their systems and information against
              Protocols define the rules and conventions for computers to                  challenge/response systems for authentication                                     intruders. These technologies help protect systems and
      communicate on a network. If a protocol has a fundamental design                     auditing systems for accountability and event reconstruction                      information against attacks.
      flaw, it is vulnerable to exploitation no matter how well it is                      encryption systems for the confidential storage and transmission of         1.    Operational Technology
      implemented. When software is designed or specified, often                            data                                                                                      System administrators should maximize the availability of
      security is left out of the initial description and is later "added on" to           network tools such as firewalls and proxy servers                                 system services to valid users while minimizing the susceptibility
      the system.                                                                  2.       Security-Related Procedures                                                       of complex network infrastructures to attack.
2.    Weaknesses in How Protocols and Software Are Implemented                                       Procedures are specific steps to follow that are based on                        No single technology addresses all the problems, but
              Even when a protocol is well designed, it can be vulnerable                   the computer security policy. Procedures address topics as                        organizations can significantly improve their resistance to attack
      because of the way it is implemented. This type of vulnerability has                  retrieving programs from the network, connecting to the site's                    by carefully preparing and strategically deploying personnel and
                                                                                                                                                                              operational technologies.
                                                                                                                          3
2.    One-Time Passwords                                                                 Defensive information warfare is the protection of your                            A user may not even be aware that code has been
               All passwords should at least be encrypted as they                information assets against attack.                                                 downloaded and executed. Some Web-related programming
      traverse networks. A better solution is to use one-time                            Because the Internet is global, it can be an avenue of attack              languages, most notably JAVA, have built-in security features,
      passwords.                                                                 for offensive information warfare by many governments. Intruder                    but security experts are concerned about the adequacy of these
               These passwords are never repeated and are valid only             technology could be used by a government as a weapon against                       features.
      for a specific user during the period that each is displayed. In           information resources, or used randomly by a terrorist organization                        As executable content makes Web browsing even more
      addition, users are often limited to one successful use of any             against civilian targets.                                                          alluring, further research will be necessary to counter security
      given password. One-time password technologies significantly                                                                                                  risks. Users need to be educated about the risks so they can
      reduce unauthorized entry requiring an initial password.              VII.     THE FUTURE                                                                     make informed choices about where to place their trust.
3.    Firewalls                                                                               Research and development efforts are underway to allow                HOME NETWORK SECURITY
               Intruders attempt to gain access to networked                         critical applications to operate in the future in a more secure                        This document gives an overview of the security risks and
      systems by pretending to initiate connections from trusted                     environment than exists today.                                                 countermeasures associated with Internet connectivity.
      hosts.                                                                A.       Internetworking Protocols                                                      I. COMPUTER SECURITY
                  They squash the emissions of the genuine host using                         Most of the network protocols currently in use have           A.      What is computer security?
      a denial-of-service attack and then attempt to connect to a target             changed little since the early definitions of the ARPANet. To                          Computer security is the process of preventing and
      system using the address of the genuine host.                                  have a secure foundation for the critical Internet applications of             detecting unauthorized use of your computer.
               A firewall is a collection of hardware and software                   the future, severe weaknesses must be addressed.                                       Prevention helps you to stop unauthorized users from
      designed to examine a stream of network traffic and service                             New internetworking protocols are under development to                accessing any part of your computer system.
      requests. Its purpose is to eliminate from the stream those                    authenticate the originator of a packet and to protect the integrity                   Detection helps you to determine whether or not
      packets or requests that fail to meet the security criteria                    and confidentiality of data.                                                   someone attempted to break into your system, if they were
      established by the organization.                                      B.       Intrusion Detection                                                            successful, and what they may have done.
4.    Monitoring Tools                                                                        Research is underway to improve the ability of networked      B.      Who would want to break into my
               Continuous monitoring of network activity is required if a            systems. There are two major areas of research in intrusion                    computer at home?
      site is to maintain confidence in the security of its network and              detection: anomaly detection and pattern recognition.                                  Intruders may not care about your identity. Often they
      data resources.                                                                         Research in anomaly detection is based on determining                 want to gain control of your computer so they can use it to launch
               Sophisticated systems capable of reacting to                          patterns of "normal" behavior for networks, hosts, and users and               attacks on other computer systems.
      questionable network activity may be implemented to disconnect                 then detecting behavior that is significantly different (anomalous).                   Gaining control of your computer gives them the ability to
      and block suspect connections.                                                          The second major area of intrusion detection research is              hide their location as they launch attacks, often against high-
               Tools to scan, monitor, and eradicate viruses can identify            pattern recognition. The goal here is to detect patterns of                    profile computer systems such as government or financial
      and destroy malicious programs that may have been transmitted                  network, host, and user activity that match known intruder attack              systems.
      onto host systems.                                                             scenarios.                                                                             Intruders may be able to watch all your actions on the
               The damage potential of viruses ranges from mere                               Finally, to support the needs of the future Internet,                 computer, or cause damage to your computer by reformatting
      annoyance to destruction of critical data resources. To ensure                 intrusion detection tools and techniques that can identify                     your hard drive or changing your data.
      continued protection, the virus identification data on which such              coordinated distributed attacks are critically needed, as are          Hacker
      tools depend must be kept up to date.                                          better protocols to support traceability.                              A slang term for a computer enthusiast who enjoys learning
VI.   INFORMATION WARFARE                                                   C.       Web-Related Programming and Scripting Languages                        programming languages and computer systems and can often be
               Extensive and widespread dependence on the Internet                            Downloading interesting, informative, or entertaining         considered an expert on the subject(s).
      has called new attention to the importance of information to                   "content" is central to the activity of Web browsing. The content      Hackers are individuals who gain unauthorized access to computer
      national security. The term information warfare refers to the act              getting the most attention from Web users and the greatest             systems for the purpose of stealing and corrupting data. Hackers
      of war against the information resources of an adversary.                      concern from security experts is executable content, code to be        maintain that the proper term for such individuals is cracker.
               Information warfare is divided into two categories:                   executed on the local machine on download.                             Cracker
      offensive and defensive.                                                                Web-related programming languages pose new security           Cracking is to break into a computer system or copy commercial
               The purpose of offensive information warfare is to attack             challenges and concerns because code is downloaded, installed          software illegally by breaking (cracking) the various copy-protection and
      the information resources of an adversary to gain dominance.                   and run on a user's machine without a review of source code.           registration techniques being used.

                                                                                                                  4
The term was coined in the mid-80s by hackers who wanted to                                                                                             2.   Viruses
differentiate themselves from individuals whose sole purpose is to sneak                           Computer must Computer is always                                  Viruses are programs or pieces of code that are loaded
                                                                                    Remote control
through security systems.                                                                          be dialed in to connected, so remote                      onto your computer without your knowledge and run against your
                                                                                  potential
II.     TECHNOLOGY                                                                                 control remotely control can occur anytime                wishes. Viruses can also replicate themselves. All computer
                This section provides a basic introduction to the                                                                                            viruses are manmade.
        technologies that underlie the Internet and serves as a basic               ISP-provided                                                        3.   Logic bomb
                                                                                                       Little or none     Little or none
        primer on the relevant technologies.                                      security                                                                           A logic bomb, also called slag code, is programming
                       refers to high-speed network connections;                  What is a firewall?                                                        code, inserted intentionally, that is designed to execute (or
     Broadband         Internet connections via cable modem and                   http://www.faqs.org/faqs/firewalls-faq/                                    "explode") at the lapse of a certain amount of time or the failure
                       Digital Subscriber Line (DSL) are frequently                       A firewall is defined as "a system or group of systems that        of a user to respond to a program command.
                       referred to as broadband Internet                          enforces an access control policy between two networks." In the       4.   Trojan horse programs
                       connections.                                               context of home networks, a firewall typically takes one of two                    A Trojan Horse is full of as much trickery as the
                       allows a single computer (or network of                    forms:                                                                     mythological Trojan Horse. The Trojan Horse, at first glance will
     Cable modem computers) to connect to the Internet via the                   Software firewall - specialized software running on an individual          appear to be useful software but will actually do damage once
     access            cable TV network. The cable modem usually                  computer, or                                                               installed or run on your computer.
                       has an Ethernet LAN (Local Area Network)                  Network firewall - a dedicated device designed to protect one or      5.   Denial of service
                       connection to the computer, and is capable of              more computers.                                                                    Another form of attack is called a denial-of-service (DoS)
                       speeds in excess of 5 Mbps                                         Both types of firewall allow the user to define access             attack. This causes your computer to crash or to become so
                       Digital Subscriber Line (DSL) Internet                     policies for inbound connections to the computers they are                 busy processing data that you are unable to use it.
     DSL               connectivity provides the user with dedicated              protecting. Most firewalls intended for home use come with pre-       6.   Unprotected Windows shares
                       bandwidth. The maximum bandwidth available                 configured security policies from which the user chooses, and                      Unprotected Windows networking shares can be
                       to DSL users is usually lower than the                     some allow the user to customize these policies for their specific         exploited by intruders in an automated way to place tools on
                       maximum cable modem rate because of                        needs.                                                                     large numbers of Windows-based computers attached to the
                       differences in their respective network                    What does antivirus software do?                                           Internet.
                       technologies.                                                      Antivirus software looks for patterns in the files or         7.   Mobile code (Java/JavaScript/ActiveX)
                                                                                  memory of your computer that indicate the possible presence of                     These are programming languages that let web
        Broadband VS. traditional dial-up services?
                                                                                  a known virus.                                                             developers write code that is executed by your web browser.
                Dial-up Internet services are referred to as "dial-on-
                                                                                          Antivirus packages know what to look for through the use           Although the code is generally useful, it can be used by intruders
        demand" services. Your computer only connects to the Internet
                                                                                  of virus profiles (sometimes called "signatures") provided by the          to gather information or to run malicious code.
        when it has something to send.
                                                                                  vendor.                                                               8.   Email spoofing
                Broadband is referred to as "always-on" services
                                                                                          New viruses are discovered daily. The effectiveness of                     Email “spoofing” is when an email message appears to
        because there is no call setup when your computer has
                                                                                  antivirus software is dependent on having the latest virus profiles        have originated from one source when it actually was sent from
        something to send.
                                                                                  installed on your computer so that it can look for recently                another source. Email spoofing is often an attempt to trick the
                                    Dial-up               Broadband                                                                                          user into making a damaging statement or releasing sensitive
                                                                                  discovered viruses. It is important to keep these profiles up to
       Connection type     Dial on demand     Always on                           date.                                                                      information.
                                                                                  III.          COMPUTER SECURITY RISKS TO HOME USERS                        Examples:
                           Changes        on Static or infrequently               Intentional misuse of your computer                                      ① email claiming to be from a system administrator requesting
       IP address
                           each call         changing                                     The most common methods used by intruders to gain                  users to change their passwords to a specified string and
                                                                                  control of home computers are briefly described below.                     threatening to suspend their account if they do not comply
      Relative                                                                                                                                             ② email claiming to be from a person in authority requesting users
                           Low                High                         1.     Worms
     connection speed                                                                                                                                        to send them a copy of a password file or other sensitive
                                                                           Worms are programs or algorithms that replicate themselves. They
                                                                           perform malicious actions, such as using up the computer's resources              information
                                                                           and possibly shutting the system down.                                       9.   Email borne viruses
                                                                                                                                                                     Malicious code is often spread as attachments to email
                                                                                                                                                             messages. Before opening any attachments, be sure you know
                                                                                                               5
         the source. Never run a program unless you know it to be
         authored by a person or company that you trust.
10.      Chat clients
                  Internet chat applications provide a mechanism for
         information to be transmitted bi-directionally between computers
         on the Internet.
                  Because many chat clients allow for the exchange of
         executable code, they present risks similar to those of email
         clients. You should be wary of exchanging files with unknown
         parties.
         Accidents and other risks
         Risks that apply even if the computer has no network
         connections at all.
              1.     Disk failure
                 All stored data can become unavailable -- if the media it’s
         stored on is physically damaged, destroyed, or lost. Hard disk
         crashes are a common cause of data loss on personal
         computers. Regular system backups are the only effective
         remedy.
2.       Power failure and surges
                 Power problems (surges, blackouts, and brown-outs) can
         cause physical damage to a computer, inducing a hard disk
         crash or otherwise harming the electronic components of the
         computer. Common mitigation methods include using surge
         suppressors and uninterruptible power supplies (UPS).
IV.      ACTIONS HOME USERS CAN TAKE TO PROTECT THEIR
         COMPUTER SYSTEMS
         The CERT/CC recommends the following practices to home
         users:
        Consult your system support personnel if you work from home
        Use virus protection software
        Use a firewall
        Don’t open unknown email attachments
        Don’t run programs of unknown origin
        Keep all applications (including your operating system) patched
        Turn off your computer or disconnect from the network when not
         in use
        Disable Java, JavaScript, and ActiveX if possible
        Disable scripting features in email programs
        Make regular backups of critical data
        Make a boot disk in case your computer is damaged or
         compromised



                                                                               6

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:17
posted:8/5/2011
language:English
pages:6