Spread Knowledge

CS507 - Information Systems - Lecture Handout 32

User Rating:  / 0
PoorBest 

Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems

Unauthorized intrusion

Intrusion can be both either physical or logical. In physical intrusion, the intruder physically could enter an organization to steal information system assets or carry out sabotage. For example the Intruder might try to remove hard disks. In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system. The purpose could be damaging or stealing data, installation of bug or wire tapping -- Spying on communication within the organization.

Physical Access Vs. Logical access

In computer security, being able to physically touch and interact with the computers and network devices amounts to physical access. It lets someone insert a boot disk in the machine and bypass normal operating system controls. Physical access enables people to install unauthorized snooping equipment such as keystroke loggers. However, interact with data through access control procedures such as identification, authentication and authorization.

Logical Threat

This refers to damage caused to the software and data without any physical damage to the computers. Consequently there can be a situation where the damage of data or software may render the hardware itself unusable. For example the virus or bug being installed to corrupt data or software might create BAD SECTORS on the hard drive, leading to its preferable removal from the computer.

Examples of logical Threat

Payroll data or details of draft corporate budget may be perceived as highly sensitive and unauthorized access to it may be considered as a logical threat. A person tapping the communication line to have a sniff-around on the organization’s communications being transferred through the communication line.

Viruses

It is Software used to infect a computer. After the virus code is written, it is buried within an existing program. Once that program is executed, the virus code is activated and attaches copies of itself to other programs in the system. Infected programs copy the virus to other programs.
It may be benign (gentle) or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory. The term virus is a generic term applied to a variety of malicious computer programs that send out requests to the operating system of the host system under attack to append the virus to other programs.

Attacking Targets

Generally, viruses attack four parts of the computer.

  • Executable program files
  • The file-directory system, which tracks the location of all the computers files
  • Boot and system areas, which are needed to start the computer
  • Data files

Viruses vs. Worms

A Worm is a program which spreads over network connections. This is unlike a virus and does not physically attach itself to another program. Worm typically exploits security weaknesses in operating systems configurations to propagate itself to the host systems.

Virus vs. Bug

Bug is an internal malfunction of the software. It is an unintentional fault in a program. It is an incorrect functioning of a particular procedure in a program. This is caused by improper application of programming logic. For example, free trial versions of soft wares are available on line. these beta versions are not tested fully and often contain bugs that can disrupt the system. Incorrect definition of a formula or linkage can give incorrect results. Virtually all complex programs contain virus. Incorrect/ unvalidated / uneditted data entry is not a programming fault or a bug. The process of removing bugs from a software is termed as debugging. Virus is the external threat which is not a malfunction of the software. However, a bug in the software can create a virus.

Sources of Transmissions

Virus or worms are transmitted easily from the internet by downloading files to computers web browsers. Other methods of infection occur from files received though online services, computer bulletin board systems, local area networks. Viruses can be placed in various programs, for instance

  1. Free Software – software downloaded from the net
  2. Pirated software – cheaper than original versions
  3. Games software – wide appeal and high chances
  4. Email attachments – quick to spread
  5. Portable hard and flash drives – employees take disks home and may work on their own personal PC, which have not been cleaned or have suitable anti-viruses installed on them.

Types of Viruses

Although viruses are of many types, however broad categories have been identified in accordance with the damage they cause. Some of these categories have been stated below

  • Boot Sector Viruses
  • Overwriting viruses
  • Dropper
  • Trojans

Boot sector Virus

The boot sector is part of computer which helps it to start up. If the boot sector is infected, the virus can be transferred to the operating system and application software.

Overwriting Viruses

As the name implies, it overwrites every program/software/file it infects with itself. Hence the infected file no longer functions.

Dropper

A dropper is a program not a virus. It installs a virus on the PC while performing another function.

Trojan horse

A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Examples are

  • Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a certain level of percentage
  • Time bomb – Trojan horse is triggered on a certain date.

Virus and worm controls

There are two ways to prevent and detect viruses and worms that infect computers and network systems. One category of controls is called management controls which means by having sound policies and procedures in place. The other category is called and technical Controls by technical means, including antivirus software. Both types complement each other and are of little benefit and effect without the other.

Management procedural controls

Following are various examples of management and procedural controls

  • Build any system from original, clean master copies. Boot only from original diskettes whose write protection has always been in place.
  • USB port enabled devices should not be used until it has been scanned on a stand-alone machine that is used for no other purpose and is not connected to the network.
  • Antivirus software should update virus definitions frequently.
  • Have vendors run demonstrations on their personal machines.
  • Scan before any new software is installed, as commercial software occasionally is supplied with a Trojan horse.
  • Insist that field technicians scan their disks on a test machine before they use any of their disks on the system.
  • Ensure all servers are equipped with an activated current release of the virus-detection software.
  • Ensure bridge, router and gateway updates are authentic.
  • Exercise an effective back up plan.
  • Educate users so they will heed these policies and procedures. For example many viruses and worms today are propagated in the form of e-mail attachments.
  • Review antivirus policies and procedures at least once a year.
  • Prepare a virus eradication procedure and identify a contact person.

Technical controls

Technical methods of preventing viruses can be implemented through software. The following actions can reduce the risk of infection to hardware and operating systems,

  • Use boot virus protection (i-e., built-in, firmware-based virus protection).
  • Use remote booting, local hard drive of the system is not used for the boot up process. Use a hardware-based password.
  • Use write-protected tabs on diskettes.
  • Ensure insecure protocols are blocked by the firewall from external segments and the internet.