Security of Data and Information

 

Safeguarding data and information is important to the safe and efficient running of any information system. If the integrity of the system cannot be safeguarded against threats then serious problems can quickly arise.

 

Contents

Security Methods
Possible Security Problems

Define a Macro Virus

Define an Executable Virus

Define a Boot Sector Virus

Symptoms

How they spread

Precautions and damage control

It Is Important To Know

What are computer viruses, worms, and Trojan horses?

What is a virus?

Worms

What is a Trojan horse?

Security Cartoons

Security Site with lots of Information

Some More Links

 

Security Methods

Security is critically important. Data can be stolen as well as accidentally destroyed. There are a number of procedures that can be implemented to help safeguard the system against malicious damage. Some, or all, of the of the following may be used:

 

Virus scanners: to safeguard against virus infections. Firewalls: to help prevent hacking from outside. Firewalls prevent unauthorised access to a system from the internet from elsewhere on an intranet. Passwords and security levels: networks can implement passwords allowing only the appropriate people access to certain information Encryption: material is coded so people who want to view the material need the encryption key   Possible Security Problems   Possible security problems include: hackers trying to get past the firewall Trojans virus' worms rootkits phishing sites internal security threats: such as people accessing material which is confidential and not required in their job statement

1. Define a Macro Virus

 

A macro is a piece of code that can be embedded in a data file. Some word processors (e.g., Microsoft Word) and spreadsheet programs (e.g., Microsoft Excel) allow you to attach macros to the documents they create. In this way, documents can control and customize the behavior of the programs that created them, or even extend the capabilities of the program. For example, a macro attached to a Microsoft Word document might be executed every time you save the document and cause its text to be run through an external spell checking program.

A macro virus is a virus that exists as a macro attached to a data file. In most respects, macro viruses are like all other viruses. The main difference is that they are attached to data files (i.e., documents) rather than executable programs. Many people do not think that viruses can reside on simple document files, but any application which supports document-bound macros that automatically execute is a potential haven for macro viruses. By the end of the last century, documents became more widely shared than diskettes, and document-based viruses were more prevalent than any other type of virus. It seems highly likely that this will be a continuing trend. One example of a macro virus is the Melissa virus. It is delivered via e-mail as a Word document attachment with the filename List.doc . According to some estimates, 75% of all viruses today are macro viruses. Once a macro virus gets onto your machine, it can embed itself in all future documents you create with the application. Antivirus programs can protect your system against most macro viruses, although new ones are always being created that slip by the antivirus filters.

 

 

2. Define an Executable Virus

 

An executable virus is a virus that is itself a self contained executable program. A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

 

Define a Boot Sector Virus

 

Boot sector viruses infect or substitute their own code for either the DOS boot sector or the Master Boot Record (MBR) of a PC. The MBR is a small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk.

Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory, the boot virus can spread to every disk that the system reads. Boot sector viruses are typically very difficult to remove, as most antivirus programs cannot clean the MBR while Windows is running. In most cases, it takes bootable antivirus disks such as Symantec's Norton AntiVirus rescue set to properly remove a boot sector virus.

Some common boot sector viruses include Monkey, NYB (also known as B1), Stoned, and Form.

Symptoms

A boot sector virus can cause a variety of boot or data retrieval problems. In some cases, data disappear from entire partitions. In other cases, the computer suddenly becomes unstable. A common problem is the infected computer's failure to start up or to find the hard drive. Also, error messages such as "Invalid system disk" may become prevalent.

How they spread

Boot sector viruses are usually spread by infected floppy disks. In the past, these were usually bootable disks, but this is no longer the case. A floppy disk does not need to be bootable to transmit a boot virus. Any disk can cause infection if it is in the drive when the computer boots up or shuts down. The virus can also be spread across networks from file downloads and from e-mail file attachments. In most cases, all write-enabled floppies used on an infected PC will themselves pick up the boot sector virus.

In the past, setting the computer to boot first from the C: (hard) drive and then the A: (floppy) drive, or never to boot from the A: drive at all, was a reasonable precaution against boot sector viruses. This is no longer the case, as viruses are now more dangerous and spread in more ways.

You can configure some CMOS setups to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if you need to reinstall or upgrade the operating system, you will have to change the setting back to make the MBR writable again.

 

Precautions and damage control

Prevention is usually a matter of vigilance and avoiding contact with unknown disks. The following suggestions will help keep your systems and data safe:

• The best protection against boot sector viruses is the same as against viruses in general: a good antivirus program with up-to-date virus definitions. Antivirus programs do two key things:
• Scan for and remove viruses in files on disks
• Monitor the operation of your computer for virus-like activity and look for known actions of specific viruses or general suspicious activity

Most antivirus packages contain routines that can perform both tasks. A good virus protection software package is Norton/Symantec AntiVirus.

• Back up your files, so that you can restore them if a virus damages them.

Note: If you back up a file that is already infected with a virus, you can re-infect your system by restoring files from the backup copies. Check your backup files with virus scanning software before using them.

• Keep your original application and system disks locked (write-protected). This will prevent the virus from spreading to your original disks.
• If you must insert one of your application floppy disks into an unknown computer, lock it first. Unlock your application disk only after verifying that the computer is free of viruses.
• Obtain public-domain software from reputable sources. Don't download software directly to a hard disk. Rather, save it to a floppy disk, lock the floppy disk, and check it thoroughly using reputable virus detection software. Don't copy it to your hard disk until you know it is safe. This can also help protect you from Trojan horse programs.
• Quarantine any infected computer. If you discover that a computer is infected with a virus, immediately isolate it from other computers. In other words, disconnect it from any network it is on. Don't allow anyone to copy or move files from it until the entire system has been reliably disinfected.

.

It Is Important To Know

When reformatting a disk, the boot sector is not affected. The best option is to use an antivirus emergency disk set to remove the virus. This feature is available in any antivirus system.

Alternatively, you could format the Master Boot Record (MBR). To do this, boot from a Windows startup disk and at the A:\ prompt type "fdisk /mbr" (without the quotes). This will format the MBR. This procedure, however, in not adviseable on NT based systems, such as Windows NT, Windows 2000 or Windows XP especially when using NTFS. It should also not be attempted with SCSI disks.

The antivirus option is the safest one, and the one I would recommend.

 

 

What are computer viruses, worms, and Trojan horses?

 

What is a virus?

A computer virus, according to Webster's Collegiate Dictionary, is "a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying data)". Two categories of viruses, macro viruses and worms, are especially common today. Computer viruses are never naturally occurring; they are always man-made. Once created and released, however, their spread is not directly under human control. One example of a virus is the Anna Kournikova virus, which comes in the form of a picture sent through e-mail.

Worms

Worms are very similar to viruses in that they are computer programs that replicate functional copies of themselves (usually to other computer systems via network connections) and often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. Because of their similarity to viruses, worms are often also referred to as viruses. A well-known example of a worm is the ILOVEYOU worm, which invaded millions of computers through e-mail in 2000.

What is a Trojan horse?

Named after the wooden horse the Greeks used to infiltrate Troy, a Trojan horse is a program that does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it. According to some people, a virus is a particular case of a Trojan horse, namely one which is able to spread to other programs (i.e., it turns them into Trojans too). According to others, a virus that does not do any deliberate damage (other than merely replicating) is not a Trojan. Finally, despite the definitions, many people use the term "Trojan" to refer only to a non-replicating malicious program. An example of a Trojan horse is W32.DIDer. This virus has been found on the computers of users who have downloaded the popular file-sharing program Grokster.

 

 

Phishing

Identity theft is the aim of the scam and fishing is the method. If someone can get authentication information, that person may then be able to access another's bank accounts. They may then open new bills and other accounst using that information and then eventually steal that person's identity. In 1998, the US Congress passed a law which made identity theft a federal crime with as many as 15 years in prison. Unfortunately identity theft is continuing to grow and one method is phishing.

Phishing, which is also called carding or brand spoofing, uses e-mail messages that pretend to come from legitimate online businesses such as banks, e-bay, paypal or an ISP such as AOL.The m,essages look real. They usually ask for detail verification such as name, address, acount details and pasword verification. It has been reported that up to 20% of recipients may respond resulting in financial losses, identity theft and other activity against them.

"Reproduced with permission. Please see www.SecurityCartoon.com for more material." 

The Phishing Scam at Work

Nov. 17, 2003, many eBay Inc. customers received e-mails telling them their accounts had been compromised and were being restricted. In the message was a hyperlink to an eBay Web page where they could re-register. The top of the page looked just like eBay's home page and incorporated all the eBay internal links. To re-register customers were told, they had to provide credit card data, ATM personal identification numbers, Social Security number, date of birth and their mother's maiden name. Unfortunately for anyone who did this the email had not come from e-bay. It was an example of phishing.

In September 2003, the Federal Trade Commission reported that 9.9 million U.S. residents have been victims of identify theft during the past year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses. In July 2004 43% of the US Federal Trading Commisionscalls and their No. 1 complaint were about phishing. Many companies world wide have been misrepresented by phishing scams.

Security Cartoons

http://www.securitycartoon.com/ This site is brilliant and describes a number of security issues very succintly.

 

Security Site

http://www.schneier.com/essays-comp.html

This site has a huge number of articles on security from one of the top security gurus.

 

Some Other Links

Downloadable virus scanning software 
Provides links to downloadable software for virus scanning. Included are VirusScan and TBAV for Windows, and F-PROT.

eSecurity Planet 
A resource for daily information on e-security targeted to IT managers. The site provides users with information from a variety of sources, including experts at security product and services firms, and the consultants who follow the security industry.

Symantec Antivirus Research Center 
The Symantec Antivirus Research Center offers a wealth of information on viruses. It begins with a list of hot topics (new virus and virus products), and also provides links to virus alerts, an information database, references, submit virus samples, Macintosh viruses, and Symantec virus product information.

The CERT/CC Home Page 
Learn about the organizations mission and get up-to-date security information, security alerts and training information.

CIAC Virus Myth and Hoaxes Site
Created as a public service by the Computer Incident Advisory Capability (CIAC) to educate people about virus myths and hoaxes.

Computer Virus Myths
Contains information about the newest hoaxes as well as background on computer viruses and myths, opinions and editorials, and recommended books and Web sites.

Dr. Solomon's computer virus information site
This site is dedicated to users of Dr. Soloman's virus and information technology security products, and provides links to a virus information center, product and company information, and related Web links.

Hartmann's In-The-Wild Macro Virus List
Describes macro viruses reported by anti-virus software manufacturers.

How a Computer Virus Works
Explains the different types of viruses and how they work.

Overview of computer viruses and anti-virus software
Explains how viruses work and provides links to additional information about viruses and anti-virus software. Written and maintained by Bob Kanish.

SecurityTracker.com
Information on the latest security vulnerabilities, free SecurityTracker Alerts, and customized vulnerability notification services.

Virus Info Database
This is Symantec's Virus Info Database. You can search for a virus by name or refer to general virus information.

What Keeps Computers Safe
Here's the scoop on the differences between hardware and software firewalls, virus protection, and why you need them.