Internet Security
(A logical security access control within general controls)
Once a company is connected to an outside network (usually the Internet), several additional security issues must be addressed properly. The company must make sure that the policies that it puts in place allow the intended and authorized users to have access to the network as needed. However, accessibility also creates vulnerability. When a company connects to the Internet (external network), it faces security risks.
Electronic eavesdropping : can occur if computer users are able to observe transmissions intended for someone else. Therefore, organizations must ensure that information sent over a network is properly protected to maintain the confidentiality of company information. Furthermore, the company must ensure that company files cannot be accessed or changed without authorization.
At a minimum, the system should include user account management, a firewall, anti-virus protection, and encryption. Below are the minimum Security Requirments needed.
- User account management : is the process of assigning people accounts and passwords. For user account management to be as effective, the company must keep the accounts and passwords up to date. Inactive accounts should be eliminated, and passwords should be changed frequently.
- A firewall serves as a barrier between the internal and the external networks and prevents unauthorized access to the internal network. A properly configured firewall makes a computer’s ports invisible to port scans. In addition to protecting a computer from incoming probes, a firewall can also prevent backdoor applications, Trojan horses, and other unwanted applications from sending data from the computer. Most firewalls will usually prepare a report of Internet usage, including any abnormal or excessive usage and attempts to gain unauthorized entry to the network. A firewall can be in the form of software directly installed on a computer, or it can be a piece of hardware installed between the computer and its connection to the Internet.
- Antivirus software, regularly updated with the latest virus definitions, is the best defense against viruses, Trojan horses, and worms. Antivirus software recognizes and incapacitates viruses before they can do damage. Users must keep their antivirus software up to date, however, because new viruses appear constantly. Programs that specifically defend against Trojan horses are also available.
- Encryption is the best protection against data leaks caused by traffic interception. Data encryption is the process of converting data into a code, and then a key is required to convert the code back to data. Encryption prevents data from being read by unauthorized persons. Unauthorized people can intercept the coded information, but without the proper key, they cannot read it. Thus, an attacker may be able to see where the traffic came from and where it went but not the content.
Viruses, Trojan Horses, and Worms
1. Virus : A computer virus is a program that alters the way another computer operates. Viruses can damage programs, delete files, or reformat the hard disk. Other viruses do not do damage but replicate themselves and present text, video, and audio messages. Although these other viruses may not cause damage directly, they create problems by taking up computer memory and causing erratic behavior or system crashes that can lead to data loss.
To be considered a virus, a virus must meet two criteria:
- It must execute itself. A virus often places its own code in the path of the execution of another program.
- It must replicate itself. A virus can replace other executable files with a copy of the virus-infected file.
2. Trojan Horse : A Trojan horse is different from a virus. A very important distinction between Trojan horses and viruses is that Trojan horses do not replicate themselves, whereas viruses do. The purpose of a Trojan horse is not to spread like a virus, but to have a particular target — a particular computer — on which to run a program.
- Opening an email attachment.
- Downloading and running a file from the Internet. Many mass-mailing worms are considered Trojan horses because they must convince someone to open them.
3. Worm : A worm is a program that replicates itself from system to system without the use of any host file. The difference between a worm and a virus is that the worm does not require the use of an infected host file, while the virus does require the spreading of an infected host file.
Worms generally exist inside of other files, often Word or Excel documents. However, worms use the host file differently from viruses. Usually, the worm releases a document that has the “worm” macro inside the document. The entire document spreads from computer to computer, so the entire document is, in essence, the worm.
''A virus hoax is an email telling the recipient that a file on his or her computer is a virus when the file is not a virus. Such an email will tell recipients to look on their systems for a file with a specific name and, if they see it, to delete it because the file contains a virus that is unrecognizable by anti-virus programs. Everyone with the targeted operating system will find that file because it is a system file that is needed for the computer to operate correctly. Someone who believes the virus hoax email and deletes the file will find that the computer malfunctions afterward.''
Note: The difference between a virus and a Trojan horse is that a virus replicates itself, but a Trojan horse does not.
The difference between a virus and a worm is that the virus requires an infected host file to replicate itself, while the worm can replicate itself without a host file.
Refrence :
1. Samir Datt; “Learning Network Forensics – Identify and Safeguard your Networks against both Internal and External Threats, hackers and malware attacks”, PACKT Publishing, 2016
2. Sherri Davidoff and Jonathan Ham; “Network Forensics – Tracking Hackers through Cyberspace”, Pearson Publications, 2012.