Adware
is
software that displays
banner ads or pop-ups when a computer is in use. Adware is typically
designed to interact with
web browsers, since it's
often not clear whether pop-ups are coming from a website or
adware.
The presence of adware is likely if dubious offers are displayed as
pop-ups or banner ads even when you are visiting a reputable website
and have a pop-up blocker enabled.
Even though
adware is not classified as harmful
malware, many users
regard it as irritating and
intrusive.
Adware can often
have undesired effects on a system, even interrupting the Internet
connection or system operations. The ads that are displayed are also
typically of an unreliable nature, which, given the method by which
they are presented, is to be expected.
The term
backdoor is used to
describe an application or service that permits remote access to an
infected computer. It opens up a so-called
backdoor to
circumvent other security mechanisms.
Backdoors
generally embed themselves in the
operating system or are included in shareware
or freeware. Backdoors can also spread via e-mail or by riding
piggyback on other
malware.
Once infected,
the computer responds to client programs suitable for executing
various types of processes. Some backdoors are designed to give the
outward appearance of messenger applications in order to exploit
existing
networks. The IRC
(Internet Relay Chat) network is popularly misused for this purpose.
Backdoors are
often one component in an intricate web of different
malware
types that might go
so far as to set up a so-called bot network. Bot networks are large
networks of infected computers that are used to run complex
operations, for example. As resources are seized, you will notice
that your computer becomes sluggish.
Web Browser or Browser, for Short
Browser
refers to a program that is used to look through content published
on the Internet and to display Internet pages.
Pages displayed
using a browser are usually connected to one another using so-called
"hyperlinks". In other words, clicking on individual words or design
elements will take the user to another page.
The information
that you are now looking at, for example, is displayed by the
browser
software
that you are currently using!
The
Different Manufacturers
Browsers are
available from various manufacturers. Those most commonly used
browsers are "Microsoft
Internet Explorer",
"Firefox" and
"Mozilla",
not least because they are already preinstalled or they are
available free of charge.
Microsoft Internet Explorer
Is a widely
distributed browser that runs on
Windows and Macintosh
computers, and which is usually preinstalled on the
operating system.
Firefox
Belongs to the
Mozilla family and is available for all major
operating systems.
It is a much smaller version of the Mozilla browser.
Mozilla
The upgraded
version of the Netscape 4 browser that was previously widely in use
was released by the Netscape company as an "open source" version and
constitutes a completely new product.
Because of the
"open source" concept the software is, firstly, available free of
charge and, secondly, being developed by voluntary developers to
compete with Microsoft's Internet Explorer. The traditional
availability of many different platforms has been retained in the
process.
Mozilla now refers to a combination of browser and e-mail program.
Current versions of the Netscape browser are largely identical to
Mozilla, and based on the same programming code.
Dialers
are dialing programs. As the name suggests, they are used to dial up
an Internet connection, but they use preset and typically overpriced
phone numbers.
There are a
great number of dubious websites, some of which draw you in with
serious content but only allow access through their own special
dialer.
The bait ranges from "recipes" to "homework assistance" and "adult"
content.
Many people use
dialers
without knowing that some of these programs actually use expensive
numbers from pay-per-call sites. The user is then liable for the
overpriced fees.
Grayware
is a blanket term for all applications that cause annoying and
possibly undesirable or unforeseen behavior in the way programs run.
Categories
·
Adware
·
Dialers
·
Hacking tools
·
Joke programs
·
Remote access programs (RAP)
·
Spyware
Unlike
malware,
grayware
does not fall into the category of major threats. Grayware is not
detrimental to basic system operations.
But
grayware generally
harbors the risk of opening
vulnerabilities. Some
applications classified as
grayware have been misused for malicious activity,
while others (Adware)
are used to steer users toward products of dubious origin.
What most
software
classified as
grayware has
in common is that it gathers information about the user's behaviors.
This data is then either sold or used to display targeted
advertising.
Businesses that
work with confidential information should generally be very cautious
using applications whose primary function is to gather personal and
confidential data.
Hacking
tools
are programs that render a
computer
or
network
more vulnerable to attack or use simulated hacking to test the
vulnerability of all accessible components. The latter can result in
instability or even system crashes and
hardware
damage.
In some cases,
this is achieved by taking information about the system or other
systems accessible through the local
network
that is useful to hackers, and broadcasting it to outside sources.
In other words,
hacking tools can be used to spy on an entire
network.
Unlike backdoors
and remote access programs, hacking tools make it easy to exploit
vulnerabilities,
or else they simulate hacking until complete access is granted.
Classifying
hacking tools
as
grayware
is legitimate, because they are primarily used to test the security
of
networks.
Such tools should only be used by professionals, however. When in
doubt, it is better to remove
hacking tools.
The term
hardware refers to
all of a computer's physical components and peripheral devices.
Or, to put it
simply: everything in or on a computer that you can touch with your
hands is known as hardware.
This includes the mouse, the keyboard, the screen and printer plus
internal components such as the processor, hard drives, mains
adaptor, etc.
Hardware
and
software
form a single unit
in a computer, and the user does not generally perceive them to be
separate things.
You can see the
hardware of
a widely-used type of computer in the "Personal
Computers" article.
Joke
programs
are classified as relatively harmless. The objective in developing
joke programs is to annoy or play a joke on users. No files are
infected and no damage is caused.
You may be
familiar with jokes like the one about the "cup holder" or simulated
virus attacks that colleagues like to use to tease the
inexperienced.
software
of this type is
classified collectively as "joke programs," as long as it has no
potential to do damage.
Malware is the
name given to
software
that runs computer
processes that are either unexpected or unauthorized but always
harmful. The term "malware" generally covers
viruses,
worms and
Trojan horses.
Depending upon
its type, malware may contain a replicating or non-replicating
program element, although
malware, by its nature, is multi-faceted and can
consist of several elements (as can be seen from the different names
of the component parts).
Interaction of
its diverse elements allow this type of malware to spread much more
easily, making it more dangerous as well. One element usually acts
as a worm to help it proliferate while it smuggles in a common virus
or Trojan piggyback.
Programming:
As malware
becomes increasingly modular, simple programming skills are
sufficient to create it or to equip a successful worm with a simple
but destructive payload. The times are gone when extensive knowledge
of a programming language was a must.
Ambition and
malice often feed each other when one group uses intelligent methods
to exploit
vulnerabilities and
ensure wide proliferation; while another group uses tried and tested
malware as a transport mechanism for malicious code or propaganda.
Reproduction and Proliferation:
Malware spreads
in many different ways. Worms can be dispersed through e-mail,
instant messaging programs or
network connections.
Viruses generally reproduce within a system, though some virus types
can also reproduce through automated propagation modes, similar to
worms.
Although Trojans
are not equipped with automatic mechanisms for reproducing and
spreading, they still linger throughout the Internet and hide in
e-mails or web pages, through which they are downloaded via
integrated or hidden links while a page is
loading.
Just as a
telephone network connects individual people with one another, a
computer network connects multiple IT components such as
personal
computers, servers, printers, etc., with one another
and thereby enables an
exchange of information between the various
components.
This
exchange of information
is what enables computers in different places to work together.
Unlike in a telephone network, in a computer network all the
computers are connected to each other simultaneously. Therefore
there is not usually only a 1 to 1 connection.
One of
Many
One of the
best-known and largest computer networks is the Internet. Once
someone is connected to the Internet, they become one of
many millions of
users across the world.
Without computer
networks there would be no Internet, no e-mail and therefore,
basically, no modern information society. Computer networks have
become a necessity in the modern world, and sooner or later they
will replace traditional telephone networks.
Everyone's Invited
In principle,
each user in a computer network can, at any time, invite any other
user to exchange information. This data does not always flow
directly from the start to the end point, but is passed on via
various intermediate points (involving other users).
A network's
greatest strength is also its main weakness. All users have a great
deal of flexibility and leeway, but at the same time they have to
ensure that unwanted queries to their own computers come to nothing.
In order to
protect oneself from this type of risk, it is vital that all
possible
vulnerabilities
are eliminated from the start. It is also advisable that other
precautionary defenses in the form of
firewalls
and antivirus software are installed.
An
operating system
creates the connection between the computer's
hardware
and the
application
software employed by the user (i.e. you).
Thus the
operating system ensures, for example, that all the programs on the
computer can print to the same connected printer without you having
to tell each program explicitly how the printer is connected and who
the manufacturer is.
Complex
Range of Tasks
The operating
system is normally a complex piece of
software
that has to perform many different tasks in order to first enable
and then simplify the user's interaction with the computer.
You usually
require an operating system, which has to be installed on your
computer, in order to be able to use other applications such as a
Microsoft Office product, image editing programs and computer games.
Security Risks
Due mainly to
its great complexity, an operating system is susceptible to
vulnerabilities,
usually caused by using it in ways for which it was not intended or
the exploitation of existing functions.
Therefore it is
advisable to perform regular updates in order to reduce the risk of
an infection caused by
harmful software
(viruses,
worms,
etc.).
Depending on the operating system, there are automatic routines for
this purpose that will help you carry out such processes.
You will
significantly improve security if you also employ
anti-virus software and
so-called
firewalls.
Common
Operating Systems Include
·
Microsoft Windows
·
Linux
·
MacOS
PC is the
abbreviation for the term "personal computer". The PC was developed
30 years ago and can now be found almost everywhere. Other terms
include desktop and home computer.
Development Goes On
Personal
computers
have, over time, moved on from being simple machines that made
office work easier or introduced classic arcade games to the home,
into ever more complex and powerful tools for the modern information
society.
Whether playing computer games or getting information from the
Internet, all computers are now usually capable of performing these
tasks. As a result, there has automatically been an increase in the
need for security solutions
that can protect the
software
you use by plugging
vulnerabilities.
The
Most Important Components of a Modern PC
The Motherboard
This is the
location of the most important switching elements used to help the
PC's components to communicate. These include:
·
The
CPU (central
processing unit), also known as the master processor:
The master processor is a PC's core component, which controls all
the associated components and executes user-defined programs.
·
The
RAM (random
access memory):
The RAM is
the working memory in which all the data in any open program is
temporarily stored so that it can be accessed quickly.
The benefit of this data memory is that (as the name suggests) data
can be read from and written to any location at any time with a
uniform, but extremely small, time loss. Thus the speed of the
RAM and the
CPU is
largely responsible for a computer's performance.
The main drawback of RAM
is the fact that the memory is completely deleted if there is a
power cut. So quick, non-volatile
storage media are
required if data losses are to be avoided.
·
The
ROM (read
only memory):
ROM consists
of ICs (integrated circuits) which, in the same way as a CD,
hold static data and so can only be read.
The best-known ROM
component is the Bios
(Basic Input Output System) which, shortly after the computer is
switched on, initialises the
hardware
and provides a standardised
software
interface which enables an
operating system
to start itself so that the user is provided with an intuitive
environment.
Input Devices
e.g. mouse,
keyboard and scanner
Output Devices
E.g. monitor
printer and loudspeaker
Storage Media
Storage
media
include CD-ROMs, DVD-ROMs, floppy disk drives, hard disks and
different types of memory cards with non-volatile storage
components.
Storage
media
are needed to transport and store data, because the computer's RAM
is both unsuitable for storage and far too expensive.
Nowadays, hard
drives are the storage media
with the greatest capacity that have an extremely high degree of
reliability and high speed. So almost every computer has, as well as
other storage media, a hard drive on which all the basic data,
including the
operating system,
the application programs and user data is stored long-term.
The term
phishing refers to a
method of stealing personal data whereby an authentic-looking e-mail
is made to appear as if it is coming from a real company or
institution. The idea is to trick the recipient into sending secret
information such as account information or login data to the
scammer.
Legitimate
companies will never send you an e-mail asking for information
relating to confidential data, your credit card, bank account or
social security number.
We strongly discourage answering such requests or clicking on
links within
the e-mail.
Method
A phishing
e-mail will first try to win your trust through an authentic-looking
but fake e-mail - for example, a message from your bank. This
typically includes a request to make some change to your account
login using a link that is provided.
Clicking the
link takes you to what is usually a perfectly falsified website by
the scammer asking you to log in. Once you have taken this step, it
is already too late, because the scammer knows your login
information and can get to work. The only remedy is to immediately
disable or block your account access.
A
network protocol is
a definition
via which data gets from one network user to another user. If 2
users cannot agree on a protocol, they will not speak the same
language and
the communication
will fail.
Protocols can be
divided into 2 main categories.
·
Protocols at hardware, or network, level
These are protocols that are used to identify all the computers in a
network and enable the required data transfer.
They determine how
data gets from A to B.
·
Protocols at application level
These are protocols that are used if there is already a connection
to another computer.
They determine which
data gets from A to B.
Protocols at Hardware or Network Level
The most
commonly used protocol for managing different computers in a network
nowadays is the one that has appeared in the wake of the Internet,
TCP/IP.
The basic
structure of the computer's address (IP address) of certain
transmission methods and ports (similar to channels) is defined by
this protocol and differs from that in a network based on a
different protocol.
However, given that some parts of this protocol are fixed components
of almost every modern piece of
hardware,
almost every large network is based on these structures, including
the Internet.
Who is Who, Addressing
TCP/IP
assigns a unique address (IP
address) to each user in the overall network, but
nevertheless allows them to create separate areas that can re-use
address spaces. This is required because there are not enough
addresses (protocol limitation in IPv4) available to assign a unique
address to every computer in the world.
Partitioned areas communicate with other users via so-called
routers. The users
of two partitioned areas can only communicate with one another
indirectly.
IP
addresses
are numerical addresses that take the form "127.0.0.1" (in IPv4) and
they are needed to contact the target computer when a new connection
is initiated. One also refers to the initiator of a connection as
the "client"
and to the receiving computer as the "server".
Given that
numbers are very difficult to memorise, computers are also referred
to using names.
Computer addresses such as "www.trendmicro.com" are re-translated to
the numerical address before the connection is initiated. This
additional item, however, is not a component of
TCP/IP, i.e. this
protocol does not define this function itself. Despite this, it
would be hard to find a network based on
TCP/IP that does not
provide the addition.
Channels, Ports
The
TCP/IP protocol
defines 65025 ports, which are best compared to the channels on a
radio or television.
When a connection is initiated on a target computer, the port can be
used to contact the required service, in the same way as the
required station is set on a television.
When a computer
works as a server,
an application occupies a port and in this way makes its functions
available to all the other users on the network (in the same way as
a television station occupies a channel).
Over time, certain port numbers have become established for many
applications (e.g. e-mail). Data that is transmitted via ports is
subject to a protocol at application level. The TCP/IP protocol is
transparent for applications, i.e. an application does not assert
its existence simply through the data transmission, because data is
only being transported here, just like cars use a motorway, without
being entered in a database in connection with their driving
behavior.
A
portscan (i.e. a type of
transmitter search) can be run to ascertain whether your own
computer is also making services or data available on networks such
as the Internet.
If they are found, so-called
firewalls will help. You can
permit or refuse access to ports using rules.
Protocols at Application Level
Application
level protocols are used when the connection between two computers
has already been made. They define other data transfer rules,
depending on the purpose of the use, or the application being used.
Therefore they
do not automatically form part of the basic configuration of a
networking computer. This means they usually need applications such
as e-mail programs or
web browsers
to operate a client
or server
that can understand and use these protocols.
The term
server is often
taken to mean a computer that can process a large number of queries.
However, a server
is no more than an application that provides services within a
network. Computers that specialise in executing server software are,
indeed, known as servers,
but it is merely the
software
that turns them into servers.
With all
application level protocols it is important to understand that there
is always a querying side (client)
and an answering side (server),
which have to be made known to one another via addresses and ports.
The protocols
that are of most value for internet communication are shown below.
However, it should be pointed out that at application level, there
are still innumerable protocols that are more or less well-known.
It is also a fallacy to assume that ports are always occupied by the
same protocol. This process depends only on the application
occupying the port.
Port 25 - SMTP (Simple Mail Transfer Protocol)
The
SMTP protocol is
used to transport,
i.e. to despatch and deliver e-mails, and is best compared with your
postman.
All of the underlying conditions required to despatch and deliver
e-mails, such as the details of the target and sender addresses, are
defined within the SMTP
specifications.
If you use an
e-mail program, you might become aware that
SMTP is used in the
context of outgoing mail. Indeed,
SMTP is used to
despatch outgoing e-mails (in a sense that they place them in the
postman's hand).
Incoming post
works differently. Because you are not always online (and the
electronic postman cannot ring), incoming post is put into a mailbox
for you (from a technical point of view, you do not usually provide
an SMTP server, but are always only a
client. Therefore an
external, intermediary storage area is required.).
Later on, you use a POP3
or IMAP
protocol to empty or view this electronic mailbox.
Port 110 - POP3 (Post Office Protocol Version 3)
This is a simple
protocol that is only used to move post, or e-mails, which are lying
in your electronic mailbox, to your local computer.
After e-mails are moved from your electronic mailbox, they are
usually removed and only exist on your computer. (In the same way
that postal mail does not simultaneously lie in the letterbox and on
the kitchen table).
Electronic
mailboxes (so-called POP3
servers) are usually provided by your Internet
service provider and normally require you to log on using a user
name and password.
Port 143 - IMAP (Internet Message Access Protocol)
The
IMAP protocol
constitutes a fundamental extension of the
POP3 protocol.
Unlike with the POP3
protocol, your mailbox is not emptied. Instead, the entire
organisational structure that you create in your e-mail program is
transferred to the mailbox.
So e-mails are
not only fetched from the mailbox, but all the operations (in this
case sorting mails into folders) that you carry out on your local
computer are synchronised with the mailbox. Thus the mail is located
on both the local and the remote computers (mailboxes, or
IMAP servers).
The advantages
of using this protocol are that, firstly, you can access your
e-mails from any computer (as long as you know the access details)
and, secondly, at holiday times you can also give a replacement
temporary access to your mailbox without having to make your
computer available to them.
Port 80/443 - HTTP/HTTPS (Hypertext Transfer Protocol)
The
HTTP protocol is a
simple protocol that is used with relation to transferring data via
the Internet. It was originally only intended for transferring
so-called hypertexts (or, text documents connected to one other by
links).
Websites now
contain many types of data that can all be transferred via
HTTP.
The HTTPS
protocol means HTTP
over SSL
(Secure Socket Layer). In this case, the data transfer is packed
into another protocol, (SSL),
and thus encrypted, as SSL
is an encryption procedure/protocol.
Web browsers
implement the HTTP
protocol as the client,
thereby enabling the user to browse the Internet and so-called
web servers
that constitute the server
for the HTTP
protocol.
The URL
(Uniform Resource Locator) that can be seen in the browser contains
the web server's computer
name (-> IP address) and the details of the
protocol, port and other required data.
Port 21 - FTP (File Transfer Protocol)
The
FTP protocol is
related to HTTP
in the broadest sense. However, it is rather more fully optimised
for file operations than
HTTP while it does not have other, unnecessary,
functions.
Web browsers
also generally implement the
FTP protocol.
However, the range of functionality there is usually no greater than
in the HTTP
implementation.
There is a fully-fledged FTP
client in most current operating systems. You simply
enter the connection data into a file browser's address line and you
will then be able to make a full connection with the
FTP server.
Back to Top
A
personal firewall is
a program that works on a
PC
as a protective filter for data communication in a potentially
dangerous
network
such as the Internet.
This is done by
monitoring incoming and outgoing connections, depending on the
connection
protocol or
connection type used. Where necessary, the
connection is prevented.
Connection Protocol?
You are using
one of the (for end users) best-known connection types at this very
moment - you are on the Internet and, a short time ago, you
transferred the content that you are now reading to your local
computer.
This is done via the so-called
HTTP
protocol, which specifies how the data gets to your computer.
Another example
of a network connection that you will know is the
sending and receiving of e-mails and phone calls via
VoIP (Voice
over IP)
Wide
Range of Configurations
Depending on the
firewall being used, configuration can be relatively complicated and
requires an in-depth knowledge of transmission protocols and the
software installed.
However, some
manufacturers here work with
ready-made and adjustable profiles,
and therefore simplify
the process whereby users configure settings to such a degree that a
single mouse-click is enough to provide a feeling of security.
RATs
(Remote Access Tools)
enable remote access to an infected computer, thus permitting
outside administration or manipulation.
Unlike
backdoors,
RATs are not malicious
programs but legitimate tools for managing data and program
sequences on external computers linked through a
network
connection.
Why are
Remote Access Tools Identified?
What begins with
good intentions can quickly be exploited.
RATs are generally
identified as
grayware
if they are rare or unusual examples of their type.
To begin with,
nothing can be known with certainty in such cases about potential
vulnerabilities.
Furthermore, the likelihood is greater that the installed
RAT is a variant
misused by scammers or even other
malware.
The term
software generally
refers to all the non-physical components required to make a
computer work, i.e. all the "installed" programs and data of all
types that exist on so-called
storage media.
For example,
software would include your digital holiday photos and the program
required to view and edit the photos.
What is
Software?
Software
can be divided into system
and application software.
Thus:
·
System software is:
o
An
operating system
o
Antivirus software
o
A
personal
firewall etc...
·
While
application software would describe:
o
A
photo editing program
o
A
computer game
o
Financial software etc...
What
Does Software Do?
Software gets
the computer to deploy its resources to perform certain tasks,
depending on the software being used, in the same way that a car
driver has to get the car to go from A to B.
Because software
is created by human beings, errors can occur - just as they do on
the roads - which, as software and programs become increasingly
complex, can quite easily remain undetected by the majority of
users.
Software errors
(see also
vulnerabilities)
are very often exploited for various purposes by criminal gangs.
Whether the goal in mind is notoriety, data theft or data
destruction, there are unfortunately no barriers here.
However,
software can also be used to protect against such scenarios. "Antivirus
software" and "personal
firewalls" minimise the risk resulting from software
errors.
Spyware
is
software
that monitors and collects a user's data and eventually transmits it
to a company for various purposes. This typically happens in the
background - that is, the activity is invisible to most users.
Many users
unwittingly agree to install spyware by accepting the end-user
license agreement (EULA) of
freeware
without reading it thoroughly. Spyware is thus often completely
legitimate marketing-oriented
software.
Nevertheless,
many perceive it to be an objectionable form of data acquisition,
since the user has no control over the information that is
transmitted. What's more, spyware can also interfere with a
network
connection and result in increased system activity.
The State of
California defines spyware as programs that are installed under
misleading premises, as software that hides in
PCs
and furtively monitors the user's activities (for example, by
logging the history of websites visited).
Telephone Network
Primarily used
in the traditional way to transfer speech from one user to another
(point-to-point connection). As well as the traditional transfer of
phone conversations, this point-to-point connection is also used to
bridge the gap between computer networks and for data transfer.
In an analogue
telephone network the data stream, which usually has a digital
source, has to be modulated into an analogue signal and the answer
has to be demodulated for the data to be transferred via a modem
(modulator/demodulator).
In recent times,
the digital ISDN (Integrated Services Digital Network) standard has
enjoyed increasing popularity due to its greater data transfer speed
and flexibility. ISDN means the digital transfer of all data
including speech, which has to be digitised in an ISDN telephone.
DSL
(Digital Subscriber Line)
DSL is a widely
deployed technology for broadband (rapid) data transfer.
Frequency-separating fibres (splitters) are used to modulate an
analogue signal coming from a modem to the existing telephone
network infrastructure, thus enabling the simultaneous transfer of
speech and data, or primary and secondary data.
By using
different frequencies for DSL and phone, the two technologies work
independently of one another on the same physical copper cable. So
the use of DSL does not relate to the phone standard (analogue or
digital) as long as the frequencies do not cross over.
In the private
customers segment (DSL to connect with the Internet Service
Provider) it is usually only very short connections to the digital
exchange that are bridged. The digital exchange then has a broadband
data link that is used for other communication.
As this service has to be provided by the network operator, there is
normally a separation between the DSL connection fee and the cost of
using the Internet.
DSL is an
impressive demonstration of where the strengths of modern, analogue
data transfer lie. By exploiting under-used capacity, in comparison
to a purely digital data transfer, a secondary or tertiary signal
can be modulated to a line, no matter whether the primary signal has
an analogue or digital source.
LAN
(Local Area Network) and WAN (Wide Area Network)
These are not
actually data transfer technologies, but a means of logically
classifying the sizes of multiple computers in a network to one
another.
One speaks of a LAN
when the extension of the networked computers does not exceed 1km2.
If the extension is greater, e.g. the Internet, one refers to the
network as a WAN,
and to the interim stage as a
MAN (Metropolitan
Area Network).
Underlying data
transfer technologies can be implemented in different ways, but
Ethernet is
always used. Ethernet
comes in different speeds, and the most common, 10Mbit, 100Mbit and
1000Mbit per second, make volume transactions cost-effective.
Data is
transferred digitally using the
Ethernet and
fast Ethernet
standards, either point-to-point or with hub-and-spoke cabling, if
more than 2 network users are to communicate with one another. In
this case the users are linked to a hub/switch and communicate via
this central point.
Hubs send all
incoming signals to all the other users so that the users themselves
have to decide whether a data packet is meant for them or not.
Switches can actually exploit upgraded technologies to identify who
individual data packets are meant for, but they do not completely
resolve this design-related security problem.
Thus all the devices linked to the same hub/switch can listen in,
which requires zones and segments to be set up in order to separate
critical applications from one another.
All the variants
of the Ethernet
standard are linked by cable, while the type of cable and data
transfer rate differ according to their names. "10Base2" refers to
an early variant of 10Mbit via a BNC cable, while the most common,
"100Base-TX", has a 100Mbit transfer rate via "Twisted Pair,
Category 5" wiring (Cat5).
Today, many types of wiring are available, including glass fibre.
Due to the fact that it is mass-produced and thus relatively cheap,
the Cat5 cable is the most common and can also be used for 1000Mbit
(1000Base-T) transfers.
WLAN
(Wireless Local Area Network)
The WLAN, or
Wi-Fi, is a wireless local area radio network that is comparable
with Ethernet in terms of the breadth of its functionality, the main
difference lying in the fact that the users are linked not by cable,
but by radio.
As there is no
physical cable connection, additional attention needs to be paid to
controlling access and to data encryption since, in theory, every
piece of data sent can be recorderd by radio receivers.
As with the
Ethernet standard, Wi-Fi also has point-to-point connections between
2 devices (ad hoc) and an equivalent to the hub/switch - the base
station, or wireless access point. Access control and security are
provided by encrypting the data being transferred.
The basic
WEP (Wired
Equivalent Privacy) encryption procedure does not resolve the
security problems that Ethernet has despite encryption, as all the
users use the same code to communicate with one another. Moreover,
the code is defined beforehand, and is then used statically, as
there are no automatic processes to update the code amongst the
authorised users or to create connection-related, dynamic (based on
a user name and password) access controls.
As a
consequence, someone with malicious intentions can take all the time
they need to work out a code using recorded data transmissions and
then, once they have worked it out, they can become an active user
of the radio network.
This procedure can be fully automated using private programs and is
quite easy even for a lay person. So if only
WEP is used, no
important data should be transmitted directly.
WPA
remedies precisely these weaknesses in
WEP. However,
RC4, the
procedure that takes a code and any data stream and makes them into
a data stream that is only readable using the code, and the
procedure used in WEP and WPA,
is generally regarded as also being insecure, though it is somewhat
improved with the latter. Only its successor,
WPA2, constitutes a
real improvement.
GSM
(Global System for Mobile Communications) / UMTS (Universal Mobile
Telecommunications System)
These are mobile
radio standards for services that have a very high transfer rate,
such as speech, fax, data and navigation.
The underlying
quality characteristics can be compared to those of the ISDN digital
telephone network. UMTS
achieves DSL transfer rates and thus enables video on demand, video
telephony and rapid, wireless Internet access.
The term Trojan
horse or Trojan
comes from Greek legend. In the world of computers, it refers to
covert infiltration by
malware
or malicious
software
under the guise of
a useful program.
After a Trojan
is activated, it is often very difficult to discover the extent of
the damage and generally identify the malware. The Trojan may change
its original name and reactivate every time a
PC
is restarted.
In general, it's
rare for a large number of files to be infected. Instead, the
Trojan
embeds itself directly in the computer's
operating system.
Depending on the motivation of the virus author, the malware
contained in the Trojan may be designed to collect personal or
financial data.
A
computer virus is
software
with the ability to self-replicate and attach itself to other
executable programs.
The behaviour is
comparable to its biological counterpart.
Computer viruses can
also be contagious (might spread on or even beyond the infected
computer), exhibit symptoms (the presence of malicious code and its
magnitude) and involve a recovery period with possible long-term
effects (difficulty in removal and loss of data).
Common
Types of Viruses
·
ActiveX viruses infect only
Web browsers that support ActiveX.
·
Boot sector viruses infect a particular sector on
storage media
that is reserved for data needed to boot up a computer.
·
Java viruses exploit vulnerabilities in outdated versions of the Java
Runtime Environment.
·
Macro viruses can occur in all file types that permit storage of
document-related macros.
·
Script viruses spread by exploiting script languages, including
cross-platform languages.
·
File infector viruses infect executable programs.
Proliferation
Viruses can
spread by attaching themselves to many types of files as soon as
these files are executed, copied or sent.
Payload
Some computer
viruses are programmed to include a payload. This payload can either
display propaganda or images, or else destroy files, reformat your
hard drive or cause other damage.
If the virus is
not programmed to do damage, it can still cause problems by blocking
hard disk space and RAM, weakening the overall performance of your
computer. Virus attacks are becoming more and more the norm and
occurring with greater frequency than in the past, often with
disastrous consequences.
Growing
Proliferation
One cause for
the rise in virus attacks is the sharp rise in the number of
networked
computers, especially related to Internet usage. The
larger the number of shared files, the greater the risk of a virus
infection.
Besides the
rising number of opportunities for viruses to penetrate an
organisation, another reason for the rise in attacks is new types of
viruses. These include macro viruses and portable executable viruses
(PE viruses), which can spread very quickly through shared documents
and e-mails or e-mail attachments.
Vulnerabilities
in computer security usually consist of opportunities either to
operate the computer remotely without input from the user, or to
directly or indirectly spy on data (during a data transfer).
There are many
different ways in which resourceful data thieves can achieve their
objective, from simple, plausible vulnerabilities such as a
connected, unblocked computer in a public area to programs
implemented secretly such as
remote access
tools and
Trojans.
How Do
They Occur?
Apart from the
vulnerabilities mentioned above, there are many others.
One needs to draw a basic distinction between non-networked and
networked computers. Everything that applies to non-networked
computers also applies to networked computers, but not vice-versa.
Non-Networked Computers
These are
computers that are not connected to other computers. A connection to
the Internet or any similar
network
is a network connection, so you would be unable to read this
paragraph if your computer were non-networked!
Apart from
direct access, non-networked computers offer relatively few
opportunities for vulnerabilities to be exploited.
The main danger consists of being infected by installed software
with viruses, which can then lead to data being lost under certain
circumstances.
However, some viruses can actually use an available modem or ISDN
card to network your computer.
Networked Computers
Networked
computers, unlike non-networked ones, are exposed to many types of
attack as soon as a connection exists to a network such as the
Internet.
·
operating systems
contain a large number of functions whose complexity makes them
susceptible to being manipulated over the network, which then
enables the computer to be attacked.
This almost always occurs without the user realizing it.
·
Any
program
that needs a
network
connection is thus prone to creating vulnerabilities
in a system while it is being executed or used.
o
E-mail programs
o
Web browsers
such as Microsoft Internet
Explorer and
Firefox
o
ICQ
and other messaging software
o
So-called server software in general
·
Carelessness is an important factor in relation to vulnerabilities in
networked computers. Even when vulnerabilities have not been
exploited in installed programs, undesirable
Spyware or worse can get onto your computer very quickly if close
attention is not paid to status messages in, e.g., your
browser and e-mail program.
What
Will Help?
Vigilance
·
Lock
your computer when you leave your desk
·
Always ask yourself: Have I read the message asking me for
confirmation?
·
When
browsing the Internet, you should pay particular attention to
questions of any type and, if necessary, select "No" or "Cancel" to
exit if you are in any doubt.
·
Only
provide personal data to trusted contractual partners.
Keep Software Up-to-Date
·
Implement recommended
updates to your
operating system
regularly.
·
Remove superfluous software
Take Precautionary Measures
For times when
there are no updates for your software; For vulnerabilities that are
not covered by software updates (e.g. because they are still
unknown), and as a precaution against your own lack of vigilance;
·
Use
antivirus
software to actively protect against
viruses
and other
harmful agents;
Use a
personal
firewall as protection against attacks from the
network or the Internet, and as a defence against
worms
and
Trojans.
A
computer worm is an
autonomous program or constellation of programs that distributes
fully functional whole or partial copies of itself to other
computers.
The unique
feature of a computer worm
is its ability to exploit every feasible method of spreading to
achieve its objective of maximum possible proliferation.
Worms
are specialists in spreading and reproducing. They consistently
exploit all known vulnerabilities, including people, to penetrate
barriers that seem to be impenetrable to normal viruses. A worm does
not have a payload of its own but is often used as a transport
mechanism for viruses that ride piggyback and immediately start
their work.
Proliferation
Worms
spread through various methods, including:
·
E-mail with attachment
- The trick here is for a worm to search through the e-mail address
book of an infected computer and automatically send e-mails to all
available addresses under the owner's name - with itself as an
attachment.
·
A
network
connection - as is present during internet usage, for
example - is used by some worms to infiltrate connected computers
without any further action required by exploiting
vulnerabilities.
·
Worms
can also be spread by all other methods common to
malware.
The danger, as already mentioned, is that worms exploit all
opportunities simultaneously.
|
