Computer security (794212), страница 2
Текст из файла (страница 2)
A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later.
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. While some are harmless or mere hoaxes, most computer viruses are considered malicious.
Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people conflate the terms “virus” and “worm”, using them both to describe any self-propagating program.
A key logger is a tool designed to record (log) every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data. Some key loggers use methods based on virus, trojans or rootkits to remain active and hidden. However, some key loggers are used in legitimate ways and sometimes to even enhance computer security. As an example, a business might have a key logger on a computer used at a point of sale and data collected by the key logger could be used for catching employee fraud.
Security exploits
A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website or domain hacking.
Vulnerability
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. All attacks uses some vulnerabilities in system.
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
Security bug (security defect) is a vulnerability that is not related to software. Hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.
A resource may have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the confidentiality, integrity or availability of resources belonging to an organization. OWASP (The Open Web Application Security Project) depicts the same phenomenon in a different words: a threat agent through an attack vector exploits a weakness (vulnerability) of the system and the related security controls causing a technical impact on an IT resource (asset) connected to a business impact.
Classification
Vulnerabilities are classified according to the asset class they are related to. There is six different points: hardware, software, network, personnel, site and organizational.
Causes
Exists many causes for vulnerabilities. Here is some of them:
Firstly, complexity: large, complex systems increase the probability of flaws and unintended access points.
Secondly, familiarity: using common, well-known code, software, operating systems, or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw.
Thirdly, connectivity: more physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability.
In the fourth place is a password management flaw: the computer user uses weak passwords that could be discovered by brute force, they stores the password on the computer where a program can access it and they re-use passwords between many programs and websites.
In the fifth place is a fundamental operating system design flaw: the operating system designer chooses to enforce suboptimal policies on user management. For example operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator.
In the sixth place is an internet website browsing: some internet websites may contain harmful spyware or adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals.
In the seventh place is a software bugs: the programmer leaves an exploitable bug in a software program and as the result the software bug may allow an attacker to misuse an application.
Finally, another cause is an unchecked user input: the program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).
Not learning from past mistakes also causes troubles: for example most vulnerabilities discovered in IPv4 protocol software were discovered in the new IPv6 implementations. But this cause is related to absolutely everything in our world.
The research has shown that the most vulnerable point in most information systems is the human user, operator, designer, or other human: so humans should be considered in their different roles as asset, threat, information resources. Social engineering is an increasing security concern.
Vulnerability disclosure
A responsible disclosure first alerts the affected vendors confidentially before alerting CERT (Computer Emergency Response Team) two weeks later, which grants the vendors another 45 day grace period before publishing a security advisory.
Full disclosure is done when all the details of vulnerability is publicized, perhaps with the intent to put pressure on the software or procedure authors to find a fix urgently.
Security researchers catering to the needs of the cyberwarfare or cybercrime industry have stated that this approach does not provide them with adequate income for their efforts. Instead, they offer their exploits privately to enable “Zero day attacks” (nobody can resist them because they are unknown).
The never ending effort to find new vulnerabilities and to fix them is called Computer insecurity.
Vulnerability disclosure date
The time of disclosure of a vulnerability is defined differently in the security community and industry. It is most commonly referred to as a kind of public disclosure of security information by a certain party. Usually, vulnerability information is discussed on a mailing list or published on a security web site and results in a security advisory afterward.
The time of disclosure is the first date a security vulnerability is described on a channel where the disclosed information on the vulnerability has to fulfill the following three requirements: firstly, the information is freely available to the public, secondly the vulnerability information is published by a trusted and independent source, and finally, the vulnerability has undergone analysis by experts such that risk rating information is included upon disclosure.
Identifying and removing vulnerabilities
Many software tools exist that can aid in the discovery (and sometimes removal) of vulnerabilities in a computer system. Though these tools can provide an auditor with a good overview of possible vulnerabilities present, they cannot replace human judgment. Relying solely on scanners will yield false positives and a limited-scope view of the problems present in the system.
Vulnerabilities have been found in every major operating system including Windows, Mac OS, various forms of UNIX and Linux, and others. The only way to reduce the chance of a vulnerability being used against a system is through constant vigilance, including careful system maintenance (e.g. applying software patches), best practices in deployment (e.g. the use of firewalls and access controls) and auditing (both during development and throughout the deployment lifecycle).
Malware
Malware includes computer viruses, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, rogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states. Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics.
Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small and large organizations to safeguard against malware attacks which helps in identifying and preventing the further spread of malware in the network.
Antimalware strategies
As malware attacks become more frequent, attention has begun to shift from viruses and spyware protection, to malware protection, and programs that have been specifically developed to combat malware.
Grayware
Grayware (or greyware) is a general term that refers to applications or files that are not directly classified as malware (like worms or trojan horses), but can still negatively affect the performance of computers and involve significant security risks.
It describes applications that behave in an annoying or undesirable manner, and yet are less serious or troublesome than malware. Grayware encompasses spyware, adware, dialers, joke programs, remote access tools and any other program apart from a virus, which is designed to harm the performance of computers.
Computer security approaches
Exists many approaches to create system secure, and some of them can be used separately from others, but to achieve the best result, developers should use all of them. These approaches are: security by design, security architecture, security operating systems, secure coding, capabilities and access control list, hardware mechanisms that protect computers and data.
Security by design
The main approach to think of computer security is to reflect security as one of the main features. This approach is called security by design. Some of the techniques in this approach include seven different rules. Firstly, the principle of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system. Second principle is automated theorem proving to prove the correctness of crucial software subsystems. Thirdly, code reviews and unit testing are approaches to make modules more secure where formal correctness proofs are not possible. Fourthly defense in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. In the fifth place is safety engineering, default secure settings, and design to "fail secure" rather than "fail insecure". Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure. In the six place is audit trails, which tracks system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. And finally full disclosure to ensure that when bugs are found the time of not fixed vulnerability is kept as short as possible.
Security architecture
The next approach in providing security is to think of security architecture. It can be defined as the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve to maintain the system's quality attributes: confidentiality, integrity, availability, accountability and assurance services.
Secure operating system
One use of the term computer security refers to technology to implement a secure operating system. The technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.
In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect very important information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level. Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
Secure coding
If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a “low security” category because they rely on features not supported by secure operating systems (like portability, and others). In low security operating environments, applications must be relied on to participate in their own protection. There are “best effort” secure coding practices that can be followed to make an application more resistant to malicious subversion.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
