IT Security Essay
Today mass use of personal computers, unfortunately, was connected with the appearance of self-replicating programs viruses hindering normal operation of the computer, destroying the file structure of disks, and causing damage to the information stored in the computer. Let’s consider what it began with.
1945 – term birth. The vice-admiral of the VTR of the USA Grace Murray Hopper directing the information department of naval headquarters faced that electronic calculating machines (prototypes of the modern computers) began to glitch. The moth which flew in one of the relays became the reason. The admiral called this problem “bug”, using the term applied by physics of the USA and Great Britain since the end of the 19th century (it designated any kinda malfunction in electrical devices). The admiral also for the first time used the term “disposal of a bug” which is nowadays applied to the description of the actions set for the purpose of debugging in the computer. (Malware. 2015)
1990 globalization of a problem of viruses. The computer log PC Today delivered subscribers the infected diskette. At the beginning of a year, there is the first polymorphic virus — Chameleon. This technology was quickly adopted also in a combination of stealth technology and armoring allowing new viruses to resist successfully existing anti-virus packets. In the second half of 1990 two stealth viruses — Frodo and Whale appeared. Both viruses used extremely difficult stealth algorithms, and the 9-kilobyte Whale applied several levels of encryption and anti-debug receptions.
Despite the laws in the fight against computer crimes adopted in many countries and the development of special software for protection against viruses, the quantity of new programs permanently grows. It demands from the user of the personal computer of knowledge of the nature of viruses, methods of infection with viruses, and protection against them.
Malware is called any software intended for receiving illegal access to the information stored on the computer for the purpose of infliction of harm to the owner. (N. Weaver, V. Paxson, S. Staniford, and R. Cunningham)
Computer virus – the program capable of spontaneously being implemented and implementing the copies in other programs, files, system areas of the computer, and in computer networks, for the purpose of creation of various noises to operation on the computer. Or the computer virus is the purposefully created program automatically attributing itself to other software products changing or destroying them. (F. Cohen)
Symptoms of infection:
- · Termination of work or misoperation of earlier successfully functioning programs;
- · Slow operation of the computer;
- · Impossibility of loading of an operating system;
- · Disappearance of files and directories or distortion of their contents;
- · Change the date and time of modification of files;
- · Change the sizes of files;
- · Unexpected significant increase in the number of files on a disk;
- · Essential reduction of the size of the free random access memory;
- · Output to the screen of unforeseen sound signals;
- · Frequent hangups and failures in the operation of the computer.
Rules of protection against computer viruses:
Regularly test the computer for the existence of viruses by means of anti-virus programs
Before reading information from diskettes check them for the existence of viruses
Always write-protect the diskettes by operation on other computers
Making archive copies of information, valuable to you
Don’t leave a diskette in the disk drive
Don’t use programs whose behavior is unclear
Methods of the fight against computer viruses:
1. Backup of all programs, files, and system areas of disks on diskettes that it was possible to recover data in case of a virus attack. Creation of a system and abnormal floppy.
2. Access restriction to the machine by the introduction of the password, the administrator, the closed disks.
3. Use only the license software, but not piracy copies in which there can be viruses.
4. Verification of all information arriving from the outside on viruses, as on diskettes, CD ROM, and on a network.
5. Application of anti-virus programs and up-dating of their versions.
6. Periodic check of the computer on the existence of viruses by means of anti-virus programs.
Anti-virus programs are programs for support complex data protection on the computer from malicious applications and methods of penetration of the computer. Treat the most popular anti-virus programs: Downloader.MDW, Gaobot.OXI, Kaspersky’s, IcqBot.G, Antivirus Blockade Virus. (Panda Security)
Breeching of passwords — from the mail, online banking, Wi-Fi, or from accounts, became an often found event. Substantially it is connected to the fact that users don’t follow enough simple safety rules during the creation, storage, and use of passwords.
What methods are used for breeching passwords
For breeching passwords, a wide set of different techniques is used. Almost all of them are known and almost any compromise of confidential information is reached due to the use of separate methods or their combinations.
Phishing
The most widespread method which “take away” passwords of popular mail services and social networks today and this method works for a very big percentage of users.
The essence of a method is that you get on as it seems to you, the familiar website and for any of several reasons you are asked to enter your login and the password (for an input, confirmation of something, for its change, etc.). Right after input, the password appears at malefactors.
As it occurs: you can receive the letter, allegedly from the support desk in which it is reported about the need to log in to the account and the reference upon transition to which the website in accuracy copying original opens is given. The option when after accidental installation of unwanted software on the computer, system settings change in such a way that in case of input in an address line of the browser of the address of the website necessary to you is possible, you actually get on the phishing website issued in precisely the same way.
Selection of passwords
The attacks with the use of a selection of passwords (Brute Force, brute force in Russian) are also rather widespread. If a few years ago the majority of such attacks represented really search of all combinations of a certain character set for compilation of passwords of a certain length, then at the moment everything is slightly more simple (for hackers).
The analysis of millions of passwords that flowed away in recent years shows that less than a half of them are unique, at the same time on those websites where preferentially novice users “live”, the percentage is absolutely small.
What does it mean? Generally — the fact that the hacker doesn’t have a need to touch countless millions of combinations: having a basis from 10-15 million passwords (approximate number, but close to the truth) and adding only these combinations, he can hack nearly a half of accounts on any website.
In case of a purposeful attack on the specific accounting entry, in addition to a basis it can be used and it allows to make simple search, and the modern software rather quickly: the password from 8 characters can be cracked in a few days (and if these characters represent a date or a combination of a name and date that not a rarity — in minutes).
Pay attention: if you use the same password for different websites and services, then as soon as your password and the appropriate e-mail address are compromised on any of them, by means of special software the same combination of login and the password will be tested on hundreds of other websites. For example, right after the leakage of several million passwords of Gmail and Yandex at the end of last year, the wave of cracking of the accounts Origin, Steam, Battle.net, and Uplay swept.
Computer thieves with increasing frequency try to get access to information, unavailable to them, which is on the computer or on a certain website. Generally, they need any data on credit cards or other confidential information. Each time they act more and more sophisticated and more cunning. Effectively to be protected from them, it is necessary to know their main methods of cracking and obtaining important information.
Here are the main methods which they most often use, and also precautionary measures and protection:
1. Cracking of a platform of the website on which information is posted. As much as possible to secure itself against it, post information on the websites on which a difficult programming language, and the server has no output from an internal network. If there is an additional authentication of users, then it will be for you additional plus to protection.
2. Cracking of the password. The script launched by hackers which will read out all information entered on the keypad can be a source of taking the password and transferring her to malefactors. Protection is! The password is more difficult, it is heavier to recognize to script it. If the password consists of upper and lower case, characters and digits, then it will be heavier for computer thieves to take control of your information.
3. Feeble protection of the computer. Due to the lack of an antivirus, a piracy operating system, and because of unspecified updates, your confidential materials can be stolen. To secure itself, it is necessary to set up protection, use a firewall, and set necessary updates from the official site of the supplier.
4. Absence of regular scanning. Such negligence can lead to the fact that you can lose everything, in a flash. For saving information that is stored on the website consults to carry out quarterly scanning of PCI through the Trustwave service.
5. Absence of patches on the system. Often, this leads to omissions of this action to lock any data. It is easier for malefactors to steal information if you don’t have the latest version of a patch. It is enough for them to press one button, and the virus will penetrate into the center of support and will deprive of you access to your documents.
6. Bnut – one more trick of thieves. Bnut is similar to cracking the password, but it occurs according to another diagram. If cracking of the password happens on information reading, then bnut – it is cracking of the password by means of a trial and error method. Of course, you can have a difficult password, which consists of digits, but if in the password the name and year of birth are entered, then for hackers it will be just a gift. Also by this method, the similar password on other services, therefore, don’t use the same password on the different websites and a thicket is calculated to change the password. It concerns also passwords from FTP, users of databases, and accounting entries on the website. (The 10 Faces of Computer Malware)
References
N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A Taxonomy of Computer Worms”, First Workshop on Rapid Malcode (WORM), 2003, pp. 11-18.
F. Cohen, “Computer viruses: Theory and experiments”, Computers and Security, Vol. 6, 1987, pp. 22-35.
Microsoft (2012). The Evolution of Malware and the Threat Landscape – a 10-Year review. Microsoft Security Intelligence Report, 2012.
Symantec Corporation (2014). Internet Security Threat Report 2014.
Trend Micro (2011). Trend in Targeted Attacks. 2011
Symantec (2012). Malware Security Report: Protecting Your Business, Customers, and the Bottom Line.
Grannerman, J. (2013). Antivirus evasion techniques show ease in avoiding antivirus detection. Retrieved from http://searchsecurity.techtarget.com/feature/Antivirus-evasion techniques-show-ease-in-avoiding-antivirus-detection Kassner, M. (2009).
The 10 Faces of Computer Malware. Retrieved from
http://www.techrepublic.com/blog/10-things the-10-faces-of-computer-malware/
Malware. 2015. Webopedia. Retrieved from http://www.webopedia.com/TERM/M/malware.html
Panda Security. 2015. Virus, worms, antivirus, and Security Information. Retrieved from http://www.pandasecurity.com/usa/homeusers/security-info/