|
|
|
|
|
|
|
Security
remains one of the most neglected topics with small business
Information Technology Solutions. Mistakenly small
businesses feel that their risks are insignificant compared
to larger organizations.
FBI statistics,
reveal that among Fortune 500 companies, most data thefts
in 1998 were by internal users. Again, research results
carried in PC Week in March 1999 report that, out of 800
workers surveyed, 21-31% admitted to sending confidential
information - like financial or product data - to
recipients outside the company by email. Ten per cent of
those surveyed disclosed that they had received email
containing company-confidential information.
While maybe not as sever as the security issues with
large organizations, small businesses are not immune to all
security risks. And without IT Security professionals
on staff, the risks they do face often go unnoticed,
unprotected with the overall effects actually being fairly
significant. |
|
|
|
Typical
Security Risks & Attacks
There are many different ways that hackers attempt to gain
access or do damage to a company system. Most of these
attacks are well known and documented on many security Web
sites. Some of the more common attacks are listed as
follows.
- Spoofing
User Identity =
Spoofing user identity is when a hacker obtains a
user's personal information or something that enables
the hacker to replay the authentication procedure.
Spoofing threats are associated with a hacker being able
to impersonate a valid system user or resource to get
access to the system and thereby compromise system
security.
- Tampering
with Data
= An unauthorized
change to stored or in-transit information, formatting
of a hard disk, a malicious intruder introducing an
undetectable network packet in a communication, and an
intruder making an undetectable change to a sensitive
file are all tampering threats.
- Repudiability
= A user
performing an illegal operation without the ability to
be traced is called "repudiability."
Repudiability threats are associated with users
(malicious or otherwise) who can deny a wrongdoing
without any way for you to prove otherwise.
- Information
Disclosure
= Disclosure of
private or business-critical information can compromise
an enterprise. Information disclosure threats expose
information to individuals who are not supposed to see
it. A user's ability to read a file that she or he was
not granted access to, as well as an intruder's ability
to read the data while in transit between two computers,
are both disclosure threats. Note that this threat
differs from a spoofing threat in that here the
perpetrator gets access to the information directly
rather than by having to spoof a legitimate user.
- Denial
of Service
= A "Denial
of Service" (DoS) attack prevents legitimate users
from using a service. The effectiveness of a DoS attack
is measured three ways:
- Effort.
A measure of the effort required for the attack to be
successful. The least effort is a single packet that
crashes a computer. The greatest effort is a lot of
large packets, possibly sent by multiple attackers.
- Severity.
A measure of how much the service has been degraded. A
severe attack will prevent all legitimate users from
accessing the service. A mild attack may slow down
access, but not shut it down completely.
- Persistence.
An attack is persistent if its effects continue after
the attack stops. The strongest attacks persist even
if the attacker is blocked from accessing the service.
Some attacks persist until the server is rebooted. The
effects of a weak attack end as soon as the attack
does.
DoS attacks
range from mildly annoying to true security risks. In
general, a good firewall should prevent them from
happening.
- Elevation of Privilege
= An elevation of privilege threat is when an
unprivileged user gains privileged access and thereby
has sufficient access to compromise or destroy the
entire system. The more dangerous aspect of such threats
is compromising the system in undetectable ways whereby
the user is able to take advantage of the privileges
without the knowledge of system administrators.
Elevation of privilege threats include those situations
where an attacker is allowed more privilege than should
properly be granted, compromising the security of the
entire system and causing extreme system damage. Here
the attacker has effectively penetrated all system
defenses and become part of the trusted system itself
and can do anything.
|
|
|
|
Security Terms &
Concepts |
|
|
|
|
A
|
- ActiveX
- ActiveX controls are software modules based on
Microsoft's Component Object Model (COM) architecture.
They add functionality to software applications by
seamlessly incorporating pre-made modules with the basic
software package. Modules can be interchanged but still
appear as parts of the original software.
-
On the Internet, ActiveX controls can be linked to
Web pages and downloaded by an ActiveX-compliant
browser. ActiveX controls turn Web pages into software
pages that perform like any other program launched from
a server.
-
ActiveX controls can have full system access. In most
instances this access is legitimate, but one should be
cautious of malicious ActiveX applications.
|
|
|
|
|
|
- Applet
- Any miniature application transported over the
Internet, especially as an enhancement to a Web page.
Authors often embed applets within the HTML page as a
foreign program type.
Java applets are usually only allowed to access certain
areas of the user's system. Computer programmers often
refer to this area as the sandbox.
|
|
|
- Attributes
- Characteristics assigned to all files and directories.
Attributes include: Read Only, Archive, Hidden or
System.
|
|
|
|
|
|
|
|
B |
- Back Door
- A feature programmers often build into programs to
allow special privileges normally denied to users of the
program. Often programmers build back doors so they can
fix bugs. If hackers or others learn about a back door,
the feature may pose a security risk. Also: Trapdoor.
|
|
|
- Background Task
- A task executed by the system but generally remain
invisible to the user. The system usually assigns
background tasks a lower priority than foreground tasks.
Some malicious software is executed by a system as a
background task so the user does not realize unwanted
actions are occurring.
|
|
|
|
|
|
- BIOS
- Basic Input/Output System. The part of the operating
system that identifies the set of programs used to boot
the computer before locating the system disk.
The BIOS is located in the ROM (Read Only Memory) area
of system and is usually stored permanently.
|
|
|
- Boot
- To start (a cold boot) or reset (warm boot) the
computer so it is ready to run programs for the user.
Booting the computer executes various programs to check
and prepare the computer for use. See Also: Cold Boot,
Warm Boot
|
|
|
- Boot Record
- The program recorded in the boot sector. This record
contains information on the characteristics and contents
of the disk and information needed to boot the computer.
If a user boots a PC with a floppy disk, the system
reads the boot record from that disk. See Also: Boot
Sector
|
|
|
- Boot Sector
- An area located on the first track of floppy disks and
logical disks that contain the boot record. Boot sector
usually refers to this specific sector of a floppy disk,
whereas the term Master Boot Sector usually refers to
the same section of a hard disk. See Also: Master Boot
Record
|
|
|
- Brute Force Attack
- An attack in which each possible key or password is
attempted until the correct one is found. See Also:
Attack
|
|
|
- Bug
- An unintentional fault in a program that causes
actions neither the user nor the program author
intended.
|
|
C |
|
|
|
- Cold Boot
- To start the computer by cycling the power. A cold
boot using a rescue disk (a clean floppy disk with boot
instructions and virus scanning capabilities) is often
necessary to clean or remove boot sector infectors. See
Also: Boot, Warm Boot
|
|
|
|
|
D |
- Denial Of Service (DoS)
- An attack specifically designed to prevent the normal
functioning of a system and thereby to prevent lawful
access to the system by authorized users. Hackers can
cause denial of service attacks by destroying or
modifying data or by overloading the system's servers
until service to authorized users is delayed or
prevented. See Also: Attack
|
|
E |
- Encryption
- Encryption is the scrambling of data so it becomes
difficult to unscramble and interpret.
|
|
F |
- FAT
- File Allocation Table. The under MS-DOS, Windows 3.x,
9x, and NT (in some cases), the FAT is located in the
boot sector of the disk and stores the addresses of all
the files contained on a disk. Viruses and other
malicious programs, as well and normal use and extended
wear and tear, can damage the FAT. If the FAT is damaged
or corrupt, the operating system may be unable to locate
files on the disk.
|
|
|
- Firewall
- A firewall prevents computers on a network from
communicating directly with external computer systems. A
firewall typically consists of a computer that acts as a
barrier through which all information passing between
the networks and the external systems must travel. The
firewall software analyzes information passing between
the two and rejects it if it does not conform to
pre-configured rules.
|
|
G |
|
|
H |
- Hijacking
- An attack whereby an active, established, session is
intercepted and used by the attacker. Hijacking can
occur locally if, for example, a legitimate user leaves
a computer unprotected. Remote hijacking can occur via
the Internet.
|
|
|
- Hole
- Vulnerability in the design software and/or hardware
that allows circumvention of security measures.
|
|
I |
|
|
J |
- JavaScript
- JavaScript is a scripting language that can run
wherever there is a suitable script interpreter such as
Web browsers, Web servers, or the Windows Scripting
Host. The scripting environment used to run JavaScript
greatly affects the security of the host machine:
-
- A Web page with JavaScript runs within a Web
browser in much the same way as Java applets and
does not have access to host machine resources.
-
- An Active Server Page (ASP) or a Windows Scripting
Host (WSH) script containing JavaScript is
potentially hazardous since these environments allow
scripts unrestricted access to machine resources
(file system, registry, etc.) and application
objects.
|
|
K |
|
|
L |
|
|
M |
|
|
N |
- NTFS
- NT File System; a Windows NT file system used to
organize and keep track of files. See Also: FAT
|
|
|
- Network spoofing
- In network spoofing, a system presents itself to the
network as though it were a different system (computer A
impersonates computer B by sending B's address instead
of its own). The reason for doing this is that systems
tend to operate within a group of other trusted systems.
Trust is imparted in a one-to-one fashion; computer A
trusts computer B (this does not imply that system B
trusts system A). Implied with this trust is that the
system administrator of the trusted system is performing
the job properly and maintaining an appropriate level of
security for the system. Network spoofing occurs in the
following manner: if computer A trusts computer B and
computer C spoofs (impersonates) computer B, then
computer C can gain otherwise-denied access to computer
A.
|
|
O |
- Operating System - OS
- The operating system is usually the underlying
software that enables you to interact with the computer.
The operating system controls the computer storage,
communications and task management functions. Examples
of common operating stems include: MS-DOS, MacOS, Linux,
Windows 98. Also: OS, DOS
|
|
P |
- Password Attacks
- A password attack is an attempt to obtain or decrypt a
legitimate user's password. Hackers can use password
dictionaries, cracking programs, and password sniffers
in password attacks. Defense against password attacks is
rather limited but usually consists of a password policy
including a minimum length, unrecognizable words, and
frequent changes. See Also: Password Sniffer
|
|
|
- Password Sniffing
- The use of a sniffer to capture passwords as they
cross a network. The network could be a local area
network, or the Internet itself. The sniffer can be
hardware or software. Most sniffers are passive and only
log passwords. The attacker must then analyze the logs
later. See Also: Sniffer
|
|
|
- PGP
- Pretty Good Privacy. Considered the strongest program
for encrypting data files and/or e-mail messages on PCs
and Macintosh computers. PGP includes authentication to
verify the sender of a message and non-repudiation to
prevent someone denying they sent a message.
|
|
|
- Piggyback
- To gain unauthorized access to a system via an
authorized user's legitimate connection.
|
|
Q |
|
|
R |
|
|
S |
- SMTP
- Simple Mail Transport Protocol. The Internet e-mail
delivery format for transmitting e-mail messages between
servers.
|
|
|
- Sniffer
- A software program that monitors network traffic.
Hackers use sniffers to capture data transmitted via a
network.
|
|
T |
- Trojan Horse Program
- A Trojan horse program is a malicious program that
pretends to be a benign application; a Trojan horse
program purposefully does something the user does not
expect. Trojans are not viruses since they do not
replicate, but Trojan horse programs can be just as
destructive.
Many people use the term to refer only to
non-replicating malicious programs, thus making a
distinction between Trojans and viruses. Also: Trojan
|
|
|
- TSR
- Terminate and Stay Resident. TSR programs stay in
memory after being executed. TSR programs allow the user
to quickly switch back and forth between programs in a
non-multitasking environment, such as MS-DOS. Some
viruses are TSR programs that stay in memory to infect
other files and program. Also: Memory-resident Program
|
|
U |
- UNC
- Universal Naming Convention. This is the standard for
naming network drives. For example, UNC directory path
has the following form:
\\server\resource-pathname\subfolder\filename
|
|
V |
|
|
|
- VBS – VB
- Visual Basic Script. Visual Basic Script is a
programming language that can invoke any system
function--including starting, using and shutting down
other applications without--user knowledge. VBS programs
can be embedded in HTML files and provide active content
via the Internet. Since not all content is benign, users
should be careful about changing security settings
without understanding the implications. This file type
has the extension VBS.
|
|
|
- Virus
- A computer program file capable of attaching to disks
or other files and replicating itself repeatedly,
typically without user knowledge or permission. Some
viruses attach to files so when the infected file
executes, the virus also executes. Other viruses sit in
a computer's memory and infect files as the computer
opens, modifies or creates the files.
Some viruses display symptoms, and some viruses damage
files and computer systems, but neither symptoms nor
damage is essential in the definition of a virus; a
non-damaging virus is still a virus.
-
There are computer viruses written for several
operating systems including DOS, Windows, Amiga,
Macintosh, Atari, and UNIX, and others. McAfee.com
presently detects more than 57,000 viruses, Trojans, and
other malicious software. (Note: The preferred plural is
the English form: viruses)
-
See Also: Boot Sector Infector, File Viruses, Macro
virus, Companion Virus, Worm,
|
|
W |
- Warm Boot
- Restarting a computer without first turning off the
power. Using CTL+ALT+DEL or the reset button on many
computers can warm boot a machine. See Also: Cold Boot,
Reset
|
|
|
- Windows Scripting
- Windows Scripting Host (WSH) is a Microsoft integrated
module that lets programmers use any scripting language
to automate operations throughout the Windows
desktop.
|
|
|
- Worm
- Worms are parasitic computer programs that replicate,
but unlike viruses, do not infect other computer program
files. Worms can create copies on the same computer, or
can send the copies to other computers via a network.
Worms often spread via IRC (Internet Relay Chat).
|
|
X |
|
|
Y |
|
|
Z |
|
|
|
|
|
|
|
General IT Security
Tips |
|
|
Password Management
Users must maintain the confidentiality
of user accounts and passwords. Furthermore, passwords used
to access external services must not be identical to any
password used on an internal corporate system. User account
IDs and passwords transmitted over external services, such
as the Internet, may be transmitted in clear text and are
easily susceptible to discovery. Strong passwords must be
used on the external perimeter network.
Some guidelines for password use are:
- Passwords must contain at least eight characters, and
preferably nine (recent security information reports
that many cracking programs are using the eight
character standard as a starting point). Also, each
password must follow the standards set for strong
passwords
- All passwords used by the built-in Windows 2000
accounts (including service accounts) must be changed to
conform to the password standard.
- It is mandatory that all accounts have passwords. No
blank passwords are permitted.
- Never loan your password out. If for some reason you
must share your password, remember to change it
immediately.
- Passwords must be changed every 30 days. The system
will keep a history of the last six passwords used and
not allow repeats. This forces users to use at least
seven unique passwords.
- Never write your password or send it via e-mail.
- Accounts will be locked out after three bad password
attempts (administrators should set lockout duration to
more than 30 minutes or until an administrator unlocks
the account).
Controlling Access to the Computer
No computer is completely secure if
people other than the authorized user(s) can physically
access it. Here are some examples of security measures taken
by the bank to restrict physical access:
- Ensure that only authorized people are allowed to log
in at a server's console (audit logins in order to alert
administrators if someone other than an authorized user
logs in).
- Provide only administrative access to the floppy drive
and CD ROMs on all servers.
- Install a lock on the CPU case, keep it locked, and
store the key safely away from the computer at a secure
location.
- Format all hard disks with NTFS file systems
(NTFS).
- Control access to the power and reset switches,
exposing only the computer's keyboard, monitor and
mouse. Keep the CPU and removable media drives behind a
locked door.
|
|
|
|
|
|
|
|