Download SE 4C03 Winter 2004

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Wireless security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cross-site scripting wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Security-focused operating system wikipedia , lookup

Antivirus software wikipedia , lookup

Distributed firewall wikipedia , lookup

Malware wikipedia , lookup

Computer virus wikipedia , lookup

Denial-of-service attack wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyberterrorism wikipedia , lookup

Computer security wikipedia , lookup

Unix security wikipedia , lookup

Cybercrime wikipedia , lookup

Mobile security wikipedia , lookup

Cyberattack wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
SE 4C03 Winter 2004
Sword and Shields:
How and why a computer is attacked and what counter measures
are available.
Chenhan Hsieh
March 29, 2004
Abstract
Misuse of services provided by operating system
and hardware peripherals is the main reason why
attacks on systems are possible. Attackers misuse
those services for their own advantage; while the
other breed of attackers attempt to find ways to
misuse those services in order to eliminate them.
Introduction
As stated in the proposal, the goal of this report is to identify how the next
attack or hack will most likely occur. To answer that question, one only needs a phrase:
“Misuse of services.”
Before the reader starts to rip this paper into oblivion, that phrase must be
elaborated somewhat further.
Hackers verses Crackers
First of all, let us set up some foundation for the arguments going to be made in
the following section of the report. First point to make is the difference between a
“Hacker” and a “Cracker.” A Hacker is a person who is quipped with extensive
knowledge on computers, operating systems, and programming languages. A Hacker
will be interested only in knowledge and never the destruction of electronic devices or
information. A Cracker, on the other hand, will breach a remote system with a
malicious intend. A Hacker and a Cracker are different in nature, even though they
sometimes end up causing a headache for IT support of a company.
There are also three categories of attackers: Script kiddies, black hats and white
hats.
Amateur Attackers
Script kiddies are often young people, who got their hands on scripts or program
applets written by skilled attackers. Even though they do not succeed very often, but
once they do, it is quite possible some major damages to the files could be done.
Black Hats and White Hats: Attack Evil with Evil
Black hats are very skilled crackers who are not easily caught. They possess
extensive knowledge in technology and use them to find more vulnerability of systems.
White hats, on the other hand, use their skills in attacking computer systems and
networks to improve existing defensive measures.
System Under Siege: DoS, Viruses and Trojan
As for the attacks, generally speaking, there are DoS, viruses, and Trojans. This
is not an exhaustive list, but enough to cover the points being made in this report.
DoS, A.K.A. denial of service attack, is an attack that disables one publicly
available service. For an example, Morris Worm took out 5000 machines for several
hours in November 1988. If an internet website, such as Yahoo or CNN.com, was
attacked successfully, even if no physical equipments were damaged, but financial loss
would be in millions of dollars.
A virus is a destructive program that replicates itself by infecting other
programs so that they contain a copy of this virus. Usually, a virus spreads to another
machine by e-mail attachments. In some cases, if a virus spreads to another machine
across the network without attachments of any kind, then it is now called a worm. Late
in year 2003, a worm infected several professors’ laptops and computers which were
denied of internet services in McMaster University and many other places in the world.
Trojan is a password- or privacy-compromising program that breeches personal
confidentiality of the users. However, it can sometimes do more damage than stealing
e-mail passwords. For an example, if a Trojan is equipped with DEL, DELTREE or
FORMAT command, just imagine what would happen if it formats your C drive
without you knowing what is coming. Even though, Trojans are less destructive in the
scale of damage than virus, since it does not self-replicate and spread to other machine
so easily – it usually commits a suicide attack, taking out the system along with itself.
Misuse of Services
The listing above covered various common attacks that could take place. How
would they relate to “Misuse of services?”
TFN2k is a type of DoS attack written by Mixter. Monitoring and updating
network status are very often used in computer networks. Those services help to
maintain the usability of the performance of a machine or a network. However, what
TFN2k does is simply monitor and update so often that it consumed all CPU and
network resources, the system and network are unusable until the attack is stopped.
One way out is to employ application proxies. Monitoring and updating systems are
very innocent use of network, but yet, they can also be turned against you.
CIH is a very commonly known virus written by Chen Ing-Hau. He ingeniously
studied the way Norton Anti-Virus worked and engineered CIH. When Norton
Antivirus scans for virus, the virus scanner itself may possibly be infected by CIH, thus
it scans every file on the system and infects every single one of them. On April 24,
1999, the first payload of CIH ignites, and overwrites the harddisk with random data
starting sector 0. Second payload might or might not occur. However, while it occurs,
CIH attacks BIOS and corrupts the data stored in that flash memory. Up to this
moment, authority still have not released how this is done, but the effect – permanent
damage to system hardware – is very well noticeable. All that came from a virus
scanner or a file access, simply because a flaw has been found in the way 32-bit
operating systems access a file.
Defend Yourself
Up to this point, the reader should be convinced that all attacks are based on one
principle: There are design flaw in operating systems and if there is a flaw, there is a
way to use it against the system. Being a software engineer, we were constantly
warned that current software is not safe due to bad design process. Before a perfect
design process could be created, counter measures are still available for your disposal.
The trivial defence to attacks is simply having your network connection
unplugged. When there is absolutely no connection whatsoever, regardless how skilful
an attacker is, he or she can not penetrate this barrier and pass the connection packets
across thin air. However, as we all know that this is infeasible due to the dependency
of computer internetworking nowadays.
Other than that, recommendations people hear every day will really do the trick.
For example, do not open unknown e-mail attachments, install firewalls on your
computer, and do not go to insecure websites. E-mail attachments is the most popular
way that any attack from viruses can be started. However, not everyone has the luxury
of avoiding any and all attachments. If one is using Outlook Express, here is a little
trick. Right click on the mail message and view the source of the e-mail. There you
can find all the information hidden from a message. For example, you can really see if
this is an image/video file or just a virus mimic. A good firewall will protect you from
most of the attackers. Even though a firewall is still penetrable, but most hackers and
crackers will move on to easier targets – unless you really have something he/she wants,
but generally, they will move on. Some websites contain malicious scripts, for instance,
unsafe activeX scripts. If a website can pop your cd-rom drive open, imagine what its
potential are. On the other hand, if you really have to go to some of those places on the
internet, make sure that your security level is sufficiently high, so that the effect of
those scripts will be minimized.
There is no free lunch. One must sacrifice security for convenience and vise
versa. Windows operating systems are most likely to be attacked because of its
vulnerability due to its complexity. It is made complicated because of the convenience
windows wants to provide, however, that became its downfall. On the other hand,
Linux and Unix operating systems are known to be safe because a user has total control
over operating system. In this aspect, the user must know everything to be able to use
them, but yet, nothing unknown to the user will happen, including viruses, Trojens and
most of the attacks within your system. As for DoS attack, there is really not much way
going around it. If a system is open for public use, such as a company file server or
mail server, it is vulnerable to DoS attack.
Final Thoughts
To conclude, misusing services provided by operating system is really the
source of all attacks. Unless a perfect design process is developed to create absolutely
safe software, internet will never be secure. Therefore, keep your Ethernet cable
unplugged if you want your system to be absolutely safe.
References:
Anonymouse, Maximum Security A hacker’s guide to protecting your internet site and
network.(2001) Pp71 – 418
Motoaki Yamamura Security Response, W95.CIH,
http://www.symantec.com/avcenter/venc/data/cih.html
Christian Mairol a² Security Ticker: Worm.Win32.Sober.E Alert! http://www.antitrojan.net/
Related documents
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
IT ESSENTIALS V. 4.1 Module 9 Fundamental Security 9.1 Explain
IT ESSENTIALS V. 4.1 Module 9 Fundamental Security 9.1 Explain
Cool SCIENCE! - University of California, Irvine
Cool SCIENCE! - University of California, Irvine
vet_virology_symposium
vet_virology_symposium
Understanding viruses classwork
Understanding viruses classwork
Possible Origin of Viruses
Possible Origin of Viruses
dos_nanog
dos_nanog
Symptoms of Ebola virus disease
Symptoms of Ebola virus disease
Professional LYSOL® Brand Disinfectant Deodorizing Cleaner
Professional LYSOL® Brand Disinfectant Deodorizing Cleaner
ECDHS418-Communicable Disease Fact Notification Letter
ECDHS418-Communicable Disease Fact Notification Letter
Systems Security
Systems Security