Securing data is one of the biggest concerns everyone has in today’s world. This lesson will outline the importance of computer security and will introduce several common methods used to prevent a breach of user data. Several types of digital security threats will be discussed in the last part of the lesson.
The Importance of Security
Security is often the number one consideration of most individual and business computer users today. It is thought that over 150 million computers are currently being remotely controlled by attackers. Statistically, a computer is probed every 39 seconds on average by someone looking for vulnerabilities. The United States has the highest number of infected computers, and more attacks originate in the US than any other country. More statistics can be found in the Kaspersky Security Bulletin 2012. The overall statics for 2012.
In the early days, hackers worked alone and just wanted to show off their abilities. Most of the attacks created were just nuisance worms and viruses, intended to cause harm.
Modern-day hackers are often organized international groups whose motive is financial gain. These hackers want to steal confidential information instead of destroying it and are very adept at creating customized malware to steal personal information, passwords, bank accounts, etc.
A user might ask why there has been a big increase in attacks the last several years. Some of the biggest factors are:
- The speed at which attacks can move across the Internet
- More sophisticated attacks
- The simplicity of the attack tools and their availability
- Faster detection weaknesses
- Delays in users patching their systems
- Distributed attacks
- And probably the biggest concern is user confusion
Most people don’t understand how or why attacks are being made. Do most users know the difference between a virus and worm? Between adware and spyware? Between a rootkit and a Trojan?
Confusion over different types of defenses like antivirus, antimalware, firewalls, updates, and patches. Users don’t understand the security decisions and technical procedures being used. Things like: Should I grant permission to open a port? Is it safe to un-quarantine this attachment? Should I install this add-on?
There are a lot of misconceptions about security:
- I don’t have anything on my computer anyone would want. That may well be, but it may be the computer’s processing power or Internet connection a hacker want to control.
- I have antivirus software, so I am protected. Only about 3% of attacks today are from viruses. More concern should be placed on what is being stolen and the malicious intent.
- My IT person takes care of security here at work. It is everyone’s job to care about security. With today’s “Bring Your Own Device” (BYOD) policies, anyone could introduce security vulnerabilities.
- My Apple Computer is safe. Simply not true. Apple computers are attacked just as much as PCs. It is just not talked about as much.
- Mobile devices are immune. More and more hackers are attacking mobile devices as a way to access information.
None of these statements are true. All users must know what makes them a security risk and how to combat it.
Figure 1: User Quotes – Common misconceptions about security
The Importance of Security
So why is security so important? If proper security procedures are not followed, all of our information is at risk, including company secrets, financial and other private information, and even items of national security. A computer repair technician’s primary responsibilities include data, network, and physical security.
Figure 2: Collage of Security Terms
Types of security threats:
- Physical threats like theft, damage, or destruction of computer equipment
- Digital threats like theft of, denial of access to, unauthorized access to, corruption of or removal of data
- Potential threats to computer security include:
- Internal threats: employees can cause a malicious threat or accidental threat
- External threats: outside users attack in an unstructured or structured way
Common Physical and Digital Security Methods
Physical security can be as important as digital security. Think about the following:
- Are all computers and other technologies physically secured?
- Is the equipment behind locked doors that restrict access to all but a few technicians?
- Does the company require some security measure to gain access to buildings, computers, or documents?
Physical security measures can stop theft, vandalism, or just access. Things to consider:
- Key fobs
- RFID badges
- RSA tokens
Physically secure documents and passwords, and shred documents before leaving the building.
Figure 3: Physical Security Devices – key ring fob and badge
Another way to secure access to a device or location is biometrics. A biometric device is used to identify humans by their characteristics or traits. These may include:
- Fingerprint scanners
- Voice recognition
- Optical scanners
- Retinal scanners
One of the biggest concerns with biometrics is a false positive where a legitimate user is denied access or an illegitimate user is granted access.
Smart cards, strong passwords, and firewalls are three types of digital security. Review the following for details.
1. Smart Cards
Some companies and businesses are moving toward the use of smart cards that can provide identification and authentication to areas such as data storage and application processing. A single smart card can also help integrate information for multiple services such as loyalty programs, medical information, driver’s license information, and banking credentials to name just a few.
Other forms of digital security can include:
- User authentication
- Strong passwords
- Directory and folder permissions
2. Strong Passwords
One of the easiest ways to protect our personal information is through the use of a strong password. A strong password means that it is difficult to break. To create a strong password:
- Create a password of at least six to eight characters on average, but 15 characters are optimal
- The password should be a random combination of uppercase and lowercase letters, numbers, and special characters
- A password should be replaced with a new one, at least every 30 to 60 days
- A password should not be reused for at least 12 months
- The same password should not be duplicated or used for multiple accounts
Two-way personal firewalls, also known as Stateful Packet Inspection firewalls, inspect network traffic and deny or permit its passage, based on configured rules. Firewalls restrict what comes in and go out of a computer in an attempt to stop infection of that computer and others on a network. Application-aware firewalls allow users to specify which desktop applications can connect to a network.
Digital Security Threats
It is important to be aware of the many types of digital threats in order to prevent security breaches. Review the following:
Malware is a term used to describe software designed specifically to damage or disrupt the computer system. It is used and programmed by attackers to disrupt computer operations, to gather confidential information, or to gain access to computer systems. It may appear as code, scripts, active content, or other types of software. Malware includes viruses, worms, Trojan horses, rootkits, keyloggers, spyware, adware, or other malicious programs. To prevent infection and also prevent malware from spreading throughout a network, the use of applications such as firewalls, anti-malware, and antivirus has become required for home and businesses.
A virus is a program with malicious intent that secretly attaches to emails and websites and then executes malicious payloads when documents are opened or programs are launched. Viruses rely on actions by others to run and spread themselves to other computer systems.
A worm is a program designed to take advantage of vulnerabilities in applications or operating systems. Once a worm has exploited the vulnerabilities on one system, a search for another computer to attack begins immediately. It may send out emails from a client’s address book. Worms can travel by themselves and do not require any user interaction to begin its execution.
A Trojan horse is a program that is advertised as performing one activity that actually does something else. It may perform as advertised and usually appears harmless but exists to cause malicious intent. Typically, it contains hidden code in an executable program that can attack a computer.
A rootkit is a type of malicious software that is run when a computer boots. Because rootkits are designed to run before the operating system has completely booted and before antivirus or anti-malware software has started, this type of attack is very difficult to stop. The installation of hidden files, processes, and user accounts are often allowed into the operating system. Data from terminals, network connections, and even the keyboard can be gathered without anyone ever knowing of its existence.
Zombies & Botnets
Zombies and botnets are some of the most common types of malware in use today. These programs infect computers and put them under the remote control of attackers without user knowledge. A zombie is a single infected “robot” computer. A botnet is a collection of thousands of zombies under remote control of an attacker known as a bot herder that can be used for many different malicious purposes.
Denial of Service (DoS)
A Denial of Service (DoS) is used to prevent users from accessing normal services. It can bombard websites or other services with enough requests that the resource becomes overloaded or even brought down. Three common types are:
- A ping of death is created by the influx of multiple, very large ICMP packets (pings) that are intended to overwhelm a computer and make it unusable.
- An email bomb is a large quantity of bulk email that overwhelms email servers, preventing users from accessing their legitimate email.
- A Distributed Denial of Service (DDoS) attack is launched from multiple computers or a botnet.
Grayware, Adware, and Spyware
Grayware is a general classification of applications that behave in a manner that is annoying or undesirable. These types of programs are probably the most common threats on our computers today. It would be safe to say that almost every computer has at least one form of Grayware running on it at this very moment. It is typically installed without the knowledge of a user. Information from a computer can be gathered, a computer’s configuration can be changed, or windows can pop up on a computer without the user’s consent.
Adware automatically plays, displays, or downloads advertising materials to a computer after the software is installed on it or a while the application is being used.
Spyware allows a hacker to take partial control of or intercept information from a user’s computer.
Social engineering relies on deceiving someone to obtain secure information or gain access to secure areas:
- Shoulder surfing is observing someone without their knowledge to get information. The best defense against it is privacy filters, shields, or antiglare devices.
- Dumpster diving is stealing mail or documents from individuals or businesses. The best defense is shredding or destroying information before discarding it.
- Tailgating is following an authorized user through an entrance without using a badge to defeat security. The best defense is turnstiles and man traps which only allow one person to enter at a time.
A social engineer is someone who tries to gather information that will give them access to data by tricking the user. A user may perceive this person is being sent from a legitimate source by speaking the user’s language or dressing in the same way the real worker would. Social engineering can also be done digitally or over the telephone – not just in a physical environment.
To protect against social engineering:
- Never give out a password
- Ask for the ID of the unknown person
- Restrict access to unexpected visitors
- Escort all visitors through the facility
How many users write their password on a sticky note and put it on their monitor or tape it to the bottom of their keyboard?
Phishing is an attempt to learn confidential information by tricking the user into thinking the requester has a right to it. Things such as usernames, passwords, details about a credit card or bank account, and social security numbers are the most commonly sought after items. An example of this is an e-mail that directs the receiver to a website and instructs them to provide details about a credit card account to verify their information is still correct. The website, however, is actually a fake and is set up to steal the user’s information.
Deceptive websites can be embedded in e-mails that direct a browser to an illegitimate location that looks like the real thing. A website will never have an ampersand in the middle of an address. Some e-mails are designed to look like websites. Vendor logos and other characteristics may be included that make them look like legitimate websites as a way to convince the recipient that the message is genuine.
Never assume the presence of the logo means that the email is legitimate. Users should never log on to a website from a link in an email, but instead should open a new browser window and type the legitimate address. As a general rule, a legitimate company will never ask for personal information.
How can phishing attacks be recognized? Look for:
- Fake sender’s address – Do not trust an e-mail just because the sender’s e-mail appears to be valid. Those addresses can be easily forged.
- Generic greetings – many phishing emails began with a generic opening such as dear PayPal member and include an invalid account number
- Pop-up boxes and attachments – A vendor’s e-mail will never contain an attachment or a popup unless it was requested.
- Urgent requests – many phishing emails try to encourage the recipient to act immediately, or their account will be deactivated
The best defense against all of these types of attacks is user education. All computer users should be educated about the types of attacks, social engineering, and phishing. Users should always be aware of their location and what tasks are being performed at all times. Always practice smart behavior. Use technologies that help protect against malicious attacks.
Always think about the principle of least privilege. That is, use an account that gives only the access needed to perform a job. As a general rule, never use an administrator account as a daily user account.
In this lesson, you learned important concepts about relating to Computer Security Fundamentals. Keep the following in mind:
- Security is one of the most important areas that a company and an individual must control and continue to improve. If it is not, confidential and private information can easily be compromised. Stopping hackers and educating users is of critical importance.
- Users normally plan for securing their physical property but don’t think about the digital information that is saved on some of their devices. Security threats can come from the inside (e.g., employee or family member) as well as the outside (e.g., thief, hacker)
- Physical security can be controlled by restricting access and controlling that access with devices such as an electronic badge, a key fob or with biometric devices (e.g., retinal scanner, voice recognition, fingerprint scanner).
- Digital security secures information (data) using strong or dual-password authentication, and firewalls
- Social engineering and phishing is often more a threat than anyone could imagine. Users should always be careful with all passwords and other security devices; never share this information with anyone – even people known by the user.