Introduction Of Virus, warms, intruders, insiders, criminal organizations, cyber terrorist, security attacks, phishing attack and SQL injection?

      Computer Security: The application of hardware, firmware and software security features to a computer system in order to protect against, or prevent, the unauthorized disclosure, manipulation, deletion of information.

It means that-

o   To prevent theft of or damage to the hardware.

o   To prevent theft of or damage to the information.

o   To prevent disruption of service.

      Information Security: The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.

      Network Security: Protection of networks and their services from unauthorized modification, destruction, or disclosure. It provides assurance the network performs its critical functions correctly and there are no harmful side-effects.



Threats to Security



1.      Viruses :A computer virus is a piece of software that can “infect” other programs by modifying them;

       The modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs.

A computer virus carries in its instructional code the recipe for making perfect copies of itself.

       The typical virus becomes embedded in a program on a computer.

       Then, whenever the infected computer comes into contact with an uninfected piece of software, a fresh copy of the virus passes into the new program.



A computer virus has three parts:



(i)                 Infection mechanism:

       The means by which a virus spreads, enabling it to replicate.

       The mechanism is also referred to as the infection vector.

(ii)               Trigger:

       The event or condition that determines when the payload is activated or delivered.

(iii)             Payload:

      What the virus does, besides spreading.

       The payload may involve damage or may involve benign but noticeable activity.



During its lifetime, a typical virus goes through the following four phases:

(i)                 Dormant phase:

      The virus is idle.

       The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit.

       Not all viruses have this stage.

       

(ii)               Propagation phase:

      The virus places an identical copy of itself into other programs or into certain system areas on the disk.

       Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.



(iii)             Triggering phase:

      The virus is activated to perform the function for which it was intended.

       As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.

(iv)             Execution phase:

      The function is performed.

       The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.

Most viruses carry out their work in a manner that is specific to a particular operating system and, in some cases, specific to a particular hardware platform.

       Thus, they are designed to take advantage of the details and weaknesses of particular systems.



2.      Worm :It is a program that can replicate itself and send copies from computer to computer across network connections.

       Upon arrival, the worm may be activated to replicate and propagate again.

In addition to propagation, the worm usually performs some unwanted function.

       An e-mail virus has some of the characteristics of a worm because it propagates itself from system to system.

       However, we can still classify it as a virus because it uses a document modified to contain viral macro content and requires human action.

A worm actively seeks out more machines to infect and each machine that is infected serves as an automated launching pad for attacks onother machines.



3.      Intruders:An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. In summary, this person attempts to violate Security by interfering with system Availability, data Integrity or data Confidentiality.



      Three main classes of intruders:

i.                    Masquerader:

      An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

ii.                  Misfeasor:

      A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges



iii.                Clandestine user:

      An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection



4.      Insiders :

§  An Insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

§  The threat may involve fraud, the theft of confidential or commercially valuable information.

§  Insiders are more dangerous than outside intruders.

§  They have the access and knowledge necessary to cause immediate damage to an organization.

  • Most security is designed to protect against outside intruders and thus lies at the boundary between the organization and the rest of the world.
  • Besides employees, insiders also include a number of other individuals who have physical access to facilities.
6.      Terrorists and Information warfare:



§  Many countries have already developed a capability to conduct information warfare.

§  Information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or business adversaries.”

§  Terrorist organizations can also accomplish information warfare.

§  A cyber-terrorist is a criminal who uses computer technology and the internet, especially to cause fear and disruption. Some cyber-terrorists spread computer viruses and others threaten people electronically.

§  Terrorist organizations are highly structured threats that:-

o   Are willing to conduct long-term operations.

o   Have tremendous financial support.

o   Have a large and organized group of attackers.\
 

 Criminal Organizations :

§  Criminal organizations are terms which categorise transnational, national, or local groupings of highly centralized enterprises run by criminals, who intend to engage in illegal activity, most commonly for monetary profit. Some criminal organizations, such as terrorist organizations, are politically motivated. Sometimes criminal organizations force people to do business with them, as when a gang extorts money from shopkeepers for so-called "protection". Gangs may become disciplined enough to be considered organized. An organized gang or criminal set can also be referred to as a mob.
§  Other organizations—including states, militaries, police forces, and corporations—may sometimes use organized crime methods to conduct their business, but their powers derive from their status as formal social institutions.
§  A difference between criminal groups and the “average” hacker is the level of organization that criminal elements may employ in their attack.
 

Security basics:



      Three key objectives are at the heart of computer security

     Confidentiality

     Integrity

     Availability


Confidentiality: Covering two related concepts:

— Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals

—Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed



Integrity: Also covers two related concepts:

—Data integrity: Assures that information and programs are changed only in a specified and authorized manner

—System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system



Availability: Assures that systems work promptly and service is not denied to authorized users




Authenticity:

      The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

      This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

Accountability:

      The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

       This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.





Ø  PHISHING ATTACK:-

·         This type of attack use social engineering techniques to steal confidential information - the most common purpose of such attack targets victim's banking account details and credentials.

·         Phishing attacks tend to use schemes involving spoofed emails send to users that lead them to malware infected websites designed to appear as real on-line banking websites.

·         Emails received by users in most cases will look authentic sent from sources known to the user (very often with appropriate company logo and localised information) - those emails will contain a direct request to verify some account information, credentials or credit card numbers by following the provided link and confirming the information on-line.

·         The request will be accompanied by a threat that the account may become disabled or suspended if the mentioned details are not being verified by the user.

Summary-

·         In the hacker creates a fake web site that looks exactly like a popular site. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site.

·         When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.



Types of Phishing Attacks



1. Social Phishing - in the recent years Phishing techniques evolved much to include as well social media like Facebook or Tweeter - this type of Phishing is often called Social Phishing. 



2. Spear Phishing Attack - this is a type of Phishing attack targeted at specific individuals, groups of individuals or companies. Spear Phishing attacks are performed mostly with primary purpose of industrial espionage and theft of sensitive information while ordinary Phishing attacks are directed against wide public with intent of financial fraud.


                                        

Ø  SQL Injection

·         The point of the hack is not just to get information from the target site. Depending on the intention of the malicious hooligans attacking you, it can include to bypass logins, to access data as in the Yahoo! case, to modify the content of a website as when hackers replace the website with a new front page, or simply shutting down the server.

·         Step one of the attack is to scan sited to see if a vulnerability exists. Believe it or not, a hackers best friend is Google. Employing Google Dork, a hacker is able to search for vulnerabilities using Google tricks.

·         After a site is identified a hacker will attempt to gain a foothold and search for files containing usernames and directories that are known to contain sensitive data. 

·         The attack is opportunistic and does not take a lot of research or a large team to pull off.

·         SQL injection is the actual injection of SQL commands into web applications through user input fields.

·         When an application uses internal SQL commands and you also have user input capabilities (like a login screen), SQL commands can be injected that can create, read, update, or delete any data available to the application.





SQL Injection Prevention

You can put tight constraints on user inputs. But the best method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. Instead use stored or canned procedures. 

And then again, run a scan to make sure your application is not vulnerable to SQL injections.

Post a Comment

2 Comments