Esecurity Report
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Esecurity Report as PDF for free.
More details
- Words: 4,457
- Pages: 23
A report on
e
Security By
Mr. Gaurav V. Choudhari Mr. Nilesh N. Pethkar Mr. Sameer S. Thombare
Under the Guidance of
Prof. M.H. Bade
SARDAR PATEL COLLEGE OF ENGINEERING Munshi Nagar, Andheri (W) 400 058.
Content 1) About e Security………………………………………………………………………………..1 2) Threats i)
Hackers/Crackers………………………………………………………………..1
ii)
Virus………………………………………………………………………………….2
iii)
Worms……………………………………………………………………………….3
iv)
Trojan Horses…………………………………………………………………….3
v)
Spywares…………………………………………………………………………..5
vi)
Adware………………………………………………………………………………6
vii)
Denial of service (DOS)……………………………………………………….7
3) Solutions i)
Firewall……………………………………………………………………………..8
ii)
Password Protection………………………………………………………….10
iii)
Monitoring………………………………………………………………………..11
iv)
Virus protection…………………………………………………………………12
4) Case Studies i)
Five million Visa and MasterCard accounts hacked……………….14
ii)
MS hacked once, twice, three, FOUR times………………………….18
Internet Security Essentials Top 10 Internet Security Tips
_______________________________e-SECURITY
About e-Security
Few issues are more fundamental to the success of an online business than knowing that those who access its information and other resources are who they say they are, and that they can be trusted. Without such trust few companies, if any, would be prepared to share their resources with others, undermining the whole eCommerce concept. Before understanding e-security, it is essential to know what the threats are! So let’s look at the threats to an e-Business.
Threats
Following are the main threats to a networkHackers/Crackers Denial of Service (DoS) Viruses Worms Trojan Horses Spy wares/Ad wares Now let’s look at them one by one.
Hackers/Crackers/Cracker A hacker or cracker is someone who breaks into someone else’s computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. But there is a fundamental difference between a hacker and a cracker! A hacker can do this for profit, maliciously, or because the challenge is there, but he doesn’t! On the other hand, a cracker does all this for malicious purpose only.
1
_______________________________e-SECURITY Hackers, for some altruistic purpose or cause, generally do breaking-andentering apparently to point out weaknesses in a site’s security system. But what is at stake? DATA! In this world of Information technology, Data – of any kind can be used or misused by other firms. A cracker can steal the data and sell out to other competitors or even defame the firm by disclosing the dark secrets of the firm. There have been millions of attacks by hackers on websites/networks of renowned firms. We will go through a case study later on.
Virus A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is usually designed so that it is automatically spread to other computer users. Viruses can be transmitted as attachments to an e-mail, as downloads, or be present on a diskette or CD. The source of the e-mail, downloaded file, or diskette you’ve received is often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are playful in intent and effect (e.g. “Happy Birthday”) and some can be devastating (e.g. “W32.Blackmal.E”), erasing data or causing your hard disk to require reformatting. Generally, there are three main classes of viruses: 1. File infectors: - Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an e-mail. e.g. W32.Blackmal.E 2. System or boot-record infectors: - These viruses infect executable code found in certain system areas on a hard disk called the boot sector. A typical scenario is to receive a diskette from an innocent source that contains a boot disk virus.
2
_______________________________e-SECURITY When your operating system is running, files on the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk. e.g. Exe_Bug.C, Kampana. 3. Macro viruses: - These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Office application and typically insert unwanted words or phrases.
Worms A ‘worm’ is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. e.g. W32.Sober.X@mm
Trojan Horses ‘Trojan Horse’ is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek
3
_______________________________e-SECURITY soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The six main types of Trojan horses are: 1. Remote Access Trojans Abbreviated as RATs, a Remote Access Trojan is one of six major types of Trojan horse designed to provide the attacker with complete control of the victim's system. Attackers usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. e.g.
X97M.Sugar. 2. Data Sending Trojans A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contacts lists. These Trojans can look for specific pre-defined data (e.g., just credit card information or passwords), or they could install a key logger
and
send
all
recorded
keystrokes
back
to
the
attacker.
e.g.
Trojan.Lornuke 3. Destructive Trojans A type of Trojan horse designed to destroy and delete files, and is more like a virus than any other Trojan. It can often go undetected by antivirus software. e.g. Sadcase.Trojan 4. Proxy Trojans A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to do everything from your computer, including the possibility of conducting credit card fraud and other illegal activities, or even to use your system to launch malicious attacks against other networks. e.g. Backdoor.Migmaf
4
_______________________________e-SECURITY
5. FTP Trojans A type of Trojan horse designed to open port 21 (the port for FTP transfer) and lets the attacker connect to your computer using File Transfer Protocol (FTP). e.g. Trojan.Haradong 6. Security software disabler Trojans A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload. e.g. Trojan.Disabler
Spywares Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.
5
_______________________________e-SECURITY Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-toread legal disclaimers. e.g. Spyware.NiceSpy
Adware A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns. Software that is given to the user with advertisements already embedded in the application. e.g. Adware.Bonzi
6
_______________________________e-SECURITY
Denial of service (DOS): There have been an increasing number of well publicized attacks of this kind recently. In February 2000 alone, Yahoo, CNN Interactive, Amazon.com, eBay and other Internet giants fell victim to distributed denial of service attacks. During a DOS a company’s network is flooded with so much network traffic that legitimate traffic is prevented from traversing the network. Eventually the servers shut down under the overload. Distributed denial of service attack tools like ‘Stacheldraht’ are making it ever easier for outsiders and insiders to mount attacks. Companies cannot afford to have their systems shut down, given the impact that this has on customer loyalty. Customers are increasingly spoilt for choice on the Internet, so a site that is not available immediately will soon be abandoned in favor of an equivalent one. Not having its site available can have a very lasting impact on a business.
7
_______________________________e-SECURITY
Solutions Up till we have discussed the security threats to a network. Now let’s see the security solutions.
Firewall If you have been using the Internet for any length of time, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." If you have a fast Internet connection into your home (either a DSL connection or a cable modem); you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
8
_______________________________e-SECURITY
What It Does? A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.
9
_______________________________e-SECURITY Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Password protection Password protection is something that is relevant to everyone in an organization. If these rules are set from the beginning, this will make things much easier later on: A registration and enrollment process should be in place to ensure that only authorized users get access at the start. All new accounts should be given initial passwords that are set by administrators. These and new passwords should expire at first use, the user can then specify their own password.
10
_______________________________e-SECURITY Passwords should be alpha numeric with at least 7 characters. Tell new users that this is the rule and that there are no exceptions. The maximum length of time between setting a password and its expiry is 60 days. Invalid user attempts shall be set to a maximum of 6. Session timeouts should be implemented. Session timeouts is the process of allowing an accurate appropriate amount of time for the users to perform their transactions and receive results without compromising security. As a general guideline, a user session should timeout after approximately 15 minutes of inactivity. Default accounts, such as visitor access for contract workers, should be given a good password and disabled when not in use. Passwords should not be sent over net as a text; they should be encrypted before sending the form to and from server. As well they should be subjected to encryption while storing in database at server site.
Monitoring With the program implemented, you must ensure that security is made an integral part of day-to-day activities. Security must be a considered element to all system upgrades, such as when new software is installed or when more computers are added to your network. All too often, new additions to systems are not made secure. ‘Monitoring’ tries to identify potential and actual security problems, before they become issues that could cost your company time and money. When a security issue is identified, you should have procedures in place to stop further intrusion, limit disruption, save evidence and prevent the incident from
11
_______________________________e-SECURITY happening again. Believe it or not, the first thing you should NOT do is turn off the computer by doing so you may damage evidence. A periodic scan of data bases for obsolete and/or sensitive data. If such data exists, it should be deleted from the system to prevent a security risk. A periodic security review of the web site and related servers. Systems should have the ability to generate simple network management protocol alerts i.e. tell you when something is wrong, examples include warning notes and help options. Automated monitoring of network vulnerabilities should be researched and, if appropriate, used. Keep logs of important systems, covering security alerts and system utilization to detect memory leaks or excessive usage. Keep logs to identify a standard usage baseline to determine user work habits, such as how often and how long users or customers use your systems. Conduct regular security system reviews preferably using an independent third party.
Virus Protection The objective of an anti-virus policy is to address the risk of malicious code (e.g. Viruses, Trojan horses, Spy wares/ Ad wares, worms etc.) being introduced into the company’s networks. Nearly all companies use virus-Scanning software. This software does not make any computer network completely safe. New viruses are constantly being developed. The only way to stay informed of new viruses and anti-virus upgrades is to keep reading the security web sites, articles and publications such as SANS, Microsoft (www.microsoft.com) and IBM
12
_______________________________e-SECURITY (www.ibm.com). If upgrades to virus scanning software are released, do not waste time; upgrade your systems immediately! Companies are now buying Anti-Virus software solutions that allow real time upgrading of systems with anti-virus patches. The anti virus software is stored on a network server and, periodically, the software automatically initiates a connection via the Internet to the anti-virus software website. The software then automatically downloads any new patches from the Internet and applies these patches across the network. Obviously, this functionality may be limited by the fact that the network system might only have limited access to the Internet. But if Internet access is 24x7, then anti virus control may be 24x7 also. Examples of this type of software are McAfee, Symantec, FSecure and Trend. Key policies should include the following: A Virus Scanning Procedure that is documented and published to all users All desktops and laptops in the system should contain virus-scanning software. All Internet e-mail gateways and web proxies into the network should use virus-scanning software. Documenting the process of what to do when an intrusion is detected or a virus is identified. All source/destination addresses and high level content information should be logged for all Internet gateway devices. A log review procedure to be documented and followed for each Internet gateway device. System administrators or users immediately should be alerted to viruses. Infected files should be deleted or quarantined. Anti-virus software on all installations should be updated at least monthly, or better still should be updated automatically as mentioned above.
13
_______________________________e-SECURITY
Case studies 40 million Visa and MasterCard accounts hacked May 2005
Over forty million Visa and two million MasterCard accounts in the US have been accessed by unauthorized individuals, after the computer system of a company which processes credit card transactions on behalf of the merchants was hacked into. The data breach at CardSystems Solutions, the latest in a growing list of data leaks involving scams and absent-minded workers, is believed to be the largest to date. It happened when intruders exploited software security vulnerabilities. Nearly 70,000 MasterCard account numbers were especially at risk because they were kept in a file exported from CardSystems' database. MasterCard's security team discovered abnormal usage patterns on certain cards after fraud monitoring systems received picked up on the clues. The probe also found that the Atlanta-based payment processor did not meet MasterCard's security regulations. CardSystems should not have held onto MasterCard's records, and later compounded the problem by storing the transaction data in unencrypted form. This wouldn't have happened if CardSystems was obeying the association rules. It's not necessarily just CardSystems problem. It's really Visa and
14
_______________________________e-SECURITY MasterCard's problem because they put out these rules but they don't enforce them. This does not end here. This is a chain process. The hackers do not use the information themselves, instead the sell the information on Undernet or some IRC’s .
(Shopadmins are hacked online merchants from which crooks can extract fresh customer credit cards as new orders come in.)
The attacks are done as new demand of stolen card numbers comes. What's happening is these guys will steal a credit-card number and then start compiling any information about these individuals that's available. Most people aren't aware that if your credit-card data is stolen from XYZ company, most likely the thieves have also got your address, home phone number, e-mail address and other data that can be used to turn around and get more data, or even open up new lines of credit in your name. Once adequate information is collected, they will check out the cards validity by donating small amount generally $1 to a charity. Once the amount is processed they know for sure that this card owner has not yet detected the theft and now they are ready to use the card number. So what the Firms are doing? As hackers improve their methodology, the firms also have to come up with newer solutions. Both the firms are funding a lot of new advancement around the world. Following are different methods of authentication: Risk Based Secure Token
15
_______________________________e-SECURITY SMS Text Risk-based Authentication Unlike the binary (right or wrong) decision involved in traditional username and password authentication, risk-based authentication is based on a series of observations. It works by analyzing a series of requested and observed customer information, along with data supplied during Internet communications, to assess the probability that a customer interaction is authentic. Risk-based authentication typically uses a combination of techniques, including internet Protocol intelligence, device profiling (sometimes called PC fingerprinting), and stored certificates to assess the authenticity of an online user. Token-based Strong Authentication The most common form of this solution is a small keychain fob (the "token") that displays a six-character password that changes every 60 seconds. This one-time password (OTP) is generated by random number algorithm on a chip in the token, which is synchronized with an OTP server at the bank or a third party. A user must have the token and input the OTP to be authenticated to gain access to the online account. The use of tokens for online consumer banking access seems to be gaining popularity in Europe and in Japan and some other Asian nations. The two most prominent providers of these devices are RSA Security and Vasco. SMS Based Authentication Another interesting approach uses Short Message Service (SMS) messaging for authentication via a registered cellular phone. Typically, when a customer attempts to gain access to an account at a bank that uses this method, the bank sends the cell phone a onetime password in SMS format, which the user enters on a personal computer. Entering the code proves that the device is present and
16
_______________________________e-SECURITY thus authenticates the user. This approach is gaining traction in Australia, France, and Hong Kong and would likely work well in countries with high penetration rates for cell phones.
17
_______________________________e-SECURITY
MS France Hacked! June 2006
Part of Microsoft's French Web site has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor's Web hosting provider.
(Screenshot of hacked http:// experts.microsoft.fr homepage)
The experts.microsoft.fr Web site was defaced Sunday with the word "HACKED!" written across the top, just above a note that attributed the job to a group of Turkish hackers. The hacked sections were quickly taken down, and remained out of operation on Monday morning.
18
_______________________________e-SECURITY The defacement led to rumors that the hackers may have used a new undisclosed vulnerability in the Microsoft's Internet Information Services (IIS) 6.0 Web server. Such an unpatched bug is called a 0day in security industry parlance. Microsoft dismissed these rumors on Monday, saying that the hack was due to a misconfigured Web server. "We're not aware of any 0day in IIS in circulation," said Stephen Toulouse, security program manager with Microsoft's security response center. "If we were, we would be providing guidance on it." Microsoft's public relations agency confirmed, however, that the Microsoft.fr Web site had been hit by a "criminal" attack. "Microsoft's initial investigation points to a mis-configuration of a web server at a third party hosting facility as the most likely cause of the compromise," the company said in a statement. The hack comes at an unfortunate time for Microsoft. Not only has the company been promoting the security features of its upcoming Vista operating system, it is also in the process of developing a new line of security software, called Forefront. Because Microsoft has paid so much attention to security of late, it is unusual to hear of such hacks, said Rich Miller, an analyst with Internet research company Netcraft Ltd. "People are noting it because it's a site that's related to Microsoft," he said.
19
_______________________________e-SECURITY
Internet Security Essentials Top 10 Internet Security Tips
1. Develop a 'culture of security' Businesses need to have Internet security measures in place and make sure staff is aware of, and follow, Internet security practices. 2. Install anti-virus software and keep it updated Anti-virus software scans and removes known viruses your computer may have contracted. It will help protect your computer against viruses, worms and Trojans. 3. Install a firewall to stop unauthorized access to your computer Firewalls work like a security guard to protect your computer from intruders. 4. Protect yourself from harmful emails Be cautious about opening emails from unknown or questionable sources. 5. Minimize spam While it is not possible to completely stop spam from entering your email box, you can take steps to reduce the amount. 6. Back-up your data Create a copy of back-up of data is a sensible way to ensure that you can recover all of your business information from your computer or website quickly and easily.
_______________________________e-SECURITY 7. Develop a system for secure passwords Creating effective passwords can provide an additional means of protecting the information on your computer. 8. Keep your software up-to-date If your software is out of date, you are more vulnerable. 9. Make sure your online banking is secure If you bank online you should follow security advice provided by your financial institution. 10. Develop and maintain a security policy You need to monitor and test security policies.
e
Security By
Mr. Gaurav V. Choudhari Mr. Nilesh N. Pethkar Mr. Sameer S. Thombare
Under the Guidance of
Prof. M.H. Bade
SARDAR PATEL COLLEGE OF ENGINEERING Munshi Nagar, Andheri (W) 400 058.
Content 1) About e Security………………………………………………………………………………..1 2) Threats i)
Hackers/Crackers………………………………………………………………..1
ii)
Virus………………………………………………………………………………….2
iii)
Worms……………………………………………………………………………….3
iv)
Trojan Horses…………………………………………………………………….3
v)
Spywares…………………………………………………………………………..5
vi)
Adware………………………………………………………………………………6
vii)
Denial of service (DOS)……………………………………………………….7
3) Solutions i)
Firewall……………………………………………………………………………..8
ii)
Password Protection………………………………………………………….10
iii)
Monitoring………………………………………………………………………..11
iv)
Virus protection…………………………………………………………………12
4) Case Studies i)
Five million Visa and MasterCard accounts hacked……………….14
ii)
MS hacked once, twice, three, FOUR times………………………….18
Internet Security Essentials Top 10 Internet Security Tips
_______________________________e-SECURITY
About e-Security
Few issues are more fundamental to the success of an online business than knowing that those who access its information and other resources are who they say they are, and that they can be trusted. Without such trust few companies, if any, would be prepared to share their resources with others, undermining the whole eCommerce concept. Before understanding e-security, it is essential to know what the threats are! So let’s look at the threats to an e-Business.
Threats
Following are the main threats to a networkHackers/Crackers Denial of Service (DoS) Viruses Worms Trojan Horses Spy wares/Ad wares Now let’s look at them one by one.
Hackers/Crackers/Cracker A hacker or cracker is someone who breaks into someone else’s computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. But there is a fundamental difference between a hacker and a cracker! A hacker can do this for profit, maliciously, or because the challenge is there, but he doesn’t! On the other hand, a cracker does all this for malicious purpose only.
1
_______________________________e-SECURITY Hackers, for some altruistic purpose or cause, generally do breaking-andentering apparently to point out weaknesses in a site’s security system. But what is at stake? DATA! In this world of Information technology, Data – of any kind can be used or misused by other firms. A cracker can steal the data and sell out to other competitors or even defame the firm by disclosing the dark secrets of the firm. There have been millions of attacks by hackers on websites/networks of renowned firms. We will go through a case study later on.
Virus A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is usually designed so that it is automatically spread to other computer users. Viruses can be transmitted as attachments to an e-mail, as downloads, or be present on a diskette or CD. The source of the e-mail, downloaded file, or diskette you’ve received is often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are playful in intent and effect (e.g. “Happy Birthday”) and some can be devastating (e.g. “W32.Blackmal.E”), erasing data or causing your hard disk to require reformatting. Generally, there are three main classes of viruses: 1. File infectors: - Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an e-mail. e.g. W32.Blackmal.E 2. System or boot-record infectors: - These viruses infect executable code found in certain system areas on a hard disk called the boot sector. A typical scenario is to receive a diskette from an innocent source that contains a boot disk virus.
2
_______________________________e-SECURITY When your operating system is running, files on the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk. e.g. Exe_Bug.C, Kampana. 3. Macro viruses: - These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Office application and typically insert unwanted words or phrases.
Worms A ‘worm’ is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. e.g. W32.Sober.X@mm
Trojan Horses ‘Trojan Horse’ is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek
3
_______________________________e-SECURITY soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The six main types of Trojan horses are: 1. Remote Access Trojans Abbreviated as RATs, a Remote Access Trojan is one of six major types of Trojan horse designed to provide the attacker with complete control of the victim's system. Attackers usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. e.g.
X97M.Sugar. 2. Data Sending Trojans A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contacts lists. These Trojans can look for specific pre-defined data (e.g., just credit card information or passwords), or they could install a key logger
and
send
all
recorded
keystrokes
back
to
the
attacker.
e.g.
Trojan.Lornuke 3. Destructive Trojans A type of Trojan horse designed to destroy and delete files, and is more like a virus than any other Trojan. It can often go undetected by antivirus software. e.g. Sadcase.Trojan 4. Proxy Trojans A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to do everything from your computer, including the possibility of conducting credit card fraud and other illegal activities, or even to use your system to launch malicious attacks against other networks. e.g. Backdoor.Migmaf
4
_______________________________e-SECURITY
5. FTP Trojans A type of Trojan horse designed to open port 21 (the port for FTP transfer) and lets the attacker connect to your computer using File Transfer Protocol (FTP). e.g. Trojan.Haradong 6. Security software disabler Trojans A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload. e.g. Trojan.Disabler
Spywares Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.
5
_______________________________e-SECURITY Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-toread legal disclaimers. e.g. Spyware.NiceSpy
Adware A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns. Software that is given to the user with advertisements already embedded in the application. e.g. Adware.Bonzi
6
_______________________________e-SECURITY
Denial of service (DOS): There have been an increasing number of well publicized attacks of this kind recently. In February 2000 alone, Yahoo, CNN Interactive, Amazon.com, eBay and other Internet giants fell victim to distributed denial of service attacks. During a DOS a company’s network is flooded with so much network traffic that legitimate traffic is prevented from traversing the network. Eventually the servers shut down under the overload. Distributed denial of service attack tools like ‘Stacheldraht’ are making it ever easier for outsiders and insiders to mount attacks. Companies cannot afford to have their systems shut down, given the impact that this has on customer loyalty. Customers are increasingly spoilt for choice on the Internet, so a site that is not available immediately will soon be abandoned in favor of an equivalent one. Not having its site available can have a very lasting impact on a business.
7
_______________________________e-SECURITY
Solutions Up till we have discussed the security threats to a network. Now let’s see the security solutions.
Firewall If you have been using the Internet for any length of time, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." If you have a fast Internet connection into your home (either a DSL connection or a cable modem); you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
8
_______________________________e-SECURITY
What It Does? A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.
9
_______________________________e-SECURITY Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Password protection Password protection is something that is relevant to everyone in an organization. If these rules are set from the beginning, this will make things much easier later on: A registration and enrollment process should be in place to ensure that only authorized users get access at the start. All new accounts should be given initial passwords that are set by administrators. These and new passwords should expire at first use, the user can then specify their own password.
10
_______________________________e-SECURITY Passwords should be alpha numeric with at least 7 characters. Tell new users that this is the rule and that there are no exceptions. The maximum length of time between setting a password and its expiry is 60 days. Invalid user attempts shall be set to a maximum of 6. Session timeouts should be implemented. Session timeouts is the process of allowing an accurate appropriate amount of time for the users to perform their transactions and receive results without compromising security. As a general guideline, a user session should timeout after approximately 15 minutes of inactivity. Default accounts, such as visitor access for contract workers, should be given a good password and disabled when not in use. Passwords should not be sent over net as a text; they should be encrypted before sending the form to and from server. As well they should be subjected to encryption while storing in database at server site.
Monitoring With the program implemented, you must ensure that security is made an integral part of day-to-day activities. Security must be a considered element to all system upgrades, such as when new software is installed or when more computers are added to your network. All too often, new additions to systems are not made secure. ‘Monitoring’ tries to identify potential and actual security problems, before they become issues that could cost your company time and money. When a security issue is identified, you should have procedures in place to stop further intrusion, limit disruption, save evidence and prevent the incident from
11
_______________________________e-SECURITY happening again. Believe it or not, the first thing you should NOT do is turn off the computer by doing so you may damage evidence. A periodic scan of data bases for obsolete and/or sensitive data. If such data exists, it should be deleted from the system to prevent a security risk. A periodic security review of the web site and related servers. Systems should have the ability to generate simple network management protocol alerts i.e. tell you when something is wrong, examples include warning notes and help options. Automated monitoring of network vulnerabilities should be researched and, if appropriate, used. Keep logs of important systems, covering security alerts and system utilization to detect memory leaks or excessive usage. Keep logs to identify a standard usage baseline to determine user work habits, such as how often and how long users or customers use your systems. Conduct regular security system reviews preferably using an independent third party.
Virus Protection The objective of an anti-virus policy is to address the risk of malicious code (e.g. Viruses, Trojan horses, Spy wares/ Ad wares, worms etc.) being introduced into the company’s networks. Nearly all companies use virus-Scanning software. This software does not make any computer network completely safe. New viruses are constantly being developed. The only way to stay informed of new viruses and anti-virus upgrades is to keep reading the security web sites, articles and publications such as SANS, Microsoft (www.microsoft.com) and IBM
12
_______________________________e-SECURITY (www.ibm.com). If upgrades to virus scanning software are released, do not waste time; upgrade your systems immediately! Companies are now buying Anti-Virus software solutions that allow real time upgrading of systems with anti-virus patches. The anti virus software is stored on a network server and, periodically, the software automatically initiates a connection via the Internet to the anti-virus software website. The software then automatically downloads any new patches from the Internet and applies these patches across the network. Obviously, this functionality may be limited by the fact that the network system might only have limited access to the Internet. But if Internet access is 24x7, then anti virus control may be 24x7 also. Examples of this type of software are McAfee, Symantec, FSecure and Trend. Key policies should include the following: A Virus Scanning Procedure that is documented and published to all users All desktops and laptops in the system should contain virus-scanning software. All Internet e-mail gateways and web proxies into the network should use virus-scanning software. Documenting the process of what to do when an intrusion is detected or a virus is identified. All source/destination addresses and high level content information should be logged for all Internet gateway devices. A log review procedure to be documented and followed for each Internet gateway device. System administrators or users immediately should be alerted to viruses. Infected files should be deleted or quarantined. Anti-virus software on all installations should be updated at least monthly, or better still should be updated automatically as mentioned above.
13
_______________________________e-SECURITY
Case studies 40 million Visa and MasterCard accounts hacked May 2005
Over forty million Visa and two million MasterCard accounts in the US have been accessed by unauthorized individuals, after the computer system of a company which processes credit card transactions on behalf of the merchants was hacked into. The data breach at CardSystems Solutions, the latest in a growing list of data leaks involving scams and absent-minded workers, is believed to be the largest to date. It happened when intruders exploited software security vulnerabilities. Nearly 70,000 MasterCard account numbers were especially at risk because they were kept in a file exported from CardSystems' database. MasterCard's security team discovered abnormal usage patterns on certain cards after fraud monitoring systems received picked up on the clues. The probe also found that the Atlanta-based payment processor did not meet MasterCard's security regulations. CardSystems should not have held onto MasterCard's records, and later compounded the problem by storing the transaction data in unencrypted form. This wouldn't have happened if CardSystems was obeying the association rules. It's not necessarily just CardSystems problem. It's really Visa and
14
_______________________________e-SECURITY MasterCard's problem because they put out these rules but they don't enforce them. This does not end here. This is a chain process. The hackers do not use the information themselves, instead the sell the information on Undernet or some IRC’s .
(Shopadmins are hacked online merchants from which crooks can extract fresh customer credit cards as new orders come in.)
The attacks are done as new demand of stolen card numbers comes. What's happening is these guys will steal a credit-card number and then start compiling any information about these individuals that's available. Most people aren't aware that if your credit-card data is stolen from XYZ company, most likely the thieves have also got your address, home phone number, e-mail address and other data that can be used to turn around and get more data, or even open up new lines of credit in your name. Once adequate information is collected, they will check out the cards validity by donating small amount generally $1 to a charity. Once the amount is processed they know for sure that this card owner has not yet detected the theft and now they are ready to use the card number. So what the Firms are doing? As hackers improve their methodology, the firms also have to come up with newer solutions. Both the firms are funding a lot of new advancement around the world. Following are different methods of authentication: Risk Based Secure Token
15
_______________________________e-SECURITY SMS Text Risk-based Authentication Unlike the binary (right or wrong) decision involved in traditional username and password authentication, risk-based authentication is based on a series of observations. It works by analyzing a series of requested and observed customer information, along with data supplied during Internet communications, to assess the probability that a customer interaction is authentic. Risk-based authentication typically uses a combination of techniques, including internet Protocol intelligence, device profiling (sometimes called PC fingerprinting), and stored certificates to assess the authenticity of an online user. Token-based Strong Authentication The most common form of this solution is a small keychain fob (the "token") that displays a six-character password that changes every 60 seconds. This one-time password (OTP) is generated by random number algorithm on a chip in the token, which is synchronized with an OTP server at the bank or a third party. A user must have the token and input the OTP to be authenticated to gain access to the online account. The use of tokens for online consumer banking access seems to be gaining popularity in Europe and in Japan and some other Asian nations. The two most prominent providers of these devices are RSA Security and Vasco. SMS Based Authentication Another interesting approach uses Short Message Service (SMS) messaging for authentication via a registered cellular phone. Typically, when a customer attempts to gain access to an account at a bank that uses this method, the bank sends the cell phone a onetime password in SMS format, which the user enters on a personal computer. Entering the code proves that the device is present and
16
_______________________________e-SECURITY thus authenticates the user. This approach is gaining traction in Australia, France, and Hong Kong and would likely work well in countries with high penetration rates for cell phones.
17
_______________________________e-SECURITY
MS France Hacked! June 2006
Part of Microsoft's French Web site has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor's Web hosting provider.
(Screenshot of hacked http:// experts.microsoft.fr homepage)
The experts.microsoft.fr Web site was defaced Sunday with the word "HACKED!" written across the top, just above a note that attributed the job to a group of Turkish hackers. The hacked sections were quickly taken down, and remained out of operation on Monday morning.
18
_______________________________e-SECURITY The defacement led to rumors that the hackers may have used a new undisclosed vulnerability in the Microsoft's Internet Information Services (IIS) 6.0 Web server. Such an unpatched bug is called a 0day in security industry parlance. Microsoft dismissed these rumors on Monday, saying that the hack was due to a misconfigured Web server. "We're not aware of any 0day in IIS in circulation," said Stephen Toulouse, security program manager with Microsoft's security response center. "If we were, we would be providing guidance on it." Microsoft's public relations agency confirmed, however, that the Microsoft.fr Web site had been hit by a "criminal" attack. "Microsoft's initial investigation points to a mis-configuration of a web server at a third party hosting facility as the most likely cause of the compromise," the company said in a statement. The hack comes at an unfortunate time for Microsoft. Not only has the company been promoting the security features of its upcoming Vista operating system, it is also in the process of developing a new line of security software, called Forefront. Because Microsoft has paid so much attention to security of late, it is unusual to hear of such hacks, said Rich Miller, an analyst with Internet research company Netcraft Ltd. "People are noting it because it's a site that's related to Microsoft," he said.
19
_______________________________e-SECURITY
Internet Security Essentials Top 10 Internet Security Tips
1. Develop a 'culture of security' Businesses need to have Internet security measures in place and make sure staff is aware of, and follow, Internet security practices. 2. Install anti-virus software and keep it updated Anti-virus software scans and removes known viruses your computer may have contracted. It will help protect your computer against viruses, worms and Trojans. 3. Install a firewall to stop unauthorized access to your computer Firewalls work like a security guard to protect your computer from intruders. 4. Protect yourself from harmful emails Be cautious about opening emails from unknown or questionable sources. 5. Minimize spam While it is not possible to completely stop spam from entering your email box, you can take steps to reduce the amount. 6. Back-up your data Create a copy of back-up of data is a sensible way to ensure that you can recover all of your business information from your computer or website quickly and easily.
_______________________________e-SECURITY 7. Develop a system for secure passwords Creating effective passwords can provide an additional means of protecting the information on your computer. 8. Keep your software up-to-date If your software is out of date, you are more vulnerable. 9. Make sure your online banking is secure If you bank online you should follow security advice provided by your financial institution. 10. Develop and maintain a security policy You need to monitor and test security policies.
Related Documents
Esecurity Report
November 2019 4
Microsoft Power Point - Esecurity-200810 Bur
December 2019 5
Report
April 2020 26
Report
July 2020 18