Basic Concepts of Security
auto_adminComments off.
Information security has become a continuing concern in all areas of an Information system. Security is neither a product nor software; it is a discipline that needs to be taken into consideration in any organizational decision. It is indeed true that there is no such thing as a completely secure system. But it is also correct that by increasing the security measures that protect your assets, you are making your system a much more difficult target for intruders, which, in turn, reduces the chances of becoming a victim when the right security technologies are in place.
Security is required to achieve four main goals:
Confidentiality: This means secret data must remain confidential. This means that if somebody wants some data to be available to certain people, then the operating system must make that data available to those particular people, with no one else allowed to see that data. It prevents unauthorized disclosure of secure information.
Integrity: This means restricting unauthorized modification of secured information. Unauthorized users must not be allowed to modify the data without the owner’s permission. Data modification includes not only changing or deleting data, but also removing data or adding false data to change its behaviour.
Availability: This means nobody can disturb the system to make it unusable. It assures that the system works promptly, and that service is not denied to authorized users. This is to restrict unauthorized users by withholding information, causing a denial of service to authorized users.
Authenticity: This means the system must able to verify the identity of users. Users can log in to the system by providing a combination of username and password, or matching any other security parameters.
Security is about the protection of assets. For this reason, we must first identify the organizational assets. Information system assets can be categorized as:
Hardware: Includes CPUs, motherboards, hard disks, CD-ROMs, etc., and all other physical devices. Threats can be accidental or deliberate damage to equipment.
Software: Includes operating system, utilities, applications, etc. Several distinct threats need to be considered. The software can be deleted, altered, or changed in behaviour.
Data: Includes files and other forms of data. Unauthorized persons can read, modify, or delete data.
Communication Lines: Includes cables and other network communication media. Data in transfer can be read, modified, or deleted.
Some common types of intruders are:
1) Casual prying by non-technical users: People who want to read other people’s e-mails or files while they are connected on shared devices.
2) Snooping by insiders: Highly skilled people like developers, students, or other technical persons, who consider it a personal challenge to break the security of a computer system.
3) Determined attempts to make money: Some developers or other personnel working in banking societies attempt to steal money from their organizations.
4) Attempts at secret military or government data: This is considered to be a very serious crime. This category involves attempts made by competing for foreign countries to gain a country’s information for the purpose of national defence, attacks, etc.
INSIDER ATTACKS:
Logic Bombs: These are a code embedded in a program that is set to explode when certain conditions are met. The conditions used to trigger the bomb can be the presence or absence of certain files, a particular day or date, a particular user running the application, etc. Once triggered, a bomb may alter or delete data or sometimes entire files, causing a machine halt or dealing some other damage. For example, if a developer is fired, the logic bomb will trigger upon not receiving his daily password to a certain portion of code, or when any other set of conditions are satisfied.
Trap Doors: These are login programs written by developers to gain unauthorized access. For example, a developer could add code to a login program to allow anyone using a particular login name (like “student”), no matter the password. If this code is inserted into a working program, the login succeeds by entering the login name as “student” with any password or with a blank password.
Login Spoofing: This is a technique of collecting other users’ passwords. In this method, a false login interface that seems identical to the real thing (which would normally be connected to a safe server) is mounted on an actual login screen. When the user enters their user ID and password, this information is stored in an intruder’s database. Then the dummy login shell is destroyed, and the actual login screen will start asking login parameters again. Most—probably all—users think they have made a mistake in the entering ID or password. They never know about the spoof, and will enter their credentials again and successfully login into the system. Because of this, a login screen will be presented after pressing CTRL+ALT+DEL in most systems.
OUTSIDER ATTACKS:
Trojan Horses: Can look like useful software applications but has hidden malware contained within it. To spread it across networks, it is attached to games, etc., which attract people to eagerly download it. The malware then does whatever it is designed for, such as deleting, modifying, or encrypting files. It can also search for credit card numbers, passwords, or other useful data. Moreover, it will restart automatically when the machine is rebooted and runs in the background. The bottom line is it does not require the author’s involvement; the victim does all the necessary things to infect themselves.
Virus: A program that infects other programs and makes copies of itself, which can spread across the whole file system and take temporary control of the operating system. Then a fresh copy of the virus is attached to uninfected files when they come in contact. It can spread from computer to computer when files are shared.
Worm: A worm is a program that replicates itself and sends copies from computer to computer across the network connections. Upon arrival, the worm may be activated and propagates again to perform unwanted functions. It is used as an e-mail virus.
Zombie: A program that secretly takes over an Internet-connected computer and uses it to launch attacks that are difficult to trace back to the zombie creators. It is used in denial-of-service attacks against web servers.
Spyware: Software that is loaded onto a PC and runs in the background, causing infections without the user’s knowledge.
Adware: An advertisement that is integrated into the software. It can result in pop-up ads or redirection of the browser to a commercial site. It also changes the home page of a browser to its redirecting link.
Rootkit: A set of tools used to gain root level access after breaking computer security. Rootkits can contain any of the above malicious software, like a virus, worms, spyware, etc.
The ideal solution to all these threats is to prevent any of the threats from entering the system. Though prevention can fail, it can at least help reduce the number of successful attacks. The next best approach is:
- Detection: Determine whether an infection has occurred. If so, locate the infection.
- Identification: Once it is detected, identify the specific threat that has infected a program.
- Removal: After the specific virus has been identified, remove all the traces of the threat from the infected systems so that it cannot spread further to other systems.
All these approaches give rise to some ways that a system can be designed and implemented to increase its security. It is always advisable to have multiple layers of security so that if one of them is not enough, there are still others capable of defending the system. The defences are not really hierarchical, but still, occur in the following categories:
Firewall: A firewall is a software or hardware appliance that filters the information that flows from an Internet connection into your network or computer system. If an incoming packet of data is flagged by the filters, it is not allowed to pass through.
Antivirus: Firewalls try to keep intruders away from systems, but they fail in some situations when threats try to hide from them. In such cases, an antivirus is used to detect and remove malicious software. Sometimes it can be just a scanner, or a remover, or both. A scanner examines the behaviour and location of files, etc., thereby detecting the threat, while the remover removes the virus.
Intrusion Detection: Intrusion detection (ID) gathers and analyzes information within a computer system or network to identify security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). It periodically scans threats to contribute to the security of a computer system or network.
Posted in: news