TASK
01

 

Write down all possible ways how your personal computer system could
be compromised. What are the possible attack vectors?

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

“Compromised”
is a nice way of saying that someone or something has maliciously broken into
your computer without your knowledge or permission. It means that you cannot
trust the integrity of any file
on your computer (including program files, image files, operating system files,
etc.). You cannot find out what has been done to your computer files without an
exact “before the compromise” copy to compare your files against, and you
probably will never know what has been done with your personal information,
including your passwords or where your personal information has been sent.

 

A Compromised Computer is defined
as any computing resource whose confidentiality, integrity or availability has
been adversely impacted, either intentionally or unintentionally, by an
source.  A compromise can occur either through manual interaction by the
un trusted source or through automation.  Gaining unauthorized access to a
computer by impersonating a legitimate user or by conducting a brute-force
attack would constitute a compromise.  Exploiting a loophole in a
computer’s configuration would also constitute a compromise.  Depending on
the circumstances, a computer infected with a virus, worm, trojan or other
malicious software may be considered a compromise.  If the malicious
software is detected and removed by antivirus software in a timely manner, it
is probably not necessary to follow this process.  Some level of judgment
will need to be used in these situations.  Symptoms of a Compromised
Computer include, but are not limited to, the following:

 

The computer is experiencing unexpected and
unexplainable disk activity
The computer is experiencing unexpected and
unexplainable performance degradation
The computer’s logs (e.g. system logs, application
logs, etc.) contain suspicious entries that indicate repeated login
failures or connections to unfamiliar services
A complaint is received from a third-party regarding
suspicious activity originating from the computer

There are possible ways to compromise our personal computer system

 

1.     
Disconnect the computer from
the network

2.     
Contact the Information
Security Office

3.     
Notify users of the computer,
if any, of a temporary service interruption

4.     
Preserve any log information
not resident on the compromised computer

5.     
Wait for further instructions
from the Information Security Office

 

 

 

 

Disconnect the computer from the
network

Disconnecting the computer from the
network prevents a potentially untrusted source from taking further actions on
the compromised computer.  This also prevents any further leakage of
non-public information if that is a potential concern.  Shutting down the
computer would also have this effect but could destroy evidence that is
essential to investigating the compromise.  Similarly, rebuilding the
computer would destroy all evidence pertinent to an investigation.

 

Contact the Information Security
Office

Prior to taking any additional
action on the compromised computer, the Information Security Office should be
contacted. Continuing to use the compromised computer or attempting to
investigate the compromise on your own could result in destruction of evidence
pertinent to an investigation. The Information Security Office can be contacted
by phone at 412-268-2044 or by email at [email protected] In the event that the Information Security Office is
unavailable to take your call, emergency contact information will be provided
in the voice message.

 

Notify users of the computer, if
any, of a temporary service interruption

If the compromised computer provides
some type of service, it is likely that users of this service will be impacted
by the interruption brought on by disconnecting the computer from the network.
These users should be notified in some manner of the interruption. Options for
notification may include an email to the user base or posting a notice to a
frequently visited web site. As stated previously, the details of a compromise
and the ensuing investigation should be kept confidential. Therefore, the
notification of service interruption should not indicate that there has been a
compromise.

 

Preserve any log information not
resident on the compromised computer

All log files, pertaining to a
compromised computer, that are stored on a secondary computer or on some type
of external media should be preserved immediately. Preservation may include
making a copy of the log files and burning them to a CD. If there is no
immediate risk of the logs being deleted or overwritten, this step can occur
following Step 5. Log files stored locally on the compromised computer will be
collected as part of a forensic investigation coordinated by the Information Security
Office. This will help ensure that no evidence is destroyed or altered during
the collection process.

 

 

 

Wait for further instructions from
the Information Security Office

The Information Security Office will
conduct some preliminary investigation prior to determining the best course of
action for the Compromised Computer. While waiting further instructions, do not
share any details related to the compromise unless absolutely necessary.
Additionally, do not attempt to contact law enforcement officials. Such
communication must be coordinated with the Information Security Office and the
Office of General Counsel due to the potential legal implications of a
compromised computer.

 

Furthermore to protect our personal computer system

 

We can always install Operating
System updates

We can keep our installed
applications up-to-date

We cannot use the same password at
every site

We can Install and be sure to update your
anti-virus software

We can use a firewall

We can backup our data

We can enable the display of file extensions

We do not open attachments from people you do
not know

We can ignore emails that state you won a
contest or a stranger asking for assistance with their inheritance

We can watch out for online and phone support
scams

We can ignore web pop ups that state your
computer is infected or has a problem

 

 

Attack Vector

An attack vector is
defined as the technique by means of which unauthorized access can be gained to
a device or a network by hackers for nefarious purposes. In other words, it is
used for assaulting or exploiting a network, computer or device. Attack vectors
help unauthorized elements to exploit the vulnerabilities in the system or
network, including the human elements.

 

An attack vector is a
path or means by which a hacker (or cracker) can gain access to a computer or
network server in order to deliver a payload or malicious outcome. Attack
vectors enable hackers to exploit system vulnerabilities, including the human
element.

 

Attack vectors include
viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat
rooms, and deception. All of these methods involve programming (or, in a few
cases, hardware), except deception, in which a human operator is fooled into
removing or weakening system defenses.

 

To some extent, firewalls
and anti-virus software can block attack vectors. But no protection method is
totally attack-proof. A defense method that is effective today may not remain
so for long, because hackers are constantly updating attack vectors, and
seeking new ones, in their quest to gain unauthorized access to computers and
servers.

The most common
malicious payloads are viruses (which can function as their own attack
vectors), Trojanhourse, worms, and spyware. If an attack vector is thought of
as a guided missile, its payload can be compared to the warhead in the tip of
the missile.

 

 

 

Malicious
software (malware) designed to
damage, destroy, or deny service to the targeted systems.

Most
common types of software attacks are viruses, worms, Trojan horses, logic
bombs, back doors, denial-of-service, alien software, phishing and pharming.

 

 

 

 

Viruses.

Segments of computer code that
performs unintended actions ranging from merely annoying to destructive. It is
a piece of self-replicating code embedded within another program (host). Viruses
associated with program files

·        
Hard
disks, floppy disks, CD-ROMS

·        
Email
attachments

How viruses spread

·        
Diskettes
or CDs

·        
Email

·        
Files
downloaded from Internet

Well-known viruses

·        
Brain

·        
Michelangelo

·        
Melissa

·        
Love
Bug

Viruses today

·        
Commercial
antivirus software

·        
Few
people keep up-to-date

 

Worms.

Destructive programs that replicate themselves without
requiring another program to provide a safe environment for replication.

Self-contained
program

Spreads
through a computer network

Exploits
security holes in networked computers

 Famous worms

·        
WANK

·        
Code
Red

·        
Sapphire
(Slammer)

·        
Blaster

·        
Sasser

Trojan horses.

Software
progams that hide in other computer programs and reveal their designed behavior
only when they are activated.

program with benign capability
that masks a sinister purpose

Remote access Trojan: Trojan
horse that gives attack access to victim’s computer

·        
Back
Orifice

·        
SubSeven

RAT servers often found within
files downloaded from erotica/porn Usenet sites

Provide the attacker with
complete control of the victim’s system. Attackers usually hide these Trojan horses
in games and other small programs that unsuspecting users then execute on their
PCs.

 

 

 

Logic bombs. Designed to activate and perform a destructive action at a
certain time.

Back doors or trap doors. Typically a password, known only to
the attacker, that allows access to the system without having to go through any
security.

Denial-of-service. An attacker sends so many
information requests to a target system that the target cannot handle them
successfully and can crash the entire system.

 

 

Alien
Software Attacks

 

 

 

Pestware. Clandestine
software that uses up valuable system resources and can report on your Web
surfing habits and other personal information.

Adware. Designed to help
popup advertisements appear on your screen.

Spyware. Software that gathers user information through the user’s
Internet connection without their knowledge (i.e. keylogger, password capture).

 

 

 

Spamware. Designed to use
your computer as a launch pad for spammers.

Spam. Unsolicited
e-mail, usually for purposes of advertising.

Cookies. Small amount of information that Web sites store on your
computer, temporarily or more-or-less permanently

 

Web bugs. Small, usually invisible, graphic images that are added to a
Web page or e-mail.

 

Phishing. Uses deception to fraudulently acquire sensitive personal
information such as account numbers and passwords disguised as an
official-looking e-mail.

Pharming. Fraudulently acquires the Domain Name for a company’s Web
site and when people type in the Web site url they are redirected to a fake Web
site.

 

 

Types of Attacks

 

Interruption – an asset is
destroyed, unavailable or unusable (availability)

Interception – unauthorized
party gains access to an asset(confidentiality)

Modification – unauthorized
party tampers (unauthorized alternation) with asset (integrity)

Fabrication – unauthorized
party inserts counterfeit (fraudulent imitation) object into the system (authenticity)

Denial – person denies
taking an action (authenticity)

 

 

Passive
attacks:

·        
Eavesdropping (secretly listen to a conversation)

·        
Monitoring

Active
attacks:

·        
Masquerade – one
entity pretends to be a different entity

·        
Replay – passive
capture of information and its retransmission

·        
Modification of messages -legitimate
message is altered

·        
Denial
of service – prevents
normal use of resources. An intentional action designed to prevent legitimate
users from making use of a computer service. Goal of this attack is disrupt a
server’s ability to respond to its clients. About 4,000 Web sites attacked each
week.

 

 

 

TASK
02

 

Congratulations! You are elected member of the newly established
computer and data security team in ABC institution.

1)     
Make a list
of all possible risks that can have an impact on the security and stability of your
data and internal and external Information & Technology services.

2)     
Make a list
of recommendations to lower the risks.

 

 

Post Author: admin

x

Hi!
I'm Eileen!

Would you like to get a custom essay? How about receiving a customized one?

Check it out