Security Theory and Kinds of Threats
Shikun ("KK") Jiang
Technology Coordinator, NN/LM South Central Region, Houston, TX
Security is a very general and broad concept and could usually point to more specific topics such as network security, data security, computer security, applications security, system security, wireless and mobile device security, Internet Protocol (IP) security, Voice over IP security, web services security, email security, etc. depending on different circumstances. Some are interchangeable and related, and some can result in others.
Common Threats to Network and Computer Safety
- Computer viruses
A computer virus is a computer program that spreads to and infects a computer and almost always corrupt or modify files on the infected computer. Viruses need to attach to an existing program or medium to spread, such as an infected file transferred over the network or onto a removable media such as a flash drive. Today’s viruses have been taken advantage of network services including email, Instant Messaging and file sharing system.
- Logic bombs
A logic bomb is a piece of code intentionally inserted into a software that will set off a malicious function such as deleting vital system data when specified conditions or dates are met.
- Computer worms
A computer worm is a computer program that can quickly replicate itself and spread out to other computers on the network. Worms do not need to attach themselves to another program like viruses do, and almost always cause harm to the network. Worms will consume bandwidth, disrupt network traffic, and some are designed to delete files or install a backdoor on a system. The most recent worm infection, known as Conficker or Downadup infection has been active since October 2008. It had infected more than 15 million computers as of January 26, 2009. It has swept through corporate, educational and public computer networks around the world. The real impact has not been realized but the worm might use the infected computer to send spam or infect other computers, or it might steal the PC user’s personal information.
Remember those junk emails in your inbox or junk email box? They are called “spam emails”. Spam is undesired bulk electronic messages sent by spammers to a large number of recipients to advertise, defraud, or spread viruses. The most widely used and recognized form is email spam.
Spyware is software that is secretly installed on your computer to monitor your activities and gain information about you. It is often used by advertisers and hackers. Spyware is known to collect a user’s personal information, Internet surfing habits and history. Some spyware will change system settings, consume memory to slow down your computer, or change your browser home page.
Adware is software that displays or downloads advertisements to a computer, such as pop-up windows or advertising banners on webpage. Some adware programs will install itself on your computer undetected.
- Trojan horse programs
Trojan horse programs allow intruders to trick you to install backdoor programs so that the intruders can easily access your computer, change your system and spread viruses surreptitiously.
DoS is designed to interrupt normal system functions and affect legitimate users’ access to the system, or unauthorized access in order to execute system commands, obtain confidential information, or to perform destructive attacks. A massive Distributed DoS (DDoS) attack can even paralyze a network system and bring down a website.
Unauthorized access happens when a user gains access to a resource (network, system, application, data, file, etc.) without permission from the owner of the resource. Unauthorized access almost always occurs on a server host which is providing some services on the Internet regardless of the nature of the service. Unauthorized access might result in a slow network connection, impairment of the host’s processing ability, and if happening to a host's files, it could result in modification, and/or destruction of vital data.
Abuse of Wireless Network
Wireless local and area networks and Wi-Fi devices provide the flexibility and convenience to users to move from one place to another while remaining connected to the network. Wireless networks that transmit data through radio frequencies are particularly vulnerable to intruders because attackers do not need to have physical access to the network. Intruders can invade the network, access the system, modify, destroy or steal information, and launch attacks that tie up network bandwidth and deny service to authorized users.
Mobile Device and Information Theft
Mobile devices such as laptops, PDAs, smartphones, and removable medium often contain important files, access codes, and other sensitive information. Mobile device theft could cause not only monetary loss, but more importantly, unauthorized release of sensitive data, which could damage the public’s trust in an organization, jeopardize the mission of an organization, or harm individuals if their personal information has been released.
Common schemes include credit card fraud, identity theft, Internet extortion, investment fraud, spam, “Nigerian Letter” (communications from individuals representing themselves as Nigerian or foreign government officials to share with the victim a large amount of money and solicit for help in placing the money in overseas bank accounts), etc., over the Internet.
Website defacement happens when the system administrator fails to protect server security and hackers are able to invade into a host’s web server and change the visual appearance of the site by inserting or altering information.
Misuse of Web Applications
Hackers can bypass network firewalls and intrusion-prevention systems to attack web applications directly. They can inject executable commands into databases via the user interfaces and steal sensitive information, such as customer information and credit card information. User authentication is the foundation of web application security.
Abuse of Network Resources by Insiders
Employees may use office resources for personal reasons, such as online shopping, playing games, and sending instant messages to friends during work hours. Data theft by an insider is also common when security controls, such as access privilege and data encryption are not implemented.
Sabotage can take various forms including when soon-to-be terminated employees damage hardware equipment, or using programs such as logic bombs to set off malicious functions to destroy vital data or paralyze the system.
Some Helpful Definitions
Computer network: A computer network is a set of interconnected computers with the ability to exchange data. Different networks including LAN (Local Area Network), WAN (Wide Area Network), and wireless LANs and WANs. These networks allow the interchange of data using different media such as cable, fiber optical, or wireless technologies.
Secure Sockets Lay (SSL) Virtual Private Networks (VPNs): SSL VPNs provide users with secure remote access to an organization’s resources. An SSL VPN consists of one or more VPN devices to which users connect using their web browsers. SSL VPNs can provide remote users with access to web applications and client/server applications, as well as connectivity to internal networks.
Cryptography: Cryptography is encryption and transformation of data to unintelligible ciphertext, in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification. Federal agencies, industry, and the public rely on cryptography for the protection of information and communications used in electronic commerce, critical infrastructure, and other application areas.
VoIP: Voice over IP (VoIP) refers to the transmission of voice over packet-switched IP networks. VoIP provides a cheaper and clearer alternative to traditional Public Switched Telephone Network (PSTN) phone lines. With many telecommunications companies and other organizations moving or in the process of moving their telephony infrastructure to their data networks, security measurements must be applied on both voice and data.
To get more information on security terminologies, you can read the Glossary of Key Information Security Terms published by the National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf
Computer Security Resource Center Publications. National Institute of Standards and Technology.
Information Security Handbook: A Guide for Managers. National Institute of Standards and Technology.
Baseline Information Security Standards: An Audit Perspective. National Institute of Standards and Technology.
Worm Infects Millions of Computers Worldwide. The New York Times Online.
A Design Theory for Information Security Awareness. University of Oulu.
System Security Threats and Controls. The CPA Journal Online.