1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
Answer:
Internet Security
Most legal professionals know that the loss of a single critical computer file can mean the loss of hours of work and possibly the loss of future clients. Legal professionals spend their time becoming experts in their trade, but lawyers who depend on the Internet to create and distribute their work need to also be informed about security issues and the importance of protecting important data from unnecessary risk. Protecting computers from viruses, hackers, and other threats is
critical. Some people who think they are protected may actually still be at risk.
Any computer user that uses a laptop or desktop computer and has Internet access is at risk for common threats that can be easily prevented. Antivirus software, personal firewalls and other tools are simple to deploy and well worth the small amount of money it costs to ensure protection and peace of mind. But it takes more than technology to secure important information assets. Protecting intellectual property should be a security priority for all legal professionals because the alternatives can be very costly – not to mention very damaging to corporate image. Technology tools combined with knowledge about security threats and computer user guidelines can eliminate worrying about computer security from the ‘to do’ list and allow more time to concentrate on client relationships and success.
Threats to organizations now come from a range of sources and employees need to understand all possible vulnerabilities to guard themselves against the increasing number of digital attacks. In 2001 the computing community was introduced to a new kind of threat—one that could pick and choose its point of entry based on the security roadblocks it faced. These new threats combine to create a modern type of advanced computer security threat that experts are calling “blended threats.” As the term blended threats suggest, these threats combine, or blend, a number of dangers together into one, multi-pronged and destructive force. Blended threats can have an unbelievable infection rate because many of them require no human interaction to spread. In addition, blended threats are usually very malicious once they gain access to and infect a computer.
Hackers are writing more complex codes that are difficult to protect against and they are striking more often and more quickly. While insiders may be aware of security policies and procedures, all too often they do not stop to consider how their actions would breach the rules. Their motivation is not to exploit, attack, or otherwise adversely affect your enterprise system, but their actions could have devastating repercussions, regardless of motive.
The key to combating Internet threats is educating computer users. Computers users who think they are protected or who are ignorant to possibilities of threats may not realize that they perform many actions each day that compromise computer security. Although threats such as worms, viruses, and Trojan horses have grown in complexity and ability to spread, there are many precautions users can take to help prevent virus infection.
One of the biggest computer threats comes through e-mail attachments. User caution is very important when protecting against risks such as viruses and worms that propagate through e-mail programs. When opening any e-mail attachment, computer users should always scan for viruses. To make these scans effective, virus definitions, or digital files that help identify and deal with viruses, should be updated frequently to ensure protection against the latest threats. Without updated virus definitions, a new threat could potentially pass a virus scan undetected.
Some of the latest blended threats do not require human intervention to propagate and can be spread simply by opening or previewing an infected e-mail. For this reason, employees should turn off the preview pane in their e-mail program. Most importantly, employees should be instructed to not open unsolicited e-mails or e-mails from unrecognizable sources. When a suspicious e-mail is received,
permanently delete the e-mails by pressing shift+delete. This tip was extremely pertinent in the recent MyDoom outbreak in which technical subject headings tricked users into opening malicious e-mails.
The Internet
Viruses can be downloaded to any computer by simply visiting an infected Web site containing malicious code. Although Internet surfing is a popular pastime, it can increase chances of visiting a malicious site. Encryption of information sent via the Internet is a very important component in protecting information. Computer users should be careful with Web sites that claim encryption of financial or other sensitive information is not necessary.
Computers with constant Internet connection such as DSL or cable are particularly susceptible to hacker attempts.
This constant connection to large amounts of bandwidth allows for easier outside access to unprotected computers. The use of firewalls can block unauthorized access to a computer and prevent unauthorized information from leaving a computer. In addition, intrusion detection software can alert the computer user when an attempt is being made to gain access to the computer and its information. The
easiest way to protect yourself from Internet risks is to reserve Internet surfing for pertinent business applications and stick to large, popular Web sites that provide security protection for visitors.
Peer-to-Peer Networks and
File Sharing Programs
File sharing programs are not always secure and can open a computer to risks. Malicious threats can mask themselves as common music files that appear harmless until downloaded. Threats, such as the recent Netsky worm, try to use file-sharing programs like Kazaa to quickly spread to numerous computers and cause damage. In addition, peer-to-peer networks increase the risk of spyware that gives others direct access to a computer. These programs allow authors of the program and other network users to see employee computer activity, where they are visiting on the Internet, and even use the computer’s resources without the user’s knowledge. The best way to reduce risks is to avoid use of peer-to-peer networks and to not download files from unknown sources through file sharing programs.
Instant Messaging (IM)
Virtually all free IM systems have features to bypass
traditional corporate firewalls, making it difficult for administrators to control IM use inside an organization. Many of these systems lack encryption capabilities and can lead to unwelcome eavesdropping. Insecure password management also makes IM programs vulnerable to account spoofing where hackers can impersonate a familiar user.
Repeated file transfers through instant messaging can cause the rapid spread of traditional viruses, worms, and Trojan horses. Increased incidents of spim (spam sent through IM channels) are also on the rise and will most likely lead to increased IM threats in the future. The best protection against any threat spread through IM file transfers is to deploy up-to-date antivirus software on all desktop and
laptop computers—preferably with protection for IM applications.
Passwords
Choosing strong passwords takes minimal effort but can go a long way to protect a computer or network from security breaches. Passwords should be six to eight characters in length and contain letters, numbers, and symbols. Never use passwords with common words, names, or dates, as these are easy for hacker programs to crack. Employees should protect passwords like they would the Personal Identification Number (PIN) to their bankcards. Do not store passwords near your computer or on a desk where others might easily find them. Likewise, do not give out passwords to colleagues. An accepted practice of password sharing could allow passwords to slip into the wrong hands.
Additional Security Tips
1. Do not allow multiple employees to share a single logon account.
2. Turn computers off before leaving work each day.
3. Avoid personal e-mail use.
4. Routinely check for updated virus definitions and patches.
5. Change passwords regularly.
6. Install and use antivirus programs.
7. Install and use a firewall.
8. Make backups of important files or folders.
9. Do not download free software, music files, or screen savers from the Internet.
10. Keep IM use to business traffic only.
Consistently and constantly reinforcing personal responsibility and accountability for information security can go a long way. Leaving employees uninformed about security issues can expose a company to unnecessary risks that could have a direct impact on corporate revenue, workforce productivity, and the costs of doing business. With employees aware of best practices to safeguard information and other assets, there is less room for security lapses in areas security technology cannot protect.
Hackers are writing more complex codes and striking more often and more quickly, leaving little time for reactive security measures. However, computer viruses have been around for many years and there are effective measures that can minimize and prevent these threats. Employee training is a key proactive and necessary security measure to round out any computer security strategy. Where IT security solutions stop, education and awareness training must start to minimize gaps in security. The worst thing a company can do is have a false sense of security because it has taken steps to secure IT systems with technology.
Laura Garcia-Manrique is Director of Product Management for consumer
security products at Symantec Corp (www.symantec.com). Garcia works closely with the product development team to determine product strategy,
analyze industry trends and customer needs. She is also responsible for
competitive assessment, product positioning and pricing.
2. Case research and analysis:
Answer:
Abstract
Over a decade of work on the computer virus problem has resulted in a number of useful scientific and technological achievements. The study of biological epidemiology has been extended to help us understand when and why computer viruses spread. Techniques have been developed to help us estimate the safety and effectiveness of anti-virus technology before it is deployed. Technology for dealing with known viruses has been very successful, and is being extended to deal with previously unknown viruses automatically. Yet there are still important research problems, the solution to any of which significantly improve our ability to deal with the virus problems of the near future. The goal of this paper is to encourage clever people to work on these problems. To this end, we examine several open research problems in the area of protection from computer viruses. For each problem, we review the work that has been done to date, and suggest possible approaches. There is clearly enough work, even in the near term, to keep researchers busy for quite a while. There is every reason to believe that, as software technology evolves over the next century or so, there will plenty of important and interesting new problems that must be solved in this field.
Introduction
Some people believe that there is no longer any interesting research to do in the field of protection from computer viruses - that all of the important technology has already been developed - that it is now a simple matter of programming to keep up with the problem. Others believe that "virus research" simply means "analyzing viruses." To dispel these misimpressions, we discuss several important research problems in the area, reviewing what is known on each problem and what remains open.
The purpose of this paper is not to give solutions to these problems. Rather it is to outline the problems, to suggest approaches, and to encourage those interested in research in this field to pursue them.
The problems we have selected have two characteristics. The first is that, if the problem were solved, it would significantly improve our ability to deal with the virus problem as it is likely to evolve in the near future. The second is that the problem constitutes an actual research problem, so that a definitive solution would be publishable in peer-reviewed computer science journals, and could form the basis for an M.S. thesis or, in some cases, a Ph.D. thesis.
We discuss five problems:
- As more viruses are written for new platforms, new heuristic detection techniques must be developed and deployed. But we often have no way of knowing, in advance, the extent to which these techniques will have problems with false positives and false negatives. That is, we don't know how well they will work or how many problems they will cause. We show that analytic techniques can be developed which estimate these characteristics and suggest how these might be developed for several classes of heuristics.
- We have a reasonable, qualitative understanding of the epidemiology of computer viruses, characterizing their spread in terms of birth rate, death rate, and the patterns of program transfer between computers. But a mystery remains. Evidence suggests that viruses are still relatively uncommon - that their prevalence has always been very low. But, according to our current theories, this can only happen if the birth rate of viruses is ever so slightly higher than their death rate, a coincidence too remarkable to believe. We discuss effects that might be responsible for this puzzling observation.
- We are in the process of deploying digital immune system technology that finds new viruses, transmits them to an analysis center, analyzes them, and distributes cures worldwide, automatically, and very quickly. The current architecture for this system uses a centralized analysis center for a variety of good reasons. But a more distributed approach, perhaps even a massively distributed approach, has advantages as well. We outline the system issues that must be considered, and what simulation results would be useful, in understanding the tradeoffs.
- There have been thankfully few instances of worms - freestanding virus-like programs that spread themselves and may never be present in the computer's file system at all. Yet virtually all of our anti-virus technology relies on detecting and removing viruses from a file system. We discuss the new problems that worms engender, and suggest some of the new technology that may be needed to deal with them.
- Current anti-virus technology is largely reactive, relying on finding a particular virus before being able to deal with it well. Modern programming environments can give rise to viruses that spread increasingly rapidly, and for which a reactive approach becomes ever more difficult. We review the history of pro-active approaches, showing why traditional access controls are basically useless here, and describe newer approaches that show promise.
Analyzing Heuristic Detection Methods
Over the past ten years, a single method of detecting computer viruses has nearly eclipsed all others: scanning for known viruses. Originally, a string of bytes was selected from some known virus, and the virus scanner looked for that string in files as a way of determining if that file was infected with that virus. Later, more complex techniques were developed which involved looking for various substrings in various parts of the file. But all of these techniques have one thing in common: they look for static characteristics of viruses that are already known.
In that same ten years, around twenty thousand different viruses were created. How could a method that only deals with already-know viruses be effective in an environment with so many new viruses? The reason is simple: over the past ten years, only a few hundred of these viruses have actually been seen in real customer incidents (these are the viruses that are "in the wild"). Even those spread rather slowly on a global scale, typically requiring months or years to become prevalent around the world. This provided the anti-virus industry plenty of time to discover a new virus, derive a cure, and make it available – all before very many PCs had been infected.
The anti-virus industry also developed methods for detecting previously unknown viruses. These methods are usually called "heuristic" methods because they are, by their nature, inexact. Heuristics are on the horns of the same dilemma as any other virus detection method: detecting as many viruses as possible while having as few false positives as possible. Authors of heuristics have dealt with these problems in two different ways. Some have conducted extensive beta tests of new heuristics, and tried to tune their heuristics to have acceptable false negative and false positive rates. Others have given up on selecting a single good trade-off and have let users try to make this trade-off themselves by adjusting parameters in the anti-virus program.
But the virus landscape is changing. No longer are we dealing with simple DOS file and boot viruses. Excel and Word macro viruses are currently the most prevalent kinds of viruses. Windows NT viruses are starting to be written. We have seen the first attempt at a Java application virus. And on the horizon are entirely new kinds of viruses that will take advantage of the Internet to spread themselves. Future kinds of viruses will arise and become widespread much more quickly than in the past. It is important that we have ways to find new instances of these viruses before they spread globally. We may not have the luxury of lengthy beta periods to help tune our heuristics to eliminate false positives. And we certainly can’t expect users to be sophisticated enough to tune dozens of different, complex heuristics if the authors of the heuristics are unable to do so.
The difficulty is that very little work has been done in this area. Apart from experience with individual heuristics as they are used in individual products, we don't know how well they will work or how many problems they will cause. In fact, since few heuristics have been described in the open literature, it is hard to know how good even current heuristics are. To further complicate matters, virtually all heuristics in use today have been developed without regard to the ability to estimate their false positive and false negative rates before they are in wide-scale use.
So the challenge is to develop classes of broadly useful heuristics that can be understood analytically before they are deployed and, preferably, updated as the threat evolves without requiring entirely new methods.
One possible starting point is a heuristic based on traditional signatures, but signatures that are common to large classes of already-known viruses. Combinations of these signatures can detect variants of viruses in these classes. Probabilities that individual string signatures will cause false positives in non-infected files can be estimated with techniques that have already been developed. Estimating false negative probabilities relies on characterizing new viruses in these classes as they appear over time.
A second possible starting point is to use neural networks to attempt to distinguish infected from uninfected files. This approach has already proved very successful for DOS boot viruses. Neural networks have been studied as general classifiers for many years. Techniques are available for estimating the false positive probabilities of neural networks trained on a given distribution of positive and negative examples. Most of these estimates, however, focus on giving worst-case bounds on the false positive probabilities. As such, these bounds are rather loose. An important part of this proposed analysis would be to establish expected-case estimates of false positive probabilities for the cases of interest.
2.a Identify one company that had experienced an attacked from the internet.
Answer:
suffered a series of cyber attacks in recent months, US official John Negroponte told the Financial Times: "We need to prepare ourselves because this is likely only to become more of an issue in the future." Well, the future is here. And the wave of cyber attacks has moved from Eastern to Western Europe. It has recently been disclosed that around the time Estonia was under cyber attack, an important Spanish domain-registration company was also waging a battle against unknown cyber pirates. The Cyber Terrorism Division of the Spanish Police is investigating the incident. If identified, the hackers involved could be prosecuted for blackmailing a company to prevent the disclosure of confidential information.
There seems to be a disagreement regarding the severity of the situation. While some reports claim that the private data of hundreds of thousands of Internet users is in the hands of criminals, the leading Spanish company in the domain registration and web hosting business, Arsys, has issued a statement denying this information. Executives concede the company has experienced what they describe as "a security incident, compromising some client data." However, they say, none of the data in question involves email, bank account or credit card passwords and therefore, they claim there's no risk of illegal access into bank or email accounts.
According to Arsys, hackers reportedly stole FTP codes, enabling them to insert a link to an external server containing malicious code, in the web pages of some clients. As soon as the company detected the incident, executives say it eliminated the link from the web pages, notified affected clients and boosted security measures across the board. To comply with legal requirements, executives add the company has reported the incident to the Cyber Terrorism Division of the Spanish Police. They confirm the incident is under investigation and may end up in court.
The attackers reportedly used servers located in the United States and Russia. According to the latest Symantec Internet Security Threat Report, the United States is the top country for malicious threat activity, accounting for 31% of the worldwide total, followed by China (10%), Germany (7%), France (4%), United Kingdom (4%), South Korea (4%), Canada (3%), Spain (3%), Taiwan (3%) and Italy (3%). Meanwhile, law enforcement authorities have detained a Russian teenager suspected of involvement in the Estonian cyber attacks. The youth reportedly called for massive cyber attacks against Estonian servers in Internet forums.
2.b Describe the attack.
Answer:
Executives concede the company has experienced what they describe as "a security incident, compromising some client data." However, they say, none of the data in question involves email, bank account or credit card passwords and therefore, they claim there's no risk of illegal access into bank or email accounts.
According to Arsys, hackers reportedly stole FTP codes, enabling them to insert a link to an external server containing malicious code, in the web pages of some clients. As soon as the company detected the incident, executives say it eliminated the link from the web pages, notified affected clients and boosted security measures across the board. To comply with legal
2.c Identify the damages done and the solutions adopted to reverse the damages and to protect the company from future threats.
Answer:
The attackers reportedly used servers located in the United States and Russia. According to the latest Symantec Internet Security Threat Report, the United States is the top country for malicious threat activity, accounting for 31% of the worldwide total, followed by China (10%), Germany (7%), France (4%), United Kingdom (4%), South Korea (4%), Canada (3%), Spain (3%), Taiwan (3%) and Italy (3%). Meanwhile, law enforcement authorities have detained a Russian teenager suspected of involvement in the Estonian cyber attacks. The youth reportedly called for massive cyber attacks against Estonian servers in Internet forums.
Cite your reference.http://www.debt3online.com/?page=article&article_id=7
http://www.research.ibm.com/antivirus/SciPapers/White/Problems/Problems.html
http://www.ibls.com/internet_law_news_portal_view.aspx?id=1782&s=latestnews
by:Wilma Son
No comments:
Post a Comment