Prerequisite – Basic Network Attacks, Types of Viruses
Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity of the OS.
A system is said to be secure if its resources are used and accessed as intended under all the circumstances, but no system can guarantee absolute security from several of the various malicious threats and unauthorized access.
Security of a system can be threatened via two violations:
- Threat: A program which has the potential to cause serious damage to the system.
- Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and accidental. Malicious threats, as the name suggests are a kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Accidental Threats, on the other hand, are comparatively easier to be protected against. Example: Denial of Service DDoS attack.
Security can be compromised via any of the breaches mentioned:
- Breach of confidentiality: This type of violation involves the unauthorized reading of data.
- Breach of integrity: This violation involves unauthorized modification of data.
- Breach of availability: It involves an unauthorized destruction of data.
- Theft of service: It involves an unauthorized use of resources.
- Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.
Security System Goals –
Henceforth, based on the above breaches, the following security goals are aimed:
The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources.
The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files.
All the resources of the system must be accessible to all the authorized users i.e only one user/process should not have the right to hog all the system resources. If such kind of situation occurs, denial of service could happen. In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.
Threats can be classified into the following two categories:
- Program Threats:
A program written by a cracker to hijack the security or to change the behaviour of a normal process.
- System Threats:
These threats involve the abuse of system services. They strive to create a situation in which operating-system resources and user files are misused. They are also used as a medium to launch program threats.
Types of Program Threats –
An infamous threat, known most widely. It is a self-replicating and a malicious thread which attaches itself to a system file and then rapidly replicates itself, modifying and destroying essential files leading to a system breakdown.
Further, Types of computer viruses can be described briefly as follows:
– file/parasitic – appends itself to a file
– boot/memory – infects the boot sector
– macro – written in a high-level language like VB and affects MS Office files
– source code – searches and modifies source codes
– polymorphic – changes in copying each time
– encrypted – encrypted virus + decrypting code
– stealth – avoids detection by modifying parts of the system that can be used to detect it, like the read system
– tunneling – installs itself in the interrupt service routines and device drivers
– multipartite – infects multiple parts of the system
- Trojan Horse:
A code segment that misuses its environment is called a Trojan Horse. They seem to be attractive and harmless cover program but are a really harmful hidden program which can be used as the virus carrier. In one of the versions of Trojan, User is fooled to enter its confidential login details on an application. Those details are stolen by a login emulator and can be further used as a way of information breaches.
Another variance is Spyware, Spyware accompanies a program that the user has chosen to install and downloads ads to display on the user’s system, thereby creating pop-up browser windows and when certain sites are visited by the user, it captures essential information and sends it over to the remote server. Such attacks are also known as Covert Channels.
- Trap Door:
The designer of a program or system might leave a hole in the software that only he is capable of using, the Trap Door works on the similar principles. Trap Doors are quite difficult to detect as to analyze them, one needs to go through the source code of all the components of the system.
- Logic Bomb:
A program that initiates a security attack only under a specific situation.
Types of System Threats –
Aside from the program threats, various system threats are also endangering the security of our system:
An infection program which spreads through networks. Unlike a virus, they target mainly LANs. A computer affected by a worm attacks the target system and writes a small program “hook” on it. This hook is further used to copy the worm to the target computer. This process repeats recursively, and soon enough all the systems of the LAN are affected. It uses the spawn mechanism to duplicate itself. The worm spawns copies of itself, using up a majority of system resources and also locking out all other processes.
The basic functionality of a the worm can be represented as:
- Port Scanning:
It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is an automated process which involves creating a TCP/IP connection to a specific port. To protect the identity of the attacker, port scanning attacks are launched from Zombie Systems, that is systems which were previously independent systems that are also serving their owners while being used for such notorious purposes.
- Denial of Service:
Such attacks aren’t aimed for the purpose of collecting information or destroying system files. Rather, they are used for disrupting the legitimate use of a system or facility.
These attacks are generally network based. They fall into two categories:
– Attacks in this first category use so many system resources that no useful work can be performed.
For example, downloading a file from a website that proceeds to use all available CPU time.
– Attacks in the second category involves disrupting the network of the facility. These attacks are a result of the abuse of some fundamental TCP/IP principles.
fundamental functionality of TCP/IP.
Security Measures Taken –
To protect the system, Security measures can be taken at the following levels:
The sites containing computer systems must be physically secured against armed and malicious intruders. The workstations must be carefully protected.
Only appropriate users must have the authorization to access the system. Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to gain unauthorized access) must be avoided.
- Operating system:
The system must protect itself from accidental or purposeful security breaches.
- Networking System:
Almost all of the information is shared between different systems via a network. Intercepting these data could be just as harmful as breaking into a computer. Henceforth, Network should be properly secured against such attacks.
Usually, Anti Malware programs are used to periodically detect and remove such viruses and threats. Additionally, to protect the system from the Network Threats, Firewall is also be used.