The document describes various computer security concepts including threats to information systems like viruses, worms, Trojans, and bots. It discusses different types of malware such as file infectors, macro viruses, encrypted viruses, and rootkits. It also outlines security defenses like using updated antivirus software, firewalls, and practicing safe email/web habits by avoiding suspicious attachments or downloads.

1. ADDITIONAL ASSIGNMENT
By
Aarti Kulshrestha
11D383

2. Q1. DESCRIBE THE SECURITY ISSUES OF THE
WEB AND ELECTRONIC COMMERCE.

3. COMPUTER SECURITY CONCEPTS
Computer Security: The protection afforded to an automated information
system in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources (i.e.
hardware, software, firmware, information/data, and telecommunications)
 Integrity
- Assets can be modified by authorized parties
only
 Availability
- Assets be available to authorized parties
 Confidentiality
- Requires information in a computer system
only be accessible by authorized parties. Individuals set their
own privacy requirements.
Addl. requirements:
 Authenticity
- Requires that a computer system be able to
verify the identity of a user
 Accountability
- Requires the detection and tracing of a
security breach to a responsible party.

4. THREATS AND ATTACKS

5. SECURITY THREATS TO ASSETS

6. COMMUNICATION LINES AND NETWORKS
Passive Attacks

Release of message contents - a telephone conversation, an electronic mail
message, a transferred file, etc.

Traffic analysis - encryption can mask the contents but message size,
transmission frequency, location and id of communicating hosts can still be
extracted

7. COMMUNICATION LINES AND NETWORKS
Active Attacks

Replay : passive capture of a data unit and its
retransmission to produce an unauthorized
effect

Masquerade : one entity pretends to be a
different entity (e.g. try to login as someone else)

Modification of messages some portion of a
legitimate message is altered, or messages
are delayed or reordered

Denial of service prevents or inhibits the
normal use or management of communications
facilities (Disable or overload with messages)

8. INTRUDER BEHAVIOR PATTERNS
Hackers
Criminals
Insider attacks

9. MALICIOUS SOFTWARE (MALWARE)
Backdoor (Trapdoor)
 Entry
point into a program that allows someone who is aware of trapdoor to gain
access
Anyone watched the movie War Games ?
 used
by programmers to be able to debug and test programs while skipping a
lengthy setup/authentication process during development


Avoids necessary setup and authentication
Ensures that there is a method of activating program if something wrong with the
authentication procedure
Logic Bomb
 Code
embedded in a legitimate program that is set to ―explode‖ when certain
conditions are met

•
Presence or absence of certain files, particular day of the week, particular user
running application
One of the oldest types of program threat, predating viruses and worms
Trojan Horse
 Useful
program that contains hidden code that when invoked performs some
unwanted or harmful function

Can be installed through software downloads, bundling, email attachments, websites
with executable content, etc. Trojan-type malware is on the rise, accounting for 83percent of the global malware.

10. VIRUSES
Program that can ―infect‖ other programs by modifying them in such
a way that the infected program can infect other programs
Virus Stages
• Dormant phase: Virus is idle
• Propagation phase: Virus places an identical copy of itself into other programs or
into certain system areas on the disk
• Triggering phase: Virus is activated to perform the function (usually harmful)
• Execution phase: Function is performed
Macro Viruses
• macro - an executable program embedded in a word document or other type of file
• Easily spread; platform independent; infects documents, not the .exe
E-mail Virus
• Activated when recipient opens the e-mail attachment (e.g. Melissa virus). A new
version that came out in 1999 was activated by opening the e-mail itself.
• Sends itself to everyone on the mailing list of the infected user
Any virus stories?

11. A SIMPLE VIRUS
A COMPRESSION VIRUS

12. ** HERE VIRUSES
Classification by Target
 Boot sector infector - Infects boot record and spreads when system is booted from
the disk containing the virus
 File infector - Infects executable files
 Macro virus - Infects files with macro code that is interpreted by an application
Classification by concealment strategy
 Encrypted virus – a portion of the virus encrypts its main body and stores the key
with itself. When an infected program is executed, the virus decrypt itself and then
replicates. At each replication, a different random key is selected making the detection
more difficult.
 Stealth - Designed to hide itself from detection by antivirus software. May use
compression
 Polymorphic - Mutates with every infection, making detection by the ―signature‖ of the
virus impossible
 Metamorphic – same as polymorphic, but rewrites itself completely making the
detection even more difficult. May change functionality as well as appearance.

13. MALICIOUS SOFTWARE (CONT.)
Worms
Exhibits similar characteristics as an e-mail virus, but worm does not need
a host program and it is not passive, it actively seeks out more
machines to infect via
Electronic mail facility: A worm mails a copy of itself to other systems
 Remote execution: A worm executes a copy of itself on another system
 Remote log-in: A worm logs on to a remote system as a user and then copies itself
from one system to the other

Bots (Zombie or drone)
Program that secretly takes over another Internet-attached computer and uses it to
launch attacks that are difficult to trace to the bot’s creator
 planted on hundreds of computers belonging to unsuspecting third parties and then
used to overwhelm a target Web site by launching an overwhelming onslaught of
Internet traffic
 The collection of bots acting in a coordinated manner is called botnet

Uses of Bots

DDoS (Distributed Denial of Service attacks), spamming, sniffing traffic on a
compromised machine, keylogging, spreading new malware, manipulating online
polls/games/clicks for ads (every bot has a distinct IP address), etc.

14. B OTS
Bots (Zombie or drone)

Program that secretly takes over another Internet-attached computer and uses it to launch
attacks that are difficult to trace to the bot’s creator
Remote Control Facility
A worm propagates and activates itself, whereas a bot is controlled from a central facility
 Once a communication path is established, the control module can activate the bots in host
machines (which are taken hostage). For greater flexibility, the control module can instruct the
bots to download a file from an internet site and execute it. This way, a bot can be used for
different kinds of attacks.

Constructing the Attack Network
3 things needed:
(1) attack software (2) a large number of vulnerable machines
(3) locating these machines (scanning or fingerprinting).
Scanning is generally done in a nested (or recursive) manner.
Scanning strategies:
Random – check random IP addresses for vulnerability (generates suspicious internet traffic)
 Hit list – a long list is compiled a priori. Each infected machine is given a partial list to infect
generates less internet traffic and therefore makes it more difficult to detect.
 Topological – uses information contained on an infected machine to find more hosts to scan
 Local subnet – if a host could be infected behind a firewall, that host could be used to infect
others on the same subnet (all behind the same firewall).


15. ROOTKITS
Rootkit

Malware which consists of a set of programs designed to take fundamental control of a
computer system and hide the fact that a system has been compromised

Typically, rootkits act to obscure their presence on the system through subversion or
evasion of standard OS security mechanisms.

Techniques used to accomplish this can include concealing running processes from
monitoring programs, or hiding files or system data from the OS
Often, they are Trojans as well, thus fooling users into believing they are safe to run on
their systems.
 Rootkits may also install a "back door" in a system by replacing the login mechanism
(such as /bin/login) with an executable that steals a login combination, which is used to
access the system illegally.


With root access, an attacker has complete control of the system to do anything
Rootkit Installation
Usually via a Trojan horse. A user is induced to load a Trojan horse which then installs the
rootkit.
 Another means of rootkit installation is by hacker activity which is a rather lengthy process.


16. TERMINOLOGY OF MALICIOUS PROGRAMS

17. TERMINOLOGY OF MALICIOUS PROGRAMS

18. DESCRIBE THE MAJOR METHODS OF
DEFENDING INFORMATION SYSTEM

19. 

Best Tips to Defend Yourself against Viruses and Worms
You must safeguard your PC. Following these basic rules will
help you protect you and your family whenever you go online.

Protect your computer with strong security software and
keep it updated. McAfee Total Protection provides proven
PC protection from Trojans, hackers, and spyware. Its
integrated anti-virus, anti-spyware, firewall, antispam, anti-phishing, and backup technologies work together
to combat today’s advanced multi-faceted attacks. It scans
disks, email attachments, files downloaded from the web, and
documents generated by word processing and spreadsheet
programs.

Use a security conscious Internet service provider
(ISP) that implements strong anti-spam and anti-phishing
procedures. The SpamHaus organization lists the current top10 worst ISPs in this category—consider this when making
your choice.

20. 





Enable automatic Windows updates, or download
Microsoft updates regularly, to keep your operating
system patched against known vulnerabilities
Install patches from other software manufacturers as
soon as they are distributed.
A fully patched computer behind a firewall is the best
defense against Trojan and spyware installation.
Use great caution when opening attachments.
Configure your anti-virus software to automatically scan
all email and instant message attachments.
Make sure your email program doesn’t automatically
open attachments or automatically render graphics, and
ensure that the preview pane is turned off.
Never open unsolicited emails, or attachments that
you’re not expecting—even from people you know.

21. 
Be careful when using P2P file sharing. Trojans hide within
file-sharing programs waiting to be downloaded. Use the
same precautions when downloading shared files that you do
for email and instant messaging. Avoid downloading files with
the extensions.exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Use security precautions for your PDA, cell phone, and
Wi-Fi devices. Viruses and Trojans arrive as an email/IM
attachment, are downloaded from the Internet, or are
uploaded along with other data from a desktop.

Cell phone viruses and mobile phishing attacks are in the
beginning stages, but will become more common as more
people access mobile multimedia services and Internet
content directly from their phones.

Mobile Anti-Virus software for a selected devices is available
for free with some McAfee PC products.

Always use a PIN code on your cell phone and never install or
download mobile software from a un-trusted source.

22. Configure your instant messaging application
correctly. Make sure it does not open automatically
when you fire up your computer.
 Beware of spam-based phishing schemes. Don’t
click on links in emails or IM.
 Back up your files regularly and store the
backups somewhere besides your PC. If you fall
victim to a virus attack, you can recover photos,
music, movies, and personal information like tax
returns and bank statements.
 Stay aware of current virus news by checking
sites like McAfee Labs Threat Cente


23. Thank you