<Previous Lesson

Information Systems

Next Lesson>


Antivirus software

Antivirus software

Use of antivirus software is another very important technical control against the spread of virus.

33.1 Scanners
They scan the operating system and application soft ware for any virus based on the viruses they
contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the
virus and are called signatures. These signatures are available in virus definitions. Every scanner
contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of
virus. The scanner checks or scans the operating system and other application soft wares installed
on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns
contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.

33.2 Active monitors

This software serves the concurrent monitoring as the system is being used. They act as a guard
against viruses while the operating system is performing various functions e.g connected to
internet, transferring data, etc. It blocks a virus to access the specific portions to which only the
operating system has the authorized access. Active monitors can be problem some because they
can not distinguish between a user request and a program or a virus request. As a result, users are
asked to confirm actions, including formatting a disk or deleting a file or a set of files.

33.3 Behavior blockers

Focus on detecting potentially abnormal behavior in function of operating system or request made
by application software. Focus on detecting potentially abnormal behavior in function of operating
system or request made by application software, such as writing to the boot sector, or the master
boot record, or making change to executable files. Blockers can potentially detect a virus at an early
stage. Most hardware-based antivirus mechanisms are based on this concept.

33.4 Logical intrusion

The skills needed to exploit logical exposures are more technical and complex as compared to
physical exposures. Generally a similar term used in relation to logical intrusion is hacking.
In the 1990’s dotcom boom encouraged many organizations to use internet for executing
transactions. Initially internet used was more oriented to providing information to the general
public. With the enhanced focus of the organizations to reduce operational costs, and increase
sales, the use of internet started increasing.
Today many commercial transactions can be performed on internet. Whether we are looking at
retail sales, booking airline tickets, banking, property management, staff management, shipping or
host of other applications, the whole world is trading and managing goods and services via web
based systems. This not only helped organizations to earn higher volumes of dollars, but also
exposed to un desirable threats. Customers and criminals are finding it convenient to have an
access to the information system of the organization.
Organizations presuppose that an online system is inherently safer than a high-street store. For
instance, A couple of guys walk up to the counter of a pharmacy at 2 a.m. in the morning, show a
knife and ask for money in the cash register and they walk away with the cash. Compare above
situation with this one. Two guys walk into the online store of a retail seller through a BACK
DOOR (A hole in the security of a system deliberately left in place by designers or maintainers.
They Access the database and steal the credit information of all the customers. There is no video,
no witness and no record. Neither of the above mentioned scenarios is rare. Intrusion into the
information system is simply not restricted through the internet. Intrusion can be made through
LAN or by actually sitting on the targeted terminal or computer. A person making an intrusion is
generally termed as intruder. However, he can be classified according to the way he operates.
Possible perpetrators include:

A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain
un authorized entry to a computer system by circumventing the system’s access controls. Hackers
are normally skilled programmers, and have been known to crack system passwords, with quite an
ease. Initially hackers used to aim at simply copying the desired information from the system. But
now the trend has been to corrupt the desired information.

This refers to individuals using their skills to forward a political agenda, possibly breaking the law
in the process, but justifying their actions for political reasons.

There are hackers who are more malicious in nature whose primary purpose or intent is to commit
a crime through their actions for some level of personal gain or satisfaction. The terms hack and
crack are often used interchangeably.
Its very common for hackers to misuse passwords and Personal identification number, in order to
gain unauthorized access.

“Password is the secret character string that is required to log onto a computer system, thus
preventing unauthorized persons from obtaining access to the computer. Computer users may
password-protect their files in some systems.”

Misuse of passwords
A very simple form of hacking occurs when the password of the terminal under the use of a
particular employee is exposed or become commonly known. In such a situation access to the
entire information system can be made through that terminal by using the password. The extent of
access available to an intruder in this case depends on the privilege rights available to the user.

33.5 Best Password practices

Keep the password secret – do not reveal it to anyone
Do not write it down – if it is complex, people prefer to save it in their cell phone memory, or
write on a piece of paper, both of these are not preferred practices.
Changing password regularly – Passwords should be associated with users not machines.
Password generation program can also be used for this purpose.
Be discreet – it is easy for the onlookers to see which keys are being used, care should be taken
while entering the password.
Do not use obvious password – best approach is to use a combination of letters, numbers,
upper case and lower case. Change passes word immediately if you suspect that anyone else
knows it.
A personal identification number (PIN) is a secret shared between a user and a system that can be
used to authenticate the user to the system. Typically, the user is required to provide a nonconfidential
user identifier or token (such as an debit card) and a confidential PIN to gain access to
the system. Upon receiving the User ID and PIN, the system looks up the PIN based upon the
User ID and compares the looked-up PIN with the received PIN. If they match, then the user is
granted access. If they do not match, then the user is not granted access. PIN’s are most often
used for ATMs. They are also sometimes used for online systems instead of alphanumeric
passwords, which may compromise security.
If the organization is linked to an external network, persons outside the company may be able to
get into the company’s internal network either to steal data or to damage the system. System can
have fire walls, which disable part of the telecoms technology to prevent unwelcome intrusions
into the company but a determined hacker may be able to bypass even these.

33.6 Firewall

Firewall is the primary method for keeping a computer secure from intruders. A firewall allows or
blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to
give users secure access to the Internet as well as to separate a company's public Web server from
its internal network. Firewalls are also used to keep internal network segments secure; for example,
the accounting network might be vulnerable to snooping from within the enterprise. In the home,
a personal firewall typically comes with or is installed in the user's computer. Personal firewalls may
also detect outbound traffic to guard against spy ware, which could be sending your surfing habits
to a Web site. They alert you when software makes an outbound request for the first time. In the
organization, a firewall can be a stand-alone machine or software in a server. It can be as simple as
a single server or it may comprise a combination of servers each performing some type of firewall

<Previous Lesson

Information Systems

Next Lesson>


Lesson Plan


Go to Top

Next Lesson
Previous Lesson
Lesson Plan
Go to Top