What types of security threat can I be threatened with via networks?

Before the use of the Internet was widespread, the main threat to computer systems came from viruses spread by floppy disks used to move files between different computer systems. A virus program will execute when the program it is attached to is running, or the document it is attached to is opened. A virus program can attach itself to, or infect, other programs or data files. When any infected file is opened, the virus program executes. Virus programs also attack computers, usually triggered by some other event or special data, such as a specific date. They can create havoc on infected computers; they may give unwanted messages or destroy data files or erase the whole hard disk.

Connecting an unprotected computer to the Internet is like leaving the front door of your home wide open. You are giving people with malicious intent easy access. Viruses may be attached to downloaded software or e-mail messages. An e-mail virus may replicate itself by mailing itself to the e-mail addresses in the host computer’s e-mail contacts list.

Spam

Someone can send unwanted e-mails, known as spam, to thousands of e-mail addresses by redirecting the e-mail messages through the SMTP server of an unsuspecting host; this is called SMTP session hijacking. It makes the real originator of the e-mails difficult to trace because the emails seem to come from a legitimate source. They sometimes have attachments with them, often zip files which contain viruses. This is a real belt and braces approach to spreading viruses.


Worm

A worm is a malicious computer program that replicates itself through networks. It uses up computer time and drastically increases network traffic. It may also attack the computers and servers of the networks it moves through. While an unprotected computer is connected to the Internet, someone could connect to it through remote login and then remotely access files, execute programs, or even control the computer remotely.

Trojan

In Greek mythology Odysseus presented a huge wooden horse as a gift to the city of Troy. Once the horse was inside the city walls, the Greek warriors hidden inside emerged and slaughtered the inhabitants of the unsuspecting city. Named after this myth, a Trojan is a malicious payload in a desirable program such as a game or that masquerades as a desirable program. When the desirable program is installed, the Trojan can cause huge damage to a computer’s software or data files. Trojans are also distributed through e-mail attachments.


Phishing

In phishing scams, the attacker e-mails customers of a business pretending it is a legitimate enquiry, but then stores the gathered data to commit fraud or even identity theft. This is also known as social engineering. Many e-mail programs allow the ‘From’ or ‘Reply to’ fields to be set to any address; this aids the phishing scam as the spoof e-mail is easily set up to appear to come from a legitimate source. For example, it may appear that your bank has e-mailed and asked you to confirm your account details and PIN. Another method is to provide a URL in the e-mail which may look legitimate but directs the victim to the phisher’s website. Instead of e-mailing a spoof URL, the phisher may use Trojans containing keyloggers or screen-capture programs.




Pharming

A malicious attacker can change DNS server information that will direct customers to another site rather than the site they intend to access. This is known as pharming.

Spyware

Spyware is a computer program that tracks and records a user’s actions, such as which websites are visited, which a phisher may find useful. Spyware is also known to redirect a user’s browser to unwanted websites or change computer settings.

How can I protect myself from security threats?

How can users protect their computer systems from these attacks? The best line of defence is to run a secure operating system (like Unix) that protects applications from attack. Programmers with malicious intentions exploit software defects. When software producers become aware of a security hole, they produce patches or service packs (programs) to fix the problem. Some programming languages are more prone to coding defects than others. For example, C and C++ are known to be vulnerable to coding defects, whereas Java is more likely to produce robust code. Firewalls, virus detection software and spyware scanners play an important role in protecting low-security operating systems.

Virus Detection

Virus detection software, often called an antivirus scanner, checks files against a dictionary of known viruses. A newly created virus can appear at any time and will remain undetected by the antivirus scanner until it has been added to the dictionary. Computer users must be vigilant and must regularly update the dictionary on their system so that files are checked against all known viruses. If an infected file is found, the antivirus scanner will try to delete the virus from the file. If this fails, the infected file will be quarantined — kept in a separate area of the hard disk where it can’t infect other files. The only way to clean up the system may be to delete the infected file.

Authentication

To verify that a user of a computer system is a legitimate user, it is possible to use passwords, biometric data, security tokens or digital certificates. For example, phishing attacks are possible if the recipient of an e-mail is not aware that the sender is not who they say they are. To authenticate the identity of the sender, the e-mail must be digitally signed. The digital signature must be authenticated through a digital certificate issued by a trusted third party such as a certification authority.

Authorisation

Authorised users of a computer system are given a user ID and a password. Users may be authorised to use certain resources. This is usually done by the system administrator granting permissions to users or groups of users. Passwords and encryption are used to keep data secret from unauthorised persons.

Accounting

It is vital to detect any security breach as soon as possible and to identify any parts that may have been compromised. That is why systems generate activity logs to create audit trails. In the case of Internet access, a system may log every IP address to show what websites have been visited.

Tips to protect yourself ...


What is a firewall and how does it work?

A firewall can be a hardware device or a program that controls traffic between the Internet (WAN) and a private network (such as a school network) or computer system (such as a home computer). Firewalls can be customised and rules can be set up that control which data packets should be allowed through and which should not be allowed through. Traffic can be blocked from specific IP addresses, domain names or port numbers. Firewalls can also be set up to search data packets for exact matches of text.


Most home networks have firewalls embedded in their broadband modem / routers which are configured to protect against most forms of attack by default.


Two important methods that firewalls adopt are packet filtering and proxy server.

Packet filtering

In packet filtering, the firewall analyses the packets that are sent against a set of filters (firewall rules). Packets are either allowed through or blocked.

Proxy server

Using a proxy server, when a user of a private network requests information from the Internet, the proxy server retrieves the information and then passes it on to the requesting computer. This means the computer that hosts the information (web page) does not come into direct contact with the user’s computer, only the proxy server does. Proxy servers act as web filters.

How to I protect the data that I transmit?

Ensuring that data transmissions are secure has been on of the major issues since the internet was born. Encryption techniques are extremely important in ensuring that not only is data only received by the intended recipient but that it has not been tampered with on the way.

There are three area in which we can ensure data is 'secure' ...

Authentication … “Are you who you say you are?”

Is the message from the person who we think sent it or is it from someone pretending to be them?

Confidentiality … “Are you allowed to read the message?”

Clearly, if we are sending private information we only want to let the person who it is intended for the read the message and prevent it being intercepted along the way.

Integrity … “Is the message the same as the one that was sent?”

Is the message we have received the same as the message that was originally sent to me or has it been changed along the way?

All encryption technology is designed to address one or more of these issues as we shall see.

What is encryption?

Encryption has been used for over 2000 years by individuals, organisations, governments and the military. Now that the Internet has become a popular way to communicate and do business, issues of data confidentiality affect many more people.

The main uses of encryption are …

Encryption is the process of using an encryption algorithm and an encryption key to convert message data into a form that is not understandable without the key to decrypt the text. A message before encryption is called plaintext or cleartext. When the message is encrypted, it is called ciphertext. To convert ciphertext back into plaintext, decryption is used. Decryption is the process of using a decryption algorithm and a decryption key to convert ciphertext into the original message data.


Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. The term is derived from the Greek word ‘kryptos’ which means ‘hidden’ or ‘secret’. Cryptography is thought to date back to the Egyptians and their use of hieroglyphics. The actual code or key was only known to a few people.


Cryptanalysis is the act of trying to find the plain text from the ciphertext without the decryption key. The aim of cryptanalysis is to ‘break the code’ - to arrive at the original message by guessing or deducing the key. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers.

Cryptology embraces both cryptography and cryptanalysis.