 |
 |
 |
|
|
| |
| Security
Information |
|
| 1.
What is computer security? |
|
|
|
|
Computer
security is the process of preventing and detecting
unauthorized use of your computer. Prevention measures
help you to stop unauthorized users (also known
as "intruders") from accessing any part
of your computer system. Detection helps you to
determine whether or not someone attempted to break
into your system, if they were successful, and what
they may have done. |
|
| 2.
Why should I care about computer security? |
|
| We
use computers for everything from banking and investing
to shopping and communicating with others through
email or chat programs. Although you may not consider
your communications "top secret," you
probably do not want strangers reading your email,
using your computer to attack other systems, sending
forged email from your computer, or examining personal
information stored on your computer (such as financial
statements). |
|
|
| 3.
How easy is it to break into my computer? |
|
| Unfortunately,
intruders are always discovering new vulnerabilities
(informally called "holes") to exploit
in computer software. The complexity of software
makes it increasingly difficult to thoroughly test
the security of computer systems. |
|
| |
| When
holes are discovered, computer vendors will usually
develop patches to address the problem(s). However,
it is up to you, the user, to obtain and install
the patches, or correctly configure the software
to operate more securely. Most of the incident reports
of computer break-ins received at the CERT/CC could
have been prevented if system administrators and
users kept their computers up-to-date with patches
and security fixes. |
| |
| Some
software applications have default settings that
allow other users to access your computer unless
you change the settings to be more secure. Examples
include chat programs that let outsiders execute
commands on your computer or web browsers that could
allow someone to place harmful programs on your
computer that run when you click on them. |
| |
| 4.
What are some of available tools in the market? |
|
|
4.1
Firewall
|
| |
| A
Firewall is defined as "a system or group of
systems that enforces an access control policy between
two networks." In the context of home networks,
a firewall typically takes one of two forms: |
|
|
|
|
•
|
Software
firewall - specialized software running
on an individual computer, or |
|
•
|
Network firewall - a dedicated device
designed to protect one or more computers. |
|
|
| Both
types of firewall allow the user to define access
policies for inbound connections to the computers
they are protecting. Many also provide the ability
to control what services (ports) the protected computers
are able to access on the Internet (outbound access).
Most firewalls intended for home use come with pre-configured
security policies from which the user chooses, and
some allow the user to customize these policies
for their specific needs. |
| Antivirus
software |
| There
are a variety of antivirus software packages that
operate in many different ways, depending on how
the vendor chose to implement their software. What
they have in common, though, is that they all look
for patterns in the files or memory of your computer
that indicate the possible presence of a known virus.
Antivirus packages know what to look for through
the use of virus profiles (sometimes called "signatures")
provided by the vendor. |
| New
viruses are discovered daily. The effectiveness
of antivirus software is dependent on having the
latest virus profiles installed on your computer
so that it
can look for recently discovered viruses. It is
important to keep these profiles up to date. |
|
| |
|
4.2
Intrusion Detection System/Prevention
|
|
| |
An
IDS, which stands for Intrusion Detection System,
is a monitoring and detection tool. It is primarily
used to detect attacks and misuses of system from
internal and external networks. An IDP does the
same things with prevention function added. This
means that when an IDP detects an attack, it will
prevent such attack by stopping that IP session.
IDP may seem to be a better and more efficient solution
although the cost of IDP implementation may be considerably
higher. |
|
| 5.
What are threats and computer misuses commonly found? |
|
| 5.1
Trojan horse programs |
|
| Trojan
horse programs are a common way for intruders to
trick you (sometimes referred to as "social
engineering") into installing "back
door" programs. These can allow intruders easy
access to your computer without your knowledge,
change your system configurations, or infect your
computer with a computer virus. More information
about Trojan horses can be found in the following
document. |
|
|
|
|
| 5.2
Back door and remote administration programs |
| |
| On
Windows computers, three tools commonly used by
intruders to gain remote access to your computer
are BackOrifice, Netbus, and SubSeven. |
|
| These
back door or remote administration programs, once
installed, allow other people to access and control
your computer. We recommend that you review the
CERT vulnerability note about Back Orifice. This
document describes how it works, how to detect it,
and how to protect your computers from it: |
|
|
5.3
Denial of service
|
|
|
| Another
form of attack is called a denial-of-service (DoS)
attack. This type of attack causes your computer
to crash or to become so busy processing data that
you are unable to use it. In most cases, the latest
patches will prevent the attack. The following documents
describe denial-of-service attacks in greater detail. |
|
| It
is important to note that in addition to being the
target of a DoS attack, it is possible for your
computer to be used as a participant in a denial-of-service
attack on another system. |
| Being
an intermediary for another attack |
|
|
|
|
Intruders
will frequently use compromised computers as launching
pads for attacking other systems. An example of
this is how distributed denial-of-service (DDoS)
tools are used. The intruders install an "agent"
(frequently through a Trojan horse program) that
runs on the compromised computer awaiting further
instructions. Then, when a number of agents are
running on different computers, a single "handler"
can instruct all of them to launch a denial-of-service
attack on another system. Thus, the end target of
the attack is not your own computer, but someone
else's -- your computer is just a convenient tool
in a larger attack. |
|
|
5.4
Unprotected Windows shares
|
|
| Unprotected
Windows networking shares can be exploited by intruders
in an automated way to place tools on large numbers
of Windows-based computers attached to the Internet.
Because site security on the Internet is interdependent,
a compromised computer not only creates problems
for the computer's owner, but it is also a threat
to other sites on the Internet. The greater immediate
risk to the Internet community is the potentially
large number of computers attached to the Internet
with unprotected Windows networking shares combined
with distributed attack tools such as those described
in |
|
| Another
threat includes malicious and destructive code,
such as viruses or worms, which leverage unprotected
Windows networking shares to propagate. One such
example is the 911 worm described in |
| There
is great potential for the emergence of other intruder
tools that leverage unprotected Windows networking
shares on a widespread basis. |
| |
|
|
|
5.5
Email spoofing
|
|
|
| Email
"spoofing" is when an email message appears
to have originated from one source when it actually
was sent from another source. Email spoofing is
often an attempt to trick the user into making a
damaging statement or releasing sensitive information
(such as passwords). |
|
| Spoofed
email can range from harmless pranks to social engineering
ploys. Examples of the latter include |
|
•
|
email
claiming to be from a system administrator
requesting users to change their passwords
to a specified string and threatening to suspend
their account if they do not comply |
|
•
|
email claiming to be from a person in authority
requesting users to send them a copy of a
password file or other sensitive information
|
|
|
|
|
|
Note
that while service providers may occasionally request
that you change your password, they usually will
not specify what you should change it to. Also,
most legitimate service providers would never ask
you to send them any password information via email.
If you suspect that you may have received a spoofed
email from someone with malicious intent, you should
contact your service provider's support personnel
immediately. |
|
|
5.6
Email borne viruses
|
|
| Viruses
and other types of malicious code are often spread
as attachments to email messages. Before opening
any attachments, be sure you know the source of
the attachment. It is not enough that the mail originated
from an address you recognize. The Melissa virus
spread precisely because it originated from a familiar
address. Also, malicious code might be distributed
in amusing or enticing programs. |
|
|
| Never
run a program unless you know it to be authored by a person
or company that you trust. Also, don't send programs of
unknown origin to your friends or coworkers simply because
they are amusing -- they might contain a Trojan horse
program. |
|
|
| 5.7
Packet sniffing |
| A
packet sniffer is a program that captures data from information
packets as they travel over the network. That data may
include user names, passwords, and proprietary information
that travels over the network in clear text. With perhaps
hundreds or thousands of passwords captured by the packet
sniffer, intruders can launch widespread attacks on systems.
Installing a packet sniffer does not necessarily require
administrator-level access. |
|
|
|
|
|
 |
91/1
Chaiyo Building 8th Floor, Rama 9 Road Huay Kwang, Bangkok
10320
Tel : (662) 643-1924-5, 612-2260-1 Fax : (662) 246-3315
E-mail : sales@netsecure.co.th
|
|
|
|
