2.3 System Security - Contents
In this chapter, you will learn:
- Forms of attack
- Threats posed to networks
- Identifying and preventing vulnerabilities
Forms of attack
Malware is malicious software that is designed to infect a users computer, and disrupt or damage a computer system. Malware is a heading for different types of software:
Viruses are a type of malware that reproduces itself from system to system, by infecting other programs or modifying them.
Worms are standalone programs that replicate itself in order to spread across a network, or to other computers.
Trojan horses are malicious programs designed to gain access into a computer, by misleading it’s true intent. It usually disguises itself as a program a user wants to install.
Spyware sends computer information (such as keystrokes, or even a webcam feed) to the hacker.
Scareware is a type of malware that is designed to make the user believe that something is wrong with their machine or one of their accounts, so they are more likely to give over information to hackers (often used in conjunction with phishing, where the user believes the message is from a trusted source).
Most commonly nowadays, is ransomware. Ransomware is a piece of malware designed to encrypt your files, and asks the user for a payment to recover their data.
If you are web-surfing or on a network without proper protection, malware can infect your machine and cause issues for users.
A payload is the malicious activity that a virus executes. This could be causing the system to run slowly, deleting or modifying files, or even tracking user activities such as keyboard inputs.
Phishing is an online fraud technique. A hacker will pretend to be a website that the user wants to access, with an accurate looking login screen. Once the user types in their password, the phishing site saves this information, and redirects the user to the correct website, to make it seem as if nothing had gone awry.
Another method is to spam the user with fake messages, in order to trick them into giving up personal information.
This is often used to commit identity theft.
Brute force attacks
A brute force attack is a method of trial and error, usually used to try and break into an encrypted file or account. This tries multiple different password combinations to unlock the intended item.
Beyond GCSE Information
Some different methods of brute force attacks exist. Some try every combination of password possible, whilst others attempt to use dictionary words, and combine them in certain ways to guess a password. This is because some users use weak passwords, that are a mix of two words, and a number.
Denial of service attacks
A denial of service attack is when a computer requests packets of data from a server or computer, repeatedly (without the want for data return), so the user cannot connect online (due to the bandwidth being taken up by the other computers). This is useless traffic, that blocks other users from using a service.
A distributed denial of service attack, or DDoS, is when many computer systems request data from the server. This means that it is spread out from across the country. These computer systems are usually compromised machines, via malware, and these are called zombies.
Data interception and theft
As packets travel across the internet, a “man in the middle” attack can occur. People can “sniff” these packets, intercepting the data before ever reaching the intended recipient. This is eaves-dropping on network traffic, to find personal or sensitive information.
An SQL injection attack is a code injection method, where a user has an input field, and inserts malicious code that will run on the server (due to poorly implemented web traffic). This can sometimes reveal sensitive data.
Threats posed to networks
Malware can spread easily over a computer network. As such, if one machine is infected with malicious code, it can easily look for other computers on a network, and spread. This makes some networking implementations, especially those without any anti-malware protection, vulnerable.
The NHS was attacked with ransomware back in 2017, known as WannaCry. This piece of malware encrypted files on every computer on a network, and demands money for the recovery of these files. Since a lot of computers on their networks ran Windows XP/Server 2003, it was suceptible to this vulnerability that allowed the malware to spread.
Malware is usually spread by vulnerabilities in software. As such, automatic updates are important to make sure software exploits are patched without user intervention.
Phishing and Social Engineering
Social engineering is the act of preying upon a user, and deceiving them to complete a task, usually to give over personal information. A part of this could be phishing, with malicious websites designed to look official.
The results of these attacks can be extremely negative; identity theft can occur, where a hacker has enough information to impersonate you. This means they can sign up for accounts in your name, including taking loans out, and burning bridges with your contacts. As such, this is an extremely lucritive business for hackers.
For companies, this can cause damage to the brands reputation, whether that be due to a negative impression via an impersonator, or whether that be through damaging relations with key business partners.
Brute force attacks
Brute force attacks, if done successfully, can give hackers access to personal information. This means that trade secrets can be leaked. Otherwise, key accounts with unsecure passwords can be accessed, allowing access to the entire network.
Denial of service attacks
If a denial of service attack is taking place, then customers won’t be able to access the machine. As such, customers won’t have access to paid resources, causing lost revenue.
Alternatively, on a network, users can lose productivity, if the resource required is not available, leading to downtime.
A companies reputation can be damaged by lack of up-time.
Data interception and theft
If data is intercepted over a network, key information can be leaked. If a password is intercepted, this gives access to an entire network. Similarly, if trade secrets are transferred, this can lead to brand damage.
Contents of databases can be given to hackers, if the SQL forms are not properly sanitised. This means that private data from these databases can be stolen.
In a similar vein, information in databases can be changed, added or deleted, leading to incorrect or malicious data being used within a system.
Poor network policy
Most network insecurities are created from a user as a weak-point; this means that once a virus enters the network, or once one computer has been compromised on a network, the whole network is at risk.
Oftentimes, users do not complete security checkups, leading to weak points that hackers can use:
Using easy passwords
Leaving a password out in the open on a note or in a book
Losing computer hardware
Not installing anti-malware software, or keeping it up to date
Not installing security patches for their computer
Clicking on dodgy links
Plugging in random memory sticks
Proper network policies, and proper user training, can help protect a network.
Identifying and preventing vulnerabilities
Penetration testing is when a professional company purposely tests a systems security, to make sure that it is secure.
This allows the company to test the network before being rolled out, meaning any issues can be found and removed prior to the network or software being public.
Network forensics is when an adminitrator monitors the traffic on a network. The data packets are copied at regular intervals, for analysis later. This information can identify any traffic that could be harmful, for instance, analysing where data is being sent and if it is intended.
Policies allow a network administrator to set certain permissions, so that the network is more resilient to threats. For instance:
Executable files have to be allowed by the administrator
A backup solution is in place in case of a data failure or malware infection
Regular updates of software to patch vulnerabilities
Up to date anti-malware and firewall software
Regular penetration testing of the network
Users cannot modify files in the operating system directory
Passwords are required to be changed at regular intervals, in case they become compromised
Passwords need to meet specific conditions to make sure they cannot be brute-forced into
Anti-malware software is designed to constantly run in the background, and analyse what software is being downloaded and opened. If it detects something malicious, it will block it from executing.
Beyond GCSE Information
Anti-malware software can create a false positive. This is when it detects a file as being malicious, even though it is perfectly safe. This is usually due to the heuristic scanner noticing a pattern of code from other malicious software.
For instance, a video game that accidently doesn’t stop tracking users inputs when inactive could be analysed as being a keylogger, even though it is just a design oversight.
Firewalls block unauthorised packets of data to transfer over the network.
This means that the network is more secure, as only authorized programs can download data, that could be software that may contain compromised code.
User Access Levels
User access levels is a method of giving certain users specific permissions. For instance, a standard user on a network should not be able to access operating system files, or install new software. However, a network manager should be able to access most tools, including diagnostic tools.
Implementing different access levels can protect a network. Blocking executable files for standard users can block downloads containing malware. Blocking certain websites for users can stop vulnerabilities from being attacked.
Utilizing strong passwords, that do not have any dictionary words, are long in length, uses letters/numbers/symbols, and are not written down in any easy-to-see areas (for example, not leaving it attached to the monitor with a sticky note).
This means only the correct user can login and modify files, or use installed software.
Encryption is when you hash data, so it is no longer plain text. The user will need a key to decrypt the data into its raw form.
This allows the network to be more secure, as data is not stored in raw text, meaning that if anyone does get hold of the data, they will have to spend time decrypting the data, running either a brute force, or a dictionary attack on the data.