Computer insecurity
Encyclopedia
Computer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.
, in 2010 94 percent of organizations polled expect to implement security improvements to their computer systems, with 42 percent claiming cyber security as their top risk.
At the same time many organizations are improving security, many types of cyber criminals are finding ways to continue their activities. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware
infections, denial-of-service attack
s, password sniffing, and web site defacements were significantly higher than in the previous two years.
consulting firms produce estimates of total worldwide losses attributable to virus
and worm
attacks and to hostile digital acts in general. The 2003 loss estimates by these firms range from $13 billion (worms and viruses only) to $226 billion (for all forms of covert attacks). The reliability of these estimates is often challenged; the underlying methodology is basically anecdotal.” Insecurities in operating system
s have led to a massive black market for rogue software
. An attacker can use a security hole to install software that tricks the user into buying a product. At that point, an affiliate program pays the affiliate responsible for generating that installation about $30. The software is sold for between $50 and $75 per license.
.
Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers
or crackers. Some are thrill-seekers or vandal
s (the kind often responsible for defacing web sites); similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. An example of the latter is Markus Hess
(more diligent than skilled), who spied for the KGB
and was ultimately caught because of the efforts of Clifford Stoll
, who wrote a memoir, The Cuckoo's Egg
, about his experiences. For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home personal computer
are very different for those of bank
s' Internet banking systems, and different again for a classified
military network
. Other computer security writers suggest that, since an attacker using a network need know nothing about you or what you have on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all possible attacks is the only plausible action to take.
can typically be classified into one of these seven categories:
' or 'glitch
' in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack. Many development methodologies rely on testing
to ensure the quality of any code released; this process often fails to discover unusual potential exploits.
The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horse
s and computer virus
es. In some cases, a
vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs (see "External links" below).
transmissions generated by the hardware such as TEMPEST
. The FBI's proposed Carnivore program
was intended to act as a system of eavesdropping protocols built into the systems of internet service providers.
s have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.
needs to be analyzed, not only the behaviour of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computer
s", used as part of a botnet
with, for example; a worm
, trojan horse, or backdoor exploit to control them.) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Another technique to exhaust victim resources is through the use of an attack amplifier — where the attacker takes advantage of poorly designed protocols on 3rd party machines, such as FTP or DNS, in order to instruct these hosts to launch the flood.
There are also commonly found vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
system.
A specific form of backdoors are rootkits, which replaces system
binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports. It may also fake information about disk and memory usage.
The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.[2]
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be.[3] In this case, a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.[4]
modifications, software worms, key loggers
, and covert listening device
s. The attacker can also easily download large quantities of data onto backup media, for instance CD-R
/DVD-R
, tape
; or portable devices such as keydrives, digital camera
s or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM
or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
See also: :Category:Cryptographic attacks
is regarded by some as a form of mathematics
. It is theoretically possible to prove the correctness
of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry — see Bruce Schneier
et al.
It's also possible to protect messages in transit (i.e., communication
s) by means of cryptography
. One method of encryption — the one-time pad
— is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis
(See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption
, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.
In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audit
s or inexpensive but extremely valuable computer security audit
s, so it's usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance
.
Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure
. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet
, and can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX
-based operating systems such as Linux
, built into the operating system kernel) to provide realtime filtering and blocking. Another implementation is a so called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet
. However, relatively few organisations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place.
:Category:Spyware removal — Programs that find and remove spyware
Security and systems design
Although there are many aspects to take into consideration when designing a computer system, security can prove to be very important. According to SymantecSymantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
, in 2010 94 percent of organizations polled expect to implement security improvements to their computer systems, with 42 percent claiming cyber security as their top risk.
At the same time many organizations are improving security, many types of cyber criminals are finding ways to continue their activities. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
infections, denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s, password sniffing, and web site defacements were significantly higher than in the previous two years.
Financial cost
Serious financial damage has been caused by security breaches, but because there is no standard model for estimating the cost of an incident, the only data available is that which is made public by the organizations involved. “Several computer securityComputer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
consulting firms produce estimates of total worldwide losses attributable to virus
Virus
A virus is a small infectious agent that can replicate only inside the living cells of organisms. Viruses infect all types of organisms, from animals and plants to bacteria and archaea...
and worm
Worm
The term worm refers to an obsolete taxon used by Carolus Linnaeus and Jean-Baptiste Lamarck for all non-arthropod invertebrate animals, and stems from the Old English word wyrm. Currently it is used to describe many different distantly-related animals that typically have a long cylindrical...
attacks and to hostile digital acts in general. The 2003 loss estimates by these firms range from $13 billion (worms and viruses only) to $226 billion (for all forms of covert attacks). The reliability of these estimates is often challenged; the underlying methodology is basically anecdotal.” Insecurities in operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s have led to a massive black market for rogue software
Rogue software
Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware...
. An attacker can use a security hole to install software that tricks the user into buying a product. At that point, an affiliate program pays the affiliate responsible for generating that installation about $30. The software is sold for between $50 and $75 per license.
Reasons
There are many similarities (yet many fundamental differences) between computer and physical securityPhysical security
Physical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
.
Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
or crackers. Some are thrill-seekers or vandal
Vandalism
Vandalism is the behaviour attributed originally to the Vandals, by the Romans, in respect of culture: ruthless destruction or spoiling of anything beautiful or venerable...
s (the kind often responsible for defacing web sites); similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. An example of the latter is Markus Hess
Markus Hess
Markus Hess, a German citizen, is best known for his endeavours as a hacker in the late 1980s. Hess was recruited by the KGB to be an international spy with the objective of securing U.S...
(more diligent than skilled), who spied for the KGB
KGB
The KGB was the commonly used acronym for the . It was the national security agency of the Soviet Union from 1954 until 1991, and was the premier internal security, intelligence, and secret police organization during that time.The State Security Agency of the Republic of Belarus currently uses the...
and was ultimately caught because of the efforts of Clifford Stoll
Clifford Stoll
*High-Tech Heretic: Reflections of a Computer Contrarian, Clifford Stoll, 2000, ISBN 0-385-48976-5.-External links:* at Berkeley's Open Computing Facility**, December 3, 1989* copy at Electronic Frontier Foundation, May 1988...
, who wrote a memoir, The Cuckoo's Egg
The Cuckoo's Egg (book)
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer cracker who broke into a computer at the Lawrence Berkeley National Laboratory .-Summary:Clifford Stoll managed some...
, about his experiences. For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home personal computer
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
are very different for those of bank
Bank
A bank is a financial institution that serves as a financial intermediary. The term "bank" may refer to one of several related types of entities:...
s' Internet banking systems, and different again for a classified
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
military network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. Other computer security writers suggest that, since an attacker using a network need know nothing about you or what you have on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all possible attacks is the only plausible action to take.
Vulnerabilities
To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. These threatsThreat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
can typically be classified into one of these seven categories:
Exploits
An exploit (from the same word in the French language, meaning "achievement", or "accomplishment") is a piece of software, a chunk of data, or sequence of commands that take advantage of a software 'bugBug
A bug is an insect of the order Hemiptera, known as the "true bugs".Bug or BUG may also refer to:-Biology:* Informally, most arthropods, except marine crustaceans, including individuals or species of** centipede** insect** millipede** mite...
' or 'glitch
Glitch
A glitch is a short-lived fault in a system. It is often used to describe a transient fault that corrects itself, and is therefore difficult to troubleshoot...
' in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack. Many development methodologies rely on testing
Software testing
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software...
to ensure the quality of any code released; this process often fails to discover unusual potential exploits.
The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
s and computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
es. In some cases, a
vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs (see "External links" below).
Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magneticElectromagnetism
Electromagnetism is one of the four fundamental interactions in nature. The other three are the strong interaction, the weak interaction and gravitation...
transmissions generated by the hardware such as TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
. The FBI's proposed Carnivore program
Carnivore (FBI)
Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic...
was intended to act as a system of eavesdropping protocols built into the systems of internet service providers.
Social engineering and human error
A computer system is no more secure than the human systems responsible for its operation. Malicious individualIndividual
An individual is a person or any specific object or thing in a collection. Individuality is the state or quality of being an individual; a person separate from other persons and possessing his or her own needs, goals, and desires. Being self expressive...
s have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.
Denial-of-service attack
Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networksComputer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
needs to be analyzed, not only the behaviour of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computer
Zombie computer
In computer science, a zombie is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam...
s", used as part of a botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
with, for example; a worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
, trojan horse, or backdoor exploit to control them.) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Another technique to exhaust victim resources is through the use of an attack amplifier — where the attacker takes advantage of poorly designed protocols on 3rd party machines, such as FTP or DNS, in order to instruct these hosts to launch the flood.
There are also commonly found vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
Indirect attacks
An indirect attack is an attack launched by a third party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the tor onion routerTor (anonymity network)
Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
system.
Backdoors
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.A specific form of backdoors are rootkits, which replaces system
binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports. It may also fake information about disk and memory usage.
The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.[2]
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be.[3] In this case, a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.[4]
Direct access attacks
Someone who has gained access to a computer can install any type of devices to compromise security, including operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
modifications, software worms, key loggers
Keystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
, and covert listening device
Covert listening device
A covert listening device, more commonly known as a bug or a wire, is usually a combination of a miniature radio transmitter with a microphone. The use of bugs, called bugging, is a common technique in surveillance, espionage and in police investigations.A bug does not have to be a device...
s. The attacker can also easily download large quantities of data onto backup media, for instance CD-R
CD-R
A CD-R is a variation of the Compact Disc invented by Philips and Sony. CD-R is a Write Once Read Many optical medium, though the whole disk does not have to be entirely written in the same session....
/DVD-R
DVD-R
DVD-R is a DVD recordable format. A DVD-R typically has a storage capacity of 4.71 GB. Pioneer has also developed an 8.5 GB dual layer version, DVD-R DL, which appeared on the market in 2005....
, tape
Tape drive
A tape drive is a data storage device that reads and performs digital recording, writes data on a magnetic tape. Magnetic tape data storage is typically used for offline, archival data storage. Tape media generally has a favorable unit cost and long archival stability.A tape drive provides...
; or portable devices such as keydrives, digital camera
Digital camera
A digital camera is a camera that takes video or still photographs, or both, digitally by recording images via an electronic image sensor. It is the main device used in the field of digital photography...
s or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM
CD-ROM
A CD-ROM is a pre-pressed compact disc that contains data accessible to, but not writable by, a computer for data storage and music playback. The 1985 “Yellow Book” standard developed by Sony and Philips adapted the format to hold any form of binary data....
or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
See also: :Category:Cryptographic attacks
Reducing vulnerabilities
Computer codeSource code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
is regarded by some as a form of mathematics
Mathematics
Mathematics is the study of quantity, space, structure, and change. Mathematicians seek out patterns and formulate new conjectures. Mathematicians resolve the truth or falsity of conjectures by mathematical proofs, which are arguments sufficient to convince other mathematicians of their validity...
. It is theoretically possible to prove the correctness
Correctness
In theoretical computer science, correctness of an algorithm is asserted when it is said that the algorithm is correct with respect to a specification...
of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry — see Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
et al.
It's also possible to protect messages in transit (i.e., communication
Communication
Communication is the activity of conveying meaningful information. Communication requires a sender, a message, and an intended recipient, although the receiver need not be present or aware of the sender's intent to communicate at the time of communication; thus communication can occur across vast...
s) by means of cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
. One method of encryption — the one-time pad
One-time pad
In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...
— is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
(See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.
In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audit
Information technology audit
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating...
s or inexpensive but extremely valuable computer security audit
Computer security audit
A computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the...
s, so it's usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance
Insurance
In law and economics, insurance is a form of risk management primarily used to hedge against the risk of a contingent, uncertain loss. Insurance is defined as the equitable transfer of the risk of a loss, from one entity to another, in exchange for payment. An insurer is a company selling the...
.
Security measures
A state of computer "security" is the conceptual ideal, attained by the use of the three processes:- Prevention
- Detection
- Response
- User account access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
s and cryptographyCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
can protect systems files and data, respectively. - Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.
- Intrusion Detection Systems (IDSs) are designed to detect network attacks in progress and assist in post-attack forensicsForensicsForensic science is the application of a broad spectrum of sciences to answer questions of interest to a legal system. This may be in relation to a crime or a civil action...
, while audit trailAudit trailAudit trail is a sequence of steps supported by proof documenting the real processing of a transaction flow through an organization, a process or a system.....
s and logs serve a similar function for individual systems. - "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.
Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure
Exit procedure
Exit procedure is a security term in computing that ensures that knowledge about a computer system remains more or less closed only to the people with access to it....
. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
, and can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
-based operating systems such as Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, built into the operating system kernel) to provide realtime filtering and blocking. Another implementation is a so called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. However, relatively few organisations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place.
Difficulty with response
Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult for a variety of reasons:- Identifying attackers is difficult, as they are often in a different jurisdictionJurisdictionJurisdiction is the practical authority granted to a formally constituted legal body or to a political leader to deal with and make pronouncements on legal matters and, by implication, to administer justice within a defined area of responsibility...
to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymising procedures which make backtracing difficult and are often located in yet another jurisdiction. If they successfully breach security, they are often able to delete logs to cover their tracks. - The sheer number of attempted attacks is so large that organisations cannot spend time pursuing each attacker (a typical home user with a permanent (e.g., cable modemCable modemA cable modem is a type of network bridge and modem that provides bi-directional data communication via radio frequency channels on a HFC and RFoG infrastructure. Cable modems are primarily used to deliver broadband Internet access in the form of cable Internet, taking advantage of the high...
) connection will be attacked at least several times per day, so more attractive targets could be presumed to see many more). Note however, that most of the sheer bulk of these attacks are made by automated vulnerability scanners and computer worms. - Law enforcement officers are often unfamiliar with information technologyInformation technologyInformation technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
, and so lack the skills and interest in pursuing attackers. There are also budgetary constraints. It has been argued that the high cost of technology, such as DNADNADeoxyribonucleic acid is a nucleic acid that contains the genetic instructions used in the development and functioning of all known living organisms . The DNA segments that carry this genetic information are called genes, but other DNA sequences have structural purposes, or are involved in...
testing, and improved forensicsForensicsForensic science is the application of a broad spectrum of sciences to answer questions of interest to a legal system. This may be in relation to a crime or a civil action...
mean less money for other kinds of law enforcement, so the overall rate of criminals not getting dealt with goes up as the cost of the technology increases. In addition, the identification of attackers across a network may require logs from various points in the network and in many countries, the release of these records to law enforcement (with the exception of being voluntarily surrendered by a network administratorNetwork administratorA network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a computer network...
or a system administratorSystem administratorA system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...
) requires a search warrantSearch warrantA search warrant is a court order issued by a Magistrate, judge or Supreme Court Official that authorizes law enforcement officers to conduct a search of a person or location for evidence of a crime and to confiscate evidence if it is found....
and, depending on the circumstances, the legal proceedings required can be drawn out to the point where the records are either regularly destroyed, or the information is no longer relevant.
Lists and categories
:Category:Computer security exploits — Types of computer security vulnerabilities and attacks:Category:Spyware removal — Programs that find and remove spyware
- List of computer virus hoaxes
- List of computer viruses
- List of trojan horses
- Timeline of notable computer viruses and wormsTimeline of notable computer viruses and wormsThis is a timeline of noteworthy computer viruses, worms and Trojan horses.- 1966 :* The work of John von Neumann on the "Theory of self-reproducing automata" is published...
Individual articles
- AdwareAdwareAdware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
- Antivirus softwareAntivirus softwareAntivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
- Black hatBlack hatA black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....
- Computer forensicsComputer forensicsComputer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media...
- Computer virusComputer virusA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
- Crash-only softwareCrash-only softwareCrash-only software refers to computer programs that handle failures by simply restarting, without attempting any sophisticated recovery. Correctly written components of crash-only software can microreboot to a known-good state without the help of a user...
- CryptographyCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
- Data remanenceData remanenceData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
- Data spillData spillA data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill...
- Defensive computingDefensive computingDefensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their...
- Defensive programmingDefensive programmingDefensive programming is a form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software. The idea can be viewed as reducing or eliminating the prospect of Murphy's Law having effect...
- Exploit (computer security)Exploit (computer security)An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
- Full disclosureFull disclosureIn computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
- Hacking
- MalwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
- Mangled packetMangled packetIn computer networking, a mangled or invalid packet is a packet — especially IP packet — that either lacks order or self-coherence, or contains code aimed to confuse or disrupt computers, firewalls, routers, or any service present on the network....
- MicrorebootMicrorebootMicrorebooting is a technique used to recover from failures in crash-only software systems. Instead of rebooting the whole system, only subsets of fine-grain components are restarted...
- Penetration testPenetration testA penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
- Physical securityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- Ring (computer security)Ring (computer security)In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults and malicious behaviour . This approach is diametrically opposite to that of capability-based security.Computer operating systems provide different...
- RISKS DigestRISKS DigestThe RISKS Digest or Forum On Risks to the Public in Computers and Related Systems is an online periodical published since 1985 by the Committee on Computers and Public Policy of the Association for Computing Machinery. The editor is Peter G. Neumann....
- Security engineeringSecurity engineeringSecurity engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
- Security through obscuritySecurity through obscuritySecurity through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...
- Software Security AssuranceSoftware Security AssuranceSoftware security assurance is a process that helps design and implement software that protects the data and resources contained in and controlled by that software...
- SpamSpam (electronic)Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
- Targeted threatTargeted threatTargeted threats are a class of malware destined for one specific organization or industry. A type of crimeware, these threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero...
- Threat (computer)Threat (computer)In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
- Virus hoaxVirus hoaxA computer virus hoax is a message warning the recipient of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipient to forward it to everyone they know.-Identification:...
- Vulnerability (computing)Vulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
- WormComputer wormA computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
- XSAXSAIn computer science, XSA is a networking security intrusion method which allows for a malicious client to compromise security over a website or service on a server by using implemented services on the server that may not be secure.In general, XSA is demonstrated against websites, yet sometimes it...
- Zero-day attack
Further reading
- Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6
- Bruce SchneierBruce SchneierBruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
: Secrets & Lies: Digital Security in a Networked World, ISBN 0-471-25311-1 - Cyrus Peikari, Anton ChuvakinAnton ChuvakinAnton Chuvakin is a computer security specialist, currently a principal at Security Warrior Consulting. His past positions included roles of a Director of PCI Compliance Solutions at Qualys, a U.S. Vulnerability management company, a Chief Logging Evangelist with LogLogic, a U.S. Log Management and...
: Security Warrior, ISBN 0-596-00545-8 - Jack Koziol, David LitchfieldDavid LitchfieldDavid Litchfield is a renowned security expert from the United Kingdom, who focuses on the discovery and publication of computer security vulnerabilities with a special focus on database server software...
: The Shellcoder's Handbook: Discovering and Exploiting Security Holes, ISBN 0-7645-4468-3 - Clifford StollClifford Stoll*High-Tech Heretic: Reflections of a Computer Contrarian, Clifford Stoll, 2000, ISBN 0-385-48976-5.-External links:* at Berkeley's Open Computing Facility**, December 3, 1989* copy at Electronic Frontier Foundation, May 1988...
: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, an informal — and easily approachable by the non-specialist — account of a real incident (and pattern) of computer insecurity, ISBN 0-7434-1146-3 - Roger R. SchellRoger R. SchellRoger R. Schell is President of ÆSec, a company focused on appliances built on hardened platforms for secure, reliable e-business on the Internet. For several years he managed the development and delivery of security for several Novell releases of network software products including an integral...
: Internet Rules but the Emperor Has No Clothes ACSAC 1996 - William Caelli: "Trusted Systems" in an Age of NIIP: Lessons from the Past for the Future. 2002
- Noel DavisNoel DavisNoel Davis was a British film and television actor.-Selected filmography:* Clegg * A Touch of the Other * Some Will, Some Won't * Freelance * Macbeth * Yellow Dog...
: Cracked! story of a community network that was cracked and what was done to recover from it 2000 - Shon Harris, "CISSP All-In-One Study Guide" ISBN 0071497870
- Daniel Ventre, "Information Warfare" Wiley - ISTE - 2009 - ISBN 9781848210943
- Daniel Ventre, "La guerre de l'information" - Hermès ISTE - 2007 - 300 pages
- Daniel Ventre, "Cyberguerre et guerre de l'information. Stratégies, règles, enjeux" - Hermès Lavoisier - 2010
- Daniel Ventre, "Cyberespace et acteurs du cyberconflit" - Hermès Lavoisier - avril 2011 - 288 pages
- Daniel Ventre, "Cyberwar and Information Warfare" - Wiley ISTE - July 2011 - 460 pages
- Daniel Ventre, "Cyberattaque et Cyberdéfense" - Hermès Lavoisier - August 2011 - 336 pages
- andrew bellAndrew BellAndrew Bell may refer to:* Andrew Bell , toy designer, founder of Dead Zebra, Inc* Andrew Bell , Scottish co-founder of the Encyclopædia Britannica...
," had problem with virus taking over admin ruling it disguises its self as a program got rid of it built my own program that deletes it from use if detected again "
External links
- Participating With Safety, a guide to electronic security threats from the viewpoint of civil liberties organisations. Licensed under the GNU Free Documentation License.
- Article "Why Information Security is Hard — An Economic Perspective" by Ross Anderson
- The Information Security Glossary
- The SANS Top 20 Internet Security Vulnerabilities
- Amit Singh: A Taste of Computer Security 2004
Lists of currently known unpatched vulnerabilities
- Lists of advisories by product Lists of known unpatched vulnerabilities from SecuniaSecuniaSecunia is a Danish computer security service provider best known for tracking vulnerabilities in a large variety of software and operating systems.Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons....
- Vulnerabilities from SecurityFocus, including the BugtraqBugtraqBugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them...
mailing list. - List of vulnerabilities maintained by the government of the USA