Enterprising I.T. Solutions

 

Information

 

Security Terminology

 
          Home
 

 

            
 

Security remains one of the most neglected topics with small business Information Technology Solutions.  Mistakenly small businesses feel that their risks are insignificant compared to larger organizations.  

FBI statistics, reveal that among Fortune 500 companies, most data thefts in 1998 were by internal users. Again, research results carried in PC Week in March 1999 report that, out of 800 workers surveyed, 21-31% admitted to sending confidential information - like financial or product data - to recipients outside the company by email. Ten per cent of those surveyed disclosed that they had received email containing company-confidential information.

While maybe not as sever as the security issues with large organizations, small businesses are not immune to all security risks.  And without IT Security professionals on staff, the risks they do face often go unnoticed, unprotected with the overall effects actually being fairly significant.

 

 

Typical Security Risks & Attacks 
There are many different ways that hackers attempt to gain access or do damage to a company system. Most of these attacks are well known and documented on many security Web sites. Some of the more common attacks are listed as follows. 

  1. Spoofing User Identity = Spoofing user identity is when a hacker obtains a user's personal information or something that enables the hacker to replay the authentication procedure. Spoofing threats are associated with a hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security. 
  2. Tampering with Data = An unauthorized change to stored or in-transit information, formatting of a hard disk, a malicious intruder introducing an undetectable network packet in a communication, and an intruder making an undetectable change to a sensitive file are all tampering threats. 
  3. Repudiability = A user performing an illegal operation without the ability to be traced is called "repudiability." Repudiability threats are associated with users (malicious or otherwise) who can deny a wrongdoing without any way for you to prove otherwise. 
  4. Information Disclosure = Disclosure of private or business-critical information can compromise an enterprise. Information disclosure threats expose information to individuals who are not supposed to see it. A user's ability to read a file that she or he was not granted access to, as well as an intruder's ability to read the data while in transit between two computers, are both disclosure threats. Note that this threat differs from a spoofing threat in that here the perpetrator gets access to the information directly rather than by having to spoof a legitimate user.
  5. Denial of Service = A "Denial of Service" (DoS) attack prevents legitimate users from using a service. The effectiveness of a DoS attack is measured three ways: 
    1. Effort. A measure of the effort required for the attack to be successful. The least effort is a single packet that crashes a computer. The greatest effort is a lot of large packets, possibly sent by multiple attackers.
    2. Severity. A measure of how much the service has been degraded. A severe attack will prevent all legitimate users from accessing the service. A mild attack may slow down access, but not shut it down completely. 
    3. Persistence. An attack is persistent if its effects continue after the attack stops. The strongest attacks persist even if the attacker is blocked from accessing the service. Some attacks persist until the server is rebooted. The effects of a weak attack end as soon as the attack does. 
    DoS attacks range from mildly annoying to true security risks. In general, a good firewall should prevent them from happening. 
  6. Elevation of Privilege = An elevation of privilege threat is when an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. The more dangerous aspect of such threats is compromising the system in undetectable ways whereby the user is able to take advantage of the privileges without the knowledge of system administrators. Elevation of privilege threats include those situations where an attacker is allowed more privilege than should properly be granted, compromising the security of the entire system and causing extreme system damage. Here the attacker has effectively penetrated all system defenses and become part of the trusted system itself and can do anything.
 

 

Security Terms & Concepts

 
 
A-C D-F G-I J-L M-O P-R S-U V-X Y-Z Tips
 

A

ActiveX
ActiveX controls are software modules based on Microsoft's Component Object Model (COM) architecture. They add functionality to software applications by seamlessly incorporating pre-made modules with the basic software package. Modules can be interchanged but still appear as parts of the original software.

On the Internet, ActiveX controls can be linked to Web pages and downloaded by an ActiveX-compliant browser. ActiveX controls turn Web pages into software pages that perform like any other program launched from a server. 

ActiveX controls can have full system access. In most instances this access is legitimate, but one should be cautious of malicious ActiveX applications.

Back
   
 
Applet
Any miniature application transported over the Internet, especially as an enhancement to a Web page. Authors often embed applets within the HTML page as a foreign program type. 

Java applets are usually only allowed to access certain areas of the user's system. Computer programmers often refer to this area as the sandbox.
 
 
Attributes
Characteristics assigned to all files and directories. Attributes include: Read Only, Archive, Hidden or System.
 
   
   
B
Back Door
A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk. Also: Trapdoor.
Back
 
Background Task
A task executed by the system but generally remain invisible to the user. The system usually assigns background tasks a lower priority than foreground tasks. Some malicious software is executed by a system as a background task so the user does not realize unwanted actions are occurring.
 
   
 
BIOS
Basic Input/Output System. The part of the operating system that identifies the set of programs used to boot the computer before locating the system disk. 

The BIOS is located in the ROM (Read Only Memory) area of system and is usually stored permanently.
 
 
Boot
To start (a cold boot) or reset (warm boot) the computer so it is ready to run programs for the user. Booting the computer executes various programs to check and prepare the computer for use. See Also: Cold Boot, Warm Boot
 
 
Boot Record
The program recorded in the boot sector. This record contains information on the characteristics and contents of the disk and information needed to boot the computer. If a user boots a PC with a floppy disk, the system reads the boot record from that disk. See Also: Boot Sector
 
 
Boot Sector
An area located on the first track of floppy disks and logical disks that contain the boot record. Boot sector usually refers to this specific sector of a floppy disk, whereas the term Master Boot Sector usually refers to the same section of a hard disk. See Also: Master Boot Record
 
 
Brute Force Attack
An attack in which each possible key or password is attempted until the correct one is found. See Also: Attack
 
 
Bug
An unintentional fault in a program that causes actions neither the user nor the program author intended.
 
C Back
 
Cold Boot
To start the computer by cycling the power. A cold boot using a rescue disk (a clean floppy disk with boot instructions and virus scanning capabilities) is often necessary to clean or remove boot sector infectors. See Also: Boot, Warm Boot
 
   
D
Denial Of Service (DoS)
An attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause denial of service attacks by destroying or modifying data or by overloading the system's servers until service to authorized users is delayed or prevented. See Also: Attack
Back
E
Encryption
Encryption is the scrambling of data so it becomes difficult to unscramble and interpret.
Back
F
FAT
File Allocation Table. The under MS-DOS, Windows 3.x, 9x, and NT (in some cases), the FAT is located in the boot sector of the disk and stores the addresses of all the files contained on a disk. Viruses and other malicious programs, as well and normal use and extended wear and tear, can damage the FAT. If the FAT is damaged or corrupt, the operating system may be unable to locate files on the disk.
Back
 
Firewall
A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of a computer that acts as a barrier through which all information passing between the networks and the external systems must travel. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules.
 
G   Back 

H

Hijacking
An attack whereby an active, established, session is intercepted and used by the attacker. Hijacking can occur locally if, for example, a legitimate user leaves a computer unprotected. Remote hijacking can occur via the Internet.
Back
Hole
Vulnerability in the design software and/or hardware that allows circumvention of security measures.
I Back
J
JavaScript
JavaScript is a scripting language that can run wherever there is a suitable script interpreter such as Web browsers, Web servers, or the Windows Scripting Host. The scripting environment used to run JavaScript greatly affects the security of the host machine: 
  •  
    A Web page with JavaScript runs within a Web browser in much the same way as Java applets and does not have access to host machine resources.
  •  
    An Active Server Page (ASP) or a Windows Scripting Host (WSH) script containing JavaScript is potentially hazardous since these environments allow scripts unrestricted access to machine resources (file system, registry, etc.) and application objects.
Back
K   Back 
L   Back
M Back
N
NTFS
NT File System; a Windows NT file system used to organize and keep track of files. See Also: FAT
Back
Network spoofing
In network spoofing, a system presents itself to the network as though it were a different system (computer A impersonates computer B by sending B's address instead of its own). The reason for doing this is that systems tend to operate within a group of other trusted systems. Trust is imparted in a one-to-one fashion; computer A trusts computer B (this does not imply that system B trusts system A). Implied with this trust is that the system administrator of the trusted system is performing the job properly and maintaining an appropriate level of security for the system. Network spoofing occurs in the following manner: if computer A trusts computer B and computer C spoofs (impersonates) computer B, then computer C can gain otherwise-denied access to computer A. 
O
Operating System - OS
The operating system is usually the underlying software that enables you to interact with the computer. The operating system controls the computer storage, communications and task management functions. Examples of common operating stems include: MS-DOS, MacOS, Linux, Windows 98. Also: OS, DOS
Back
P
Password Attacks
A password attack is an attempt to obtain or decrypt a legitimate user's password. Hackers can use password dictionaries, cracking programs, and password sniffers in password attacks. Defense against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes. See Also: Password Sniffer
Back
Password Sniffing
The use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software. Most sniffers are passive and only log passwords. The attacker must then analyze the logs later. See Also: Sniffer
PGP
Pretty Good Privacy. Considered the strongest program for encrypting data files and/or e-mail messages on PCs and Macintosh computers. PGP includes authentication to verify the sender of a message and non-repudiation to prevent someone denying they sent a message.
Piggyback
To gain unauthorized access to a system via an authorized user's legitimate connection.
Q   Back
R Back
S
SMTP
Simple Mail Transport Protocol. The Internet e-mail delivery format for transmitting e-mail messages between servers. 
Back
Sniffer
A software program that monitors network traffic. Hackers use sniffers to capture data transmitted via a network. 
T
Trojan Horse Program
A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. 
Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses. Also: Trojan
Back
 
TSR
Terminate and Stay Resident. TSR programs stay in memory after being executed. TSR programs allow the user to quickly switch back and forth between programs in a non-multitasking environment, such as MS-DOS. Some viruses are TSR programs that stay in memory to infect other files and program. Also: Memory-resident Program
 
U
UNC
Universal Naming Convention. This is the standard for naming network drives. For example, UNC directory path has the following form: \\server\resource-pathname\subfolder\filename
Back
V Back
 
VBS VB
Visual Basic Script. Visual Basic Script is a programming language that can invoke any system function--including starting, using and shutting down other applications without--user knowledge. VBS programs can be embedded in HTML files and provide active content via the Internet. Since not all content is benign, users should be careful about changing security settings without understanding the implications. This file type has the extension VBS.
 
 
Virus
A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files so when the infected file executes, the virus also executes. Other viruses sit in a computer's memory and infect files as the computer opens, modifies or creates the files. 
Some viruses display symptoms, and some viruses damage files and computer systems, but neither symptoms nor damage is essential in the definition of a virus; a non-damaging virus is still a virus.

There are computer viruses written for several operating systems including DOS, Windows, Amiga, Macintosh, Atari, and UNIX, and others. McAfee.com presently detects more than 57,000 viruses, Trojans, and other malicious software. (Note: The preferred plural is the English form: viruses) 

See Also: Boot Sector Infector, File Viruses, Macro virus, Companion Virus, Worm,

 
W
Warm Boot
Restarting a computer without first turning off the power. Using CTL+ALT+DEL or the reset button on many computers can warm boot a machine. See Also: Cold Boot, Reset 
Back
Windows Scripting
Windows Scripting Host (WSH) is a Microsoft integrated module that lets programmers use any scripting language to automate operations throughout the Windows desktop. 
Worm
Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network. Worms often spread via IRC (Internet Relay Chat).
X   Back
Y   Back 
Z Back

       
 

General IT Security Tips 

 
 

Password Management 

Users must maintain the confidentiality of user accounts and passwords. Furthermore, passwords used to access external services must not be identical to any password used on an internal corporate system. User account IDs and passwords transmitted over external services, such as the Internet, may be transmitted in clear text and are easily susceptible to discovery. Strong passwords must be used on the external perimeter network.
Some guidelines for password use are:

  • Passwords must contain at least eight characters, and preferably nine (recent security information reports that many cracking programs are using the eight character standard as a starting point). Also, each password must follow the standards set for strong passwords
  • All passwords used by the built-in Windows 2000 accounts (including service accounts) must be changed to conform to the password standard. 
  • It is mandatory that all accounts have passwords. No blank passwords are permitted. 
  • Never loan your password out. If for some reason you must share your password, remember to change it immediately. 
  • Passwords must be changed every 30 days. The system will keep a history of the last six passwords used and not allow repeats. This forces users to use at least seven unique passwords. 
  • Never write your password or send it via e-mail. 
  • Accounts will be locked out after three bad password attempts (administrators should set lockout duration to more than 30 minutes or until an administrator unlocks the account).

Controlling Access to the Computer

No computer is completely secure if people other than the authorized user(s) can physically access it. Here are some examples of security measures taken by the bank to restrict physical access:

  • Ensure that only authorized people are allowed to log in at a server's console (audit logins in order to alert administrators if someone other than an authorized user logs in). 
  • Provide only administrative access to the floppy drive and CD ROMs on all servers. 
  • Install a lock on the CPU case, keep it locked, and store the key safely away from the computer at a secure location. 
  • Format all hard disks with NTFS file systems (NTFS). 
  • Control access to the power and reset switches, exposing only the computer's keyboard, monitor and mouse. Keep the CPU and removable media drives behind a locked door. 
Back