Computer Security

Where do I begin?



If you are concerned about a single computer, think of it as an independent house, whose care and safety are in the hands of the house owner himself. If you are concerned about a network, compare it with an apartment complex where these things are normally taken up by a separate group.

What is the key to computer security?



Whether you live in an independent house or a flat, you need to protect your doors, windows, corridors, sewer entrances (against rats and bugs) and balconies against intruders. You also need to protect the premises against theft. The same is the case with computers, too. You need to protect entry points (network and Internet) into the computer.

What do I use to provide the security?



For your house, you have a range of security equipment, from padlocks to high-tech surveillance, alarms and even armed guards. The level of security is proportional to the valuables inside. Similarly, with computers, too, there is a range of security measures you could opt for, depending on the value of the data inside.

Should security be local or centralized?



In the case of an apartment complex, most of the security apparatus can be common and centralized. It is the same for a network. But your flat needs strong doors and windows. PCs on a network, too, need some local security.

What sort of security do I need?



Essential to providing good security is the knowledge about who would be likely to target you. If you live in a rowdy locality, you would have more security for your house. If you expect physical harm from criminals or terrorists, then you would employ armed guards. Similarly, if you were just a dial-up user on the Internet, then you would go in for casual security. But, if your firm is a hot target for snoopers, then you need to be more careful about the security in place.

So, who would attack my computer? 



Let us look at who can attack your home. Depending on where and who you are, one or more of the following scenarios can happen. A passing urchin can toss a stone at your costly glass windows. A criminal can burgle your house. An industrial spy can sneak away the copy of those plans you are known to keep in your house. A servant (insider) can smuggle out valuables left lying around. Even a foreign government can take a potshot at your house (don’t believe that? Ask those who live near international borders). These are the very same people who can compromise your computer systems–a teenage hacker, a professional spy, a criminal looking for credit-card details, an insider or a foreign government agency.

Where can an attack come from?



Intruders can enter your property through already available entry points–the doors and windows. On your computer, the entry points are normally the IP ports, specific addresses that listen to, or provide services (every action by a computer can be thought of as a service). Bigger crooks can drill or hack their way through your wall. On a computer, they can attack a vulnerability in installed software that has not been patched (see box for definitions). Enterprising thieves can get entry into your house as servants or service staff, and work from inside. Similarly, Trojan horse programs can be installed on a computer, giving access to unwanted people.

What weapons will they use?



People attacking your house can cut off all communication lines to the outside world, or otherwise block entry. On your server, it can be a denial of service attack that denies access to legitimate users. They

could enter your property armed with a variety of weapons. On your  PC, it can be viruses and worms. On the Internet, it can be the Ping

of death. And new weapons get invented all the time, even as older ones get sharpened.

Can I have an absolutely safe computer?



That is like asking whether you can build a house that can never be broken into. An absolutely safe computer is one that has never been connected to any network, has no software installed, and does not allow anyone to access it. Obviously, you do not want to own such a computer.

What can I do to keep myself from being attacked?



As new weaknesses are discovered in your fencing, you have to patch them up. Similarly, as new vulnerabilities are discovered in your OSs and other installed software, you have to download and install the required patches and anti-virus updates. As potential attackers discover new weapons, you need to update yourself on what they can do and how to counter them. You might go to the police or to a private agency if you require special security measures for your property. Similarly, you need to approach a good security consultant for your network.

What about all the extra-valuable stuff that I have?



At your house, you would put your valuables in a safe or a locker. Similarly, for valuable data, you need to have systems to which access is strictly restricted and monitored, and adopt measures like the use of special software to, say, encrypt the data.

How do I handle insiders becoming a threat?



You restrict access and opportunities for mischief, like you would in your house. For example, if you are running a call center, where the customer database is probably the most valued asset, you wouldn’t have floppy drives on PCs. You would also restrict the ability to copy, locally save this data, or even e-mail it out.

How do I keep track of vulnerabilities and patches? 



There are a number of newsgroups and e-mail advisories that you can use. There is the CERT advisory

(www.cert.org) and a number of newsgroups at www.securityfocus.com. You can also keep track of major attacks at sites like

www.news.com  and www.slashdot.org.

Tech Talk

Back door: A secret access built into software (usually without the user being aware of it), which bypasses security measures and grants unauthorized access.

Buffer overflow: Occurs when more data is put into a buffer (a defined holding area in RAM) than it is defined to handle. A buffer overflow can crash a machine, and it can be induced by exploiting bugs in software.

Denial of service attack (DoS): Swamping a machine with a flood of useless traffic so that it cannot service legitimate requests coming from legitimate clients.

Distributed denial of service attack (DDoS): DoS is one machine attacking another machine. DDoS is when many machines (possibly hundreds and even thousands) are made to mount a DoS attack on a target. 

Firewall: A software or hardware device installed at the point of connecting a network or PC to the Internet (or to another network), to prevent unauthorized access into the system, and also to hide and protect the machines in the network from the outside world.

Patch (security patch): A piece of software installed on  existing software to close a known vulnerability. A security patch, unlike an upgrade, normally doesn’t involve adding features.

Ping of death: A type of DoS attack. A machine using a packet of a specified size or larger, resulting in a buffer overflow in the recipient machine. Results in machine crashing or becoming unstable.

Port scan: The process of checking for open ports on a computer through which an attacker can enter. Normally, this is automated using software.

Sniffer: A device or software that monitors traffic on a network. It can capture data traveling on the network, and so can be dangerous in the hands of an attacker. Also has legitimate use in the hands of a system administrator to optimize the network or to spot problems.

Spoofing: Claiming to be someone else. IP spoofing involves an attacker disguising his IP address as the IP address of a machine trusted by the attacked machine, and thus gaining unwarranted access to it.

Trojan: Named after the wooden horse in the legend of Helen of Argos and the Trojan war. A destructive software, that’s camouflaged as something useful, or which hides a destructive element inside.

Virus: A file that attacks files on a PC, destroying or corrupting them. These days, the names virus, Trojan and worm are often used interchangeably.

Vulnerability: A risky element, or a point of weakness (feature or bug) in a software, which allows an attacker to gain unauthorized entry into the system and compromise it.

Worm: A self-replicating program that spreads from computer to computer on a network (local or Internet) by itself, often inflicting harm to the targetted machines.