Security

Security risks - Hacking

  • Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. People who engage in computer hacking activities are often called hackers. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.

  • Computer hacking is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an “art” form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, computer hacking is a real life application of their problem-solving skills. It’s a chance to demonstrate their abilities, not an opportunity to harm others.

  • Since a large number of hackers are self-taught prodigies, some corporations actually employ computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the company’s security system so that they can be repaired quickly. In many cases, this type of computer hacking helps prevent identity theft and other serious computer-related crimes.

  • Computer hacking can also lead to other constructive technological developments, since many of the skills developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a huge impact on the development of Linux, a free UNIX-like operating system. Shawn Fanning, the creator of Napster, is another hacker well known for his accomplishments outside of computer hacking.

  • Hacking has many negative effects; Personal information may be leaked, Intellectual Property could be stolen, and lives can be ruined. There is no effective way to eliminate cracking. Any security measure put out will be circumvented sooner or later (as an example, see the iPhone 3G unlock). So the only way to keep unwanted criminals out is to keep your software up-to-date and protected from the outside world, i.e. firewalls. Cracking isn't always bad. Some people crack software or security in order to learn how to prevent it. There is a difference between good and bad though; White hat hackers vs. Black hat hackers.

  • Hacking can take many forms and the infiltration level can vary from curiosity to espionage. Levels of hacking are usually only detected after the fact. Setting systems on Subnet masks is useful but not foolproof, firewalls involve degrees of encrypted security from 8bit to 64bit but can still be accessed. We all know the story of the Norad hack from the movie War Games but how close to the truth is hacking. Governments have set up agencies such as US-CERT (United States Computer Emergency Readiness Team) to determine hacking and security threats to governmental systems but businesses are less prepared.

  • On the other hand CIPAV is the US Governments own virus that they have used to gain access to hidden or proxied sites.

  • Most networks today are built on what is called the eggshell principle: hard on the outside and soft on the inside. This means that if an attacker can gain a foothold onto the network, the rest of the network will usually fall like dominoes. Once inside, the most difficult part is often to figure out what to attack next and where to go for the really juicy bits of information. It does not have to be this way. With the proper techniques, we as network administrators can achieve two crucial objectives: to make it much more difficult to gain a foothold in the first place and to make it much more difficult to use that foothold to get anywhere else on the network.
    • Europe has Entered a ‘Cyber Cold War’ (Source: NATO, FBI, McAfee & Serious Organized Crime Agency)
    • China Most Actively Spying, but with 120 Other Countries !
    • NATO Said that All 26 of its Member Countries Have Been Targeted by Cyber-Attacks (e.g.: Estonia)
    • Georgia’s Government Websites Fall Victim to Cyber-Attacks (DDoS & Defacements) … “Too Sophisticated for Amateurs !”
    • Tibetan Government Web Site Injected with Malicious Source-Code
    • Palin’s Yahoo Account Hacked in Less then 45 Minutes Using Password Reset Functionality
    • Web Defacers Hacked into CERN Website of the LHC (Large Hadron Collider)
    • UK Minister Confirms Cyber-Terrorists Attempting to Take Out the National Grid (Aug ’08)

Security risks - Pagejacking

  • Page Jacking or Spyware is software that collects and transmits user specific behaviour and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page.

  • Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users.

  • Pagejacking and Spyware is a type of software intrusive camera that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spyware such as key-loggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users, registering key presses and passwords.

  • While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs.

  • Examples of Spyware

    • CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
    • Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements.
    • HuntBar, aka WinTools, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to Internet Explorer, track browsing behaviour, redirect rival references, and display advertisements.
    • MyWebSearch has a plug-in that displays a search toolbar near the top of a browser window, and it spies to report user search-habits. MyWebSearch is notable for installing over 210 computer settings, such as over 210 MS Windows registry keys/values. Beyond the browser plug-in, it has settings to affect Outlook, email, HTML, XML, etc.
    • WeatherStudio has a plug-in that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove WeatherStudio from a computer, using its own uninstall-program.
    • Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for rival advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies.
    • Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to the company. Some information can be the search-history, the Websites visited, and even keystrokes. More recently, Zlob has been known to hijack routers set to defaults.
  • You may be privy to sensitive client data, including finances, proprietary information and trade secrets. It may be stored on your business computer, along with information, passwords and account numbers from your own business. And that makes you vulnerable to security risks, such as identify theft. Using spyware, cyber thieves are watching your every move, and are ready to steal valuable data from your computer. Spyware poses a severe threat to your consulting business. Here are just six ways you can be compromised:

  • Tracking Many spyware programs are designed specifically to monitor and record your behaviours, such as track websites you visit online, or monitor your use of other web-based programs. Again, the threat level is low, unless the program uses the information to also record data you are providing to the other sites.

  • Nuisance Perhaps the least destructive type of spyware is the one that allows adware to be displayed on your computer screen. It may take up valuable memory, slow your connection or reset your home page to another site, but those intrusions usually amount to no more than petty annoyances. However, they can make it difficult for you to complete an assignment on deadline, and that can cost your clients and money. This type of software also may open the door to a malicious version of spyware that can inflict significant damage

  • Redirecting URLs Some spyware programs can redirect your computer to a particular website, regardless of the URL or website address you typed on your keyboard. Redirecting a URL can produce immense profits for cyber crooks. That's because businesses often pay money for every visitor a third party directs to their sites. Spyware also can redirect you to sites that load even more dangerous programs onto your computer. So what starts as a low-level risk quickly escalates by loading more intrusive programs onto your system.

  • Shutting Down Systems Spyware that poses high-risk threats can completely shut down your computer, or permanently erase or damage your files. Valuable client files or financial records could be destroyed in a blink of an eye. Regularly backing up files to an external hard drive can mitigate the risk. 

  • Acting as a Controlling Server Another high-risk event occurs when spyware uses your computer as a server. The spyware embeds itself in your computer and then acts as a remote server to distribute other harmful programs or images, without your permission. Suddenly, your computer is the vehicle for delivering malicious programs to a wide audience of victims which may include your clients.

  • Identity Theft One of the most pernicious forms of spyware can log your keystrokes. In other words, as you type in passwords and credit card account numbers, your data is sent back to the spyware's originator, and the cyber thief can then wreak financial havoc on you personally, your company and your clients. 

Security risks - Phishing

  • Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims.

  • In one typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from AOL that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was then used for identity theft.

  • The Trojan infects and then waits for the victim to visit his or her bank.

  • Information is gathered by injecting additional fields into the genuine bank web page as it loads in the browser. No fake web sites are used.

  • The SSL connection between client and bank is valid (padlock is shown and certificate chain is OK) Classical Anti virus software did not detect this threat.

Security risks - Piggy-backing

Over half of UK internet users have admitted using other people's Wi-Fi networks to piggyback onto the internet.

  • It is estimated that 54 per cent of respondents had used someone else's wireless internet access without permission.

  • Many internet-enabled homes fail properly to secure their wireless connection with passwords and encryption, allowing passers-by and neighbours to 'steal' their internet access.

  • Although most businesses have security measures in place to protect their Wi-Fi networks, the protections a lot of companies take is too light to stop a determined piggy-backer.

  • Piggy backing occurs when a user with a laptop or Wi-Fi connection connects to an unprotected network server. Routers can be protected by a WEP key or WPA protection through 16 or 32 bit encryption and network protocols. But a lot of modems made by the same company have the same initial password to connect to the routers administrative functions or have no WEP or WPA protection set, allowing a user to connect and download without restrictions in the same way a user could user an unprotected Wi-Fi hotspot.

  • The worst case scenario is an external user connecting not just to the internet through the Wi-Fi but to the network, allowing a user access and control over stored files leading to deletion, corruption and industrial espionage.

Security risks - Viruses

  • Viruses have been the bane of IT and companies since networks were introduced into companies for business transactions. Remember that all computer viruses have been created by someone for a purpose, whether it is to annoy, destroy, deliberately bring down a company or website. A computer virus is a computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory.

  • All viruses are different so they all act in a different way and have a different purpose. On Symantec the threats are defined daily according to the possibility of risk and the exploit a virus takes advantage on in its attack as detailed in the "Threat Explorer". (Note that this is updated daily.)

  • Kaspersky has a useful and suitably brief history of viruses which should prove useful. Kaspersky may have issues of its own is not regarded as a safe anti-virus solution.

  • Here is a splendid article about the origin of the term "virus" for a self-replicating computer programme and a clear description of a "worm". However, there is some dispute (given here) as to the exact origin of the term.

  • The infographic shows the developmental path of 25 of the most famous viruses known in 2011 (which is a long time ago in virus terms. Click on it to see it in more detail.

  • The Daily Telegraph has a different slant on the history of cyber security in relation to viruses here.

  • Alternatively the Make Use Of site has an interesting page on "A History Of Computer Viruses & The Worst Ones of Today" albeit from 2010 which is a little out of date (possibly but it does give the early history!)

  • A history of viruses in six parts is available from Antivirusworld.

  • If you are looking for a timeline of various viruses then Wikipedia is actually pretty good.

  • Comodo (another anti-virus vendor) has its own potted history here.

  • This is a more up-to-date list of viruses looking at the issue from a business perspective.

  • A useful article in that is shows how the response changed to the globalisation of the hacking fraternity is provided by CatchUpdates.

Security risks - Denial of service attack

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

  • $150 can buy a week-long DDoS attack on the black market. (TrendMicro Research)

  • More than 2000 daily DDoS Attacks are observed world-wide by Arbor Networks. (ATLAS Threat Report)

  • 1/3 of all downtime incidents are attributed to DDoS attacks. Verisign/Merril Research

  • Building Capacity

    • Attackers build networks of infected computers, known as 'botnets', by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners' knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.

  • Launching Attacks

    • Botnets can generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country's international cable capacity.

  • Selling Silence

    • Specialized online marketplaces exist to buy and sell botnets or individual DDoS attacks. Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organization’s online operations. A week-long DDoS attack, capable of taking a small organization offline can cost as little as $150.

  • Types of Attacks

    • DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death. Below are details about the types of attacks and amplification methods.

    • Attack Class: Four common categories of attacks

      • TCP Connection Attacks - Occupying connections
        • These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.
      • Volumetric Attacks - Using up bandwidth
        • These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.
      • Fragmentation Attacks - Pieces of packets
        • These send a flood of TCP or UDP fragments to a victim, overwhelming the victim's ability to re-assemble the streams and severely reducing performance.
      • Application Attacks - Targeting applications
        • These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).
    • Amplification: Two ways attacks can multiply traffic they can send.

      • DNS Reflection - Small request, big reply.
        • By forging a victim's IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.
      • Chargen Reflection - Steady streams of text
        • Most computers and internet connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks above.

 

More security; Protection

Protection - Firewall

What are Firewalls, and How Do They Work?

  • A firewall is a piece of hardware or software that helps prevent malware and malicious attacks from entering a computer or a network of computers through the Internet. The name firewall comes from the real-world protection that prevents fire from penetrating beyond that point. Firewalls are common barriers between attached garages and a house, and between an automotive engine and the passenger compartment.

  • The widespread use of firewalls begins after the first known Internet worm, the Morris worm. What was intended to be an honest experiment by a college student to see how many computers were attached to the Internet, the Morris worm ended up causing massive denial-of-service attacks. Estimates of the damage caused the worm range from $10 million to $100 million, but it also showed that Internet service providers at the time were not prepared for the eventuality of such an attack.

  • Firewalls act as an extra barrier on top of other security measures, such as antivirus software. However, hardware and software firewall systems work in slightly different manners.

  • Hardware firewalls

  • Hardware firewalls are systems that are independent of the computers they protect that filter the Internet as information passes into a computer. Most broadband Internet routers have their own firewall built in.

  • In general, hardware firewalls work by examining the data that flows in from the Internet and verifying whether that information is safe. Simple firewalls, known as packet filters, examine the data itself for information such as its location and its source. Then the information the firewall gathers is compared to a set list of permissions in order to determine whether the information should be dropped or allowed through. As hardware firewalls have become more advanced, they have gained the ability to examine more information.

  • These types of firewalls have their benefits for home and small businesses because they require little to no set-up, and multiple nodes (computers) can be protected from patching into the same router.

  • However, the major drawback to typical home-use hardware firewalls is the fact that they only examine the data that is coming in to a computer, and not the data leaving a computer. A person may ask, “Isn’t that the point?” In a way, yes. But oftentimes, malicious software is sent through the Internet disguised in a Trojan horse. The “wrapping” of the data may seem to appear to come from a reliable source, but imbedded into the coding may be the damaging software. Also, some attacks may end in the target computer becoming a zombie or a computer bot, which then begins to broadcast data on a grand scale. Because a hardware firewall does not detect the outgoing information, it won’t consider the rise in traffic or its content. 

  • Software firewalls

  • There are two main advantages that software firewalls have over hardware ones. The first is that software firewalls can monitor outgoing data traffic. Not only does this prevent a computer from becoming a bot or a zombie, but also it can prevent computers from broadcasting any other malware, such as worms or computer viruses.

  • The other advantage is that software firewalls are customizable. These programs can be adjusted to meet the needs of the user, such as if they need permissions to be eased up while they’re online gaming or watching an online video.

  • However, the main disadvantage to software firewalls is that they only protect one computer. Every computer must have its own licensed firewall product. On the other hand, a hardware firewall can protect every computer attached to it. 

  • Additional protection

    • It is not a bad idea to use both a software and a hardware firewall. Not only will they not interfere with each other, but also they will provide layers of protection that can keep a computer safe.

    • Also, software firewalls are meant to be used in conjunction with antivirus software. This is because there’s only so much a firewall can prevent. While a firewall can block a known threat, any stealth attempt to break through physical barriers can still go through. This is especially true in social engineering attacks, where the computer user is tricked into bringing the malicious softwareonto a computer. That’s where having antivirus software as a backup comes in handy, as it can either block or clean up any malware that gets through the first layers of security.

    • Also, keeping all computer software up to date, especially the operating system software, will help protect the computer against known threats. This also works in assistance with the firewalls to block intrusive attacks.

    • And it’s also beneficial for all users of a computer to learn what threats they can prevent, especially ones that can get past a firewall. By not clicking on links in instant messages, and not opening attachments on chain e-mails, this can help prevent surprise attacks.

  • All of these methods combined can help protect a computer and keep it safe and clean.

 

Phone

(000) 000-0000 x12387

Address

1234 Somewhere Road #5432
Nashville, TN 00000
United States of America