TASK01 Write down all possible ways how your personal computer system couldbe compromised. What are the possible attack vectors? “Compromised”is a nice way of saying that someone or something has maliciously broken intoyour computer without your knowledge or permission. It means that you cannottrust the integrity of any fileon your computer (including program files, image files, operating system files,etc.

). You cannot find out what has been done to your computer files without anexact “before the compromise” copy to compare your files against, and youprobably will never know what has been done with your personal information,including your passwords or where your personal information has been sent. A Compromised Computer is definedas any computing resource whose confidentiality, integrity or availability hasbeen adversely impacted, either intentionally or unintentionally, by ansource.  A compromise can occur either through manual interaction by theun trusted source or through automation.  Gaining unauthorized access to acomputer by impersonating a legitimate user or by conducting a brute-forceattack would constitute a compromise.  Exploiting a loophole in acomputer’s configuration would also constitute a compromise.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

  Depending onthe circumstances, a computer infected with a virus, worm, trojan or othermalicious software may be considered a compromise.  If the malicioussoftware is detected and removed by antivirus software in a timely manner, itis probably not necessary to follow this process.  Some level of judgmentwill need to be used in these situations.

  Symptoms of a CompromisedComputer include, but are not limited to, the following:  The computer is experiencing unexpected and unexplainable disk activity The computer is experiencing unexpected and unexplainable performance degradation The computer’s logs (e.g. system logs, application logs, etc.) contain suspicious entries that indicate repeated login failures or connections to unfamiliar services A complaint is received from a third-party regarding suspicious activity originating from the computerThere are possible ways to compromise our personal computer system 1.     Disconnect the computer fromthe network2.     Contact the InformationSecurity Office3.     Notify users of the computer,if any, of a temporary service interruption4.

     Preserve any log informationnot resident on the compromised computer5.     Wait for further instructionsfrom the Information Security Office    Disconnect the computer from thenetwork Disconnecting the computer from thenetwork prevents a potentially untrusted source from taking further actions onthe compromised computer.  This also prevents any further leakage ofnon-public information if that is a potential concern.  Shutting down thecomputer would also have this effect but could destroy evidence that isessential to investigating the compromise.

  Similarly, rebuilding thecomputer would destroy all evidence pertinent to an investigation. Contact the Information SecurityOffice Prior to taking any additionalaction on the compromised computer, the Information Security Office should becontacted. Continuing to use the compromised computer or attempting toinvestigate the compromise on your own could result in destruction of evidencepertinent to an investigation. The Information Security Office can be contactedby phone at 412-268-2044 or by email at [email protected] In the event that the Information Security Office isunavailable to take your call, emergency contact information will be providedin the voice message. Notify users of the computer, ifany, of a temporary service interruptionIf the compromised computer providessome type of service, it is likely that users of this service will be impactedby the interruption brought on by disconnecting the computer from the network.

These users should be notified in some manner of the interruption. Options fornotification may include an email to the user base or posting a notice to afrequently visited web site. As stated previously, the details of a compromiseand the ensuing investigation should be kept confidential. Therefore, thenotification of service interruption should not indicate that there has been acompromise.

 Preserve any log information notresident on the compromised computerAll log files, pertaining to acompromised computer, that are stored on a secondary computer or on some typeof external media should be preserved immediately. Preservation may includemaking a copy of the log files and burning them to a CD. If there is noimmediate risk of the logs being deleted or overwritten, this step can occurfollowing Step 5.

Log files stored locally on the compromised computer will becollected as part of a forensic investigation coordinated by the Information SecurityOffice. This will help ensure that no evidence is destroyed or altered duringthe collection process.   Wait for further instructions fromthe Information Security OfficeThe Information Security Office willconduct some preliminary investigation prior to determining the best course ofaction for the Compromised Computer. While waiting further instructions, do notshare any details related to the compromise unless absolutely necessary.Additionally, do not attempt to contact law enforcement officials. Suchcommunication must be coordinated with the Information Security Office and theOffice of General Counsel due to the potential legal implications of acompromised computer. Furthermore to protect our personal computer system We can always install OperatingSystem updatesWe can keep our installedapplications up-to-dateWe cannot use the same password atevery siteWe can Install and be sure to update youranti-virus softwareWe can use a firewallWe can backup our dataWe can enable the display of file extensionsWe do not open attachments from people you donot knowWe can ignore emails that state you won acontest or a stranger asking for assistance with their inheritanceWe can watch out for online and phone supportscamsWe can ignore web pop ups that state yourcomputer is infected or has a problem  Attack VectorAn attack vector isdefined as the technique by means of which unauthorized access can be gained toa device or a network by hackers for nefarious purposes.

In other words, it isused for assaulting or exploiting a network, computer or device. Attack vectorshelp unauthorized elements to exploit the vulnerabilities in the system ornetwork, including the human elements. An attack vector is apath or means by which a hacker (or cracker) can gain access to a computer ornetwork server in order to deliver a payload or malicious outcome. Attackvectors enable hackers to exploit system vulnerabilities, including the humanelement. Attack vectors includeviruses, e-mail attachments, Web pages, pop-up windows, instant messages, chatrooms, and deception. All of these methods involve programming (or, in a fewcases, hardware), except deception, in which a human operator is fooled intoremoving or weakening system defenses.

 To some extent, firewallsand anti-virus software can block attack vectors. But no protection method istotally attack-proof. A defense method that is effective today may not remainso for long, because hackers are constantly updating attack vectors, andseeking new ones, in their quest to gain unauthorized access to computers andservers.The most commonmalicious payloads are viruses (which can function as their own attackvectors), Trojan horse, worms, and spyware. If an attack vector is thought ofas a guided missile, its payload can be compared to the warhead in the tip ofthe missile.   Malicioussoftware (malware) designed todamage, destroy, or deny service to the targeted systems. Mostcommon types of software attacks are viruses, worms, Trojan horses, logicbombs, back doors, denial-of-service, alien software, phishing and pharming.     Viruses.

Segments of computer code thatperforms unintended actions ranging from merely annoying to destructive. It isa piece of self-replicating code embedded within another program (host). Virusesassociated with program files·        Harddisks, floppy disks, CD-ROMS·        EmailattachmentsHow viruses spread·        Diskettesor CDs·        Email·        Filesdownloaded from InternetWell-known viruses·        Brain·        Michelangelo·        Melissa·        LoveBugViruses today·        Commercialantivirus software·        Fewpeople keep up-to-date Worms. Destructive programs that replicate themselves withoutrequiring another program to provide a safe environment for replication.Self-containedprogramSpreadsthrough a computer networkExploitssecurity holes in networked computers Famous worms·        WANK·        CodeRed·        Sapphire(Slammer)·        Blaster·        SasserTrojan horses.

Softwareprogams that hide in other computer programs and reveal their designed behavioronly when they are activated.program with benign capabilitythat masks a sinister purposeRemote access Trojan: Trojanhorse that gives attack access to victim’s computer·        BackOrifice·        SubSevenRAT servers often found withinfiles downloaded from erotica/porn Usenet sitesProvide the attacker withcomplete control of the victim’s system. Attackers usually hide these Trojan horsesin games and other small programs that unsuspecting users then execute on theirPCs.    Logic bombs.

Designed to activate and perform a destructive action at acertain time. Back doors or trap doors. Typically a password, known only tothe attacker, that allows access to the system without having to go through anysecurity. Denial-of-service. An attacker sends so manyinformation requests to a target system that the target cannot handle themsuccessfully and can crash the entire system.   AlienSoftware Attacks   Pestware.

Clandestinesoftware that uses up valuable system resources and can report on your Websurfing habits and other personal information. Adware. Designed to helppopup advertisements appear on your screen.

Spyware. Software that gathers user information through the user’sInternet connection without their knowledge (i.e. keylogger, password capture).

   Spamware. Designed to useyour computer as a launch pad for spammers. Spam. Unsolicitede-mail, usually for purposes of advertising. Cookies. Small amount of information that Web sites store on yourcomputer, temporarily or more-or-less permanently  Web bugs. Small, usually invisible, graphic images that are added to aWeb page or e-mail.  Phishing.

Uses deception to fraudulently acquire sensitive personalinformation such as account numbers and passwords disguised as anofficial-looking e-mail. Pharming. Fraudulently acquires the Domain Name for a company’s Website and when people type in the Web site url they are redirected to a fake Website.   Types of Attacks Interruption – an asset isdestroyed, unavailable or unusable (availability)Interception – unauthorizedparty gains access to an asset(confidentiality)Modification – unauthorizedparty tampers (unauthorized alternation) with asset (integrity)Fabrication – unauthorizedparty inserts counterfeit (fraudulent imitation) object into the system (authenticity)Denial – person deniestaking an action (authenticity)  Passiveattacks:·        Eavesdropping (secretly listen to a conversation)·        MonitoringActiveattacks:·        Masquerade – oneentity pretends to be a different entity·        Replay – passivecapture of information and its retransmission·        Modification of messages -legitimatemessage is altered·        Denialof service – preventsnormal use of resources.

An intentional action designed to prevent legitimateusers from making use of a computer service. Goal of this attack is disrupt aserver’s ability to respond to its clients. About 4,000 Web sites attacked eachweek.                TASK02 Congratulations! You are elected member of the newly establishedcomputer and data security team in ABC institution.1)     Make a listof all possible risks that can have an impact on the security and stability of yourdata and internal and external Information & Technology services.2)     Make a listof recommendations to lower the risks.  Computer Security Risksis any event or action that could cause a loss of or damage to computerhardware, software, data, information, or processing capability.

 Types of ComputerSecurity Risks·        Internet and network attack·        Unauthorized access and use·        Hardware theft·        Software theft·        Information theft·        System failure Internet and networkattack Information transmittedover networks has a higher degree of security risk than information kept on anorganization’s premises. MalwareBotnetsBack DoorsDenial of serviceattacksSpoofing Malware (malicious software)– which are program that act without a user’s knowledge and deliberately alterthe computer operation.  Type of malware:i.                    Computer viruses ii.                 Worms iii.                TrojanHorses iv.                Rootkit v.

                  Back door vi.                Spyware  Botnetsa group of compromised computers connected to anetwork such as the Internet that are used as part of a network that attacksother networks, usually for nefarious purposes. Back door A program or set of instructions in a program thatallow users to bypass security controls when accessing a program, computer, ornetwork Denial of service attacks or DoS attackIt  is anassault whose purpose is to disrupt computer access to an Internet service suchas the Web or e-mail. SpoofingA technique intruders use to make their network orInternet transmission appear legitimate to a victim computer or network.  Unauthorized Access and UseUnauthorized access The use of a computer or network without permission. Unauthorized use The use of a computer or its data for unapproved orpossibly illegal activities.

  Hardware Theft and VandalismHardware theft Is the act of stealing computer equipment. Hardwarevandalism The act of defacing or destroying computer equipment.  Software TheftSteals software mediaIllegally copies a programIntentionally erases programsIllegally registers and/or activates a program Information TheftOccurs when someone steals personal or confidentialinformation. If stolen, the loss of information can cause as muchdamage as (if not more than) hardware or software theft.  System FailureA system failure is the prolonged malfunction of acomputer A variety of factors can lead to system failure,including: • Aging hardware • Natural disasters • Electricalpower problems ·        Noise, undervoltages, and overvoltages • Errors in computer programs recommendationsto lower the risksInstallquality antivirusInstallreal-time anti-spyware protectionKeepanti-malware applications current Performdaily scansDisableautorunDisableimage previews in OutlookDon’tclick on email links or attachmentsSurfsmartUsea hardware-based firewallDeployDNS protection