Computer & Internet Security
In the early days of home computing, the main risk to security was from viruses transferred from machine to machine on floppy disks. Viruses are programs attached to files. When the files are executed or opened, the virus program executes. During execution, the virus attaches itself to other files and documents. Some viruses, like logic bombs, do their damage when a specific date or set of circumstances occurs. Some viruses render the machine inoperable by using its resources, some destroy data.
The growth of the Internet and the development of higher speed connections have made the Internet the main source of viruses. Viruses can be attached to files or email messages that are downloaded. Once downloaded, some viruses use the address book of the computer's email client to replicate itself to more computers.
Spam is unwanted, unsollicited email. The economics of spam are biased towards the sender. Only a very small proportion of recipients need to reply for profit to be made. Tracing the source of spam is difficult. Spam is often sent by hacking a third party's SMTP server.
Worms are virus programs that self-replicate across networks. Whether or not the virus damages individual computers, the replication of the virus uses up network resources and increase network traffic considerably. Trojans are viruses which are hidden within programs that appear to be something else. Sometimes the trojan appears to be a file that the user would want to execute - when they do, the virus does its thing. Sometimes the trojan attaches itself to key operating system files or utilities to achieve the same effect.
Phishing is the term given to the technique of sending people requests for information that appear to be legitimate. For example, an email that appears to be from your bank requests that you confirm or enter some of your personal details.The aim of phishing is to persuade people to hand over key personal details like bank accounts and PINs. A phishing web site uses the appearance and name of a legitimate web site, extracting personal details by using key loggers or screen capture programs. Pharming is the technique of changing DNS entries to ensure that a web address takes a user to a phishing site rather than the site that they intended to visit.
The overwhelming majority of infected computers taken for repair are found to have visited sites with adult content or to have used file sharing sites.
Virus Detection Software
Antivirus software detects viruses by comparing files against a dictionary or database of known viruses. When infected files are found, the user normally has the option to have the software remove the virus from the file, delete the file or, quarantine the file - place it in a secure location so that it cannot infect other files.
If virus definitions are not kept up-to-date, the risk of infection from new viruses increases. Most virus software can be updated daily using the WWW.
These days the term malware is used to reflect the complex nature of security threats. Antivirus software is often bundled with a range of additional tools including firewalls, virtual keyboards and tools for fixing operating system 'holes'. Such software is increasingly being designed to detect suspicious behaviour and warn the user. This potentially can avoid infection by a virus which is, as yet, undiscovered and not defined. For example, the software may notice that a program is attempting to send information across the Internet and warn the user. The user can then consider whether this action is expected from the software and configure rules to allow it to run or avoid the threat altogether.
A firewall is a hardware device or software program that controls traffic between the Internet and a private network or PC. Firewalls can be customised to allow certain types of traffic through, but not others. IP addresses, domain names and port numbers are used to specify what traffic can and can't enter the network. Firewall programs can also be used to examine traffic leaving the network, detecting attempts by viruses to exploit network resources and connectivity to replicate themselves or send information to the originator of the virus.
Packet filtering is one of the techniques used in firewalls. The firewall examines each packet and checks it against a set of filtering rules. The result is that some packets are allowed to pass, those that do not conform to the rules are blocked.
A proxy server is another approach to firewall implementation. When such a server is used, all traffic between the network and the Internet is managed by the proxy server. The proxy server is configured with filtering rules.
The purpose of encryption is to take a plain text message, convert it into cipher text using an encryption algorithm. This prevents the message, should it be intercepted, from being understood by the person intercepting it. The recipient decrypts the message to return it to a readable form.
The science of cipher systems is known as cryptography. Attempting to break the code behind a cipher is called cryptoanalysis.
Symmetric Key Encryption
Imagine a cipher where each letter is substituted by the one after it. The encryption algorithm is simple - each letter is substituted for another. The key to this cipher is 1+, meaning that the letters are substituted with the letter to the right. A different key could be used with the same algorithm.
In order to communicate successfully, both sender and recipient need to know both the algorithm and the key to the cipher. The fact that the same key is used to encrypt and decrypt the cipher makes this a symmetric form of encryption.
The danger with this is that the key must be communicated to the recipient, often within the message itself. This makes the cipher less secure.
Asymmetric Key Encryption
In this system, both parties each have two keys, a public key and a private key. The uses of these keys are as follows,
- A encrypts a message using A's private key. The message can be read by anyone using A's public key.
- A encrypts a message using A's public key. The message can only be read by A, using A's private key.
- A encrypts a message using B's public key. The message can only be read by B, using B's private key.
Digital Signatures & Certificates
Public and private keys are used to digitally sign messages to ensure that they have not been tampered with and indeed comes from the source it claims to. A hash or message digest is produced from the message using a standard algorithm. This digest is encrypted with the originator's private key. The recipient uses the sender's public key to decrypt the message digest. They reproduce the message digest from the mesage received and compare that with the decrypted message digest that they received. A match ensures that the message has not been tampered with en route.
Basic Computer Security
Authentication is the main tool in computer security. User names, passwords and biometric information can be used to confim that the computer system is being used by a legitimate user. Authorisation is concerned with users having pre-established permission to use certain resources - often set up by a network administrator. Accounting is the keeping of logs of activity. This helps to detect the source of infection and the comprmised parts of the system. Internet access in the school is recorded in an activity log. Each request for a file from the Internet results in a log entry of the time and date, user name, IP address of the machine used and the name of the requested resource.