Archive for October, 2009

Information Security

Friday, October 30th, 2009

Information security is a term that refers to the policies, common practices, and means used to maintain the confidentiality, the integrity, and the availability of data. It involves protecting yourself, your family, your employer and your customers. From stopping the destruction of vital files to countering the misuse of personal data, information security has become one of the fastest growing and most critical areas in the IT field. Everyday there are reports of identity theft, corporate systems being hacked, and government websites under siege. To combat these threats, comprehensive steps must be taken to provide for the security of information and can be accomplished through an effective four-tiered program encompassing physical security, personnel security, software security, and cryptographic security.
Physical security is simply taking the appropriate steps with a computer that you would normally take with any other valuable. Would you leave your wallet lying out on your desk when you leave the room to get a drink from the water fountain or would you donate an old pair of pants to the Goodwill store and leave your social security card in the back pocket? Of course not, but everyday computers are left logged on for anyone to use, laptops are left unattended, and old computers are thrown out or recycled with personal data on intact, usable hard drives. In this new Information Age, we must remember the sensitivity of the data that our computers handle everyday and we have to get into the habit of locking the door, putting it away, and keeping unauthorized people from getting access to it. Not all breaches of physical security are intentional; sometimes, employees can get busy and forget to lock the door or log out of the server when they’re done. When something does happen – a laptop is stolen or an unauthorized person is found trespassing in the data center – it is extremely important that it is reported and data can be checked to help maintain its confidentiality, integrity and availability. Don’t be embarrassed by accidents, make it right by reporting it. By being vigilant and following set procedures, physical security programs are the first tier of a complete information security program.
Personnel security measures are those policies and procedures taken to ensure that the people who are put in places of trust are worthy of that responsibility. Many corporations and government organizations go to great lengths and spend millions of dollars every year to make sure that the people they hire are honest and responsible because they have “customers” depending on them to do just that. Background checks and investigations have almost become commonplace in the job search process. Compromised passwords, ghost accounts, and the breaches of account restrictions are all serious offenses that can be caused by an insider, someone who has trusted access to the system, who intentionally weakens its security. While intentional misuse of responsibilities may account for a breach in security, untrained employees, those who simply don’t know any better, can also account for breaches. The FTC, Federal Trade Commission, has created a website that helps businesses protect their customers’ information by providing training for their employees. For more information on protecting personal information, check out http://www.ftc.gov/infosecurity/. The access to data in an organization must be regulated through a “need to know” policy and secured by trustworthy people. Businesses know that their people must be worthy of the responsibilities given them and they look for, and pay well, those whom they can trust.
Software security involves the programs that are running on the computers and the protection of the information handled by those programs. Firewalls, antivirus software, and monitoring programs all work at this level of security. Heuristic monitoring and memory resident tools are a part of most antivirus software programs today. While signature scanners look through the files located on your computer for matching “definitions” that have been updated, memory resident and heuristic monitoring tools watch for malicious logic events associated with viruses, worms (self-replicating programs that use networks to send themselves to other computers) or “backdoors” such as file downloading, Internet-initiated programs, the copying and unzipping of files, and remote access. When suspicious operations are detected, they are halted and reports are sent to the user indicating such activity. While often considered troublesome and the butt of comical Mac commercials on television, Microsoft’s Vista and Internet Explorer 7 security features are having a positive impact in the fight against fraud and identity theft. For more information, check out the video tutorial by Microsoft at http://www.microsoft.com/protect/videos/yourself.mspx. By providing users with allied applications that help protect the data on a computer, manufacturers are taking some of the burden for information security off the individual. Still, it is the responsibility of the user to implement these tools.
Cryptographic security is about making your information unreadable by others. Windows XP Professional and the NTFS filing system allow you to protect your files by using the Encrypting File System (EFS). When you encrypt a file, you change it to a format that can’t be read without the key; anyone who attempts to read the file without your log on or authentication will find the information unintelligible. As company intranets, privately maintained networks that are restricted to authorized users only (such as company employees), have grown in numbers, the access of data from remote computers has become a business necessity, and a curse at the same time. With encryption of these files, the management and security of these virtual files across an intranet can be more easily handled.

References:
“Help keep your data safe.” Microsoft Help and Support. Microsoft Corporation. 7 Apr 2008. 20 Dec 2005. .
Meyers, Mike. All in One CompTIA A+ Certification Exam Guide. 6th ed.. New York: McGraw-Hill, 2007.
“Protecting Personal Information: A Guide for Business.” Federal Trade Commission. Federal Trade Commission. 7 Apr 2008 .
“Protecting Yourself.” Microsoft Video Tutorials. Microsoft Corporation. 7 Apr 2008 .
White, Ron. How Computers Work. 6th ed.. Indianapolis, IN: Que Corporation, 2002.

Beware of Viruses

Wednesday, October 7th, 2009

What exactly is a computer virus? I have been asked this question many times and thought many of you too may be curious. Computer viruses are so named because of their similarities with biological viruses. Like the influenza virus which comes in many strains, computer viruses come in many forms as well. A single computer virus code like Nimda can have many variations such as Nimda.A, Nimda.E, Nimda.R, Nimda@mm, W32.Nimda, W32.Nimda.A and WormI.Nimda. The one outstanding feature of any virus is that its main goal is to reproduce itself. Some viruses do destroy data, but, this behavior is not the basis for classifying a piece of code as a computer virus. Some viruses are written to be as small as possible, and do not waste code with damage routines. Other viruses use large amounts of code so that the few lines of code that are used to replicate the virus are not noticed. The term virus was given to this type of malicious code due to its inherent ability to reproduce itself. Therefore, even if a piece of code does nothing harmful to the system but keeps on making copies of itself then it is considered to be a computer virus.

network_firewall

Please note that these elements are part of most viruses, but the level of adaptation may differ from species to species. There are essentially three parts of a computer virus:

The Replicator – The Replicator’s job is to ensure the survival of the virus on a system. Most successful viruses do this by not inflicting damage on the system but by appending themselves to legitimate programs in the machine. Each time the program is run the virus ‘wakes up’ and starts to reproduce. As stated earlier, this is the most important part of the virus code.

The ConcealerThis part of the virus attempts to hide the virus. There are a variety of ways to accomplish this, but the main goal is to avoid detection by antivirus software. Antivirus software must be updated regularly to maintain its database of virus signatures. A virus signature is a set of characteristics that uniquely identifies a specific virus. Today’s viruses use various advanced techniques to stop being caught from Antivirus software.

The PayloadThe payload of a virus can be practically anything. If a virus is going to have a long life then any damage it causes must either be very slight, or should not take place for a long period after infection. If an obvious payload gets delivered soon after infection then the user will notice that a problem exists and will quickly go virus hunting.

The Symptoms of Infection

Since many viruses release their payload slowly over time or wait a period of time before releasing the payload, the symptoms of a viral infection may appear gradually or can be confused with other computer issues.

The following symptoms are frequently caused by or associated with a virus:

  • You received an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear or a sudden degradation in system performance occurs.
  • There is a double extension on an attachment that you recently opened, such as .jpg.vbs or .gif.exe.
  • An antivirus program is disabled for no reason and it cannot be restarted.
  • An antivirus program cannot be installed on the computer or it will not run.
  • Strange dialog boxes or message boxes appear onscreen.
  • New icons appear on the desktop that you did not put there, or are not associated with any recently installed programs.
  • Strange sounds or music plays from the speakers unexpectedly.
  • A program disappears from the computer, but you did not intentionally remove it.

A virus infection may also cause the following symptoms, but these symptoms may also be the result of ordinary Windows functions, or problems in Windows that are not caused by a virus.

  • Windows will not start at all, even though you have not made any system changes, and you have not installed or removed any programs.
  • Windows will not start because certain critical system files are missing, and then you receive an error message that lists the missing files.
  • The computer sometimes starts as expected, but at other times it stops responding before the desktop icons and taskbar appear.
  • The computer runs very slowly, and it takes a long time to start.
  • You receive out-of-memory error messages even though your computer has much RAM.
  • New programs do not install correctly.
  • Windows spontaneously restarts unexpectedly.
  • Programs that used to run stop responding frequently. If you try to remove and reinstall the software, the issue continues to occur.
  • A disk utility such as Scandisk reports multiple serious disk errors.
  • Your computer always stops responding when you try to use Microsoft Office products.
  • You cannot start Windows Task Manager.
  • Antivirus software indicates that a virus is present.