Академический Документы
Профессиональный Документы
Культура Документы
e Security
By
4) Case Studies
i) Five million Visa and MasterCard accounts hacked……………….14
ii) MS hacked once, twice, three, FOUR times………………………….18
About e-Security
Threats
Hackers/Crackers/Cracker
A hacker or cracker is someone who breaks into someone else’s computer
system, often on a network; bypasses passwords or licenses in computer
programs; or in other ways intentionally breaches computer security. But there is
a fundamental difference between a hacker and a cracker! A hacker can do this
for profit, maliciously, or because the challenge is there, but he doesn’t! On the
other hand, a cracker does all this for malicious purpose only.
1
_______________________________e-SECURITY
Virus
A virus is a piece of programming code usually disguised as
something else that causes some unexpected and usually undesirable event. A
virus is usually designed so that it is automatically spread to other computer
users. Viruses can be transmitted as attachments to an e-mail, as downloads, or
be present on a diskette or CD. The source of the e-mail, downloaded file, or
diskette you’ve received is often unaware of the virus. Some viruses wreak their
effect as soon as their code is executed; other viruses lie dormant until
circumstances cause their code to be executed by the computer. Some viruses
are playful in intent and effect (e.g. “Happy Birthday”) and some can be
devastating (e.g. “W32.Blackmal.E”), erasing data or causing your hard disk to
require reformatting. Generally, there are three main classes of viruses:
1. File infectors: - Some file infector viruses attach themselves to program files,
usually selected .COM or .EXE files. When the program is loaded, the virus is
loaded as well. Other file infector viruses arrive as wholly contained programs or
scripts sent as an attachment to an e-mail. e.g. W32.Blackmal.E
2
_______________________________e-SECURITY
When your operating system is running, files on the diskette can be read without
triggering the boot disk virus. However, if you leave the diskette in the drive, and
then turn the computer off or reload the operating system, the computer will
look first in your A drive, find the diskette with its boot disk virus, load it, and
make it temporarily impossible to use your hard disk. e.g. Exe_Bug.C, Kampana.
3. Macro viruses: - These are among the most common viruses, and they tend to
do the least damage. Macro viruses infect your Microsoft Office application and
typically insert unwanted words or phrases.
Worms
A ‘worm’ is a self-replicating virus that does not alter files but resides in
active memory and duplicates itself. Worms use parts of an operating system
that are automatic and usually invisible to the user. It is common for worms to
be noticed only when their uncontrolled replication consumes system resources,
slowing or halting other tasks. e.g. W32.Sober.X@mm
Trojan Horses
‘Trojan Horse’ is a destructive program that masquerades as a benign
application. Unlike viruses, Trojan horses do not replicate themselves but they
can be just as destructive. One of the most insidious types of Trojan horse is a
program that claims to rid your computer of viruses but instead introduces
viruses onto your computer.
The term comes from the Greek story of the Trojan War, in which the
Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a
peace offering. But after the Trojans drag the horse inside their city walls, Greek
3
_______________________________e-SECURITY
soldiers sneak out of the horse's hollow belly and open the city gates, allowing
their compatriots to pour in and capture Troy.
Trojan horses are broken down in classification based on how they breach
systems and the damage they cause. The six main types of Trojan horses are:
1. Remote Access Trojans
Abbreviated as RATs, a Remote Access Trojan is one of six major types of
Trojan horse designed to provide the attacker with complete control of the
victim's system. Attackers usually hide these Trojan horses in games and other
small programs that unsuspecting users then execute on their PCs. e.g.
X97M.Sugar.
3. Destructive Trojans
A type of Trojan horse designed to destroy and delete files, and is more
like a virus than any other Trojan. It can often go undetected by antivirus
software. e.g. Sadcase.Trojan
4. Proxy Trojans
A type of Trojan horse designed to use the victim's computer as a proxy
server. This gives the attacker the opportunity to do everything from your
computer, including the possibility of conducting credit card fraud and other
illegal activities, or even to use your system to launch malicious attacks against
other networks. e.g. Backdoor.Migmaf
4
_______________________________e-SECURITY
5. FTP Trojans
A type of Trojan horse designed to open port 21 (the port for FTP
transfer) and lets the attacker connect to your computer using File Transfer
Protocol (FTP). e.g. Trojan.Haradong
Spywares
Any software that covertly gathers user information through the user's
Internet connection without his or her knowledge, usually for advertising
purposes. Spyware applications are typically bundled as a hidden component of
freeware or shareware programs that can be downloaded from the Internet;
however, it should be noted that the majority of shareware and freeware
applications do not come with spyware. Once installed, the spyware monitors
user activity on the Internet and transmits that information in the background to
someone else. Spyware can also gather information about e-mail addresses and
even passwords and credit card numbers.
5
_______________________________e-SECURITY
Aside from the questions of ethics and privacy, spyware steals from the
user by using the computer's memory resources and also by eating bandwidth as
it sends information back to the spyware's home base via the user's Internet
connection. Because spyware is using memory and system resources, the
applications running in the background can lead to system crashes or general
system instability.
Adware
A form of spyware that collects information about the user in order to
display advertisements in the Web browser based on the information it collects
from the user's browsing patterns.
6
_______________________________e-SECURITY
7
_______________________________e-SECURITY
Solutions
Up till we have discussed the security threats to a network. Now let’s see
the security solutions.
Firewall
If you have been using the Internet for any length of time, you have
probably heard the term firewall used. For example, you often hear people in
companies say things like, "I can't use that site because they won't let it through
the firewall."
If you have a fast Internet connection into your home (either a DSL
connection or a cable modem); you may have found yourself hearing about
firewalls for your home network as well. It turns out that a small home network
has many of the same security issues that a large corporate network does. You
can use a firewall to protect your home network and family from offensive Web
sites and potential hackers.
8
_______________________________e-SECURITY
What It Does?
A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your private network or
computer system. If an incoming packet of information is flagged by the filters, it
is not allowed through.
Let's say that you work at a company with 500 employees. The company
will therefore have hundreds of computers that all have network cards
connecting them together. In addition, the company will have one or more
connections to the Internet through something like T1 or T3 lines. Without a
firewall in place, all of those hundreds of computers are directly accessible to
anyone on the Internet. A person who knows what he or she is doing can probe
those computers, try to make FTP connections to them, try to make telnet
connections to them and so on. If one employee makes a mistake and leaves a
security hole, hackers can get to the machine and exploit the hole.
A company can set up rules like this for FTP servers, Web servers, Telnet
servers and so on. In addition, the company can control how employees connect
to Web sites, whether files are allowed to leave the company over the network
and so on. A firewall gives a company tremendous control over how people use
the network.
9
_______________________________e-SECURITY
Packet filtering - Packets (small chunks of data) are analyzed against a set of
filters. Packets that make it through the filters are sent to the requesting system
and all others are discarded.
Proxy service - Information from the Internet is retrieved by the firewall and
then sent to the requesting system and vice versa.
Password protection
Password protection is something that is relevant to everyone in an
organization. If these rules are set from the beginning, this will make things
much easier later on:
10
_______________________________e-SECURITY
Monitoring
With the program implemented, you must ensure that security is made an
integral part of day-to-day activities. Security must be a considered element to
all system upgrades, such as when new software is installed or when more
computers are added to your network. All too often, new additions to systems
are not made secure.
11
_______________________________e-SECURITY
happening again. Believe it or not, the first thing you should NOT do is turn off
the computer by doing so you may damage evidence.
A periodic scan of data bases for obsolete and/or sensitive data. If such
data exists, it should be deleted from the system to prevent a security
risk.
A periodic security review of the web site and related servers.
Systems should have the ability to generate simple network management
protocol alerts i.e. tell you when something is wrong, examples include
warning notes and help options.
Automated monitoring of network vulnerabilities should be researched
and, if appropriate, used.
Keep logs of important systems, covering security alerts and system
utilization to detect memory leaks or excessive usage.
Keep logs to identify a standard usage baseline to determine user work
habits, such as how often and how long users or customers use your
systems.
Conduct regular security system reviews preferably using an independent
third party.
Virus Protection
The objective of an anti-virus policy is to address the risk of malicious
code (e.g. Viruses, Trojan horses, Spy wares/ Ad wares, worms etc.) being
introduced into the company’s networks. Nearly all companies use virus-Scanning
software. This software does not make any computer network completely safe.
New viruses are constantly being developed. The only way to stay informed of
new viruses and anti-virus upgrades is to keep reading the security web sites,
articles and publications such as SANS, Microsoft (www.microsoft.com) and IBM
12
_______________________________e-SECURITY
Companies are now buying Anti-Virus software solutions that allow real
time upgrading of systems with anti-virus patches. The anti virus software is
stored on a network server and, periodically, the software automatically initiates
a connection via the Internet to the anti-virus software website. The software
then automatically downloads any new patches from the Internet and applies
these patches across the network. Obviously, this functionality may be limited by
the fact that the network system might only have limited access to the Internet.
But if Internet access is 24x7, then anti virus control may be 24x7 also. Examples
of this type of software are McAfee, Symantec, FSecure and Trend.
13
_______________________________e-SECURITY
Case studies
Over forty million Visa and two million MasterCard accounts in the US
have been accessed by unauthorized individuals, after the computer system of a
company which processes credit card transactions on behalf of the merchants
was hacked into.
The data breach at CardSystems Solutions, the latest in a growing list of
data leaks involving scams and absent-minded workers, is believed to be the
largest to date. It happened when intruders exploited software security
vulnerabilities.
The probe also found that the Atlanta-based payment processor did not
meet MasterCard's security regulations. CardSystems should not have held onto
MasterCard's records, and later compounded the problem by storing the
transaction data in unencrypted form.
14
_______________________________e-SECURITY
MasterCard's problem because they put out these rules but they don't enforce
them.
This does not end here. This is a chain process. The hackers do not use
the information themselves, instead the sell the information on Undernet or
some IRC’s .
(Shopadmins are hacked online merchants from which crooks can extract fresh customer
credit cards as new orders come in.)
The attacks are done as new demand of stolen card numbers comes.
What's happening is these guys will steal a credit-card number and then start
compiling any information about these individuals that's available. Most people
aren't aware that if your credit-card data is stolen from XYZ company, most likely
the thieves have also got your address, home phone number, e-mail address and
other data that can be used to turn around and get more data, or even open up
new lines of credit in your name.
Once adequate information is collected, they will check out the cards
validity by donating small amount generally $1 to a charity. Once the amount is
processed they know for sure that this card owner has not yet detected the theft
and now they are ready to use the card number.
15
_______________________________e-SECURITY
SMS Text
Risk-based Authentication
Unlike the binary (right or wrong) decision involved in traditional
username and password authentication, risk-based authentication is based on a
series of observations. It works by analyzing a series of requested and observed
customer information, along with data supplied during Internet communications,
to assess the probability that a customer interaction is authentic.
Risk-based authentication typically uses a combination of techniques,
including internet Protocol intelligence, device profiling (sometimes called PC
fingerprinting), and stored certificates to assess the authenticity of an online
user.
16
_______________________________e-SECURITY
17
_______________________________e-SECURITY
MS France Hacked!
June 2006
Part of Microsoft's French Web site has been taken offline by hackers, who
apparently took advantage of a misconfigured server at the software vendor's
Web hosting provider.
The experts.microsoft.fr Web site was defaced Sunday with the word
"HACKED!" written across the top, just above a note that attributed the job to a
group of Turkish hackers. The hacked sections were quickly taken down, and
remained out of operation on Monday morning.
18
_______________________________e-SECURITY
The defacement led to rumors that the hackers may have used a new
undisclosed vulnerability in the Microsoft's Internet Information Services (IIS) 6.0
Web server. Such an unpatched bug is called a 0day in security industry
parlance.
Microsoft dismissed these rumors on Monday, saying that the hack was
due to a misconfigured Web server.
The hack comes at an unfortunate time for Microsoft. Not only has the
company been promoting the security features of its upcoming Vista operating
system, it is also in the process of developing a new line of security software,
called Forefront.
19
_______________________________e-SECURITY
5. Minimize spam
While it is not possible to completely stop spam from entering your email box,
you can take steps to reduce the amount.