|
|
|
|
|
|
Lesson#33
|
Antivirus software
|
|
|
|
Antivirus software
Use of antivirus software is another very important technical
control against the spread of virus.
33.1 Scanners
They scan the operating system and application soft ware for any
virus based on the viruses they
contain. Every virus has a different bit pattern. These unique
bit patterns act as an identity for the
virus and are called signatures. These signatures are available
in virus definitions. Every scanner
contains in it certain virus definitions which in fact are
signatures (bit patterns) for various kinds of
virus. The scanner checks or scans the operating system and
other application soft wares installed
on the hard drives. While scanning, it checks the bit patterns
in all software against the bit patterns
contained in the virus definitions of the scanner. If they found
similar, they are labeled as virus.
33.2
Active monitors
This software serves the concurrent monitoring as the system is
being used. They act as a guard
against viruses while the operating system is performing various
functions e.g connected to
internet, transferring data, etc. It blocks a virus to access
the specific portions to which only the
operating system has the authorized access. Active monitors can
be problem some because they
can not distinguish between a user request and a program or a
virus request. As a result, users are
asked to confirm actions, including formatting a disk or
deleting a file or a set of files.
33.3
Behavior blockers
Focus on detecting potentially abnormal behavior in function of
operating system or request made
by application software. Focus on detecting potentially abnormal
behavior in function of operating
system or request made by application software, such as writing
to the boot sector, or the master
boot record, or making change to executable files. Blockers can
potentially detect a virus at an early
stage. Most hardware-based antivirus mechanisms are based on
this concept.
33.4
Logical intrusion
The skills needed to exploit logical exposures are more
technical and complex as compared to
physical exposures. Generally a similar term used in relation to
logical intrusion is hacking.
In the 1990’s dotcom boom encouraged many organizations to use
internet for executing
transactions. Initially internet used was more oriented to
providing information to the general
public. With the enhanced focus of the organizations to reduce
operational costs, and increase
sales, the use of internet started increasing.
Today many commercial transactions can be performed on internet.
Whether we are looking at
retail sales, booking airline tickets, banking, property
management, staff management, shipping or
host of other applications, the whole world is trading and
managing goods and services via web
based systems. This not only helped organizations to earn higher
volumes of dollars, but also
exposed to un desirable threats. Customers and criminals are
finding it convenient to have an
access to the information system of the organization.
Organizations presuppose that an online system is inherently
safer than a high-street store. For
instance, A couple of guys walk up to the counter of a pharmacy
at 2 a.m. in the morning, show a
knife and ask for money in the cash register and they walk away
with the cash. Compare above
144
situation with this one. Two guys walk into the online store of
a retail seller through a BACK
DOOR (A hole in the security of a system deliberately left in
place by designers or maintainers.
They Access the database and steal the credit information of all
the customers. There is no video,
no witness and no record. Neither of the above mentioned
scenarios is rare. Intrusion into the
information system is simply not restricted through the
internet. Intrusion can be made through
LAN or by actually sitting on the targeted terminal or computer.
A person making an intrusion is
generally termed as intruder. However, he can be classified
according to the way he operates.
Possible perpetrators include:
• Hackers
• Hacktivists
• Crackers
Hackers
A hacker is a person who attempts to invade the privacy of the
system. In fact he attempts to gain
un authorized entry to a computer system by circumventing the
system’s access controls. Hackers
are normally skilled programmers, and have been known to crack
system passwords, with quite an
ease. Initially hackers used to aim at simply copying the
desired information from the system. But
now the trend has been to corrupt the desired information.
Hacktivsts
This refers to individuals using their skills to forward a
political agenda, possibly breaking the law
in the process, but justifying their actions for political
reasons.
Crackers
There are hackers who are more malicious in nature whose primary
purpose or intent is to commit
a crime through their actions for some level of personal gain or
satisfaction. The terms hack and
crack are often used interchangeably.
Its very common for hackers to misuse passwords and Personal
identification number, in order to
gain unauthorized access.
Passwords
“Password is the secret character string that is required to log
onto a computer system, thus
preventing unauthorized persons from obtaining access to the
computer. Computer users may
password-protect their files in some systems.”
Misuse of passwords
A very simple form of hacking occurs when the password of the
terminal under the use of a
particular employee is exposed or become commonly known. In such
a situation access to the
entire information system can be made through that terminal by
using the password. The extent of
access available to an intruder in this case depends on the
privilege rights available to the user.
33.5
Best Password practices
• Keep the password secret – do not
reveal it to anyone
• Do not write it down – if it is
complex, people prefer to save it in their cell phone memory, or
write on a piece of paper, both of these are not preferred
practices.
145
• Changing password regularly –
Passwords should be associated with users not machines.
Password generation program can also be used for this purpose.
• Be discreet – it is easy for the
onlookers to see which keys are being used, care should be taken
while entering the password.
• Do not use obvious password –
best approach is to use a combination of letters, numbers,
upper case and lower case. Change passes word immediately if you
suspect that anyone else
knows it.
A personal identification number (PIN) is a secret shared
between a user and a system that can be
used to authenticate the user to the system. Typically, the user
is required to provide a nonconfidential
user identifier or token (such as an debit card) and a
confidential PIN to gain access to
the system. Upon receiving the User ID and PIN, the system looks
up the PIN based upon the
User ID and compares the looked-up PIN with the received PIN. If
they match, then the user is
granted access. If they do not match, then the user is not
granted access. PIN’s are most often
used for ATMs. They are also sometimes used for online systems
instead of alphanumeric
passwords, which may compromise security.
If the organization is linked to an external network, persons
outside the company may be able to
get into the company’s internal network either to steal data or
to damage the system. System can
have fire walls, which disable part of the telecoms technology
to prevent unwelcome intrusions
into the company but a determined hacker may be able to bypass
even these.
33.6
Firewall
Firewall is the primary method for keeping a computer secure
from intruders. A firewall allows or
blocks traffic into and out of a private network or the user's
computer. Firewalls are widely used to
give users secure access to the Internet as well as to separate
a company's public Web server from
its internal network. Firewalls are also used to keep internal
network segments secure; for example,
the accounting network might be vulnerable to snooping from
within the enterprise. In the home,
a personal firewall typically comes with or is installed in the
user's computer. Personal firewalls may
also detect outbound traffic to guard against spy ware, which
could be sending your surfing habits
to a Web site. They alert you when software makes an outbound
request for the first time. In the
organization, a firewall can be a stand-alone machine or
software in a server. It can be as simple as
a single server or it may comprise a combination of servers each
performing some type of firewall
processing. |
|
|
|
|
|
|