Introduction: When you use the Internet in your routine activities, you should beware that there are dangers and security threats around every corner. Viruses, worms, and Trojan horses exploited by malicious hackers to compromise your computer system are among the most notorious threats. But the Internet is more and more becoming an inseparable and inevitable part of our daily life, from communication and information to entertainment and shopping. Either way, securing your computer against Internet threats is an essential step. If you don’t secure your system, at some point you will regret it. Guaranteed! This mini course is intended to provide some basic information regarding current security issues on the internet and the extent of dangers that stem from it. By finishing this course you should be able to identify the most important security threats and to better understand major security concepts discussed among security experts. As Questions & Answers are proved to be one of the most effective ways of learning, we are presenting this course in the form of Q & A. So, go ahead and Good Luck! 1- Why do I need to be secure on the Internet? 3- But it takes a lot of technical knowledge to hack into a system, not everyone can be an intruder. 4- Why would an intruder want to break into my computer? (GOALS) 5- How can an intruder penetrate into my computer and compromise my system? (MEANS) 5-1
Malicious Code (Trojan horse) 6- What about viruses and worms, how can they damage my computer? 7- Tell me more about Internet fraud and identity theft. How serious is It? 8- Who is at risk of becoming a victim of Identity Theft? 9- I don’t understand why intruders would waste time breaking into home computers while there are a number of financial institutions or big corporations out there with much more money? 10- Who would want to bother with my empty bank account or screwed-up credit card, I think I have nothing important? 11- What if I'm using dial-up, do I need to worry about malicious hackers? 12- Tell me more about DoS and DDoS. 13- I have an antivirus and a firewall installed on my computer and I’ve never had any problems so far. Am I safe now? 14- My ISP provides protection (antivirus and/or firewall) to me when I'm online. 15- If there is no product or foolproof solution against all these online dangers, how can I be secure on the Internet? 16- But I don’t have enough time and/or enough computer knowledge to learn all critical computer and Internet security issues. How can you help me? 1- Why do I need to be secure on the Internet? By the rapid growth of information technology in recent years and stunning progress in the field of the Internet, our daily activities have been affected widely by this technology more than ever. Just look around and see how your daily routines have been tied to computers and the Internet. You could use the Internet to communicate with your family and friends and find a wealth of information at your fingertips. You can conduct everyday transactions, do shopping, entertain yourself, get the latest news or sports scores, finding contact information or looking for maps or driving directions; and these are only a few of what you can get out of this revolutionary technology. Undoubtedly, your day-to-day activities would be affected if you could no longer use the Internet. This is all because of its efficiency and virtually unlimited database where you can find almost everything. However, although the Internet has greatly improved our lives in many ways, it has exposed us to a large number of security threats increasing day by day. They range from data loss and privacy violation on personal computers to large attacks on big organizations or government computer systems. This is primarily because of the fact that the Internet infrastructure was originally designed for flexibility and openness and not for security. This insecure infrastructure makes network defense more difficult and helps intruders achieve quick and easy attacks that are also hard to trace. As the number of Internet users grows, the number of intruders and their expertise also increases. Sophisticated and easy-to-use tools make people become successful intruders more than before. In addition, intruders’ communications and transfer of knowledge to less knowledgeable intruders make all intrusions increasingly effective. On the other hand, although the number of security tools is growing, it is at a significantly slower rate than the increase in the number of intrusions. Added to this, our ability to react fast enough to major online threats is declining considerably. The reliance of our activities on the Internet and the inevitable risks that come along with it should alert us to gain information on how to be secure on the Internet.
An Intruder is a person who attempts to gain unauthorized access to a computer system in order to violate security and damage that system, or to disturb data on that computer. An intruder may be an ordinary person who is curious about what they can do with other systems on the Internet, a computer programmer who has created software and decided to test it over a big network, someone who is after your personal information for financial purposes or a professional cracker seeking to break into big corporations’ computer systems to obtain secret information.
3- But it takes a lot of technical knowledge to hack into a system, not everyone can be an intruder. Wrong! You don't have to be a computer expert to break into a computer system. As a matter of fact, hacking takes very little technical knowledge and this is mostly because of the hackers' fast communication within a strong and supportive community. If you query “hacking” in search engines, you will find thousands of forums and conferences about hacking issues. Add to this publications about the latest intrusion techniques as well as hacking tools that you can download in a couple of minutes. By sharing technical knowledge and exchanging easy-to-use hacking software and exploitation programs, which usually come with step-by-step instructions, even a novice intruder can increase his/her impact and successfully attack other computers on the Internet.
4- Why would an intruder want to break into my computer? (GOALS) An intruder may attempt to break into your computer for a variety of reasons like entertainment, financial gain or just because he wants to show off. He may also want to annoy you by making changes in your system files or computer settings, format your hard drive or even physically damage your computer by changing the electric power distribution within the motherboard. He may also use your computer to harm other peoples' systems as a result of which you could become a target of a criminal investigation. Generally speaking, the reasons why an intruder may want to compromise your system are: 1- Physical Damage: To modify data, change system configuration, paralyze operations, or cause damage to your system hardware. 2- Identity Theft: To steal your important passwords, social security number, credit card or bank account information or other financial and personal data. 3- Denial of Service (DoS) or Distributed Denial of Service (DDoS): To use your computer as a launching pad for attacking other computer systems.
5- How can an intruder penetrate into my computer and compromise my system? (MEANS) There are some common ways that intruders use to gain control of your computer: 5-1
Malicious Code (Trojan horse)
5-1 Malicious Code (Trojan horse) Malicious code is a catch-all term referring to any code or set of instructions specifically designed to damage a system or the data it contains. Viruses, worms and Trojan horses are the more common classes of malicious code. But among these, only Trojans can cause your system to be compromised. The term comes from a Greek legend of the Trojan War in which Greeks presented a large wooden horse to the residents of Troy as a peace offering. But in fact, they had secretly hidden their warriors in the horse’s hollow belly. During the night, the warriors came out of the wooden horse and captured the city. Similarly, in computers, a Trojan horse is an apparently useful but in fact destructive program in which malicious or harmful code masquerades as a harmless program or data. For example, you may receive a Trojan horse in the form of a seemingly useful program that claims to find and destroy computer viruses but instead introduces viruses into your computer. The reason you might be tricked into opening such files is because Trojans appear to be legitimate software or files received from a legitimate source. After a Trojan is installed and activated on your system, it can cause serious damage by deleting files and destroying information on your system. They can also create backdoors on your computer to allow malicious hackers to gain access to your system and thus to your personal and confidential information. In brief, Trojans can get control of your computer and damage your system in the following ways: •
Modifying and deleting files
5-2 Email Attachments (File Extensions) Viruses, worms and Trojan horses are often spread in the form of email attachments as this is the fastest and the most effective way of spreading malicious code. What makes attachments be so dangerous is that you naturally trust emails that you receive from people you know. Many of the recent malicious codes are spread using the address book of victims. For example, if John Smith’s computer is compromised, the malicious code may be sent to all email addresses in John’s address book. Therefore, John’s friends and other people whose email address is included in his address book will get an email with an attachment apparently sent from John Smith. As I said before, it’s natural to trust emails originated from a familiar address. The other scenario is when you receive an email from an unknown source, but the email is sent under an amusing or enticing title which tempts you to open and run the attachment. Examples are free games or music, money making ideas, daily jokes, incredible offers of prizes won, and a host of other techniques convincing enough to give it a try. But why can an email attachment infect my computer? Well, computers running the Windows operating system use a three-letter identifier added to a file name after a period “.” to recognize a file's type. For example, mypic.jpg consists of three sections: “my pic” + ”.” + ”jpg” (filename + ”.” + extension) in which “jpg” is an identifier of picture files. However, there are certain file extensions that are potentially dangerous and can infect your computer. The most common file extensions used to compromise computer systems are “exe”, “com”, “bat”, “vbs”, “pif” and “scr”. If you execute an email attachment with one of these extensions, your computer will most likely be infected. But this is not the end of the story. In fact, many intruders take advantage of your operating system’s configuration to hide the actual dangerous extension and display a fake, non-dangerous extension instead. For example, you may be enticed into opening an attachment named LOVE-LETTER.TXT while in fact it is LOVE-LETTER.TXT.vbs that can infect and damage your computer.
Spyware refers to any software or technology that secretly collects user information without their knowledge. This information is usually relayed to advertisers or other interested parties. Spyware is often installed without your consent as the result of clicking on a deceptive pop-up window or downloading freeware or shareware programs from the Internet. Spyware can monitor your activities on the Internet and send out that information in the background to their authors. Spyware can also gather your confidential and private information by recording your keystrokes as you type them. This includes your email address, passwords, websites you visit, chat logs, credit card numbers, financial information, etc. In addition, it can take random screenshots of your activity, store them on your computer - without your knowledge - and send them out to their authors as soon as you reconnect to the Internet. Spyware also steals your computer's memory resources that usually leads to system crashes or general system instability. Added to this, spyware scans files on your hard drive, spies on other applications and instals other spyware programs.
P2P or peer-to-peer is a type of Internet networking that allows a group of computer users with the same networking software to connect to each other and directly access files from one another's hard drives. Napster, Gnutella, and Kazaa are examples of this kind of peer-to-peer software. As you swap files in a peer-2-peer network, you may download spyware unwittingly and once it is installed, your system will be infected and you will face the same problems as we discussed in the Spyware section.
5-5 Dictionary-Style Attack / Brute Force Cracking In a dictionary-style attack, an intruder attempts to crack a password by repeatedly guessing the password using a large list of carefully chosen words until gaining authorization. In this method, the intruder, by using special software, systematically tests all possibilities beginning with words that are more likely to be used like names and places. The word “dictionary” refers to the list of dictionary words tested in the password discovery process. On the other hand, brute force cracking is a trial and error method that proceeds through all possible combinations of characters in sequence. Brute force is considered to be a foolproof, although time-consuming, approach used by application programs to discover passwords. After the intruder is authorized to access your account, your information will be compromised and you will become a victim of identity theft.
A packet sniffer is a program that can capture data from information packets traveling over a network. This data may include sensitive information such as user names, passwords, and other personal information that travels over the network in clear text. A packet sniffer is a favorite tool in a malicious hacker’s arsenal as it can be inserted almost anywhere on a network and is virtually impossible to detect. If a packet sniffer is installed on a cable modem user's system in a neighborhood, as all cable modem users in a neighborhood are part of the same Local Area Network, it can capture data transmitted by any other cable modem in that neighborhood.
Mobile Code refers to programming languages that let web developers write code that is executed by your web browser such as Internet Explorer. However, malicious mobile code is designed and employed to compromise the performance or security of information and computer systems. This includes gathering information, increasing access to systems, stealing resources, and denying service.
Cross-site scripting is an attack performed through Internet browsers by malicious web developers who are taking advantage of poorly-written web applications. Cross-site scripting attacks can occur when a script is attached to something sent to a website such as a URL, an element in a form or a database inquiry. After the website responds to you, the malicious script is sent to your Internet browser. For example, an intruder may trick you into clicking on a malicious hyperlink. Although the link seems to lead you to a legitimate site, it is in fact directing you to a specially-designed though malicious website developed by the intruder. This website could include malicious scripts collecting data that you might enter, such as passwords, credit card numbers or other personal information. Your Internet browser can be potentially exposed to malicious scripts if you follow links in websites, emails, instant messages and forums without knowing that they lead you to interactive forms on an unreliable site to compromise your sensitive information.
A Security Vulnerability – also called a Security Hole – is a security exposure that results from a product flaw such as in operating systems or application software making them susceptible to intruders. Theoretically speaking, all computer systems have vulnerabilities; whether or not they are serious depends on if they are exploited to compromise or damage computer systems. These vulnerabilities definitely existed before the Internet became mainstream but they were not exploited as often. Today, all software manufactured is tested for its stability and function more than it’s tested for security holes before it is released for purchase. Most software manufacturers only release patches – a piece of code added to software in order to fix a problem – after malicious hackers find vulnerabilities within newly released software. Therefore, thousands of computer systems could be compromised before a security vulnerability is fixed.
A backdoor or trapdoor is a hole in the security of a system intentionally left in place by software designers to bypass normal authentication for troubleshooting or other purposes. However, a backdoor is a security risk as there are always intruders out there looking for any vulnerability to exploit. Sometimes backdoors are referred to remote administration programs such as Back Orifice, Netbus and Sub Seven that intruders commonly use to gain remote access to your system and control your computer. For example, Back Orifice is a program created by a group of malicious hackers to expose the security deficiencies of Microsoft’s Windows operating systems. Since it is a Trojan horse, users must install it themselves or be tricked into installing it. Once installed, Back Orifice allows the intruder to access your computer with all system privileges that you have. Back Orifice can sniff passwords, record keystrokes, access a desktop's file system and more, while remaining undetected.
E-mail spoofing is forging an e-mail header so that the message appears as if it has originated from someone or somewhere other than the actual source. In other words, it’s possible to send a message that appears to be from anyone and anywhere, containing any message. Therefore, someone could send spoofed email that appears to be from you with a message that you never even thought of writing. Email spoofing is often an attempt to make users release their sensitive information like passwords, credit card numbers or other personal information, any of which can be used for a variety of criminal purposes. For example, you could receive an email claiming to be from someone in a financial institution such as Bank of America, Citibank, eBay, PayPal, etc. You may be requested to change your password to a specified string within a certain period of time and be threatened that your account will be suspended if you do not comply. But in fact no financial institution would ever ask you to send your sensitive information via email or change your password to a specified string. Email spoofing is also used by virus authors trying to propagate a virus through email. This is a favorite method for them as it is more difficult for users receiving the virus to track its source and stop it. Distributors of spam or unsolicited emails also use spoofing to get recipients to open and even respond to their emails while hiding their identity.
Phishing is the act of attempting to fraudulently acquire sensitive information such as passwords, credit card details, social security numbers, etc. by masquerading in a legitimate-looking email, instant message, website, etc. as an established legitimate company. Phishing is a variation on “fishing”, the idea that bait is thrown out with the hope that while most will ignore the bait, some will be tempted into biting. In most cases, the phisher sends you a spoofed email directing you to visit a website where you are asked to verify certain information for auditing purposes, such as your account number, password, credit card number, etc. that the legitimate organizations already have. The website may look quite authentic, featuring corporate logos and formats similar to the legitimate organization’s website; but it is only set up to steal your sensitive information. As these emails and websites look so official, a lot of recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activities against them. By spamming large groups of people, phishers count on the emails being opened and read by a percentage of people who actually have an account with the legitimate organization.
6- What about viruses and worms, how can they damage my computer? Unlike Trojan horses, viruses and worms cannot transmit your personal data to intruders, but they can be extremely dangerous in other ways. Let’s take a closer look at what they are: A virus is a computer program or piece of code that replicates itself by modifying the other programs or executable files stored in a computer to include a copy of itself. Viruses may have a negative effect, such as causing a program to operate incorrectly, wasting a computer's resources, and bringing the system to a halt. More dangerous types of viruses can transmit themselves across networks and bypass security systems. Viruses
can be transmitted as email attachments or in a downloaded file, or can
be present on a diskette or a CD. Some viruses become effective as soon
as their code is executed; other viruses remain inactive until circumstances
cause their code to be executed. Some viruses are designed to be mildly
annoying while some can be quite destructive by erasing data on your hard
drive and cause it to require reformatting. Worms are usually noticed after their replication consumes system resources and slows down normal tasks on your computer. Also, a worm might alter or destroy files and programs on your system.
7- Tell me more about Internet fraud and identity theft. How serious is it? By monitoring your activities on the Internet, intruders may be able to steal your personal information such as your social security number, credit card number, bank account information or other secret documents stored on your computer. According to the FBI, identity theft is the fastest-growing white-collar crime in the U.S. Identity theft happens to an estimated 700,000 Americans each year and it’s spreading epidemically. In fact, the Internet has made it both easier and faster for intruders to gain your personal information and make fraudulent purchases in your name without being trapped easily. Also, statistics released by the Federal Trade Commission show that identity theft continues to be the top fraud-related complaint, accounting for 39 percent of all complaints filed in 2004. According
to the report entitled National and State Trends in Fraud and Identity
Theft, the total number of complaints grew 17 percent from 542,378 in
2003 to 635,173 in 2004. Credit card fraud at 28 percent is on the top
of the list as the most common type of identity theft. The FTC says consumers
reported total fraudulent losses of $547 million last year. To make matters
even worse, if you end up a victim of identity theft it takes 30-60 hours
of your time to clean up the mess from identity fraud.
8- Who is at risk of becoming a victim of Identity Theft? Plain and simple - YOU Whether or not you do any financial work on your computer, you have money in your account, or your credit is in good standing, you are potentially a target of identity theft for intruders. If you think that you aren't a good target for identity thieves, you are the easiest target for them. Remember that the moment you think you are not vulnerable is the moment you are the most vulnerable as you don’t think you need to protect yourself. Look at it this way: Anyone may keep a resume on their desktop in a simple text file. All your personal information is included in your resume including your name, address, telephone, email, your work experience, etc. That's exactly the type of information intruders use to apply for a credit card, a loan, or any other kind of credit. So after a while you may learn that you owe a large amount of money to a financial institution for a loan that you never even thought of applying for. But this is only one example. Intruders find various ways to compromise your computer and get hold of your personal information to use for fraudulent purposes. So, be careful as you are always at risk.
9- I don’t understand why intruders would waste time breaking into home computers while there are a number of financial institutions or big corporations out there with much more money? Even if you are connected to the Internet only to communicate with your family and friends through email or chat or you download and play the latest games, you are still prone to these online attacks. In fact, intruders are usually looking for easy preys like your home computer to break into. As opposed to big corporations’ computer systems that have devoted security staff, home computers are easy targets for intruders to attack. Even intruders with a basic knowledge of hacking can break into your system and gain your personal information or use your system to attack other computers.
10- Who would want to bother with my empty bank account or screwed-up credit card, I think I have nothing important? Ok, it’s not only financial information that they are after. Intruders may not even care about your identity. Sometimes all they want is to gain control of your system completely and use your system resources such as CPU, hard disk drive or Internet bandwidth to launch larger attacks against big corporations’ computer systems. This way, they can hide their true locations and YOU could be deemed responsible for all damages. Why? Because, YOU are supposed to protect your system and YOU are ultimately responsible for your home computer.
11- What if I'm using dial-up, do I need to worry about malicious hackers? Although hi-speed or broadband Internet users are generally more vulnerable to online attacks, it doesn’t mean that dial-up users are safe on the net. Let’s take a more profound look at this issue: Each computer across the Internet has a unique identifier called an Internet Protocol or IP address which consists of a 32-bit numeric address written as four numbers separated by periods. For example 1.226.102.45 could be an IP address. A hi-speed Internet user is often assigned a static IP address by their Internet Service Provider (ISP) which is fixed and doesn’t change each time he/she connects to the Internet. As a result, when malicious hackers find the IP address, they know when they are online and they can launch attacks against them. However, as a dial-up user, your IP address is changing each time you connect to the Internet. This has given a false sense of security to dial-up users that malicious hackers can’t find you. But the truth is that while you are connected to the Internet, a malicious hacker can break into your system and install a Trojan horse which lets the malicious hacker know when you are online. Therefore, if a backdoor Trojan is installed on your system, it doesn’t matter if your connection is broadband or dial-up.
12- Tell me more about DoS and DDoS. A DoS or Denial-of Service is a type of attack in which attackers flood your system with large volume of useless data to busy your system resources. As a result, your system crashes or becomes deprived of the services of a resource you would normally have such as email. Losing programs and files, disrupting physical components of your computer and manipulating data in transit are the other consequences of a DoS attack. A denial of service attack is a type of violating computer security that does not usually result in the theft of information or other security loss. However, they can cost the attacked person or company a great amount of time and money. In addition to being a target of a DoS attack, it is possible for your computer to be used as a participant in a denial-of-service attack on other systems on the Internet. Intruders often use a number of compromised computers – sometimes thousands of them– to attack a single target. The flood of incoming messages to the targeted system causes denial of service for its users. This is called a Distributed Denial-of Service (DDoS) attack. In DDoS, intruders exploit some vulnerability in one computer system through which other susceptible computers on the Internet could be identified and compromised. Then, intruders install an agent on the victims systems. After a number of agents are running on different computers, with a single command, intruders instruct them to launch a denial-of-service attack on the targeted system. A Distributed Denial-of-Service attack is considerably more effective than a simple Denial of Service attack since the volume of useless data or traffic sent to the target is significantly higher and thus more difficult to prevent. Note that, here the end target of the attack is not your own computer, but your computer is just a convenient tool in a larger attack against other computer systems on the Internet. Even if you participate in a DDoS attack unknowingly, you are still responsible for the consequences of the attack as governments can track the IP addresses logged at the time of the attack to find and penalize you. Remember that YOU are always responsible for the security of your computer and should be responsive if your system is exploited by attackers.
13- I have an antivirus and a firewall installed on my computer and I’ve never had any problems so far. Am I safe now? DON’T BE OVERCONFIDENT! This is the most common mistake Internet users make. In other words, antivirus and firewall protection is critical but only having the software installed on your system is not enough. New viruses come out all the time and if you don’t update your virus definitions regularly, your system is as unprotected as not having any antivirus at all. In addition, if you are using a firewall without the proper configuration, it doesn’t bring you much security and malicious hackers can still get into your system and gain your personal information without your authorization. Even if you update your antivirus on a regular basis and your firewall is also properly configured, STILL, YOU ARE NOT SAFE! If Internet threats were only limited to viruses and malicious hackers, well, installing an antivirus software and a firewall could protect you to a high extent. But security software can help you protect your system only against certain penetrations and not all threats. Please note that I am not putting down security software, rather they are great and some of them are must-have software if you know how to best take advantage of them. But here is the thing: If you have all security software installed on your machine but your behavior on the Internet doesn’t follow security principles, that software will not bring you foolproof security. Unfortunately, intruders are always discovering new vulnerabilities in software installed on your computer, including your operating system. Malicious hackers are fast enough to take advantage of these vulnerabilities or security holes to launch attacks on home computers. If you don’t know how to apply pertinent patches to your software, then even lazy malicious hackers can compromise your system. But this is not the end of the story. What’s mentioned so far only reflects the situation that outsiders are trying to attack your system and you also want to stop them. But, what if you reveal your sensitive information or secret documents unknowingly only because you don’t know how to behave securely on the Internet? What if you don’t know how to protect your information when communicating on the net? What if you download an infected file on your computer, thus sending your private information in secret? What if you are trapped in a spoofed website and revealed your financial information to malicious people? And there is more and more… Again, DON’T BE OVERCONFIDENT! If you have never had any problem so far, there is no guarantee that you will never have any problem from now on. Remember: if you have never had a flat tire yet, it doesn’t mean that you’re safe. You still have to keep a spare tire in your car in case something happens on the way.
14- My ISP provides protection (antivirus and/or firewall) to me when I'm online. ISPs rarely provide comprehensive protection, but for some reason users think that they do. So you might want to check with your ISP and ask how safe you are from viruses and malicious hackers. Even if your ISP does provide a certain amount of protection, you should still install good antivirus software on your own computer. Why? When you're online you're vulnerable to downloaded viruses, because your ISP probably screens email only. That doesn't protect you from a virus you may download inadvertently yourself.
15- If there is no product or foolproof solution against all these online dangers, how can I be secure on the Internet? Gregg Mastoras, senior security analyst at security vendor Sophos says: “The bottom line is, there is no silver bullet technology; I just don’t think users are educated enough when they are on machines and what they are doing with it.” Correct! Installing software is not enough. You should educate yourself on how to be safe and remain safe on the Internet.
16- But I don’t have enough time and/or enough computer knowledge to learn all critical computer and Internet security issues. How can you help me? Well, in Secutrain, we have put all you need to learn in one easy-to-understand training package called "SecureNet Pro". You don't need to read anything. Just look at beautifully-designed animations and learn how you can secure your computer and your identity to a high degree.
Learn How to Provide the Best Protection For Your Computer Download a Free Demo of "SecureNet Pro" NOW!
|
|
|||||||||||||
Copyright © 2005 by Secutrain Inc. All rights reserved. |
|
