<Previous Lesson

Information Systems

Next Lesson>


Unauthorized intrusion

Unauthorized intrusion

Intrusion can be both either physical or logical. In physical intrusion, the intruder physically could
enter an organization to steal information system assets or carry out sabotage. For example the
Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to
have an unauthorized access to the system. The purpose could be damaging or stealing data,
installation of bug or wire tapping -- Spying on communication within the organization.

32.1 Physical Access Vs. Logical access
In computer security, being able to physically touch and interact with the computers and
network devices amounts to physical access. It lets someone insert a boot disk in the machine
and bypass normal operating system controls. Physical access enables people to install
unauthorized snooping equipment such as keystroke loggers. However, interact with data
through access control procedures such as identification, authentication and authorization.

Logical Threat
This refers to damage caused to the software and data without any physical damage to the
computers. Consequently there can be a situation where the damage of data or software may
render the hardware itself unusable. For example the virus or bug being installed to corrupt data
or software might create BAD SECTORS on the hard drive, leading to its preferable removal
from the computer.

Examples of logical Threat
Payroll data or details of draft corporate budget may be perceived as highly sensitive and
unauthorized access to it may be considered as a logical threat. A person tapping the
communication line to have a sniff-around on the organization’s communications being
transferred through the communication line.

32.2 Viruses
It is Software used to infect a computer. After the virus code is written, it is buried within an
existing program. Once that program is executed, the virus code is activated and attaches copies
of itself to other programs in the system. Infected programs copy the virus to other programs.
It may be benign (gentle) or have a negative effect, such as causing a program to operate
incorrectly or corrupting a computer's memory. The term virus is a generic term applied to a
variety of malicious computer programs that send out requests to the operating system of the
host system under attack to append the virus to other programs.

Attacking Targets
Generally, viruses attack four parts of the computer.
Executable program files
The file-directory system, which tracks the location of all the computers files
Boot and system areas, which are needed to start the computer
Data files

Viruses vs. Worms
A Worm is a program which spreads over network connections. This is unlike a virus and does
not physically attach itself to another program. Worm typically exploits security weaknesses in
operating systems configurations to propagate itself to the host systems.

Virus vs. Bug
Bug is an internal malfunction of the software. It is an unintentional fault in a program. It is an
incorrect functioning of a particular procedure in a program. This is caused by improper
application of programming logic. For example, free trial versions of soft wares are available on
line. these beta versions are not tested fully and often contain bugs that can disrupt the system.
Incorrect definition of a formula or linkage can give incorrect results. Virtually all complex
programs contain virus. Incorrect/ unvalidated / uneditted data entry is not a programming fault
or a bug. The process of removing bugs from a software is termed as debugging. Virus is the
external threat which is not a malfunction of the software. However, a bug in the software can
create a virus.

32.3 Sources of Transmissions
Virus or worms are transmitted easily from the internet by downloading files to computers web
browsers. Other methods of infection occur from files received though online services, computer
bulletin board systems, local area networks. Viruses can be placed in various programs, for instance
1. Free Software – software downloaded from the net
2. Pirated software – cheaper than original versions
3. Games software – wide appeal and high chances
4. Email attachments – quick to spread
5. Portable hard and flash drives – employees take disks home and may work on their own
personal PC, which have not been cleaned or have suitable anti-viruses installed on them.

32.4 Types of Viruses
Although viruses are of many types, however broad categories have been identified in accordance
with the damage they cause. Some of these categories have been stated below
Boot Sector Viruses
Overwriting viruses

Boot sector Virus
The boot sector is part of computer which helps it to start up. If the boot sector is infected, the
virus can be transferred to the operating system and application software.

Overwriting Viruses
As the name implies, it overwrites every program/software/file it infects with itself. Hence the
infected file no longer functions.

A dropper is a program not a virus. It installs a virus on the PC while performing another function.

Trojan horse
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are
actually harmful when executed. Examples are

Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a
certain level of percentage

Time bomb – Trojan horse is triggered on a certain date.

Virus and worm controls
There are two ways to prevent and detect viruses and worms that infect computers and network
systems. One category of controls is called management controls which means by having sound
policies and procedures in place. The other category is called and technical Controls by technical
means, including antivirus software. Both types complement each other and are of little benefit and
effect without the other.

32.5 Management procedural controls
Following are various examples of management and procedural controls.
Build any system from original, clean master copies. Boot only from original diskettes whose
write protection has always been in place.
USB port enabled devices should not be used until it has been scanned on a stand-alone
machine that is used for no other purpose and is not connected to the network.
Antivirus software should update virus definitions frequently.
Have vendors run demonstrations on their personal machines.
Scan before any new software is installed, as commercial software occasionally is supplied
with a Trojan horse.
Insist that field technicians scan their disks on a test machine before they use any of their
disks on the system.
Ensure all servers are equipped with an activated current release of the virus-detection
Ensure bridge, router and gateway updates are authentic.
Exercise an effective back up plan.
Educate users so they will heed these policies and procedures. For example many viruses and
worms today are propagated in the form of e-mail attachments.
Review antivirus policies and procedures at least once a year.
Prepare a virus eradication procedure and identify a contact person.

32.6 Technical controls
Technical methods of preventing viruses can be implemented through software. The following
actions can reduce the risk of infection to hardware and operating systems,
Use boot virus protection (i-e., built-in, firmware-based virus protection).
Use remote booting, local hard drive of the system is not used for the boot up process. Use
a hardware-based password.
Use write-protected tabs on diskettes.
Ensure insecure protocols are blocked by the firewall from external segments and the

<Previous Lesson

Information Systems

Next Lesson>


Lesson Plan


Go to Top

Next Lesson
Previous Lesson
Lesson Plan
Go to Top