|
» |
What is computer
security? |
| |
|
| |
Computer security is the process of
preventing and detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized users (also
known as "intruders") from accessing any part of your computer
system. Detection helps you to determine whether or not
someone attempted to break into your system, if they were
successful, and what they may have done |
| |
|
|
» |
Why should you
care about computer security? |
| |
We use computers for everything from
banking and investing to shopping and communicating with
others through email or chat programs. Although you may not
consider your communications "top secret," you probably do not
want strangers reading your email, using your computer to
attack other systems, sending forged email from your computer,
or examining personal information stored on your computer
(such as financial statements). |
| |
|
|
» |
Who would want to break into your
computer? |
| |
|
| |
Intruders (also
referred to as hackers, attackers or crackers) may not care
about your identity. Often they want to gain control of your
computer so they can use it to launch attacks on other
computer systems.
Having control of your
computer gives them the ability to hide their true location as
they launch attacks, often against high-profile computer
systems such as government or financial systems. Even if you
have a computer connected to the Internet only to play the
latest games or to send email to friends and family, your
computer may be a target.
Intruders may be able to
watch all your actions on the computer, or cause damage to
your computer by reformatting your hard drive or changing your
data. |
| |
|
|
» |
How easy is it to break into your
computer? |
| |
Unfortunately,
intruders are always discovering new vulnerabilities
(informally called "holes") to exploit in computer software.
The complexity of software makes it increasingly difficult to
thoroughly test the security of computer systems.
When holes are
discovered, computer vendors will usually develop patches to
address the problem(s). However, it is up to you, the user, to
obtain and install the patches, or correctly configure the
software to operate more securely. Most of the incident
reports of computer break-ins received at WorldLink could have
been prevented if system administrators and users kept their
computers up-to-date with patches and security
fixes.
Also, some software
applications have default settings that allow other users to
access your computer unless you change the settings to be more
secure. Examples include chat programs that let outsiders
execute commands on your computer or web browsers that could
allow someone to place harmful programs on your computer that
run when you click on them. |
| |
|
|
» |
Risk Factors |
| |
|
| |
i)
Email Spoofing: Email “spoofing” is when an email
message appears to have originated from one source when it
actually was sent from another source. Email spoofing is often
an attempt to trick the user into making a damaging statement
or releasing sensitive information (such as
passwords).
Spoofed email can range
from harmless pranks to social engineering ploys. Examples of
the latter include:
•email claiming to be
from a system administrator requesting users to change their
passwords to a specified string and threatening to suspend
their account if they do not comply
•email claiming to be
from a person in authority requesting users to send them a
copy of a password file or other sensitive
information |
| |
|
| |
ii) Email-borne
Viruses: Viruses and other types of malicious code
are often spread as attachments to email messages. Before
opening any attachments, be sure you know the source of the
attachment. It is not enough that the mail originated from an
address you recognize. The Melissa virus (see References)
spread precisely because it originated from a familiar
address. Also, malicious code might be distributed in amusing
or enticing programs.
Never run a program unless you know it
to be authored by a person or company that you trust. Also,
don't send programs of unknown origin to your friends or
coworkers simply because they are amusing -- they might
contain a Trojan horse program. |
| |
|
| |
iii) Hidden file
Extensions: Windows operating systems contain an
option to "Hide file extensions for known file types". The
option is enabled by default, but a user may choose to disable
this option in order to have file extensions displayed by
Windows. Multiple email-borne viruses are known to exploit
hidden file extensions. The first major attack that took
advantage of a hidden file extension was the VBS/LoveLetter
worm which contained an email attachment named
"LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs have
since incorporated similar naming schemes. Examples
include:
* Downloader (MySis.avi.exe or
QuickFlick.mpg.exe)
* VBS/Timofonica
(TIMOFONICA.TXT.vbs)
* VBS/CoolNote
(COOL_NOTEPAD_DEMO.TXT.vbs)
* VBS/OnTheFly
(AnnaKournikova.jpg.vbs)
The files attached to the email
messages sent by these viruses may appear to be harmless text
(.txt), MPEG (.mpg), AVI (.avi) or other file types when in
fact the file is a malicious script or executable (.vbs or
.exe, for example). |
| |
|
| |
iv) Unprotected Windows Shares: Unprotected
Windows networking shares can be exploited by intruders in an
automated way to place tools on large numbers of Windows-based
computers attached to the Internet. Because site security on
the Internet is interdependent, a compromised computer not
only creates problems for the computer's owner, but it is also
a threat to other sites on the Internet. The greater immediate
risk to the Internet community is the potentially large number
of computers attached to the Internet with unprotected Windows
networking shares combined with distributed attack
tools.
Another threat includes
malicious and destructive code, such as viruses or worms,
which leverage unprotected Windows networking shares to
propagate. There is great potential for the emergence of other
intruder tools that leverage unprotected Windows networking
shares on a widespread basis. |
| |
|
| |
v) Denial of
Service: Another form of attack is called a
denial-of-service (DoS) attack. This type of attack causes
your computer to crash or to become so busy processing data
that you are unable to use it. In most cases, the latest
patches will prevent the attack. It is important to note that
in addition to being the target of a DoS attack, it is
possible for your computer to be used as a participant in a
denial-of-service attack on another system. |
| |
|
| |
vi) Chat Clients: Internet chat applications,
such as instant messaging applications and Internet Relay Chat
(IRC) networks, provide a mechanism for information to be
transmitted bi-directionally between computers on the
Internet. Chat clients provide groups of individuals with the
means to exchange dialog, web URLs, and in many cases, files
of any type.
Because many chat clients
allow for the exchange of executable code, they present risks
similar to those of email clients. As with email clients, care
should be taken to limit the chat client’s ability to execute
downloaded files. As always, you should be wary of exchanging
files with unknown parties. |
| |
|
|
» |
Actions
users can take to protect their computer
systems |
| |
|
| |
i) Use virus
protection software: We
recommend the use of anti-virus software on all
Internet-connected computers. Be sure to keep your anti-virus
software up-to-date. Many anti-virus packages support
automatic updates of virus definitions. We recommend the use
of these automatic updates when available. |
| |
|
| |
ii) Use a
firewall: We strongly recommend the use of some type
of firewall product, such as a network appliance or a personal
firewall software package. Intruders are constantly scanning
home user systems for known vulnerabilities. Network firewalls
(whether software or hardware-based) can provide some degree
of protection against these attacks. However, no firewall can
detect or stop all attacks, so it’s not sufficient to install
a firewall and then ignore all other security
measures. |
| |
|
| |
iii) Don’t open unknown email
attachments:Before opening any email attachments, be
sure you know the source of the attachment. It is not enough
that the mail originated from an address you recognize. The
Melissa virus spread precisely because it originated from a
familiar address. Malicious code might be distributed in
amusing or enticing programs.
If you must open an
attachment before you can verify the source, we suggest the
following procedure:
1. make sure your virus
definitions are up-to-date (see "Use virus
protection software" above)
2. save the file to your
hard disk
3. scan the file using your antivirus
software
4. open the file
For additional
protection, you can disconnect your computer's network
connection before opening the file. Following these steps will
reduce, but not wholly eliminate, the chance that any
malicious code contained in the attachment might spread from
your computer to others. |
| |
|
| |
iv) Don’t run
programs of unknown origin: Never run a program
unless you know it to be authored by a person or company that
you trust. Also, don't send programs of unknown origin to your
friends or coworkers simply because they are amusing -- they
might contain a Trojan horse program. |
| |
|
| |
v)Keep all applications (including your
operating system) patched: Vendors will usually release patches for their
software when a vulnerability has been discovered. Most
product documentation offers a method to get updates and
patches. You should be able to obtain updates from the
vendor's web site. Read the manuals or browse the vendor's web
site for more information.
Some applications will
automatically check for available updates, and many vendors
offer automatic notification of updates via a mailing list.
Look on your vendor's web site for information about automatic
notification. If no mailing list or other automated
notification mechanism is offered you may need to check
periodically for updates. |
| |
|
| |
vi) Make
regular backups of critical data: Keep a copy of
important files on removable media such as ZIP disks or
recordable CD-ROM disks (CD-R or CD-RW disks). Use software
backup tools if available, and store the backup disks
somewhere away from the computer. |
| |
|
| |
vii) Disable
scripting features in email programs: Because many
email programs use the same code as web browsers to display
HTML, vulnerabilities that affect ActiveX, Java, and
JavaScript are often applicable to email as well as web pages.
Therefore, in addition to disabling scripting features in web
browsers (see "Disable Java, JavaScript, and ActiveX if
possible", above), we recommend that users also disable these
features in their email programs. |
| |
|
| |
viii) Turn off
your computer or disconnect from the network when not in
use: Turn off your computer or disconnect its
Ethernet interface when you are not using it. An intruder
cannot attack your computer if it is powered off or otherwise
completely disconnected from the network. |
| |
|
| |
|
| |
