|
|
|
|
|
|
Lesson#32
|
Unauthorized intrusion
|
|
|
|
Unauthorized intrusion
Intrusion can be both either physical or logical. In physical
intrusion, the intruder physically could
enter an organization to steal information system assets or
carry out sabotage. For example the
Intruder might try to remove hard disks. In case of logical
intrusion, the intruder might be trying to
have an unauthorized access to the system. The purpose could be
damaging or stealing data,
installation of bug or wire tapping -- Spying on communication
within the organization.
32.1 Physical Access Vs. Logical access
In computer security, being able to physically touch and
interact with the computers and
network devices amounts to physical access. It lets someone
insert a boot disk in the machine
and bypass normal operating system controls. Physical access
enables people to install
unauthorized snooping equipment such as keystroke loggers.
However, interact with data
through access control procedures such as identification,
authentication and authorization.
Logical Threat
This refers to damage caused to the software and data without
any physical damage to the
computers. Consequently there can be a situation where the
damage of data or software may
render the hardware itself unusable. For example the virus or
bug being installed to corrupt data
or software might create BAD SECTORS on the hard drive, leading
to its preferable removal
from the computer.
Examples of logical Threat
Payroll data or details of draft corporate budget may be
perceived as highly sensitive and
unauthorized access to it may be considered as a logical threat.
A person tapping the
communication line to have a sniff-around on the organization’s
communications being
transferred through the communication line.
32.2 Viruses
It is Software used to infect a computer. After the virus code
is written, it is buried within an
existing program. Once that program is executed, the virus code
is activated and attaches copies
of itself to other programs in the system. Infected programs
copy the virus to other programs.
It may be benign (gentle) or have a negative effect, such as
causing a program to operate
incorrectly or corrupting a computer's memory. The term virus is
a generic term applied to a
variety of malicious computer programs that send out requests to
the operating system of the
host system under attack to append the virus to other programs.
Attacking Targets
Generally, viruses attack four parts of the computer.
• Executable program files
• The file-directory system, which
tracks the location of all the computers files
• Boot and system areas, which are
needed to start the computer
• Data files
Viruses vs. Worms
140
A Worm is a program which spreads over network connections. This
is unlike a virus and does
not physically attach itself to another program. Worm typically
exploits security weaknesses in
operating systems configurations to propagate itself to the host
systems.
Virus vs. Bug
Bug is an internal malfunction of the software. It is an
unintentional fault in a program. It is an
incorrect functioning of a particular procedure in a program.
This is caused by improper
application of programming logic. For example, free trial
versions of soft wares are available on
line. these beta versions are not tested fully and often contain
bugs that can disrupt the system.
Incorrect definition of a formula or linkage can give incorrect
results. Virtually all complex
programs contain virus. Incorrect/ unvalidated / uneditted data
entry is not a programming fault
or a bug. The process of removing bugs from a software is termed
as debugging. Virus is the
external threat which is not a malfunction of the software.
However, a bug in the software can
create a virus.
32.3 Sources of Transmissions
Virus or worms are transmitted easily from the internet by
downloading files to computers web
browsers. Other methods of infection occur from files received
though online services, computer
bulletin board systems, local area networks. Viruses can be
placed in various programs, for instance
1. Free Software – software downloaded from the net
2. Pirated software – cheaper than original versions
3. Games software – wide appeal and high chances
4. Email attachments – quick to spread
5. Portable hard and flash drives – employees take disks home
and may work on their own
personal PC, which have not been cleaned or have suitable
anti-viruses installed on them.
32.4 Types of Viruses
Although viruses are of many types, however broad categories
have been identified in accordance
with the damage they cause. Some of these categories have been
stated below
• Boot Sector Viruses
• Overwriting viruses
• Dropper
• Trojans
Boot sector Virus
The boot sector is part of computer which helps it to start up.
If the boot sector is infected, the
virus can be transferred to the operating system and application
software.
Overwriting Viruses
As the name implies, it overwrites every program/software/file
it infects with itself. Hence the
infected file no longer functions.
Dropper
A dropper is a program not a virus. It installs a virus on the
PC while performing another function.
Trojan horse
141
A Trojan horse is a malicious program that is disguised as or
embedded within legitimate software.
They may look useful or interesting (or at the very least
harmless) to an unsuspecting user, but are
actually harmful when executed. Examples are
•
Logic bomb
– Trojan horses are triggered on certain event, e.g. when
disc clean up reaches a
certain level of percentage
•
Time bomb
– Trojan horse is triggered on a certain date.
Virus and worm controls
There are two ways to prevent and detect viruses and worms that
infect computers and network
systems. One category of controls is called management controls
which means by having sound
policies and procedures in place. The other category is called
and technical Controls by technical
means, including antivirus software. Both types complement each
other and are of little benefit and
effect without the other.
32.5 Management procedural controls
Following are various examples of management and procedural
controls.
• Build any system from original,
clean master copies. Boot only from original diskettes whose
write protection has always been in place.
• USB port enabled devices should
not be used until it has been scanned on a stand-alone
machine that is used for no other purpose and is not connected
to the network.
• Antivirus software should update
virus definitions frequently.
• Have vendors run demonstrations
on their personal machines.
• Scan before any new software is
installed, as commercial software occasionally is supplied
with a Trojan horse.
• Insist that field technicians
scan their disks on a test machine before they use any of their
disks on the system.
• Ensure all servers are equipped
with an activated current release of the virus-detection
software.
• Ensure bridge, router and gateway
updates are authentic.
• Exercise an effective back up
plan.
• Educate users so they will heed
these policies and procedures. For example many viruses and
worms today are propagated in the form of e-mail attachments.
• Review antivirus policies and
procedures at least once a year.
• Prepare a virus eradication
procedure and identify a contact person.
32.6 Technical controls
Technical methods of preventing viruses can be implemented
through software. The following
actions can reduce the risk of infection to hardware and
operating systems,
• Use boot virus protection (i-e.,
built-in, firmware-based virus protection).
• Use remote booting, local hard
drive of the system is not used for the boot up process. Use
a hardware-based password.
• Use write-protected tabs on
diskettes.
142
• Ensure insecure protocols are
blocked by the firewall from external segments and the
internet. |
|
|
|
|
|
|