Are you aware of this topic? are you safe when it comes to Cyber Crime?
well, lets tackle cyber crime !! for you to inform and to know whats gonna happen inside your lovely computer.
What is Cyber Crime?
Cybercrime
is criminal activity done using computers and the Internet. This includes
anything from downloading illegal music files to stealing millions of dollars
from online bank accounts. Cybercrime also includes non-monetary offenses, such
as creating and distributing viruses on other computers or posting confidential
business information on the Internet.
Perhaps the
most prominent form of cybercrime is identity theft, in which criminals use the
Internet to steal personal information from other users. Two of the most common
ways this is done is through phishing and pharming. Both of these methods lure
users to fake websites (that appear to be legitimate), where they are asked to
enter personal information. This includes login information, such as usernames
and passwords, phone numbers, addresses, credit card numbers, bank account
numbers, and other information criminals can use to "steal" another
person's identity. For this reason, it is smart to always check the URL or Web
address of a site to make sure it is legitimate before entering your personal
information.
Because
cybercrime covers such a broad scope of criminal activity, the examples above
are only a few of the thousands of crimes that are considered cybercrimes.
While computers and the Internet have made our lives easier in many ways, it is
unfortunate that people also use these technologies to take advantage of
others. Therefore, it is smart to protect yourself by using antivirus and
spyware blocking software and being careful where you enter your personal
information. http://www.techterms.com/definition/cybercrime
Why are computer incidents are so rampant today?
Computer
crime is an increasing concern because computer processing can circumvent
traditional security and control techniques. Particular security concerns
result from the proliferation of microcomputers, local area networking and
on-line systems that allow more access to the main computer system. Modern
technology provides computer thieves with powerful new electronic safe cracking
tools.
Computer
fraud is certainly not new and does not necessarily involve the use of
microcomputers; they just make crime easier. The increased risk from
microcomputers is that the accessing device is intelligent in contrast to the
conventional data entry terminal, which is basically nonintelligent. Another
alarming factor is that the proliferation of personal computers dramatically
increases the number of potential attack sources both internally and
externally.
It is
important to recognize that there are two categories of computer crime:
discovered and undiscovered. The successful computer crime schemes may still be
working well. Most of the criminals have been caught by accident.
Traditionally,
the time of criminal acts is measured in minutes, hours, days, weeks, months
and years. Today some crimes are being perpetrated in less than .003 of a
second (3 milliseconds). Thus, automated crime must be considered in terms of a
new time scale because of the speed of the execution of instruction in
computers. Also, geographic constraints do not inhibit perpetration of this new
crime. A telephone with a computer terminal attached to it in one part of the
world could be used to engage in a crime in an on-line computer system in any
other part of the world.
The
availability of low cost, high capacity hard disks and micro-to-mainframe
communications software has greatly increased the power of those with criminal
intent. For example, a high-tech criminal could copy an organization’s data
programs and files onto a hard disk, modify them, and transmit them back to the
main computer system.
The use of
microcomputers in stand-alone applications such as electronic spreadsheets,
word processing, and graphics has the lowest risk of fraud; using the
microcomputer in terminal emulation mode to an on-line computer system has the
highest degree of risk.
Compromising
the computer system can occur from either or both of the following:
* personal
or financial gain
*
entertainment
* revenge
* personal
favor
* challenge
of beating the system
* accident
* vandalism
RISK
ASSESSMENT FOR COMPUTER CRIME DISASTERS
Risk
assessment for computer crime disasters is the process of identifying and
quantifying risk exposure to enable a cost-effective strategy for risk control.
Risk assessment should include the following considerations:
*
identifying risk threats
* evaluating
risk exposures
*
determining risk reduction alternatives
* comparing
the liability of exposure to the cost of risk reduction alternatives
*
implementing and monitoring the selected risk reduction techniques
Control
techniques and protective features can be costly and require supporting
resources. Therefore, it is important to balance the cost of specific control
techniques against the consequence and impact of the risk. The selection of the
most appropriate control alternatives should be based on the liability of
exposure.
The term
internal controls (italicize) refers to all the measures adopted within an
organization to safeguard assets, ensure accuracy and reliability of records,
and encourage operational efficiency and adherence to prescribed procedures.
The system of internal controls also includes the measures adopted to safeguard
the computer system.
The nature
of internal controls is such that certain control procedures are necessary for
a proper execution of other control procedures. This interdependence of control
procedures may be significant because certain control objectives which
otherwise appear to have been achieved may, in fact, not be achieved because of
weaknesses in other control procedures upon which the procedures are dependent.
In a
computerized system, concern over this interdependence of control procedures
may be greater than a manual system because there is often a greater
concentration of functions within computer operations, and certain manual
control procedures may be dependent on many automated control procedures even
though that dependency is not readily apparent.
The best
protection from computer crime disasters is to establish and maintain proper
computer controls. There are two types of computer control techniques:
1) general
computer controls that affect all computer systems; and
2)
application computer controls that are unique to specific computer application
systems.
GENERAL
COMPUTER CONTROLS
Organization
and Operation Controls
The
effectiveness of many internal control procedures is dependent upon the
activities of responsible personnel. For this reason, a well-planned and
properly functioning organization is an important factor in any system of
internal control. An effective plan of organization should provide for segregation
of functions and responsibilities so that no one person has incompatible duties
which would permit the perpetration and concealment of material errors or
irregularities.
Specifically,
an organization should strive to separate the incompatible functions of asset
control, authorization of transactions, data entry and verification of output.
For example, the computer operator should certainly not have access to liquid
assets or be solely responsible for preparing journal entries and balancing the
general ledger. A combination of these duties would provide the operator with
the opportunity to perpetrate and conceal fraudulent actions.
Documentation
and Systems Controls
These
controls specifically cover three areas:
* review,
testing and approval of new systems
* control of
program changes to existing systems
*
documentation procedures
Documentation
and system controls are designed to ensure that effective controls are included
in all systems and to maintain the integrity of programs. Documentation is
useful and important to management in understanding a computer application.
Poor documentation can cause processing problems, especially if employee
turnover occurs.
Hardware
Controls
Most
computer systems have the ability to detect and record a hardware failure.
However, some application systems are not designed to take advantage of available
controls. For example, if a disk drive fails when reading a record, an
indicator is turned on within the hardware. However, unless the indicator is
checked by the programs which read the file, the system would not know that the
disk failed.
Some types of
failures will cause the device or system to halt. This type of control provides
positive indication of a hardware malfunction. Failure to use available
hardware controls could result in significant processing errors. If undetected,
a number of minor errors can have a cumulative effect that might lead to a
major system failure.
Access
Controls
Access
controls provide safeguards for computer resources to ensure that they are
properly used. A weakness in or lack of access controls may affect the reliance
placed on the results produced by computer processing, in that the integrity of
the system may be breached.
Proper
access controls will assist in the prevention or detection of deliberate or
accidental errors caused by improper use or manipulation of data files,
unauthorized or incorrect use of a computer program and improper use of
computer resources.
Data and
Procedural Controls
Data and
procedural controls provide a framework for controlling daily operations and
establish safeguards against processing errors. There should be procedures to
permit reconstruction of all significant files if an error occurs during
processing or if a file is accidentally destroyed. In addition, there should be
written policies and procedures for backup and retention of important magnetic
files to assure accurate and timely file reconstruction. Data files should be
subject to a minimum of three generations of backup.
Physical
Security
Physical
security for computer processing is very important. These controls can improve
segregation of custody assets, prevent accidental or intentional destruction of
data, provide for the replacement of records that may be destroyed and ensure
the continuity of operations following a major hardware or software failure or
natural disaster. Current duplicate copies of the operating system, programs,
master and interim transaction files, program documentation, operating
instructions and other critical documentation should be maintained off
premises.
APPLICATION
CONTROLS
Input
Controls
Input
controls are designed to provide reasonable assurance that data received for
processing has been properly authorized, converted into machine-sensible form
and verified, and that data (including data transmitted over communication
lines) has not been lost, suppressed, added, duplicated or otherwise improperly
changed. Input controls include controls that relate to rejection, correction
and resubmission of data that were initially incorrect. There are four basic
categories of input that must be controlled:
* Transaction
Entry: Because transaction entry normally represents the largest volume of
activity, it usually accounts for the greatest number of errors. Edit routines
should be used to detect input errors or exceptions.
* File
Maintenance Transaction: File maintenance (updating) often involves a limited
volume of data, originates form restricted sources and has a relatively
long-term impact on the fields or files that are updated. Errors in the
maintenance of master files can have a continuing impact on transactions.
* Inquiry
Transactions: These transactions do not change the file that is referenced, but
may cause decisions which result in other transactions or inputs.
* Error
Correction Transaction: Error correction can be a very complex procedure. It
could involve reversal, adjustment of the original transactions, re-entry of
the original transactions or some combination of these entries. Error
correction is usually more complex than the original transaction entry and
offers a greater opportunity to create additional errors.
Processing
Controls
Processing
controls should be designed to provide reasonable assurance that computer
processing has been performed as intended for the application; i.e., that all
transactions are processed as authorized, that no authorized transactions are
omitted and that no unauthorized transactions are added. Such controls are
designed to prevent or detect the following types of errors:
* failure to
process all input transactions, or erroneously processing the same input more
than once
* processing
and updating of the wrong file or files
* processing
of illogical or unreasonable input
* loss or
distortion of data during processing
Computer
systems that are not adequately controlled can increase exposure to computer
crime disasters. Proper internal controls are important crime protection
techniques. However, the cost of a particular internal control procedure should
be carefully compared to the potential benefit received. Compensating manual
controls can usually be established when a specific control is not
cost-justified. In addition, it is important to establish and maintain an adequate
mix of preventive, detective and corrective control techniques.
Computer
security is an increasing concern because computer processing can circumvent
traditional control techniques. Particular security concerns result from the
proliferation of microcomputers, local area networking, and on-line systems
that allow more access to the mainframe computer. Modern technology provides
computer thieves with powerful new electronic safe-cracking tools.
Access
Security Systems
The most
widely used computer access security and control technique involves the use of
confidential character strings known as passwords, user-IDs and security codes.
These terms are used interchangeably by most people. A password can be defined
as any character string intended to remain confidential and used to control
access by individuals to computer resources including data, equipment, and
software. A special type of password is the personal identification number
(PIN) that uses a combination of a numeric character string and a magnetically
encoded card to control access.
Passwords
can be a pervasive aspect of computer security. Although password security may
be the best alternative available today, it can be the weakest link in
maintaining system integrity. These are some of the problems you may encounter
with traditional passwords:
* misused or
mismanaged by individuals
* observed
in use
* tapped
from nonsecure lines
* simulated
by another computer
* guessed
* traded or
loaned
* stolen
* forgotten
The
effectiveness of using passwords to restrict and control access is based on
limiting knowledge of the password to an individual user. Maintaining the
confidentiality of passwords is dependent on the difficulty involved in
decoding it, and the ability of the suer to remember the password without using
a written source. This creates a dichotomy because long, randomly generated
passwords are the most difficult to compromise, but are more likely to be
written. Conversely, short passwords can be more easily memorized, but are also
easier to decode or guess.
The number
of possible random combinations for various lengths of passwords are listed
below. Usually the letters I and O are excluded to avoid confusion with the
numbers 1 and 0. This leaves 24 available letters and 10 numbers.
Password
Length and
Number of
Combinations
1 34
2 1156
3 39,304
4 1,336,336
5 45,435,424
6 1,544,804,416
7 52,523,350,144
8 1,785,793,904,890
Passwords
can be selected, issued and maintained by the following sources: user, central
administrative function, and computer.
User
Selected Passwords
The
advantage of user selected passwords is that only the user and the computer
know the proper control string. If the user never discloses the password, its
confidentiality will be maintained. The disadvantages of user selected
passwords are the potential lack of randomness, possible infrequency of change,
and permanent loss of the password if the user forgets.
It is a
human tendency to choose a password that is meaningful to the individual.
Therefore, user selected passwords may be closely associated with the
individual such as name, spouse, dog, child, address, telephone number, birth
date, car license and other easily remembered possibilities. However, this
increases the chance of discovery by someone who knows the individual, as
opposed to a stranger. The resulting lack of randomness can undermine password
security.
The
frequency of password change impacts confidentiality. The chance of disclosure
increases over time. Passwords can become common knowledge in the workplace if
not frequently changed.
Forgotten
passwords create special problems, especially for occasional users.
Re-establishing access security can be a lengthy procedure during which needed
information may not be available to the user.
Central
Administrative Function
A central
administrative function can generate passwords on a random basis, ensure
frequency of change, and retrieve forgotten passwords. The inherent
disadvantage is the lack of confidentiality because both the administrator and
user know the password. An additional concern is that the password must be
communicated between them.
Computer
Generated Passwords
The computer
can generate random passwords and enforce change procedures. An administrative
function is required for adding new passwords and re-establishing access when
passwords are forgotten.
No system of
password generation can provide absolute security, and password systems alone
do not provide complete security. They are only one aspect of overall security
and control.
Password
Distribution
Password
security is especially vulnerable during password distribution. Users must be
informed that they are authorized to use the system and must have a means of
obtaining their password. It can be difficult to ensure that the recipient of
the password is the same person who is authorized for access. Techniques for
securing password distribution include the following:
* Direct
contact--This method can be effective, but it maybe extremely time-intensive in
large organizations for face-to-face contact with each user. Geographically
disbursed locations create additional difficulties.
* Telephone
contact--This method is widely used and relatively inexpensive. However, there
are several opportunities for disclosure in using the telephone.
* Manager
distribution--Many organizations use known and trusted managers in the
distribution process. This method eliminates the need to contact users directly
and establishes management accountability. Sealed envelopes containing
individual passwords are sent to the appropriate manager. The disadvantage with
this approach is that it relies on trust and increases the number of people
involved in the security process.
*
Self-mailing envelopes--This method sends the password, receipt and return
envelope to the appropriate individual. The signed returned receipt is the
confirmation that the user received the password. The major disadvantage with
this approach is that disclosure is possible if the mail is not strictly
controlled.
Password
Security and Control Techniques
The level
and degree of protection provided by a password security system varies
significantly between organizations and computer systems. If a password is
compromised, a perpetrator can impersonate the user and perform specific
functions that have originally been intended only for the authorized user. A
good password security system should do the following:
1. Allow the
organization to specify whether password changes will be controlled by the
Security Administrator or the user at the time of installation.
2. Provide
password security by user, application, function within application and
transaction within the application.
3. Store and
report the date of last password change for each user.
4.
Automatically generate passwords upon user request.
5. Prevent
the user or Security Officer from changing the present password to a prior
password
6. Mask
(hide) passwords during entry
7. Direct
the user to a default menu after proper sign-on if no menu is specified
8. Restrict
the ability to enter certain transactions by terminal (i.e., allow only certain
terminals to input financial transactions).
9. Monitor
unused or inactive passwords.
10. Monitor
passwords with excessive usage.
11. Produce
a terminal activity report, indicating the sign-on/off times, system accessed
and functions performed for each terminal user.
12. Produce
a security violations report that shows all unauthorized attempts to access the
system.
13. Randomly
generate passwords.
14. Encrypt
passwords
15.
Establish password levels based on file, program, menu and library.
16.
Automatically log-off terminals after a pre-determined number of invalid access
attempts.
17.
Automatically log-off users when their terminals remain inactive for a
specified time. This control method reduces the risk associated with unattended
terminals.
18. Inform
the user after each log on of the last successful access by the user and any unsuccessful
intervening attempts. Users can then report any suspicious events.
19. Arrange
the terminal to inhibit an observer from viewing the keystrokes of the operator
during the log on process.
20. Limit
the number of terminals that a user can concurrently be logged on a system.
Usually, a user should be logged on only one terminal at a given time.
21. Limit
the amount of time allowed for log on by user.
22. Require
a minimum of six character passwords. Passwords must be long enough to resist
exhaustive searches of all combinations.
23.
Automatically notify and require users to change password after a predetermined
period of time.
24. Maintain
an audit trail of all password changes.
25. Restrict
access to specific functions by terminal, time of and, and day of week.
26. Prohibit
printing of passwords.
27.
Establish a maximum number of attempts for successful log on. Errors can occur,
so users should be allowed more than one attempt to correctly enter a password.
However, a maximum number of attempts should be established to prevent
automated attacks on the system and random guessing. Terminals or communication
ports should be disabled after the maximum allowed attempts have been exceeded.
28. Provide
alarm system for users under duress.
29. Provide
a time and date stamp for all access attempts.
30. Generate
an audit trail of all access attempts.
31. Require
multiple levels of passwords to access extremely sensitive information.
Multiple levels of software security can provide greater protection than a
single level that an unauthorized user might be able to circumvent. Multilevel
password schemes normally do not delay a legitimate user; however, they can
significantly improve protection from intrusion.
32. Restrict
the use of programmable function keys (PF keys) or terminal function keys (F
keys) in log on procedures. The use of programmable keys to automatically
perform log on procedures can violate password protection and system integrity.
The nature
of computer crime is such that an organization without adequate security and
control could experience substantial losses that remain undetected for a long
time. Thinking that it can only happen to others can increase risk and
potentially weaken existing security and control precautions such as passwords.
Maintaining the integrity of the password control system is the responsibility
of management, users and computer technical personnel.
Many reports
have been published about computer viruses. A virus is a name for a class of
programs that infect a computer system and, after a period of incubation and
reproduction, activate and demonstrate their presence. The name virus is used
because many of the characteristics of these programs are similar to the
behavior of disease viruses. In medicine, a virus is a disease-spreading
infection that enters cells and attaches itself to the cell so that the virus
multiplies when the cell multiplies. The presence of certain conditions will
allow the viruses to become active and potentially destroy the infected
organism.
Computer
viruses are computer programs that also have the capability to attach
themselves to other programs, reproduce and, under certain circumstances, can
damage computer systems, data and programs. A virus can be benign and cause no
harm. However, many viruses are destructive in nature. A virus may also be
dormant for a period of time until it becomes activated.
Although
virus software can be extremely brief, it has a unique appending characteristic
that allows the virus software to modify other programs with which it comes in
contact. In some cases, the virus software, in the process, may modify itself
according to the characteristics of the program to which the virus is appended.
An infected program can evolve and become another virus and can spread the
evolved virus to other systems.
In the
published accounts of virus cases, the attacks seem to have had two general effects:
* The virus
deletes files, perhaps through a disk format command.
* The virus
software overloads a network by causing an explosion in the number of messages
generates, usually directing a message to be sent to every address receiving
any other (appended) message.
Specific
problems created by viruses include:
* Filling
disk or memory with nonusable information (i.e. garbage).
* Altering
files
* Changing
the File Allocation Table (FAT) so that files cannot be located.
* Altering
the boot sector so the computer does not run.
*
Initializing or formatting the disk so that all information is destroyed.
* Changing
the keystroke definition table.
* Locking
the keyboard.
* Altering
programs or files.
* Printing
or displaying inappropriate messages.
* Slowing
program execution time.
Virus
programs have many potential forms and the danger can occur at the time of
infection or later, depending on the design of the virus and the
characteristics of the infected program. Viruses can attach themselves to both
programs and data files. The infected software can propagate through a system
rapidly. Each virus carries the infection capability and can independently
expand the infection.
The
activities of a virus may be triggered when the infected program is executed.
The virus may check for specific conditions during program execution before
performing its intended function, such as time or date. If the condition is not
satisfied, the virus may replicate and remain dormant until the next time the
infected program is executed.
Computer
connectivity and communications is a major reason that viruses are becoming a
serious threat. Connectivity and communications allow computer systems to
contact many other computer systems. Therefore, the number of possible points
of attack is greatly expanded. In addition, the number of computers and people
affected also dramatically increases. Viruses can be transmitted inadvertently
by people with legitimate access to computer systems. Connectivity allows many users
to share data, programs and computers. Unfortunately, it also allows vandals to
attack these users with the same computer virus program.
Viruses can
also spread through groups of systems that can communicate with each other such
as LANs - Local Area Networks and WANs - Wide Area Networks. With proper
network techniques, even computers with different operating systems can
transfer data and programs, including viruses.
Mainframe
computers and minicomputers may be less vulnerable to viruses than microcomputers
because:
* Larger
computers have more complex operating systems.
* Larger
computers have more built-in security. Many microcomputer operating systems
were designed for single users and originally had no security built-in.
* Larger
computer installations have computer professionals that may be more aware of
security concerns. Viruses tend to be noticed more quickly in such an
environment, whereas they may be unnoticed for a long time in some
microcomputer environments.
* The
implementation of larger systems are more unique so that viruses that attack
one system cannot successfully attack another.
Potential
warning signals of a virus attack include:
* Available
RAM decreases without loading a program into memory.
* The disk
drive light is unexpectedly illuminated.
* The system
slows down dramatically.
* Existing
programs suddenly display an unusual error message
* DOS
displays unexpected error messages, especially INVALID DRIVE SPECIFICATION.
* File sizes
change without reason.
* The number
of files changes.
* Directory
updates are noticeably longer.
* The
keyboard keys suddenly do odd things.
* The system
freezes up or crashes.
Risk
Assessment
To assess
the threat of viruses, organizations should evaluate their exposure to viral
contact. Relatively low risk characteristics include:
* Using
stand alone microcomputers.
* Purchasing
commercial software from reputable distributors.
* Abstaining
from exchanging programs with other computer users (either physically or
electronically).
However,
connecting computers with networks and using copies of programs from unreliable
sources such as bulletin board systems will increase the risk of viral contact
and the spread of diseased software within the organization. In addition, the
risk of viral sabotage by disgruntled employees is a continuing risk factor.
For
organizations that rely on the integrity of their data for daily operations, or
where that data is irreplaceable, virus protection techniques may be necessary
even if the probability of virus contact is low.
Business
networks may be less vulnerable to viral attacks than university and research
networks because the user community is usually smaller and more identifiable
than that of research networks. In addition, private business networks may have
a higher priority on security than the open research networks.
Factors
related to high risk in networks include:
* UNIX of
PC-DOS based operating systems.
* Poor
administration.
*
Unrestricted dial-up access.
*
Homogeneous hardware and operating systems.
* Limited
password control.
* Open
networks that allow any university or research facility to be connected.
Freeware and
shareware are especially high risk. Freeware refers to programs that are in the
public domain, available from a network to download at no cost. If there is a
charge or registration fee, it is termed shareware.
Disk and
diskette compression utilities are also high exposure areas for viral contact.
If the compression program is infected, it can further infect all programs
compressed or expanded.
Pirated
copies of software also have a high risk because the original source of the
piracy may be unknown. In addition, it is a violation of copyright laws and
licenses.
Harmful
virus software introduced into a large network and communications system could
cause significant damage. Therefore, it is prudent to implement methods and
procedures to minimize the risk of a virus attack.
Protection
Techniques
Short of
completely isolating a computer, there is currently no known method of
completely eliminating the risk of viral penetration. However, the following
control techniques can help prevent and detect viruses.
1. Backup
important data files and programs on a routine basis.
2. Use
several generations of backup.
3. Avoid
public domain software. If it is necessary to use such software, thoroughly
test it in an environment separate from any critical files or systems. For
additional safety, test the programs with the system clock set for various
dates in the future such as holidays, Friday the 13th, April first and other
special dates.
4. Validate
the source of all software and data received before using it.
5. Maintain
write-protected master copies of all software and data.
6. Store the
operating system on diskettes instead of on the hard disk (to prevent a virus
from permanently infecting a computer).
7. Boot
floppy-based systems using only a specific, clearly labelled boot diskette that
is write-protected. Infection can occur when the system is booted from an
infected diskette.
8. Avoid
booting a hard disk system from a diskette unless during a recovery operation.
9. Avoid downloading
from bulletin board systems. If it is necessary to access a bulletin board, use
a computer with only diskettes and keep these diskettes separate from other
software. Be careful of files that contain COMMAND.COM.
10. Format
disks with the original write-protected DOS diskette.
11. Use
disk-less workstations on local area networks to reduce the possible
introduction of a virus.
12.
Quarantine freeware and shareware programs on a test microcomputer before
distributing the program to users.
13. Verify that
purchased software arrives in sealed diskette containers.
14. Check
the size of all programs on a routine basis. Deviations in the file sizes could
be evidence of viral infiltration.
15. Monitor
the last modified dates of programs and files.
16. Use software
from reliable sources. The most likely method of infection from a computer
virus is thorough electronic bulletin boards. Public domain programs are most
vulnerable to tampering by hackers who might hide viruses in them. A legitimate
program may be a “carrier” of a traveling virus. Policies should be developed
that curtail downloading of public domain programs from bulletin boards.
17. Check
the DOS directory periodically using the CHKDSK command. Be alert for changes
in the number of hidden files. An original DOS diskette will contain two hidden
files: IBMBIO.COM and IBMDOS.COM. (If the diskette has a label, there will be
three hidden files). Certain utility programs can be used to explore the disk
and display the names of all files (including hidden files).
18. Avoid
sharing object code and inspect all shared source code. It is much harder to
hide a virus in source format.
19. When
recycling diskettes, always use the DOS FORMAT command to reformat the disk; do
not just ERASE all the files.
20. Display
the directory to the printer sorted alphabetically by file name (DIR/SORTPRN).
Look for an inexplicable file size changes in .COM, .EXE, .BAT, or .SYS files.
Look for files with the same file name, but with different extensions like
.COM. The above situations could indicate files that have been the target of a
virus.
21.
Completely remove any suspicious files. DOS’s DEL/ERASE just replaces the first
letter of the file name so that it does display in the directory using the DIR
command. Any deleted file continues to exist until the old space is overwritten
by a new file. Certain utility programs can be used to completely overwrite the
file’s data space and the file’s directory entry.
22. Watch
for changes in the operations of computer programs.
Network
managers can minimize the risk of virus attack by:
* Changing
passwords frequently.
*
Prohibiting the introduction of any software not formally approved for use on
production systems.
* Monitoring
system performance and utilization and investigating unexplained changes.
*
Implementing appropriate access controls and integrity measures to ensure that
ordinary users cannot have privileged access.
*
Authorizing program and operating system access only to those who require it.
*
Restricting write access to a particular data object to a single individual.
* Requesting
users to report unusual behavior or results on the system immediately.
* Developing
contingency plans and identifying the resources needed to restore the system to
operation should a virus strike. This resource list should not be stored on the
computer.
*
Controlling the use of remote diagnostic lines.
* Setting
system software defaults in positions that do not provide possible security
vulnerabilities.
Virus
Detection Programs
There are
several software products that can be used to detect viruses. The products can
generally be described as:
* Programs
that detect the presence of viruses.
* Programs
that detect the file modifications caused by viruses.
Products
designed to detect the presence of viruses may use the following methods:
* Search for
suspicious code.
* Search for
suspicious text strings.
* Search for
specific file names to detect known viruses.
These
limited techniques may not provide adequate protection.
Products
designed to detect changes to a file caused by a virus usually sum the
mathematical values of each byte in the file. This checksum (or signature) can
be compared to the previous value. Another approach uses complex algorithm and
encryption techniques to detect file modifications.
In addition
to the above virus detection methods, many programs also check for changes to
the boot sector, presence of new, hidden files and disk write functions that
bypass the operating system.
Summary
It is
difficult to predict if a virus will attack a computer system. However, the
results could be disastrous if it should occur. Therefore, an organization
should perform a risk assessment of their exposure to viral contact and
implement the most appropriate protection techniques.
http://www.drj.com/drworld/content/w1_078.htm
No comments:
Post a Comment