you are concerned about a single computer, think of it as an independent house,
whose care and safety are in the hands of the house owner himself. If you are
concerned about a network, compare it with an apartment complex where these
things are normally taken up by a separate group
What is the key to computer security?
Whether you live in an
independent house or a flat, you need to protect your doors, windows, corridors,
sewer entrances (against rats and bugs) and balconies against intruders. You
also need to protect the premises against theft. The same is the case with
computers, too. You need to protect entry points (network and Internet) into the
computer.
What do I use to provide the security?
For your
house, you have a range of security equipment, from padlocks to high-tech
surveillance, alarms and even armed guards. The level of security is
proportional to the valuables inside. Similarly, with computers, too, there is a
range of security measures you could opt for, depending on the value of the data
inside.
Should security be local or centralized? In the case of
an apartment complex, most of the security apparatus can be common and
centralized. It is the same for a network. But your flat needs strong doors and
windows. PCs on a network, too, need some local security.
What sort of
security do I need?
Essential to providing good security is the
knowledge about who would be likely to target you. If you live in a rowdy
locality, you would have more security for your house. If you expect physical
harm from criminals or terrorists, then you would employ armed guards.
Similarly, if you were just a dial-up user on the Internet, then you would go in
for casual security. But, if your firm is a hot target for snoopers, then you
need to be more careful about the security in place.
So, who would
attack my computer?
Let us look at who can attack your home.
Depending on where and who you are, one or more of the following scenarios can
happen. A passing urchin can toss a stone at your costly glass windows. A
criminal can burgle your house. An industrial spy can sneak away the copy of
those plans you are known to keep in your house. A servant (insider) can smuggle
out valuables left lying around. Even a foreign government can take a potshot at
your house (don’t believe that? Ask those who live near international borders).
These are the very same people who can compromise your computer systems a
teenage hacker, a professional spy, a criminal looking for credit-card details,
an insider or a foreign government agency.
Where can an attack come
from?
Intruders can enter your property through already available
entry points the doors and windows. On your computer, the entry points are
normally the IP ports, specific addresses that listen to, or provide services
(every action by a computer can be thought of as a service). Bigger crooks can
drill or hack their way through your wall. On a computer, they can attack a
vulnerability in installed software that has not been patched (see box for
definitions). Enterprising thieves can get entry into your house as servants or
service staff, and work from inside. Similarly, Trojan horse programs can be
installed on a computer, giving access to unwanted people.
What
weapons will they use?
People attacking your house can cut off all
communication lines to the outside world, or otherwise block entry. On your
server, it can be a denial of service attack that denies access to legitimate
users. They could enter your property armed with a variety of weapons. On your
PC, it can be viruses and worms. On the Internet, it can be the Ping of death.
And new weapons get invented all the time, even as older ones get
sharpened.
Can I have an absolutely safe computer?
That is
like asking whether you can build a house that can never be broken into. An
absolutely safe computer is one that has never been connected to any network,
has no software installed, and does not allow anyone to access it. Obviously,
you do not want to own such computer.
What can I do to keep myself
from being attacked?
As new weaknesses are discovered in your
fencing, you have to patch them up. Similarly, as new vulnerabilities are
discovered in your OSs and other installed software, you have to download and
install the required patches and anti-virus updates. As potential attackers
discover new weapons, you need to update yourself on what they can do and how to
counter them. You might go to the police or to a private agency if you require
special security measures for your property. Similarly, you need to approach a
good security consultant for your network.
What about all the
extra-valuable stuff that I have?
At your house, you would put your
valuables in a safe or a locker. Similarly, for valuable data, you need to have
systems to which access is strictly restricted and monitored, and adopt measures
like the use of special software to, say, encrypt the data.
How do I
handle insiders becoming a threat?
You restrict access and
opportunities for mischief, like you would in your house. For example, if you
are running a call center, where the customer database is probably the most
valued asset, you wouldn’t have floppy drives on PCs. You would also restrict
the ability to copy, locally save this data, or even e-mail it
out.
How do I keep track of vulnerabilities and patches?
There are a number of newsgroups and e-mail advisories that you can
use. There is the CERT advisory (www.cert.org) and a number of newsgroups at
www.securityfocus.com. You can also keep track of major attacks at sites like
www.news.com and www.slashdot.org.
Tech Talk
Back
door: A secret access built into software (usually without the user
being aware of it), which bypasses security measures and grants unauthorized
access.
Buffer overflow: Occurs when more data is put into
a buffer (a defined holding area in RAM) than it is defined to handle. A buffer
overflow can crash a machine, and it can be induced by exploiting bugs in
software.
Denial of service attack (DoS): Swamping a
machine with a flood of useless traffic so that it cannot service legitimate
requests coming from legitimate clients.
Distributed denial of
service attack (DDoS): DoS is one machine attacking another machine.
DDoS is when many machines (possibly hundreds and even thousands) are made to
mount a DoS attack on a target.
Firewall: A software or
hardware device installed at the point of connecting a network or PC to the
Internet (or to another network), to prevent unauthorized access into the
system, and also to hide and protect the machines in the network from the
outside world.
Patch (security patch): A piece of software
installed on existing software to close a known vulnerability. A security patch,
unlike an upgrade, normally doesn’t involve adding features.
Ping
of death: A type of DoS attack. A machine using a packet of a specified
size or larger, resulting in a buffer overflow in the recipient machine. Results
in machine crashing or becoming unstable.
Port scan: The
process of checking for open ports on a computer through which an attacker can
enter. Normally, this is automated using software.
Sniffer:
A device or software that monitors traffic on a network. It can capture data
traveling on the network, and so can be dangerous in the hands of an attacker.
Also has legitimate use in the hands of a system administrator to optimize the
network or to spot problems.
Spoofing: Claiming to be
someone else. IP spoofing involves an attacker disguising his IP address as the
IP address of a machine trusted by the attacked machine, and thus gaining
unwarranted access to it.
Trojan: Named after the wooden
horse in the legend of Helen of Argos and the Trojan war. A destructive
software, that’s camouflaged as something useful, or which hides a destructive
element inside.
Virus: A file that attacks files on a PC,
destroying or corrupting them. These days, the names virus, Trojan and worm are
often used interchangeably.
Vulnerability: A risky element,
or a point of weakness (feature or bug) in a software, which allows an attacker
to gain unauthorized entry into the system and compromise
it.
Worm: A self-replicating program that spreads from
computer to computer on a network (local or Internet) by itself, often
inflicting harm to the targetted machines
Be first to comment this article
