MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
Home arrow Resources & Tools arrow Quick References arrow Computer Security Threats
Tuesday, 22 January 2019
 
 
Main Menu
Home
Forums
Online Store
Web Directory
Affiliates
Sitemap
Featured Sites


Help Support Us!
Support MyTechSupport.ca in making a small donation:

Currency:

Computer Security Threats

Basic Troubleshooting Steps Beep Codes
Computer Ports / Connectors  New Computer Security Threats  New
CPU Types and Specifications DVD Formats  New
File Extensions File Size Conversion Table
HTTP Status Messages IBM Diagnostic Codes
Linux Reference Guide  New Maximum Dedicated Bandwidths
Memory Styles and Types Modem AT Commands, S Registers and RS-232C pins
OSI Network Model Partition Size vs. Cluster Size
RAID Levels Explained  New Regular Expressions  New
Shortcut Keys Standard DMA, I/O and IRQ Assignments
TCP and UDP Port Numbers Technology Reference Cards
Windows XP TCP/IP Utilities - Netsh  New Wireless Networking Standards

| Malicious Threats | Unintentional Threats | Physical Threats |

Malicious Threats
Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Countermeasures
Malicious Software Virus Application Malicious software that attaches itself to other software. For example, a patched software application in which the patch’s algorithm is designed to implement the same patch on other applications, thereby replicating. Replicates within computer system, potentially attaching itself to every software application

Behavior categories

  • Innocuous
  • Humorous
  • Data altering
  • Catastrophic
All computers

Common categories

  • Boot sector
  • Terminate and Stay Resident (TSR)
  • Application software
  • Stealth (or Chameleon)
  • Mutation engine
  • Network
  • Mainframe
Limit connectivity. Limit downloads

Use only authorized media for loading data and software

Enforce mandatory access controls. Viruses generally cannot run unless host application is running

Changes in file sizes or date/time stamps

Computer is slow starting or slow running

Unexpected or frequent system failures

Change of system date/time

Low computer memory or increased bad blocks on disks

Contain, identify and recover

Antivirus scanners - look for known viruses

Antivirus monitors - look for virus related application behaviors

Attempt to determine source of infection and issue alert

Worm Application

Network

Malicious software which is a stand alone application Often designed to propagate through a network, rather than just a single computer Multitasking computers, especially those employing open network standards Limit connectivity, employ firewalls

Worms can run even without a host application

Computer is slow starting or slow running

Unexpected or frequent system failures

Contain, identify and recover

Attempt to determine source of infection and issue alert

Trojan Horse Application A Worm which pretends to be a useful program or a Virus which is purposely attached to a useful program prior to distribution Same as Virus or Worm, but also sometimes used to send information back to or make information available to perpetrator Unlike Worms, which self propagate, Trojan Horses require user cooperation

Untrained users are vulnerable

User cooperation allows Trojan Horses to bypass automated controls

User training is best prevention

Same as Virus and Worm Same as Virus and Worm

Alert must be issued, not only to other system admins, but to all network users

Time Bomb Application A Virus or Worm designed to activate at a certain date/time Same as Virus or Worm, but widespread throughout organization upon trigger date Same as Virus and Worm

Time Bombs are usually found before the trigger date

Run associated anti-viral software immediately as available Correlate user problem reports to find patterns indicating possible Time Bomb Contain, identify and recover

Attempt to determine source of infection and issue alert

Logic Bomb Application A Virus or Worm designed to activate under certain conditions Same as Virus or Worm Same as Virus and Worm Same as Virus and Worm Correlate user problem reports indicating possible Logic Bomb Contain, identify and recover

Determine source and issue alert

Rabbit Application

Network

A Worm designed to replicate to the point of exhausting computer resources Rabbit consumes all CPU cycles, disk space or network resources, etc. Multitasking computers, especially those on a network Limit connectivity, employ firewalls Computer is slow starting or running

Frequent system failures

Contain, identify and recover

Determine source and issue alert

Bacterium Application A Virus designed to attach itself to the OS in particular (rather than any application in general) and exhaust computer resources, especially CPU cycles Operating System consumes more and more CPU cycles, resulting eventually in noticeable delay in user transactions Older versions of operating systems are more vulnerable than newer versions since hackers have had more time to write Bacterium Limit write privileges and opportunities to OS files

System administrators should work from non-admin accounts whenever possible

Changes in OS file sizes, date/time stamps

Computer is slow in running

Unexpected or frequent system failures

Antivirus scanners: look for known viruses

Antivirus monitors: look for virus related system behaviors.

Spoofing Spoofing Network

Data Link

Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network Spoofing computer often doesn’t have access to user level commands so attempts to use automation level services, such as email or message handlers, are employed Automation services designed for network interoperability are especially vulnerable, especially those adhering to open standards Limit system privileges of automation services to minimum necessary

Upgrade via security patches as they become available

Monitor transaction logs of automation services, scanning for unusual behaviors

If automating this process do so off-line to avoid "tunneling" attacks

Disconnect automation services until patched or monitor automation access points, such as network sockets, scanning for next spoof, in attempt to trace back to perpetrator
Masquerade Network Accessing a computer by pretending to have an authorized user identity Masquerading user often employs network or administrator command functions to access even more of the system, e.g., by attempting to download password, routing tables Placing false or modified login prompts on a computer is a common way to obtain user IDs, as are Snooping, Scanning and Scavenging Limit user access to network or administrator command functions

Implement multiple levels of administrators, with different privileges for each

Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions

Change user password or use standard administrator functions to determine access point, then trace back to perpetrator
Scanning Sequential Scanning Transport

Network

Sequentially testing passwords/authentication codes until one is successful Multiple users attempting network or administrator command functions, indicating multiple Masquerades Since most login prompts have a time delay built in to foil automated scanning, accessing the encoded password table and testing it off-line is a common technique Enforce organizational password policies.

Make even system administrator access to password files cumbersome

Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator
Dictionary Scanning Application Scanning through a dictionary of commonly used passwords/authentication codes until one is successful Multiple users attempting network or administrator command functions, indicating multiple Masquerades Use of common words and names as passwords or authentication codes (so called "Joe Accounts") Enforce organizational password policies Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator
Snooping (Eavesdropping) Digital Snooping Network Electronic monitoring of digital networks to uncover passwords or other data Users or even system administrators found online at unusual or off-shift hours

Changes in behavior of network transport layer

Example of how COMSEC affects COMPUSEC

Links can be more vulnerable to snooping than nodes

Employ data encryption

Limit physical access to network nodes and links

Correlate user identification with shift times

Correlate user problem reports. Monitor network performance

Change encryption schemes or employ network monitoring tools to attempt trace back to perpetrator
Shoulder Surfing Physical Direct visual observation of monitor displays to obtain access Authorized user found online at unusual or off-shift hours, indicating a possible Masquerade

Authorized user attempting administrator command functions

"Sticky" notes used to record account and password information

Password entry screens that do not mask typed text

"Loitering" opportunities

Limit physical access to computer areas

Require frequent password changes by users

Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions

Change user password or use standard administrator functions to determine access point, then trace back to perpetrator
Scavenging Dumpster Diving All Accessing discarded trash to obtain passwords and other data Multiple users attempting network or administrator command functions, indicating multiple Masquerades "Sticky" notes used to record account and password information

System administrator printouts of user logs

Destroy discarded hardcopy Correlate user identification with shift times

Correlate user problem reports relevant to possible Masquerades

Change entire password file or use baiting tactics to trace back to perpetrator
Browsing Application

Network

Usually automated scanning of large quantities of unprotected data (discarded media or online "finger" type commands) to obtain clues as to how to achieve access Authorized user found online at unusual or off-shift hours, indicating a possible Masquerade

Authorized user attempting administrator command functions

"Finger" type services provide information to any and all users.

The information is usually assumed safe but can give clues to passwords (e.g., spouse’s name)

Destroy discarded media

When on open source networks especially, disable "finger" type services

Correlate user identification with shift times or increased frequency of access

Correlate user command logs with administrator command functions

Change user password or use standard administrator functions to determine access point, then trace back to perpetrator
Spamming Spamming Application

Network

Overloading a system with incoming message or other traffic to cause system crashes Repeated system crashes, eventually traced to overfull buffer or swap space Open source networks especially vulnerable Require authentication fields in message traffic Monitor disk partitions, network sockets, etc. for overfull conditions Analyze message headers to attempt trace back to perpetrator
Tunneling Tunneling Network Any digital attack that attempts to get "under" a security system by accessing very low level system functions (e.g., device drivers, OS kernels) Bizarre system behaviors such as unexpected disk accesses, unexplained device failures, halted security software, etc. Tunneling attacks often occur by creating system emergencies to cause system reloading or initialization Design security and audit capabilities into even the lowest level software, such as device drivers, shared libraries, etc. Changes in date/time stamps for low level system files or changes in sector/block counts for device drivers Patch or replace compromised drivers to prevent access

Monitor suspected access points to attempt trace back to perpetrator

Unintentional Threats
Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Countermeasures
Malfunction Equipment Malfunction All Hardware operates in abnormal, unintended mode Immediate loss of data due to abnormal shutdown

Continuing loss of capability until equipment is repaired

Vital peripheral equipment is often more vulnerable than the computers themselves Replication of entire system including all data and recent transactions Hardware diagnostic systems On-site replication of hardware components for quick recovery
Software Malfunction Application Software behavior is in conflict with intended behavior Immediate loss of data due to abnormal end

Repeated system failure when re-fed "faulty" data

Software developed using ad hoc rather than defined formal processes Comprehensive testing procedures and software designed for graceful degradation Software diagnostic tools Backup software and robust operating systems facilitate quick recovery
Human Error Trap Door

(Back door)

Application System access for developers inadvertently left available after software delivery Unauthorized system access enables viewing, alteration or destruction of data or software Software developed outside defined organizational policies and formal methods Enforce defined development policies

Limit network and physical access

Audit trails of system usage, especially user identification logs Close Trap Door or monitor ongoing access to trace back to perpetrator
User/Operator Error All Inadvertent alteration, manipulation or destruction of programs, data files or hardware Incorrect data entered into system or incorrect behavior of system Poor user documentation or training Enforcement of training policies and separation of programmer/operator duties Audit trails of system transactions Backup copies of software and data

On-site replication of hardware

Physical Threats
Category Threat OSI Layer Definition Typical Behaviors Vulnerabilities Prevention Detection Countermeasures
Physical Environment Fire Damage N/A Physical destruction of equipment due to fire or smoke damage Physical destruction of systems and supporting equipment Systems located near potential fire hazards, e.g., fuel storage tanks Off-site system replication, while costly, provides backup capability On-site smoke alarms Halon gas or FM200 fire extinguishers mitigate electrical and water damage
Water Damage N/A Physical destruction of equipment due to water (including sprinkler) damage Physical destruction of systems and supporting equipment Systems located below ground or near sprinkler systems Off-site system replication Water detection devices Computer rooms equipped with emergency drainage capabilities
Power Loss N/A Computers or vital supporting equipment fail due to lack of power Immediate loss of data due to abnormal shutdown, even after power returns

Continuing loss of capability until power returns

Sites fed by above ground power lines are particularly vulnerable

Power loss to computer room air conditioners can also be an issue

Dual or separate feeder lines for computers and supporting equipment Power level alert monitors Uninterruptible Power Supplies (UPS)

Full scale standby power facilities where economically feasible

Civil Disorder

Vandalism

N/A Physical destruction during operations other than war Physical destruction of systems and supporting equipment Sites located in some overseas environments, especially urban environments Low profile facilities (no overt disclosure of high value nature of site) Physical intrusion detection devices Physical access restrictions and riot contingency policies
Battle Damage N/A Physical destruction during military action Physical destruction of systems and supporting equipment Site located in theater Off-site system replication

OPSEC and low profile to prevent hostile targeting

Network monitoring systems Hardened sites

MyTechSupport.ca tries to supply accurate and up-to-date information but it is possible that this page may contain typographical errors or technical inaccuracies. Any errors will be periodically corrected as they are made known to us. If any such errors are found, we would appreciate if you would report them here.
Thank You.


Comments
Add New Search
+/- 
Write comment
Name:
Email:
 
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:angry::0:confused::cheer:B):evil::silly::dry::lol::kiss::D:pinch:
:(:shock::X:side::):P:unsure::woohoo::huh::whistle:;):s
:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.

3.22 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 
 
 
 
Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
 
Back to Top Back to Top
Generated in 0.29061 Seconds