Tuesday, March 17, 2009

(Latest) Form 4: RELATIONSHIP BETWEEN SECURITY THREATS AND SECURITY MEASURES

Security threats may come from in many forms. For example, when someone is invading your account information from a trusted bank, this act is considered as a security threat.

Security measures can be used to prevent this invader from getting the account information. For example, the bank can use a firewall to prevent unauthorised access to its database.

SECURITY THREADS
Security threats may come from in many forms. For example, when someone is invading your account information from a trusted bank, this act is considered as a security threat.

Security measures can be used to prevent this invader from getting the account information. For example, the bank can use a firewall to prevent
unauthorised access to its database.

MALICIOUS CODE THREATS VS. ANTIVIRUS AND ANTI-SPYWARE
Security threats include virus, Trojan horse, logic bomb, trapdoor and backdoor, and worm.

Antivirus and anti-spyware can be used to protect the computer from the threats by:

 limiting connectivity
 allowing only authorised media for loading data and software
 enforcing mandatory access controls
 blocking the virus from the computer program

HACKING VS. FIREWALL
Hacking is an unauthorised access to the computer system done by a hacker. We can use firewall or cryptography to prevent the hacker from accessing our computers.

A firewall permits limited access to unauthorised users or any activities from the network environment. Cryptography is a process of hiding information by changing the actual information into different representation, for example, an APA can be written as 7&*.

NATURAL DISASTER VS. DATA BACKUP
The natural and environmental disasters may include:
• flood
• fire
• earthquakes
• storms
• tornados

Natural disasters may threaten a computer’s hardware and software easily. Computers are also sensitive to their operating environment such as
excessive heat or the inadequacy of power supply.

The backup system is needed to backup all data and applications in the computer. With the backup system, data can be recovered in case of an emergency.


THEFT VS. HUMAN ASPECTS
Computer theft can be of two kinds:

 can be used to steal money, goods, information and computer resources
 the actual stealing of computers, especially notebooks and PDAs

Measures that can be taken to prevent theft:

 prevent access by using locks, smart-card or password
 prevent portability by restricting the hardware from being moved
 detect and guard all exits and record any hardware transported

BE SUPSPICIOUS OF ALL RESULTS
There are many instances where non-programmers develop applications which are not built with proper understanding of software engineering practices.

Data produced by such applications may not be correct and may risk corrupting data received from other sources that are not compatible with the application.

SECURITY PROCEDURES

Computers should have alarm systems to guard them from any attacks such as viruses and data corruption. The alarm system is the security measures that we take to ensure its safety.

DATA PROTECTION
We need to protect the data in the computer as it may somehow get lost or corrupted due to some viruses or mishap like fire, flood, lightning, machine
failures and even human errors.

There are a few ways to protect the information namely:
• make backup files
• detect the virus and clean the computer
• warn others on virus attacks

1) BACKUP FILES
Users can do backups of file systems by:
 keeping the duplicated files in external storage such as in the floppy disk and thumb drive
 do backup frequently

2) DETECT VIRUS AND DO CLEANUP
A computer virus is able to affect and infect the way the computer works. Viruses can be detected when we run an antivirus program.We can also delete the infected files and documents.

3) WARN OTHERS ON VIRUS ATTACK
We can warn others on virus attacks or new viruses by sending e-mails to them.

DETECTING ILLEGAL ACCESS TO SYSTEMS
The computer system is able to detect any illegal access to the system by a user who does not have any authorisation. Basically, a corporation will simply use tcpwrappers and tripwire to detect any illegal access to their system. User's access will be reviewed periodically by computer operations. On going internal audits will be made to ensure detection of violations of security and unauthorised modifications to software and data .

TCPWRAPPERS

Tcpwrappers stop the attempted connection


examines its configuration files


will decide whether to accept or reject the request.

Tcpwrappers will control access at the application level, rather than at the socket level like iptables and ipchains. The system will run tcpwrappers to log access to ftp, tftp, rch, rlogin, rexec and telnet.

TRIPWIRE
Tripwire will detect and report on any changes in the thousands of strategic system files.

The system will run tripwire to determine if system files have changed.

PREVENTING ILLEGAL ACCESS TO SYSTEMS
Have any of you ever been to an airport? Do you know the do’s and don’ts when you are at the airport?

There are things that cannot be taken inside the airplane. It is for the purpose of security procedures.

It is the same as computer systems. It would not allow any unauthorised users to simply access the system.

Ways to prevent illegal access to systems:

1. Run anlpassword to make password cracking difficult.
2. Run tcpwrappers to check if the name for an ip address can be provided by DNC
3. Use a callback system to prevent unauthorised use of stolen passwords.

PREVENTING ILLEGAL ROOT ACCESS
To prevent any illegal root access, we should have Sudo, so that people can perform on some machine without getting access to the entire root if that is not required. In addition, with Sudo we did not have to give out the root password.

Sudo stands for (Superuser do) and is a program in Unix, Linux and similar operating systems such as Mac OS X that allows users to run programs in the form of another user (normally in the form of the system's superuser).

Sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.

PATCH
Patch supplies small updates to software, provided that the source code is available.

Patch is a name of an UNIX utility. It applies a script
generated by the different program to a set of files
that allows changes from one file to be directly applied to another file.

Resources are not enough to patch all security holes that we hear about through the bugtraq list.

(Bugtraq is a full disclosure mailing list dedicated to the issues of computer security. On-topic discussions are new discussions about vulnerabilities, methods of exploitation and how to fix them. It is a high volume
mailing list and almost all new vulnerabilities are discussed there.)