Computer security (794212)

Просмтор этого файла доступен только зарегистрированным пользователям. Но у нас супер быстрая регистрация: достаточно только электронной почты!

Текст из файла

Lomonosov Moscow State University Faculty of Computational Mathematics and Cybernetics

Computer Security

Vasilenko Anatoly

211 group

, 2013

Contents

1. Introduction ……………...………………………………………………………………………………………………………3

2. Definitions ………………………………………………………………….………..……………………………………………3

3. Computer attack …..……………………………………………………………..……………………………………………4

   1. Different divisions of computer attacks ………………..………………………………………………4

   2. Types of attacks ..…………………………………………………..………………………………………………5

   3. Security exploits ………………..…………………………………..………………………………………………7

4. Vulnerability ………………………………………………………………………………………………………………………7

   1. Classification .…………………………………………………………………………………………………………7

   2. Causes ……………………………………………………………………………………………………………………7

   3. Vulnerability disclosure ………………………………………………………….………………………………8

   4. Vulnerability disclosure date …………………………………………………………….……………………9

   5. Identifying and removing vulnerabilities ………………..………………………..…………..………9

5. Malware ……………………………………………………………………………………………………..……………….……9

   1. Antimalware strategies ………………………………………………………………….………………..……9

   2. Grayware ……………………………………………….....………………………………….……………………10

6. Computer security approaches ……………………………………………………………….………………..……10

   1. Security by design ……………………………………………………………………….………………………10

   2. Security architecture ………………………………………………………………….………………….……10

   3. Secure operating system ………………………………………………………….…………………………10

   4. Secure coding …………………………………………………………………….….……………………………11

   5. Capabilities and access control list ……………………………………..…………….……….………12

   6. Hardware mechanisms that protects computers and ………………………..………………12

7. Network security …………………..……………………………………………………………………….………………12

   1. Network security concepts ….………..….…………..……………………………….…………………12

   2. Security management …………………….…………….……………………………………………………13

8. Hackers classification ………………………………….………….……………….……………………………………15

   1. White hat ………………………………………..………….…………………………..…………………………15

   2. Black hat …………………………………………………….………………………………………………………15

   3. Grey hat ……………………………………………………….……………………………………………….……15

   4. Elite hacker …………………………………………………..……………………….……………………………16

   5. Script kiddie ………………………………………………….………….…………………………………………16

   6. Neophyte …………………………………………………….…………….……………………………….………16

   7. Blue hat ……………………………………………………..……………….………………………………………16

   8. Hacktivist ……………………………………………………..…………..…..……………………………………16

   9. Bots ………………………………………………………………………………..………………………………..…16

9. Conclusion ………………………………………………………………………………………………………………………16

10. References ……………………………………………………………………………….…………………………………….18

Introduction

Almost everybody has got spam at least once. It can be called a successful attack, because the target (you) has got an advertisement. In our world there are a lot of different attacks which happen every second, but not all of them achieve their goals. This happens because many companies try to fight these attacks.

In general a computer attack or a computer network attack is any attempt to destroy, reveal or do something else illegal with information. Usually professionals distinguish three aspects which need protection. It is privacy, integrity and accessibility of information resources.

Creating a secure system is a very hard and expensive task, and to achieve it developers should follow special rules. Creating a secure system is also a very specific problem, in comparison with others tasks that are solved in real world. To solve this problem a developer must understand how the criminals attack modern systems. They should even be half criminals to understand their trade. System designers must understand all stages of creating criminal soft (malware) and making an attack to create defense on every step the criminals tries to perform.

This is why considering computer security definitely requires discussion not only computer security approaches, but at first we must consider themes like computer attacks by itself, vulnerabilities and malware.

Definitions

Computer security is information security as applied to computers and networks. The field covers all the processes and mechanisms by which computer-based equipment, information or data and services are protected from unintended or unauthorized access, change or destruction. To understand computer security we should understand all aspects of its essence.

Computer security has big branch called network security. Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Network security covers both public and private computer networks.

Internet engineering task force (IETF) defines attack as an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

The term attack relates to some other basic security terms. A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the Confidentiality, Integrity or Availability properties of resources (potentially different that the vulnerable one) of the organization.

IETF RFC defines vulnerability as a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.

But vulnerability does not constitute a menace by itself. There should be someone to produce attacks. In the computer security context, a hacker is someone who seeks and exploits vulnerabilities in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community.

All hackers usually use specific software to produce their attacks. It is called malware. Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. Malware is a general term used to refer to a variety of forms of hostile or intrusive software.

Computer Attack

In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.

A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be intentional or accidental, but first happens more often.

An organization should make steps to detect, classify and manage security incidents. In order to detect attacks, a number of countermeasures can be set up at organizational, procedural and technical levels. Computer emergency response team, information technology security audit and intrusion detection system are example of these.

Different divisions of computer attacks

Today many different classifications of computer attacks exist. Here I will describe some of them in general.

First type of division of attack classifies them by whom they are accomplished. An attack can be perpetrated by an insider or from outside the organization. An “inside attack” is an attack initiated by an entity inside the security perimeter (an “insider”), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. An “outside attack” is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

Another division of attacks classifies them by their influence on system. The attack is “active” when it attempts to alter system resources or affect their operation, so it compromises integrity or availability. A “passive attack” attempts to learn or make use of information from the system but does not affect system resources, so it compromises confidentiality.

Types of attacks

The attacks can also be classified according to their origin, i.e. if it is conducted using one or more computers (in the last case it is called a distributed attack). Botnet are used to conduct distributed attacks.

Other classifications are according to the procedures used or the type of vulnerabilities exploited: attacks can be concentrated on network mechanisms or host features.

Some attacks are physical, i.e. theft or damage of computers and other equipment. Others are attempts to force changes in the logic used by computers or network protocols in order to achieve unforeseen (by the original designer) result but useful for the attacker. Software used to for logical attacks on computers is called malware.

A typical approach in an attack on Internet-connected system consists of three steps. Firstly, network enumeration, discovering information about the intended target. Secondly, vulnerability analysis: identifying potential ways of attack, and finally, exploitation: attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.

In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

The following is a partial short list of attacks:

1. Passive

   1. Network

      1. wiretapping

      2. Port scanner

      3. Idle scan

2. Active

   1. Denial-of-service attack

   2. Spoofing

   3. Network

      1. Man in the middle

      2. ARP poisoning

      3. Ping flood

      4. Ping of death

      5. Smurf attack

   4. Host

      1. Buffer overflow

      2. Heap overflow

      3. Format string attack

      4. SQL injection

Now I would like to explain some types of attacks

A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are “open” or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number.

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

A spoofing attack (fishing) involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. The purpose of this is usually to fool programs, systems, or users into revealing confidential information, such as user names and passwords, to the attacker.

A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Next we come to social engineering. When a hacker, typically a black hat, is in the second stage of the targeting process, he or she will typically use some social engineering tactics to get enough information to access the network. A common practice for hackers, who use this technique, is to contact the system administrator and play the role of a user who cannot get access to his or her system. Hackers who use this technique have to be quite savvy and choose the words they use carefully, in order to trick the system administrator into giving them information. In some cases only an employed help desk user will answer the phone and they are generally easy to trick. Another typical hacker approach is for the hacker to act like a very angry supervisor and when his authority is questioned they will threaten the help desk user with their job. Social engineering is very effective because users are the most vulnerable part of an organization. All the security devices and programs in the world won't keep an organization safe if an employee gives away a password. Black hat hackers take advantage of this fact.

Характеристики

Тип файла документ

Документы такого типа открываются такими программами, как Microsoft Office Word на компьютерах Windows, Apple Pages на компьютерах Mac, Open Office - бесплатная альтернатива на различных платформах, в том числе Linux. Наиболее простым и современным решением будут Google документы, так как открываются онлайн без скачивания прямо в браузере на любой платформе. Существуют российские качественные аналоги, например от Яндекса.

Будьте внимательны на мобильных устройствах, так как там используются упрощённый функционал даже в официальном приложении от Microsoft, поэтому для просмотра скачивайте PDF-версию. А если нужно редактировать файл, то используйте оригинальный файл.

Файлы такого типа обычно разбиты на страницы, а текст может быть форматированным (жирный, курсив, выбор шрифта, таблицы и т.п.), а также в него можно добавлять изображения. Формат идеально подходит для рефератов, докладов и РПЗ курсовых проектов, которые необходимо распечатать. Кстати перед печатью также сохраняйте файл в PDF, так как принтер может начудить со шрифтами.

Список файлов реферата