Security

Security

By Nate Durksen, Andrew Fontes, Neal Patel, and Brett Wheeler



Introduction

    Computer security is the protection of computer systems and the data that store or access. A computer is only secured if it behaves as you want it to, and that your data and information is used as you intend. Security is a process, not an end-point. Ricks change, data changes and costs of securing process change.


Virus

    Computer viruses have been around for almost as long as personal computers. By definition, a computer virus is “a self replicating program that spreads by inserting copies of itself into other executable code or documents.” Very much like a real virus, a computer virus alters the code of an existing program to infect it and beings to replicate itself. Often, viruses have different function, such as to delete certain files, or cause various effects on a computer. There are many different types of viruses:
  • Macro viruses: Macro Viruses use commands (macros) embedded in other software to infect and spread to other files viewed by that software. E.g. Word and Excel have macros, and macro viruses can spread by exploiting these commands.
  • Worms: Worms duplicate themselves and use communications such as e-mail to spread. They can look at your e-mail address book and send themselves to users in your address book.
  • File Viruses: File viruses attach themselves to other software. When the software is run, the virus loads itself into memory so that it can further infect other files or begin damaging the computer.
  • Trojan Horses: Trojan Horses are programs that claim to perform a particular function but in fact do something different. E.g. they could infect your computer with a virus or erase your files.
  • Backdoor Trojans: Backdoor Trojans are programs that allow other computer users to remotely control your computer via a local area network or the Internet.
  • Boot Sector Viruses: Boot Sector Viruses are an older type of virus and not so common. They are used to infect a computer's startup program so that the virus would become active as soon as the computer started up.

Firewall

    A firewall can be either software-based or hardware-based and it used to help keep a network secure. The primary objective of a firewall is to control the incoming and outgoing network traffic and analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.


Cyber Security Breaches

The Internet’s First Worm

    In 1988, more than 60,000 computers were connected to the internet. Of these 60,000 only a small percentage were PC’s. The majority of these computers were mainframes, minicomputers, and professional workstations. On November 2, 1988, the computers in question began to slow down. This was caused by a malicious code that was taking up processor time and began to spread itself to other computers. The purpose of this software was to transmit a copy to the machine and run in parallel with existing software and repeat all over again. It was exploiting a flaw in a common e-mail transmission program running on a computer by rewriting it to help itself enter the program. Or it guessed user’s passwords because at the time, most passwords were simply (either the same as the username) or were obviously related to a list of 432 common passwords tested at each computer. The malicious code was traced back to a 23 year old Cornell University graduate student Robert Tappan Morris, Jr. His motive was to see how many computers were connected to the internet. His explanation was verified by his code, but it was buggy nonetheless.

Heartland Payment Systems (2009)

    In what has been called the largest credit card crime of all time, in 2009, Heartland Payment Systems announced that hackers had broken into the computers it uses to process about 100 million transactions each month for 175,000 merchants. Heartland, which is based in Princeton, New Jersey, processes card payments for restaurants and other businesses. The hack was uncovered in January, after Visa and MasterCard notified Heartland about suspicious transactions. In August 2009, three men were indicted by a grand jury on charges related to masterminding a scheme to steal more than 130 million credit and debit card numbers and personally identifying information from Heartland, 7-Eleven Inc. and other companies. Last month, Heartland agreed to pay MasterCard issuers $41.4 million to settle claims over the data breach, according to The Associated Press. In order for the deal to go through, 80 percent of MasterCard issuers who filed claimed must accept the settlement by June 25.

TJX Companies (2007)

    Though it is now eclipsed by the Heartland hack, a massive intrusion on TJX Company Inc.'s systems a few years earlier is significant because it was one of the first to show just how vulnerable retailers were. TJX Companies include T.J. Maxx, Marshalls and HomeSense. In December 2006, the Framingham, Massachusetts-based TJX alerted law enforcement that cybercriminals had stolen more than 45 million customer records in 2003 and 2004. In January 2007 it went public with the news. According to Information Week, within eight months, the company had spent more than $20 million investigating the incident, notifying customers and hiring lawyers to deal with the dozens of associated lawsuits. The hack alerted the industry to the threat of cybercriminals and pushed lawmakers to fast-track data security legislation, Information Week reported.


Memory Hierarchy

    One potential weak point in your computer's security is the CPU stack. An attack on this is called a 'stack smashing attack'. Your CPU stores the local data on a current program in a stack within the CPU's registry. Each line in this registry has a specific address, which looks like '$0x1ab18d4c'. This is a hexadecimal representation of a specific location in memory. As the CPU processes data, it use these addresses to store the temporary data. If a hacker sneaks into the stack and replaces the data in the correct address without crashing the program, he can manipulate the program from the outside. One common way of performing this attack is by using an 'exploit string'. An exploit string capitalizes on poor programming techniques by improper use of the input/output stream. If a program is written in this manner, the hacker can essentially create a long string a gibberish and then put the information he wants in a specific place in the string, which corresponds to a specific place in the memory stack. An exploit string looks something like this: '90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 b8 4c 8d b1 1a 68 d5 8d 04 08 c3 90 90 90 90 90 90 90 90 78 3e 68 55'. The '90's are essentially a 'no op', which is just to fill up the buffer so the other numbers are in the correct place. The other numbers are a set of hexadecimal instructions that contain the instructions for the CPU to perform. If a hacker sneaks this type of sting into a poorly written program, he can manipulate the program pretty much however he wants because the machine can't tell the difference. This type of attack is difficult to defend against since the machine does not know that it's happening. However, some strategic mapping and error-checking of the CPU stack can go great lengths to keep the hacker guessing at which memory address to stick the rogue information in.


Terms
  • Authentication: Techniques can be used to ensure that communication eon end-points are who they say they are. Basically a password.
  • Firewalls: Provide some protection from online intrusion and block possibly dangerous material.
  • Backups: A way of securing information; they are another copy of all the important computer files kept in another location. these files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Suggested locations for backups are a fireproof, and heat proof safe, or in a separate, off site location than that in which the original files are contained.
    • Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. the building can be on fire, or an explosion may occur. there needs to be a recent backup at an alternate secure location, in case of such kind of disaster. further, it is recommended that the alternate location be placed where the same disaster would not affect both locations.
  • Encryption: Used to protect the message from the eyes of others. Cryptographically secure ciphers are designed to make any practical attempt of breaking infeasible. Symmetric-key ciphers are suitable for bulk encryption using shared keys, and public-key encryption using digital certificates can provide a practical solution for the problem of securely communicating when no key is shared in advanced.
  • Anti-Virus software: consists of computer programs that attempt to identify thwart and eliminate computer viruses and other malicious software.
  • Application: with known security flaws should not be run. either leave turned off until it can be patched or otherwise fixed, or delete it and replace it with some other application. publicly known flaws are the main entry used by worms to automatically break into a system and then spread to other systems connected to it. the security website secunia provides a search tool for unpatched known flaws in popular products.

Works Cited

"10 of the Top Data Breaches of the Decade." . ABC News. Web. 23 Oct 2012. <http://abcnews.go.com/Technology/Media/10-top-data-breaches-decade/story?id=10905634>.

"Computer Security." . Wikipedia. Web. 23 Oct 2012. <http://en.wikipedia.org/wiki/Computer_security>.

Curtin, Matt. "Introduction to Network Security." University of Leeds.  1997.  Web. 2012 <http://www.interhack.net/pubs/network-security/>.

"Introduction to Computer Security."  University of California Santa Cruz. 2012. Web. 2012. <http://its.ucsc.edu/security/training/intro.html>.

Simson, Garfinkle.  "Introduction to Computer Security and Privacy." Carnegie Mellon University.  Cylab Usable Privacy and Security.  2005.  Web.  2012. <http://cups.cs.cmu.edu/soups/2005/2005tutorials/garfinkel-hour1.pdf>.

"Security."  University of Illinois at Chicago.  Nov. 29 2004.  Web. 2012. <http://www.uic.edu/depts/accc/security/index.html>.

Pesante, Linda.  "Introduction to Information Security."  Carnegie Mellon University. 2008.  Web. 2012.  <http://www.us-cert.gov/reading_room/infosecuritybasics.pdf>.

"Introduction to Security."  Behavior Genetics Association.  n.d. Web. 2012.  <http://bga.org/~lessem/psyc5112/usail/tasks/security/security.html>.

"Why is Privacy Important?" Privacilla.org. Dec. 2 2001.  Web.  2012. <http://www.privacilla.org/fundamentals/whyprivacy.html>.

"Why Computer and Online Security is Just as Important as Security For Your Home." Digital Breezes.  Nov. 23 2011.  Web.  2012.  <http://www.digitalbreezes.com/2011/11/23/why-computer-and-online-security-is-just-as-important-as-security-your-home/html>.


Comments