Chapter 6 - computer security Risks PDF

Preview

Summary

lecture note on computer security risks by mother India...

Description

Chapter – 6: Computer safety and security  



Threats of a computer system Computer viruses o Types of computer viruses o Potential path for computer viruses Rules to safe/secure computing

Hazards and Safety of the computer system- environmental hazards (temperature and dust)

Potential Security Threats To Your Computer Systems A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure. Knowing how to identify computer security threats is the first step in protecting computer systems. The threats could be intentional, accidental or caused by natural disasters.

What is a Security Threat? Security Threat is defined as a risk that which can potentially harm computer systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack..

What are Physical Threats? A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems. The following list classifies the physical threats into three (3) main categories;   

Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware, etc. External: These threats include Lightning(robbery), floods, earthquakes, etc. Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.

To protect computer systems from the above mentioned physical threats, an organization must have physical security control measures. The following list shows some of the possible measures that can be taken: 

Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out a fire. The unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room.





External: Lightning protection systems can be used to protect computer systems against such attacks. Lightning protection systems are not 100% perfect, but to a certain extent, they reduce the chances of Lightning causing damage. Housing computer systems in high lands are one of the possible ways of protecting systems against floods. Humans: Threats such as theft can be prevented by use of locked doors and restricted access to computer rooms.

What are Non-physical threats? A non-physical threat is a potential cause of an incident that may result in;

     

Loss or corruption of system data Disrupt business operations that rely on computer systems Loss of sensitive information Illegal monitoring of activities on computer systems Cyber Security Breaches Others

The non-physical threats are also known as logical threats. The following list is the common types of non-physical threats;           

Virus Trojans Worms Spyware Key loggers Adware Denial of Service Attacks Distributed Denial of Service Attacks Unauthorized access to computer systems resources such as data Phishing Other Computer Security Risks

To protect computer systems from the above-mentioned threats, an organization must have logical security measures in place. The following list shows some of the possible measures that can be taken to protect cyber security threats

To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting the website that is

most likely to download unauthorized programs onto the user’s computer.

Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric, etc. Intrusion-detection/prevention systems can be used to protect against denial of service attacks.There are other measures too that can be put in place to avoid denial of service attacks.

Summary    

A threat is any activity that can lead to data loss/corruption through to disruption of normal business operations. There are physical and non-physical threats Physical threats cause damage to computer systems hardware and infrastructure. Examples include theft, vandalism through to natural disasters. Non-physical threats target the software and data on the computer systems.

1. Boot Sector Virus From a user perspective, boot sector viruses are some of the most dangerous. Because they infect the master boot record, they are notoriously difficult to remove, often requiring a full system format. This is especially true if the virus has encrypted the boot sector or excessively damaged the code. They typically spread via removable media. They reached a peak in the 1990s when floppy disks were the norm, but you can still find them on USB drives and in email attachments. Luckily, improvements in BIOS architecture have reduced their prevalence in the last few years.

2. Direct Action Virus A direct action virus is one of the two main types of file infector viruses (the other being a resident virus). The virus is considered “non-resident”; it doesn’t install itself or remain hidden in your computer’s memory. It works by attaching itself to a particular type of file (typically EXE or COM files). When someone executes the file, it springs into life, looking for other similar files in the directory for it to spread to. On a positive note, the virus does not typically delete files nor hinder your system’s performance. Aside from some files becoming inaccessible, it has a minimal impact on a user and can be easily removed with an anti-virus program.

3. Resident Virus Resident viruses are the other primary type of file infectors. Unlike direct action viruses, they install themselves on a computer. It allows them to work even when the original source of the infection has been eradicated. As such, experts consider them to be more dangerous than their direct action cousin. Depending on the programming of the virus, they can be tricky to spot and even trickier to remove. You can split resident viruses into two areas; fast infectors and slow infectors. Fast infectors cause as much damage as quickly as possible and are thus easier to spot; slow infectors are harder to recognize because their symptoms develop slowly. In a worst-case scenario, they can even attach themselves to your anti-virus software, infecting every file the software scans. You often need a unique tool – such as an operating system patch – for their total removal.

4. Multipartite Virus While some viruses are happy to spread via one method or deliver a single payload, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files. They can simultaneously infect both the boot sector and executable files, allowing them to act quickly and spread rapidly. The two-pronged attack makes them tough to remove. Even if you clean a machine’s program files, if the virus remains in the boot sector, it will immediately reproduce once you turn on the computer again.

5. Polymorphic Virus According to Symantec, polymorphic viruses are one of the most difficult to detect for an anti-virus program. It claims anti-virus firms need to “spend days or months creating the detection routines needed to catch a single polymorphic”. But why are they so hard to protect against? The clue is in the name. Anti-virus software can only blacklist one variant of a virus – but a polymorphic virus changes its signature (binary pattern) every time it replicates. To an anti-virus program, it looks like an entirely different piece of software, and can, therefore, elude the blacklist.

6. Overwrite Virus To an end-user, an overwrite virus is one of the most frustrating, even if it’s not particularly dangerous for your system as a whole. That’s because it will delete the contents of any file which it infects; the only way to remove the virus is to delete the file, and consequently, lose its contents. It can infect both standalone files and entire pieces of software. Overwrite viruses typically have low visibility and are spread via email, making them hard to identify for an average PC user. They enjoyed a heyday in the early 2000s with Windows 2000 and Windows NT, but you can still find them in the wild.

7. Spacefiller Virus Also known as “Cavity Viruses”, spacefiller viruses are more intelligent than most of their counterparts. A typical modus operandi for a virus is to simply attach itself to a file, but spacefillers try to get into the empty space which can sometimes be found within the file itself. This method allows it to infect a program without damaging the code or increasing its size, thus enabling it to bypass the need for the stealthy antidetection techniques other viruses rely on. Luckily, this type of virus is relatively rare, though the growth of Windows Portable Executable files is giving them a new lease of life.

Prevention is Better Than the Cure As always, taking sensible steps to protect yourself is preferable to dealing with the potentially crippling fallout if you’re unlucky enough to get infected. Use a highly-regarded anti-virus suite, don’t open emails from unrecognized sources, don’t trust free USB sticks from conferences and expos, don’t let strangers use your system, and don’t install software from random websites....