Computer Security

Computer Security

 

Table of Contents
1. Introduction 2
2. Potential Threats to Computer systems and Networks 4
2.1. Denial of Service 4
2.1.1. Type of attacks 5
3. Security Measures for a Networked Computer System 6
3.1. Security Steps 7
3.1.1. Protect 7
3.1.2. Detection 7
3.1.3. React 8
3.2. Security Measures 9
3.2.1. Firewalls 9
3.2.2. Daemons 9
3.3. Security Tools 10
3.3.1. Cryptography 10
Conclusion 11
References 12

Computer Security
1. Introduction
Computer security is the safeguarding of information. It is based on the safeguarding and discovery of authorized operations by handlers of computer. Information is the crucial asset in a number of companies. The information is access by a wide range of people through the help of networks and computers. With the high number of people who are getting access to networks, the potential threats bring about a great form of destruction. The network security is a significant aspect of a network which has to be upheld as information is moved from one computer to another and is quite susceptible to attack.
In the past years people that manage security of networks and computer systems have witnessed a rise in the hacker and criminals that form wicked threats that have been applied to networks globally.
The prevalent and complicated form of security threats to Information Technology goes on to be a significant issue for the present companies and commercial settings. The IT models that have been the backbone of a number of management operations in most enterprises are quite susceptible to potential attacks and destruction. The IT susceptibilities may be directed to internal and external aspects. As stated by Colwill (2010), these causes may be deliberate or unintentional.
The IT threats are divided into several layers. They have a number of constituents composing of the OS, networks, computer systems, software technologies among others. In bigger phases the threats can be divided into a number of sections. Yeh and Chang (2007) have noted a number of sections: software, hardware, information, network, physical, personnel and management. The size of the threats to these sections has brought about high form of attention to the subject of IT/IS security in the coming times. It is definite that the absence of security looks down upon the strength of IT/IS systems with terrible implications in a number of instances. This paper looks into the diverse forms of IT threats and how to manage them effectively. This will be with the help of a number of tools.
2. Potential Threats to Computer systems and Networks
2.1. Denial of Service
There are varied security threats which have developed in the present time. Denial of Service attack is quite destructive with regard to experts of security. This form of attack hinders users of services from the prospective users. The brutality of attack differs with the size of loss and the length of attack. The DoS attacks may be extended to Distributed to Denial of Service which damages to a large extend.
The main intention of Denial of Service attack is to hinder users from getting admission to a system or a resource, and the potential implication to the model is considerable (Trusted Information Sharing Network, 2009). There are varied ways that this attack could be done. The ground feature would be to clog the network of a user’s network and hence rendering it inaccessible to other users. There are similarly varied ways of rendering the service unavailable, one may congest the network resources, draining the CPU, limiting the computer power, taking advantage of timers and killing the domain name translations.
There are varied attacks that may apply on the application level, blocking the normal operation of service. There are varied attacks that are meant to a crash a web browser, email or media player. When the application is disturbed and normal operation is blocked it is attributed to as application level Denial of Service. There are similarly other attacks that can cause permanent damage to a computer system. These attacks are known as permanent Denial of Service of Plashing. This type of attacks is in most cases firmware built that is targeted at entirely doing away with the hardware. The firmware is found inside a system or a program which is embedded on each electronic system for it to work properly. A case where an attack is able to alter the firmware and substitute it with a faulty one, the hardware may no longer be applied (Trusted Information Sharing Network, 2009). This form of attacks may be directed to networking apparatuses like routers, or switches among others and hence bringing about a routing table to fall. An error in a router could bring about large scale destruction if it is not backed up or rerouted. In a number of cases, computer tools that attempt to upgrade their firmware over the internet and do not consider looking out form signatures or the trusted sources are bound to be victims of this attack.
Denial of Service attack is in most cases undertaken in bigger systems attacking a precise victim. This form of attack is known as Botnet. It arises from a number of slave systems called Zombies. The attacking tendency is in most cases managed by a remote attacker that applies these systems. In most cases the user is not conversant of the attack taking place.
2.1.1. Type of attacks
There are varied forms of attack termed to as Denial of Service that would bring about a destruction of normal service. The attacking trends are categorized into two forms. The first method would be to flood the network hence blocking a large part of the bandwidth for the valid packets to pass. There other one would be crash the hardware or software and make it not to work. This is done in the servers, routers among others.
The Smurf attack tends to take place on the flooding of the bandwidth of a user. Here the attacker directs ICMP echo requests to a location. The message is composed of spoofed source address when compared to the victim’s address. There is also the Ping Flood and Ping of Death has some connection to the Smurf in the case a victim is allocated erroneous packets that would make the system to crush. They two forms of attacks are easy to model. For example would bring about an attack.
Attacker#./sing-echo-s1024 –S ddos-1. Example.com192.168.81.255
Singing to 192.168.81.255(192.168.81.255):16 data bytes.
There is also the TCP SYN flood which when compared to the other methods that looks on taking up the bandwidth while this one looks to exploit CPU. When a user aims to interface to a server, a three handshake rule is formed prior to information being sent. The server then responds with an ACK. Hence the user has to direct a SYN ACK signal to form an interface. Here the attackers do not send these last SYN ACK. The first one sent is kept in the memory of the server in wait for a packet to be moved. When such half handshakes are undertaken, the server is out of memory and it crashes. Lastly there is the UDP flood which is the same as the ping flood. Here the UDP packets are in conflict with the server. The network is flooded when zombies are created.
3. Security Measures for a Networked Computer System
The creation of an operative Denial of Service threat mitigation method is important. Hence looking at the vital model and not on safeguarding of systems from DoS attacks is the most operative and justified method to be applied.
The actions that may be applied by commercial companies in their policies and strategic method to control the DoS attacks are: getting involved in combined exercises, advanced form of information sharing, applying security management model, training the employees and applying DoS in risk management. At the operational and technical levels, a wide range of actions are applied so as to safeguard attacks from taking place, note attacks and offer a well-structured and effective reaction.
3.1. Security Steps
3.1.1. Protect
It is quite difficult to offer a strong safeguard from DoS attacks since not one technology or operation has the ability to offer a relevant form of protection. There is however some operation procedures that may be applied so as to safeguard against a company from DoS attacks:
One may undertake technology risk analysis taking to fact a number of aspects, planning for the capacity, making sure that there is a safe network design and physical security; make good use of a safe application design, applying DoS in business management and insecurity experiment.
In regard to technical measures, there are a number of procedures that may be applied to offer some good form of protection against DoS risks to network and system assets: there is application of Anti-DoS tool and services, filtering data, making good use of patch management, application of anti-virus software, undertaking hardening of the system and segregation of the computer systems.
3.1.2. Detection
With the extensive form of attacks that are noted on the Denial of Service, it is not definite to be conversant when a company is being subjected to an attack. In regards to DoS, the implications may be instant and bring about a system or its components to be missing. The signs of the Distribution of Denial of Service attack may not be noticed at once and are obvious in slow admission periods or service absence.
An operation aspect is to bring about connections with the vital sources of IT security intelligence. Some good instances are the CERT that is found in Australia. They are able to determine, track and lock out instant attacks vital structures. There are also security vendors like antivirus companies that offer important guidance on company tendencies reaction methods. It is hence advisable to form strong connections with the vital security branches so as to be aware of the upcoming methods and threats bound.
In regards to technical methods, they do not in most cases notice and recognize Denial of Service attacks. Though when applied in combination of information it may be worthwhile. The technical methods are: the application of intrusion detection methods, the advancement and application of monitoring and logging methods and application of honeypot systems so as push away threats from the actual systems.
3.1.3. React
The response to attacks is one of the biggest steps to a number of companies that may be hindered through outsourcing among other difficulties. The companies have to be well organized so as to handle in the aspect of important and continued DoS attacks.
A reactive operational procedure would in most cases include incident reaction and assessment. It is justifiable and advice to apply some items to elevate operational reaction ability: application of an incident reaction strategy to describe the duties and responsibilities as well as procedures to be undertaken when such cases arise; forming connections with telecommunication and ISPs as they are able to play a role in offering practical safeguard, recognition, filtering and tracking in the event of a DoS attack; undertaking attack assessment and applying necessary steps to hinder imminent attacks.
Technical steps that may be applied to react to DoS attacks would be to apply upstream filtering so as to ease pressure on other parts, application of Intrusion Prevention Systems to hinder access to systems, use of rate control to make sure that valid information are not done away with, elevating size so as to keep availability of systems in reaction to risks and redirecting domain names as control measure for a short time period through the removal or changing of IP addresses.
3.2. Security Measures
There are two ways to maintain a safe system; there is the application of hardware or software like firewalls to hinder admission. There is also observation of the processes in the system.
3.2.1. Firewalls
This is a software-based protection which is applied to keep a network safe. It basically manages traffic through assessing data and knowing if they ought to be acceptable. The firewall hinders pings from outside IP locations. The varied forms of firewall methods are packet filter, application gateway, circuit-based gateway and proxy server.
3.2.2. Daemons
The Daemon is a security process that operates at the background. It helps to know what is operating in the memory of a computer system as they may be of potential threat and use up resources. Some of the computer threats that are noticed run in the form of programs like viruses, Daemon helps in noting them. There are varied functions that are undertaken by daemon, first there is the management of access to the services in a network. This is since the TCP/IP is not safe and may be subjugated. It is similarly able to start specifications; chkconfig is applied to start and stop services and is able to manage other daemons like xinetd.
The background processes are accorded security by the TCP wrappers. They state which client host is acceptable not acceptable to interface with the services. When connection efforts are tried the wrapping makes use of Access Control and Lists to know if the acceptable syslogd is applied to record the host and service. The wrappers tend to be independent of the application used.
3.3. Security Tools
3.3.1. Cryptography
This is concept of safeguarding the network and transmits data through wireless networks. It may be applied to safeguard data from being stolen or altered while similarly be applied for authentication. Cryptography applies some principles, there is the aspect of redundancy where all of the data that is encrypted has to offer some form of redundancy which is the information required to comprehend the message (Kessler, 2012). There is also the aspect of freshness; the method has to spoil repeated attacks. An example is the application of a timestamp in all of the information. The receiver has to retain the prior message and make a comparison with repeated messages. The information or data that is older is done away with.
There are varied forms of cryptographs; there is secret key which makes use of one key for the encryption and decryption, the public key makes use of two keys one for each encryption and decryption and the hash function does not use any key as it is not retrievable from the cipher text.
Nmap is a security tool or scanner that is applied so as to identify hosts and services on a network hence bringing about a map of the network. To make this take place, the Nmap transmits uniquely modeled packets to the intended host and then evaluates the reactions.
As opposed to the cryptography which encrypts data, the Nmap look out for the network state; latency change and network jamming. Similarly due to the wide number of users that interact with the computer networks, the Nmap is able to know if the host is working and which ports are operative, it is able to know the intended OS system, the services applied, facility used and firewall.
The Nmap makes use of varied types of scans in its operation: there is the TCP connect which make use of basic scan that applied system calls, the firewall help in identifying and restricting them; TCP SYN starts the 3 handshake though does not use the last ACK to the host; the TCP FIN transmits data with no connection formed the ports that are open do not use it while the closed ports direct a RST packet, lastly there is the TCP ACK that probes firewalls, direct data with an acknowledgement with no connection set. Here the open and closed ports direct a RST data if there is no answer then filtering takes place.
Conclusion
Computer Security is a vital step that every organization has to take into consideration in order to safeguard its resources as well as be able to meet the needs of the clients efficiently. Computer threats are daily evolving with new ways of attacking the computer system and network, similarly ways on how to manage them are coming up though much more needs to be done.
This paper has been able to look at the varied forms of attacks like Denial of Service as well as the varied ways to manage these risks with several tools. These measures may not be the only way to manage the risks but they are more effective amongst other away. As time goes by new methods come about and ought to be applied for effective results.
References
Colwill, C. (2010). Human factors in information security: The insider threat- Who can you trust these days? Information Security Technical Report, 14, 186-196.
Kessler, G. (2012). An Overview Cryptography. Retrieved from: http://www.garykessler.net/library/crypto.html
Trusted Information Sharing Network (2009). Managing Denial of Service (DoS) Attacks: Summary Report for CIOs and CSOs. Retrieved from: http://www.tisn.gov.au/Documents/ITSEAG+Managing+Denial+of+Service+(DoS)+Atta cks+-+Summary+Report+for+CIOs+and+CSOs.pdf
Yeh, Q., and Chang, A. J. (2007). Threats and countermeasures for information system security: A cross-industry study. Information and Management, 44, 480-491.

Latest Assignments