User:RelaxingThought/sandbox

{{multiple issues|refimprove=December 2009|cleanup=December 2008|essay=December 2007}} {{Computer security}} Computer insecurity is the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those that wish to exploit computer systems and those that develop security measures against said exploitation.

History of Computer Security edit

Beginning in the 1950's with the Hierarchical SAGE_(computer) system, networked systems were vulnerable to attack. With the development of ARPA net in the 1960’s through the 1980’s, and the networking of computer systems, the ability for users to access to other computer’s data for intelligence gathering became a problem.[1]

According to Symantec, in 2010 94 percent of organizations polled expect to implement security improvements to their computer systems, with 42 percent claiming cyber security as their top risk.[2]
While organizations are improving their security systems, many types of cyber criminals concurrently find ways to circumvent them. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware infections, denial-of-service attacks, password sniffing, and web site defacements were significantly higher than in the previous two years.[3]

Economic Impact edit

Attacks on exposed business networks can have severe economic consequences. Estimates on total global financial losses to cyber attacks amount to between 300 billion and 1 trillion dollars.[4] Businesses are estimated to spend $65 billion on cyber security between 2013 and 2018.[5] At the same time, Internet based marketplaces for malware and rogue software distribution have merged to counter new security software, with licences being sold between $50 and $75. [6] [7]

Vulnerabilities edit

A vulnerability is a weakness in software allowing an attacker to reduce a systems [information assurance]. Computer security threats can typically be classified into seven categories: Exploits, eavesdropping, social engineering, denial of service, indirect and direct attacks, backdoors, and direct access.

Exploits edit

An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior to occur. This includes gaining control of a computer system, allowing privilege escalation, or a denial of service attack.[8]

The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, vulnerabilities can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs (see "External links" below).

Eavesdropping edit

Eavesdropping is the act of surreptitiously monitoring transmissions between hosts on a network. Eavesdropping software is also known as Spyware, and the act of performing eavesdropping on a computer is known as “sniffing” or “snooping”.[9] Some of the most common types of spyware include cookies and keyloggers. Other eavesdropping programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems operations of internet service providers.[10][11] Even machines that operate as a closed system (i.e., with no link to a network of any kind) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST.[12]

Social engineering and human error edit

A computer system is no more secure than the human responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords (phishing).

Other kinds of social engineering attacks include many kinds of phone scams. A common phone scam involves an attacker calling a random number and impersonating a credit card company, telling the victim that their information has been compromised. If the victim trusts the caller as an actual representative, the attacker will often glean enough information to achieve identity theft. Another way attackers have been observed gathering information is by asking the victim to download software used to allow remote access to their computer. Once the software has been downloaded and executed, the attacker has total control and access of the victim’s computer.[13]

Scare tactics have also been deployed. The most common form of scare tactic used online are pop-ups that display fake security warnings to computer users in an attempt to coax them to click the window. Clicking may redirect the user to a page with fake versions of popular security software. More complex variations involve applications that prompt the user to provide payment information to purchase fake security software. Doing so will simply make the application stop displaying the prompt. These applications are known as Rogue Security Software.[14]

Denial-of-service attack edit

Unlike other exploits, denial of service attacks are Used to render a target system unusable. These types of attack are difficult to prevent, because the behavior of whole networks must constantly be monitored, rather than the behavior of small pieces of code. [15]

Distributed denial of service (DDoS) attacks occur when a large number of compromised hosts (referred to as "zombie computers" or “Smurfs”), are used as part of a botnet. They are then used to flood a target system with network requests, thus rendering it very slow or even unresponsive due to resource exhaustion. Another technique used to exhaust victim resources involves the utilization of an attack amplifier — the attacker gains control of multiple machines via poorly designed networking protocols such as FTP or DNS, using them in a coordinated assault.[16] There are also commonly found vulnerabilities in applications that can be used to make a target application malfunction or crash. This is known as a denial-of-service exploit.[17]

Indirect attacks edit

An indirect attack occurs when a third party computer or software connects to and compromises a secure network. Indirect attacks are very difficult to counter or track, and can take many forms. Common variations include the man-in-the-middle attack, carrier/dropper attack[18] , and storm attacks[19] among others. There have also been cases where attackers took advantage of public anonymity systems, such as the tor onion router system, as well as proxy systems such as the tor onion router to mask internet activity.[20]

Backdoors edit

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.[21] A rootkit is a specialized backdoor program, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.[22] Backdoors may also fake information about disk and memory usage.

Direct access attacks edit

 
Common consumer devices that can be used to transfer data surreptitiously.

Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system. Even then, if the attacker has enough time and the correct software, decryption is still a viable option.[23]

See also: Category:Cryptographic attacks

Security measures edit

A state of perfect computer security is the conceptual ideal, attained by the use of the three processes:

  1. Prevention
  2. Detection
  3. Response
  • User account access controls and cryptography can protect systems files and data, respectively.[24]
  • Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.[25]
  • Intrusion Detection Systems (IDSs) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
  • "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simply disconnecting the Ethernet cable, or an upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.

Today, computer security comprises preventive measures, like firewalls, or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet. It can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel[26]) to provide real time filtering and blocking. Another implementation is a so-called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common among machines that are permanently connected to the Internet.

Reducing vulnerabilities edit

Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove the correctness of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry — see Bruce Schneier et al.

It's also possible to protect messages in transit (i.e., communications) by means of cryptography. One method of encryption — the one-time pad — is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.

In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

Difficulty with response edit

Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult.

  • Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other identity altering procedures which make back-tracing difficult and are often located in yet another jurisdiction. In a successful breach of security, attackers are able to delete activity logs to cover their tracks.
  • The sheer number of attacks happening at any one moment is so large that organizations cannot spend time pursuing each individual attacker. It is often economically unrealistic to track down an attacker if they have not caused damage resulting in a greater cost than it would be to capture the criminal.

See also edit

Lists and categories edit

Individual articles edit

Notes and references edit

  1. ^ Grant, Rebecca. (2013). Old Lessons New Domain. http://www.airforcemag.com/MagazineArchive/Pages/2013/September%202013/0913domain.aspx
  2. ^ Symantec. (2010). State of Enterprise Security 2010.
  3. ^ Richardson, R. (2010). 2009 CSI Computer Crime & Security Survey. Computer Security Institute. Computer Security Institute.
  4. ^ Center for Strategic and International Studies. July 2013. The Economic Impact of Cybercrime and Cyber Espionage. http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf
  5. ^ http://www.marketresearchmedia.com/?p=206
  6. ^ Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance Division. Washington DC: The Library of Congress.
  7. ^ Krebs, B. (2009, March). Massive Profits Fueling Rogue Antivirus Market. Retrieved 4 10, 2011, from Security Fix - Washington Post: http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html
  8. ^ Symantec. What does exploit mean?. http://www.pctools.com/security-news/what-does-exploit-mean/
  9. ^ Microsoft Technet. Common Types of Network Attacks. http://technet.microsoft.com/en-us/library/cc959354.aspx
  10. ^ Dunham, Griffin. (2002). Carnivore, the FBI's E-mail Surveillance System: Devouring Criminals. http://www.repository.law.indiana.edu/fclj/vol54/iss3/7/
  11. ^ http://www.narus.com/solutions/narus-nsystem
  12. ^ Wim van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?, Computers & Security, Volume 4, Issue 4, December 1985, Pages 269-286, ISSN 0167-4048, http://dx.doi.org/10.1016/0167-4048(85)90046-X. (http://www.sciencedirect.com/science/article/pii/016740488590046X)
  13. ^ Landesman, Mary. Your PC is Infected Phone Scam. http://antivirus.about.com/od/emailscams/a/Your-Pc-Is-Infected-Phone-Scam.htm
  14. ^ Symantec. (2009). Report on Rouge Security Software. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-symc_report_on_rogue_security_software_exec_summary_20326021.en-us.pdf
  15. ^ ATLAS net. http://atlas.arbor.net/summary/dos
  16. ^ US-CERT. DNS Amplification Attack. http://www.us-cert.gov/ncas/alerts/TA13-088A
  17. ^ U. Ben-Porat, A. Bremler-Barr, H. Levy, "Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks," IEEE Transactions on Computers, vol. 62, no. 5, pp. 1031-1043, May 2013, doi:10.1109/TC.2012.49. http://www.computer.org/csdl/trans/tc/2013/05/ttc2013051031-abs.html
  18. ^ http://home.mcafee.com/VirusInfo/ThreatSearch.aspx?term=dropper
  19. ^ http://ijcsi.org/papers/IJCSI-8-2-456-460.pdf
  20. ^ Tim Abbott, Katherine Lai, Michael Lieberman, Eric Price . Browser-Based Attacks on Tor. http://www.mit.edu/~ecprice/papers/tor.pdf
  21. ^ Symantec. Backdoor Trojan Viruses. http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99
  22. ^ Colorado University. Rootkit Virus- How to detect and remove. http://wp.natsci.colostate.edu/cnsit/rootkit-virus-how-to-detect-and-remove/
  23. ^ Microsoft White Papers (2008). Database Encryption in SQL. http://technet.microsoft.com/en-us/library/cc278098(v=sql.100).aspx
  24. ^ Microsoft. User Account Control. http://windows.microsoft.com/en-us/windows7/products/features/user-account-control
  25. ^ Northwestern University. (2003, Updated 2009). http://www.it.northwestern.edu/bin/docs/firewall_strategies_wp.pdf
  26. ^ ArchWiki. Firewalls. https://wiki.archlinux.org/index.php/Firewalls))

Further reading edit

  • Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6
  • Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN 0-471-25311-1
  • Cyrus Peikari, Anton Chuvakin: Security Warrior, ISBN 0-596-00545-8
  • Jack Koziol, David Litchfield: The Shellcoder's Handbook: Discovering and Exploiting Security Holes, ISBN 0-7645-4468-3
  • Clifford Stoll: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, an informal — and easily approachable by the non-specialist — account of a real incident (and pattern) of computer insecurity, ISBN 0-7434-1146-3
  • Roger R. Schell: The Internet Rules but the Emperor Has No Clothes ACSAC 1996
  • William Caelli: Relearning "Trusted Systems" in an Age of NIIP: Lessons from the Past for the Future. 2002
  • Noel Davis: Cracked! story of a community network that was cracked and what was done to recover from it 2000
  • Shon Harris, "CISSP All-In-One Study Guide" ISBN 0-07-149787-0
  • Daniel Ventre, "Information Warfare" Wiley - ISTE - 2009 - ISBN 978-1-84821-094-3
  • Daniel Ventre, "La guerre de l'information" - Hermès ISTE - 2007 - 300 pages
  • Daniel Ventre, "Cyberguerre et guerre de l'information. Stratégies, règles, enjeux" - Hermès Lavoisier - 2010
  • Daniel Ventre, "Cyberespace et acteurs du cyberconflit" - Hermès Lavoisier - avril 2011 - 288 pages
  • Daniel Ventre, "Cyberwar and Information Warfare" - Wiley ISTE - July 2011 - 460 pages
  • Daniel Ventre, "Cyberattaque et Cyberdéfense" - Hermès Lavoisier - August 2011 - 336 pages
  • What is Spyware
  • Hacking of Tax Records Has Put States on Guard November 5, 2012

External links edit

Lists of currently known unpatched vulnerabilities edit


Category:Cryptography Insecurity Category:Cyberwarfare