Network Security

Introduction
This chapter covers safety and security issues when using computers
in the office or at home. As the use of computers continues to expand,
the health risks and security risks continue to increase. Many of these
risks are associated with the internet which, by its very nature, poses a
great risk to younger people unless they are vigilant at all times. But
large businesses are also at risk from hackers, pharming attacks and
viruses, for example. Many of the precautions people and business can
take are common sense but, equally, it also requires additional
knowledge to know how to protect yourself from these external
attacks, which can come from anywhere in the world.
Physical Security(For Peopleware or
liveware)
The use of computers in the home and business world has increased
dramatically over the last few years. This increase brings its own
physical dangers, which can cause harm to users unless they take some
very sensible precautions.
Physical Security : Health Security
Health and safety regulations advise that all computer systems have
at least tiltable and anti-glare screens, adjustable chairs and foot
supports, suitable lighting and uncluttered work stations, and
recommend frequent breaks and frequent eye tests.
Physical Security : Security Aspects
Safety is a different issue to health; health is more generally how to
stop people becoming ill or being affected by daily contact with
computers. Safety is more concerned with dangers that could lead to
serious injury or even loss of life. Some of the more common examples
of safety risks, together with possible solutions, are listed in :
E-Safety
First of all, what is the definition of e-safety? It refers to safety when
using the internet, i.e. keeping personal data sate and applies to any of
the following devices:
mobile phone
computer or tablet
games console
wireless technology.
E-Safety
Personal data refers to any data concerning a living person who can be identified
either from the data itself or from the data in conjunction with other information (for
example, 'Peter Smith has blue hair and lives at 40 Green Street' would very clearly
identify this individual).
Examples of personal data include:
name
address
date of birth
medical history
banking details.
Some personal data is often referred to as sensitive personal data and
includes:
ethnic origin
political views
religion
sexual orientation
criminal activity.
 E-safety also refers to the benefits, risks and responsibilities when
using ICT. The following list is by no means exhaustive but gives some
idea of the e-safety issues that can be encountered by users of ICT
hardware:
TIP #1

Don't give out any personal information to people who are unknown
to you; this is especially true online where it isn't possible to physically
meet people so that their motives can be fully assessed. Remember
that anyone can say anything they want online and it is very difficult to
determine whether they are genuine or not.

E.G Your Email address

TIP #2 Avoid Email account
takeover.
A hacker can email your contacts and others as if they were you.
The emails could be ordinary spam, or attempts to gain even more
personal information. A hacker can change your password so you cant
access your own account, and can delete your email messages and
contacts.

Identity theft(Poser)
the fraudulent acquisition and use of a person's private identifying
information, usually for financial gain.
TIP #3 Privacy Settings
always maintain your privacy
settings on whatever device is
being used online or during
communications. Privacy settings
allow the user to control which
cookies are stored on their
computer they enable the user to
decide who can view certain
information about them on, for
example, a social networking site.
TIP #4 Accessing Internet
when accessing the internet
make sure the websites being visited
can be trusted (two common ways
of checking this is to look for https or
the padlock sign when using
search engines, always make sure
the device settings are set to 'safe
search' and the highest possible
level of security is used
Security of data
hacking
phishing
spyware
viruses
spam
Hacking
Use a computer to gain
unauthorized access to data in a
system.
5 Phases of Hacking (How Hackers
work)
Reconnaissance:
This is the primary phase where the Hacker tries to collect as much
information as possible about the target. It includes Identifying the
Target, finding out the target's IP Address Range, Network, DNS
records, etc.
Scanning:
- It involves taking the information discovered during reconnaissance
and using it to examine the network. Tools that a hacker may employ
during the scanning phase can include dialers, port scanners, network
mappers, sweepers, and vulnerability scanners. Hackers are seeking any
information that can help them perpetrate attack such as computer
names, IP addresses, and user accounts.
Gaining Access
:- After scanning, the hacker designs the blueprint of the network of the
target with the help of data collected during Phase 1 and Phase 2. This
is the phase where the real hacking takes place. Vulnerabilities
discovered during the reconnaissance and scanning phase are now
exploited to gain access.
Maintaining Access
Once a hacker has gained access, they want to keep that access for
future exploitation and attacks. Sometimes, hackers harden the system
from other hackers or security personnel by securing their exclusive
access with backdoors, rootkits, and Trojans. Once the hacker owns the
system, they can use it as a base to launch additional attacks. In this
case, the owned system is sometimes referred to as a zombie system.
Covering Tracks:
- Once hackers have been able to gain and maintain access, they cover
their tracks to avoid detection by security personnel, to continue to use
the owned system, to remove evidence of hacking, or to avoid legal
action. Hackers try to remove all traces of the attack, such as log files or
intrusion detection system (IDS) alarms. Examples of activities during
this phase of the attack include steganography, the use of tunneling
protocols, and altering log files.
Phishing
Phishing is the attempt to acquire
sensitive information such as
usernames, passwords, and credit card
details (and sometimes, indirectly,
money), often for malicious reasons, by
masquerading as a trustworthy entity in
an electronic communication or fake
website.
Spyware
Software that enables a user to obtain
covert information about another's
computer activities by transmitting
data covertly from their hard drive.
Virus
A computer virus is
a malware that, when executed,
replicates by reproducing itself or
infecting other programs by
modifying them. Infecting computer
programs can include as well, data
files, or the boot sector of the hard
drive. When this replication
succeeds, the affected areas are then
said to be "infected".
Virus Phases: Dormant Phase
The virus is idle. The virus will
eventually be activated by the trigger
which states which event will execute
the virus, such as a date, the presence
of another program or file, or the
capacity of the disk exceeding some
limit. Not all viruses have this stage.
Virus Phases: Propagation Phase
The virus starts propagating, that is
multiplying itself. The virus places a
copy of itself into other programs or
into certain system areas on the disk.
The copy may not be identical to the
propagating version; viruses often
morph to evade detection. Each
infected program will now contain a
clone of the virus, which will itself enter
a propagation phase.
Virus Phases: Triggering Phase
A dormant virus moves into this phase when it gets activated, it will
now perform the function for which it was intended. The triggering
phase can be caused by a variety of system events, including a count of
the number of times that this copy of the virus has made copies of
itself.
Virus Phases: Execution Phase
This is the actual work of the virus,
where the payload will be released. It
can be destructive such as deleting
files on disk or harmless such as
popping messages on screen.
Computer Virus
Types
 Computer virus is a harmful software program written
intentionally to enter a computer without the user's
permission or knowledge. It has the ability to replicate
itself, thus continuing to spread. Some viruses do little
but replicate, while others can cause severe harm or
adversely affect the program and performance of the
system. A virus should never be assumed harmless and
left on a system.
 There are different types of
viruses which can be
classified according to their
origin, techniques, types of
files they infect, where they
hide, the kind of damage
they cause, the type of
operating system, or platform
they attack. Let us have a
look at few of them.
Memory Resident Virus
These viruses fix
themselves in the
computer memory and
get activated whenever
the OS runs and infects all
the files that are then
opened.
Memory Resident Virus
Hideout:

This type of virus hides in the RAM and stays there

even after the malicious code is executed. It gets control
over the system memory and allocates memory blocks
through which it runs its own code, and executes the
code when any function is executed.
Target: It can corrupt files and programs that are
opened, closed, copied, renamed, etc.

Examples: Randex, CMJ, Meve, and MrKlunky

Protection: Install an antivirus program

Direct Action Virus
The main purpose of this virus is to replicate and take
action when it is executed. When a specific condition is
met, the virus will go into action and infect files in the
directory or folder that are specified in the
AUTOEXEC.BAT file path. This batch file is always
located in the root directory of the hard disk and carries
out certain operations when the computer is booted.
Hideout:
They keep changing their location into new files
whenever the code is executed, but are generally found
in the hard disk's root directory.

Target: It is a file-infecter virus.

Examples: Vienna virus

Protection: Install an antivirus scanner. This type has

minimal effect on the computer's performance.
Overwrite Viruses
A virus of this kind is characterized by the fact that it
deletes the information contained in the files that it
infects, rendering them partially or totally useless once
they have been infected.
Hideout:
The virus replaces the file content. However, it does not change
the file size.

Examples:
Way, Trj.Reboot, Trivial.88.D

Protection: The only way to clean a file infected by an overwrite

virus is to delete the file completely, thus losing the original
content.

However, it is very easy to detect this type of virus, as the

original program becomes useless.
Directory Virus
Directory viruses (also called Cluster Virus/File System
Virus) infect the directory of your computer by changing
the path that indicates the location of a file. When you
execute a program file with an extension .EXE or .COM
that has been infected by a virus, you are unknowingly
running the virus program, while the original file and
program is previously moved by the virus. Once infected,
it becomes impossible to locate the original files.
Hideout: It is usually located in only one location of the
disk, but infects the entire program in the directory.

Examples: Dir-2 virus

Protection: All you can do is, reinstall all the files from
the backup that are infected after formatting the disk.
Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a
different way (using different algorithms and encryption
keys) every time they infect a system. This makes it
impossible for antivirus software to find them using string
or signature searches (because they are different in each
encryption). The virus then goes on to create a large
number of copies.
Worms
A worm is a program very similar to a virus; it has the
ability to self-replicate and can lead to negative effects
on your system. But they can be detected and eliminated
by an antivirus software.
Worm
Hideout:
These generally spread through e-mails and networks.
They don't infect files or damage them, but they replicate
so fast that the entire network may collapse.

Examples: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D,

Mapson

Protection: Install an updated version of antivirus.

Trojan
Horse
Sources of Computer Viruses
Downloadable Programs or
Freeware
One of the possible
sources of virus attacks is
downloadable programs
from the web. Unreliable
sources and internet
newsgroups are one of the
main sources of computer
virus attacks
Downloadable Programs
. Downloadable files are one of the best possible sources
of virus. Any type of executable program including
games, freeware, screen savers as well as executable
files are one of the major sources of computer virus
attacks. Executable files having an extension of .com,
.exe and coolgame.exe contain virus sources too. If in
the case you want to download programs from the
internet then it is necessary to scan every program
before downloading them.
Cracked Software
Cracked Software proves to
be yet another source of virus
attacks. Most people who
download cracked and illegal
versions of software online are
unaware about the reality that
they may contain virus
sources as well.
Cracked Software
Such cracked forms of illegal files contain viruses and
bugs that are difficult to detect as well as to remove.
Hence, it is always a preferable option to download
software from the appropriate source.
Email Attachments
Email attachments are one
of the other popular sources of
computer virus attacks.
Hence, you must handle email
attachments with extreme
care, especially if the email
comes from an unknown
sender
Email Attachments
Installation of a good antivirus assumes prime
necessity if one desires to eliminate the possibility of
virus attacks. It is necessary to scan the email even if it
comes from a friend. There exists a possibility that the
friend may have unknowingly forwarded virus along with
the email attachment.
Internet-Best Possible Source of
Viruses
There can be no denying
the fact that internet is one of
the common sources of virus
infection. This fact is not a
real surprise and there is no
point to stop accessing
internet henceforth.
Internet-Best Possible Source of
Viruses
Majority of all computer users are unaware as when
viruses attack computer systems. Almost every computer
user click/download everything that comes their way and
hence unknowingly invites the possibility of virus attacks.
Flash Drive,CD,DVD Memory Card
It is usual to get virus from
a flash drive or any other
storage that was used on an
virus infected PC.
Spam
Electronic spamming is the use of
electronic messaging systems to send
unsolicited messages (spam),
especially advertising, as well as
sending messages repeatedly on the
same site. While the most widely
recognized form of spam is email
spam,