Professional Documents
Culture Documents
Worm:
A worm is similar to a virus by design and is considered to be a sub-class of a
virus. Worms spread from computer to computer, but unlike a virus, it has the
capability to travel without any human action. A worm takes advantage of file or
information transport features on your system, which is what allows it to travel
unaided.
The biggest danger with a worm is its capability to replicate itself on your
system, so rather than your computer sending out a single worm, it could send
out hundreds or thousands of copies of itself, creating a huge devastating effect.
One example would be for a worm to send a copy of itself to everyone listed in
your e-mail address book. Then, the worm replicates and sends itself out to
everyone listed in each of the receiver's address book, and the manifest
continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks
the end result in most cases is that the worm consumes too much system
memory (or network bandwidth), causing Web servers, network servers and
individual computers to stop responding. In recent worm attacks such as the
much-talked-about Blaster Worm, the worm has been designed to tunnel into
your system and allow malicious users to control your computer remotely.
Trojan horse:
A Trojan horse is full of as much trickery as the mythological Trojan Horse it was
named after. The Trojan horse, at first glance will appear to be
useful software but will actually do damage once installed or run on your
computer. Those on the receiving end of a Trojan Horse are usually tricked into
opening them because they appear to be receiving legitimate software or files
from a legitimate source. When a Trojan is activated on your computer, the
results can vary. Some Trojans are designed to be more annoying than malicious
(like changing your desktop, adding silly active desktop icons) or they can cause
serious damage by deleting files and destroying information on your system.
Trojans are also known to create a backdoor on your computer that gives
malicious users access to your system, possibly allowing confidential or personal
information to be compromised. Unlike viruses and worms, Trojans do not
reproduce by infecting other files nor do they self-replicate.
Blended Threats:
Added into the mix, we also have what is called a blended threat. A blended
threat is a more sophisticated attack that bundles some of the worst aspects of
viruses, worms, Trojan horses and malicious code into one single threat. Blended
threats can use server and Internet vulnerabilities to initiate, then transmit and
also spread an attack. Characteristics of blended threats are that they cause
harm to the infected system or network, they propagates using multiple
methods, the attack can come from multiple points, and blended threats also
exploit vulnerabilities.
To be considered a blended thread, the attack would normally serve to transport
multiple attacks in one payload. For example it wouldn't just launch a DoS
attack it would also, for example, install a backdoor and maybe even damage
a local system in one shot. Additionally, blended threats are designed to use
multiple modes of transport. So, while a worm may travel and spread through email, a single blended threat could use multiple routes including e-mail, IRC and
file-sharing sharing networks.
Lastly, rather than a specific attack on predetermined .exe files, a blended
thread could do multiple malicious acts, like modify your exe files, HTML files
and registry keys at the same time basically it can cause damage within
several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the
inception of viruses, as most blended threats also require no human intervention
to propagate.
Logic bomb: A logic bomb is a code which could be written and placed in a
system by a programmer. A logic bomb needs a trigger to be activated. A trigger
is actually a specific condition which needs to be fulfilled to activate the logic
bomb. Logic bomb is not easy to find out in the system and it is mostly
untraceable. It is activated only when certain conditions are met. Logic bombs
can delete files, encrypt data or lock the system down which can be unlocked
only by the person who placed the logic bomb.
screen. After the user has entered the username and password and when he hits
the login screen, the password is acquired by the programmer and the original
login screen is displayed. The user thinks that he made a typo while entering
the password and logs in again not knowing that his password has been
acquired.
Files with .EXE or .VBS extensions are always suspect, because once the file
name is clicked, the program is run, and it can do anything it wants within the
computer. SHS files, a somewhat obscure file type, can also contain executable
code. Another approach is to attach a Windows link file (.LNK), which is a
shortcut, or pointer, to an executable file (.EXE) that is also attached. Since
many have been warned not to click an .EXE attachment, the link file is a sneaky
way of launching the .EXE file for unaware users
Macro Virus
A macro virus is a computer virus that alters or replaces a macro, which is a set
of commands used by programs to perform common actions. For example, the
"open document" action in many word-processing programs relies on a macro to
function, since there are several discrete steps in the process. Macro viruses
change this command set, allowing them to execute whenever the macro is run.
Sources of Macro Viruses
Macro viruses are most commonly found embedded in documents or inserted as
malicious code into word-processing programs. They may come from documents
attached to emails, or the code may be downloaded after clicking on "phishing"
links in banner ads or URLs. They are difficult to detect, as they do not operate
until an infected macro is run, at which time they perform a series of
commands. A macro virus is similar to a Trojan virus, since it may appear benign
and users may not immediately notice any ill effects. Unlike Trojans, however,
macro viruses can replicate themselves and infect other computers.
Types of Macro Viruses
1. Concept Virus
Concept was the first macro virus, appearing in July 1995 and targeted Microsoft
Word. Macro viruses subsequently became the dominant type of virus.
2. Melissa Virus
Melissa made history as the first macro virus with email worm trait and started
spreading via email on March 26, 1999 infecting tens of thousands within hours.
It was one of the most serious epidemics in Internet history.
Malicious Software: Malicious software (malware) is any software that gives
partial to full control of your computer to do whatever the malware creator
wants. Malware can be a virus, worm, Trojan, adware, spyware, root kit, etc. The
damage done can vary from something slight as changing the author's name on
a document to full control of your machine without your ability to easily find out.
Most malware requires the user to initiate it's operation. Some vectors of attack
include attachments in e-mails, browsing a malicious website that installs
software after the user clicks ok on a pop-up, and from vulnerabilities in the
operating system or programs. Malware is not limited to one operating system.
Malware types can be categorized as follows: viruses, worms, trojans, and
backdoors seek to infect and spread themselves to create more havoc. Adware
and spyware seek to embed themselves to watch what the user does and act
upon that data. Root kits seek to give full access of your machine to the attacker
to do what they want.
Malware, short for malicious software, is any software used to disrupt
computer operation, gather sensitive information, or gain access to private
computer systems.[1] Malware is defined by its malicious intent, acting against
the requirements of the computer user, and does not include software that
causes unintentional harm due to some deficiency. The term badware is
sometimes used, and applied to both true (malicious) malware and
unintentionally harmful software.
Denial of Service Attacks
A denial of service (DoS) attack is a malicious attempt to make a server or a network resource
unavailable to users, usually by temporarily interrupting or suspending the services of a host
connected to the Internet. Denial-of-service attacks are considered violations of the Internet
Architecture Board's Internet proper use policy, and also violate the acceptable use policies of
virtually allInternet service providers. They also commonly constitute violations of the laws of
individual nations. The first demonstrated DDoS attack was introduced by well known hacker
Khan C. Smith during a 1998 illegal Defcon event and later exposed for its use Botnet
mechanisms during a lawsuit filed by Earthlink which claims has caused billions in economic
damages.
Methods of attack
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent
legitimate users of a service from using that service. There are two general forms of DoS
attacks: those that crash services and those that flood services.
Max out the processor's usage, preventing any work from occurring.
Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e.
to use up all available facilities so no real work can be accomplished or it can crash the
system itself
In most cases DoS attacks involve forging of IP sender addresses (IP address spoofing) so that
the location of the attacking machines cannot easily be identified and to prevent filtering of
the packets based on the source address.
E-COMMERCE SECURITY
E-commerce security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction.
6 dimensions of e-commerce security
1.
Integrity: prevention against unauthorized data modification
2.
Non-repudiation: prevention against any one party from reneging on an agreement after
the fact
3.
Authenticity: authentication of data source
4.
Confidentiality: protection against unauthorized data disclosure
5.
Privacy: provision of data control and disclosure
6.
Availability: prevention against data delays or removal
E-COMMERCE THREATS
Threats: anyone with the capability, technology, opportunity, and intent to do harm.Potential
threats can be foreign or domestic, internal or external, state-sponsored or a single rogue
element.Terrorists, insiders, disgruntled employees, and hackers are included in this profile
(President's Commission on Critical Infrastructure Protection)
Concern
Loss of Privacy/confidentiality, data misuse/abuse
Cracking, eavesdropping, spoofing, rootkits
Viruses, Trojans, worms, hostile ActiveX and Java
System unavailability, denial of service, natural disasters, power
interruptions
200
1
28%
25%
21%
18%
200
0
25%
20%
26%
20%
Properties
Electronic
wallets
31%
of US populatio
n do not have
credit cards
micropaymen
ts (< $10)
Independent
Portable
Divisible
Stores
shipping &
Costs
Advantages
Disadvantages
Internet cash
transfer: no
fixed cost of
hardware
No distance
costs
Small
processing fee
to banks
Lengthy
download for
Efficient
Less costly
Enter
information
Money
laundering
Forgery
Low
acceptance
Multiple
standards
Client-side
wallets are not
e.g., Passp
ort
Smart
cards
e.g., Blue
Credit
cards
e.g.,VeriSi
gn
billing
information
Encrypted
digital
certificate
Embedded
microchip
storing
encrypted
personal
information
Line of credit
Purchase
dispute
protection
Secure
Electronic
Transaction
(SET) Protocol
client-side
wallets
Time value of
money
Unpaid
balance charge
$50 limit on
frauds
Processing fee
into
checkout
forms
automaticall
y
Convenienc
e
portable
Privacy issue
for server-side
wallets
Most
popular
Worldwide
acceptance
Need a card
reader
Card theft
Low
acceptance
Costly
SECURITY REQUIREMENTS
1.
Authentication of merchant and consumer
2.
Confidentiality of data
3.
Integrity of data
4.
Non-repudiation
ECURITY MEASURES
1. Secure Electronic Transaction (SET) protocol: developed jointly by MasterCard and Visa
with the goal of providing a secure payment environment for the transmission of credit
card data.
Features
Encryption of data during transmission
Confirmation of message integrity
Authentication of merchant
Authentication of consumer
Transmission of specific data only on a "need
know" basis
Inclusion of bank or trusted third party in
transaction
No need for merchant to secure credit card
data internally
SSL
Yes
Yes
Yes
No
No
SET
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
*
*
*
*
*
2. Disposable credit numbers: one-time-use credit card numbers (private payment number)
are transmitted to the merchant
Download software (a Private Payment icon tray will be displayed on the screen)
Shop online
Log-in
Enter the one-time-used credit card number and expiration date into merchant's
standard form
E-Cash
An anonymous electronic cash system; equivalent to "cash" or "printed bank notes" except
that it is transferred through networks with bits of information, in essence it is just another
representation of monetary value; anonymity is preserved through public key cryptography,
digital signatures, and blind signatures.
Electronic Money, E-Cash, is changing the way currency is perceived. While the change
seems as revolutionary as the conversion from value-based mediums of exchange (e.g. gold,
silver) to paper currency, it is actually only an evolution from current paper-based mediums.
There are a number of benefits of E-Cash over greenbacks, but there are also new issues with
which to contend. In addition to new issues, there are also new forms of old problems which
E-Cash will not solve. In its current state electronic cash is a necessary innovation in the
financial markets. However, it is highly doubtful that E-Cash will actually replace paper
currency.
E-Cash Security
There are several aspects to security when dealing with E-cash. The first issue is the security
of the transaction. How does one know that the E-cash is valid? Encryption and special serial
numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash.
These methods are suseptible to hackers, just as paper currency can be counterfeited.
However, promoters of E-cash point out that the encryption methods used for electronic
money are the same as those used to protect nuclear weapon systems. The encryption
security has to also extend to the smartcard chips to insure that they are tamper resistant.
While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the
Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step
ahead of hackers.
Physical security of the E-cash is also a concern. If a hard drive crashes, or a smartcard is lost,
the E-cash is lost. It is just as if one lost a paper currency filled wallet. The industry is still
developing rules/mechanisms for dealing with such losses, but for the most part, E-cash is
being treated as paper cash in terms of physical security. Companies are making some
exceptions when it comes to a software/hardware failure, but these are supposed to be rare.
To help customers get used to this concept, most companies are limiting E-cash wallets to
$500, reflecting the primary use of E-cash for low value transactions. There is a benefit to Ecash in the area of theft, however. A mugger or pickpocket would not be able to make use of
another's smartcard without the appropriate password. Merchants should also lose less cash
to employee theft, since the electronic cash will be inaccessible (or, at a minimum, traceable).
The ultimate area of security is faith in the currency. This, however, would still be the
responsibility of the Federal Government on a systemic basis. Essentially, the E-cash is merely
a representation of hard currency on deposit at banks. Thus, faith in the system should not
falter.
E-Cash Privacy
Transactions involving paper currency are difficult to trace. If digital money is to replace paper
currency, it must retain certain aspects of this quality.
As information technologies expand, privacy becomes of greater concern. People are realizing
that with every credit card transaction, corporate databases are becoming larger and larger.
By using paper currency, people are able to exclude themselves from these databases.
Therefore, for e-cash to be effective, it must maintain this privacy function.
DigiCash claims it has developed a system that provides privacy for the user without
sacraficing security for the receiver. If a system is completely private, the merchant has no
way of verifying the validity of the electronic money. The user would also be unable to have a
receipt for the transaction. However, DigiCash utilizes a one-sided signiture. Basically, the
user keeps record of payments made, but the merchant only receives enough information to
allow his bank to verify the authenticity of the E-cash.
This signiture process is also suppose to deter the criminal element of cash transactions.
Since a record of the transaction is created and kept (by the payee), extortion, bribes, or
other illegal transactions should occur less frequently.
Debit card
A debit card (also known as a bank card or check card) is a plastic payment card that
provides the cardholder electronic access to their bank account(s) at a financial institution.
Some cards may bear a stored value with which a payment is made, while most relay a
message to the cardholder's bank to withdraw funds from a payer's designated bank account.
The card, where accepted, can be used instead of cash when making purchases. In some
cases, the primary account number is assigned exclusively for use on the Internet and there
is no physical card.
In many countries, the use of debit cards has become so widespread that their volume has
overtaken or entirely replaced chequesand, in some instances, cash transactions. The
development of debit cards, unlike credit cards and charge cards, has generally been country
specific resulting in a number of different systems around the world, which were often
incompatible. Since the mid-2000s, a number of initiatives have allowed debit cards issued in
one country to be used in other countries and allowed their use for internet and phone
purchases.
Unlike credit and charge cards, payments using a debit card are immediately transferred from
the cardholder's designated bank account, instead of them paying the money back at a later
date.
Debit cards usually also allow for instant withdrawal of cash, acting as the ATM card for
withdrawing cash. Merchants may also offercashback facilities to customers, where a
customer can withdraw cash along with their purchase
Credit card
A credit card is a payment card issued to users as a system of payment. It allows
the cardholder to pay for goods and services based on the holder's promise to pay for
them. The issuer of the card creates a revolving account and grants a line of credit to
the consumer (or the user) from which the user can borrow money for payment to
a merchant or as a cash advance to the user.
A credit card is different from a charge card: a charge card requires the balance to be paid in
full each month. In contrast, credit cards allow the consumers a continuing balance of debt,
subject to interest being charged. A credit card also differs from a cash card, which can be
used like currency by the owner of the card. A credit card differs from a charge card also in
that a credit card typically involves a third-party entity that pays the seller and is reimbursed
by the buyer, whereas a charge card simply defers payment by the buyer until a later date
Public-key cryptography
Public-key cryptography, also known as asymmetric cryptography, is a class
of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of
which is public. Although different, the two parts of this key pair are mathematically linked. The public key is
used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or
to create a digital signature. The term "asymmetric" stems from the use of different keys to perform these
opposite functions, each the inverse of the other as contrasted with conventional ("symmetric") cryptography
which relies on the same key to perform both.
There are two main uses of public-key cryptography:
Public-key encryption, in which a message is encrypted with a recipient's public key. The message
cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to
be the owner of that key and the person associated with the public key. This is used in an attempt to
ensure confidentiality.
Digital signatures, in which a message is signed with the sender's private key and can be verified by anyone
who has access to the sender's public key. This verification proves that the sender had access to the private
key, and therefore is likely to be the person associated with the public key. This also ensures that the
message has not been tampered with, as any manipulation of the message will result in changes to the
encoded message digest, which otherwise remains unchanged between the sender and receiver.