term papers categories

 

  Sciences

 

[The name of the author appears here]

[The name of the institute appears here]

[The course title]

[Date]

A 5 Pages Term Paper on How to defend and prevent virus attacks on computers

Introduction

     Using malicious programs like Teardrop, Papa Smurf, and Win Nuke, intruders undermine the integrity and invade the privacy of computers. In the Computer Security Institute/FBI computer crime survey of 1999, fifty seven percent of organizations refer to their Internet connection as a "frequent attack point." Thirty percent stated to have found actual intrusions into their networks and twenty six percent reported theft of proprietary information (CSI Survey 1999). Fed CIRC (The incident handling entity for the civilian government) reported 130,000 government sites; totaling 1,100,000 hosts being subject to attacks in 1998. Computer crime is substantial. It is clear that efforts to secure the systems must be increased, and mitigate crime in the relatively new medium of cyberspace. (CSRC - Computer Security Resource Center)

Click to Order a Custom Term Paper Now...

Overview of Attacker Tools

     One cannot effectively fight a war without prior knowledge of the enemy's weapons. Systems administrators need a high-level understanding of the methods attackers use to penetrate computers, in order to prevent attacks in cyberspace.

     Vast resources are available for intruders on the Internet to enable penetration into computer networks. Detailed public discussions on newsgroups take place on software vulnerability information. Attacking tutorials are available, describing how to write automated programs that penetrate computers by taking advantage of these vulnerabilities. Thousands of automated software tools that enable anyone to launch computer attacks have been written. Computer attacks are no longer found on obscure pirate bulletin boards, but rather on publicly available commercial Web sites with the sole purpose to serve up this information.

Click to Order a Custom Term Paper Now...

     Computer attacking programs are freely available to anyone on the Internet. Apart from being available, these attacks are becoming easier to use. A few years ago, one had to have a UNIX to run an attack, and had to know how to compile source code. Today, attacks with user-friendly GUIs (graphical user interfaces) that run on Windows hosts are available. Attack scripts are dangerous and easy to use. It is vital that system administrators understand the danger posed by these attacks and how can they protect their networks against them.

Classification of Computer Attacks

By 'computer attack' we mean programs run by people to gain unauthorized controls over a computer. These attacks take various forms, but generally fall in the following categories:

  • Local Penetration: Programs that gain unauthorized access to the computer on which they are run.
  • Remote Penetration: Programs that go on the Internet (or network), and gain unauthorized control of a computer.
  • Local Denial of Service: Programs that shut down the computer on which they are run
  • Remote Denial of Service: Programs that go on the Internet (or network) and shut down another computer or a service provided by that computer.
  • Network Scanners: Programs that map a network to figure which computers and services are available to be exploited.
  • Vulnerability Scanners: Programs that search the Internet looking for computers vulnerable to a particular type of attack
  • Password Crackers: Programs that discover easy-to-guess passwords in encrypted password files. (Modern computers can guess passwords that are seemingly complex in microseconds.)
  • Sniffers: Programs that listen to network traffic. Often these programs have features to automatically extract usernames, passwords, and/or credit card information.

(NIST, CSD)

Click to Order a Custom Term Paper Now...

How to Prevent the Majority of Computer Attacks

     Protecting networks from computer attacks is a non-trivial and ongoing task; however, some simple security measures can stop majority of network penetration attempts. For instance, a well-configured firewall and an installed base of virus checkers can stop most computer attacks.

      The following fourteen different security measures, if implemented, can aid secure a network:

1. Firewalls

     Firewalls are the single most important security solution for protecting a network. The traffic that enters and leaves a network is policed by firewall. The firewall may outright disallow some traffic, or may perform some sort of verification on the other. A well-configured firewall stops the majority of publicly available computer attacks.

Click to Order a Custom Term Paper Now...

2. Patching

     Companies release software patches to fix coding errors. When unfixed, these errors often allow an attacker to penetrate a computer system. Systems administrators can protect their systems by constantly applying the most recent patches.

     It is difficult to patch all hosts in a network as patches are released at a very fast pace. One must focus on patching the most important hosts, and then implement the other security solutions (mentioned below). Patches must be obtained from software vendors.

3. Virus Detection

     Virus-checking programs are indispensable to network security solution. Virus checkers monitor computers and hunt malicious codes. A problem with virus checkers is that one must install them on all computers for maximum effectiveness. It is time-consuming to install the software, and requires monthly update for maximum effectiveness. Users can be trained to perform these updates, but cannot be relied upon. In addition to normal virus checking on computers, organizations must scan e-mail attachments at the e-mail server. This way, the majority of viruses are stopped before ever reaching the users.

Click to Order a Custom Term Paper Now...

4. Configuring Hosts for Security

     Computers with newly installed OS (operating systems) are often vulnerable to attack. The reason is an operating system's installation program that generally enables all available networking features. This allows an attacker to explore many avenues of attack. All useless network services should be turned off.

5. War Dialling

     Users bypass a site's network security schemes by allowing their computers to receive incoming telephone calls. Upon leaving work, users enable a modem and then dial in from home and use the corporate network. Attackers use war-dialing programs to call lots of telephone numbers looking for those computers that are allowed to receive telephone calls. Since users set up these computers themselves, they are often insecure, hence provide attackers a backdoor into the network. Systems administrators must regularly use war dialers to discover these back doors. Commercial and free war dialers are easily available.

Click to Order a Custom Term Paper Now...

6. Password Crackers

     Hackers use little-known vulnerabilities in computers to steal encrypted password files. They use password-cracking programs that discover weak passwords within encrypted password files. Once a weak password is discovered, the attacker can enter the computer as a normal user and use a variety of tricks to gain complete control of the machine and the network... While used by intruders, these programs are invaluable to systems administrators. System administrators must run password-cracking programs on their encrypted password files regularly to discover weak passwords.

7. Encryption

     Attackers often break into networks by listening to network traffic at strategic locations. They also break in by parsing out clear text usernames and passwords. Thus, remote password-protected connections must be encrypted. This is especially true for remote connections over the Internet and for connections to the most critical servers. A number of commercial and free products are available to encrypt TCP/IP traffic.

Click to Order a Custom Term Paper Now...

8. Vulnerability Scanners

     Vulnerability scanners scan a network for computers that are vulnerable to attacks. The se scanners have a large database of vulnerabilities that they use to probe computers in order to determine the vulnerable ones. A variety of commercial and free vulnerability scanners exist in the market.

9. Incident Response Handling

     Even if just false alarms, every network has some security events (No matter how secure). Staff must know beforehand how to handle such events. Important points that should be resolved are:

  • when should network connections be severed,
  • when should one call an emergency response team,
  • when should one call law enforcement, and
  • What is the recovery plan if an important server is compromised?

10. Security Advisories

     These are warnings issued by incident response teams and vendors about latest computer vulnerabilities. Advisories usually cover only the most important threats and thus are high-utility and low-volume reading. They describe the threat in general terms, and give very specific solutions on how to plug the vulnerability.

Click to Order a Custom Term Paper Now...

11. Intrusion Detection

     Intrusion detection systems detect computer attacks. They can be used both - outside a network's firewall to see what kinds of attacks are being launched, and behind a network's firewall to find attacks that penetrate the firewall. They can also be used within a network to monitor insider attacks. Intrusion detection tools come with many different functionalities and capabilities.

12. Network Discovery Tools and Port Scanners

     Port scanners and network discovery tools map out networks and identify the services running on each host. Attackers use these tools to find vulnerable network services and hosts. System administrators must use these tools to monitor the kind of host and network services connected to their network. Weak or improperly configured services and hosts can be easily found and patched this way.

Click to Order a Custom Term Paper Now...

13. Denial-of-Service Testing (for firewalls and Web servers)

      DOS (Denial-of-service) attacks are very common on Internet. Malicious attackers reboot computers, shut down Web sites, and / or clog up networks with junk packets. DOS attacks can be serious, especially when attackers launch an ongoing, untraceable attack. Sites serious about security can launch these same attacks against themselves to determine what damage can be done. Only very experienced system administrators / vulnerability analysis consultants should perform this type of analysis.

14. Security Policies

     The strength of a network's security scheme is only as strong as the weakest entry point. If various sites within an organization have different security policies, one site can be compromised by the insecurity of another. Organizations should have a rigid security policy defining the level of protection that they expect, and its uniform implementation. The most important aspect of a policy is to create a uniform mandate on which and what traffic is allowed through the organization's firewalls. The policy should also define where and how security tools (e.g., intrusion detection or vulnerability scanners) should be used in the network. In order to obtain uniform security, the policy should define secure default configurations for different types of hosts.

Click to Order a Custom Term Paper Now...

      (Federal Information Systems Security Educators' Association

(FISSEA))

Works Cited

Computer Security Resource Center, 2001 Federal Information Systems Security Educators' Association (FISSEA), March 13-15, 2001

Conference

Intelligent management of IT risks, vulnerabilities and protection needs, Information Technology

Laboratories, Gaithersburg, MD, 2002

National Institute of Standards and Technology, Information Technology (NIST), Laboratory

Bulletin, May 1999.

The Scool of Computing, University of Glamorgan, 2002

 
 


Disclaimer: These papers are to be used for research/reference purposes only. All papers should be used with proper references.

 

© Copyright 1996-2008 Best Term Paper and Research Papers