- CyberSecurity
- Introduction
- Networks
- Targets
- Malware
- DENIAL OF SERVICE ATTACKS
- CyberSecurity
- Hackers
- PORT SCANNING
- Securing Systems
- Encryption
- Encryption
- Espionage
- Espionage
- Terrorism
- Investigators
- Security Hardware & Software
- Digital Stories
Welcome to
CyberSecurity
This introductory course provides a look at the theory and concepts of computer security in networked systems. We will review security issues and policies with regard to hardware, software development, databases, operating systems and networks as well as the use of encryption. The more common attacks on systems will be covered. Vulnerability assessment tools and techniques for defending systems will also be explored in various projects.
You don't need any special computer knowledge or skills, this is a cursory look at the systems. Nor is any special laboratory or lab classroom required. You might download some shareware off the Internet for doing assignments, its mostly reading and following instructions to give you a hands on feel of computer security applications.
WARNING If you have any inclination to become a hacker you should be aware there are serious penalties (expulsion and prosecution) that apply to any wrongdoing directed at College equipment or property not your own. In accordance with Microsoft's Security Response Center's stance on information anarchy, this course covers computer vulnerabilities in a way that is smart, prudent, and responsible. At no time will explicit, step-by-step instructions be given for exploiting security vulnerabilities, and no one will learn how to write a virus or worm in this course.
Dr. Michael Thompson
Introduction
The first step to being able to understand computer and network security is to formulate a realistic assessment of the threats to those systems. Most people in the world have two extreme attitudes about computer security. The first assumes there is no real threat. Subscribers to this theory believe that there is little real danger to computer systems and that much of the negative news is simply unwarranted panic. The second extreme attitude toward the danges to computer and network security is on the tends to over estimate the dangers. The people in this work group are prone to assume that talented hackers exist in great numbers and all are imminent threats to our system. Most computer attacks can be categorized as one of three broad classes.
- Malware. Malware is a generic term for software that has a malicious purpose. It includes virus attacked, Trojan horses, and spyware. This is the most prevalent danger to your system.
- Intrusions. This group of attacks includes any attempt to gain unauthorized access to your system.
- Denial of Service DoS attacks. These are designed to prevent legitimate access to your system.
Malware is a term that is used to describe software that has malicious purpose. There are three major types of malware, viruses, Trojan horses, and spyware. Viruses are small programs that replicate and hide itself in other programs. It is very easy to spread a virus. The most common way is in an e-mail. Trojan horses are benign software but secretly downloading a virus or some other type of malware onto your computer from within. The last type of malware is Spyware. Spyware is simply software that literally spies on what you do on your computer. It is a text file that you browser creates and stores on your hard drive. Now we can look at attacks that breach your system’s security. This activity is commonly referred to as hacking, although that is not the term hackers use for themselves. When you here the word cracking it means that somebody has intruded onto a system with out permission.
The largest threat to individuals and large organizations is a computer virus. With in the first nine days of September 2003 the f-Secure security information Web site listed 20 new viruses. This is a fairly common monthly statistic. In any given month, several new virus outbreaks will be documented. New viruses are constantly being created, and all the old ones are still out there.
Introduction to Cyber Crime and Security
By Lindsay Frahm
It’s hard to find a facet of modern life that does not involve a computer system on some level. The following are just a few examples that illustrate this point.
1) Financial transactions
2) Retailers using computerized automatic checkout
3) Online purchases
4) Eventually voting online
Because so much of our business is transacted online, a great deal of personal information is stored in computers. Medical records, tax records, school records, and more are all stored in computer databases. Is this level of technology in our daily lives an advantage or disadvantage? The fact is that our lives are inextricably intertwined with computer systems.
The media often gives a great deal of attention to dramatic virus attacks, hackers, and other interesting Internet phenomena. News of virus attacks often become lead stories on national networks. Even the most technically naïve person cannot go more than a few weeks without hearing of some new virus or hacking incident. In spite of daily horror stories, however, many people lack an adequate understanding of the reality of these threats. Attentions is often focused on the most dramatic computer security breaches, which do not necessarily give an accurate picture of the most plausible threat scenarios. Clearly, many people are aware of the attacks that can be executed against a target system. Unfortunately, they are often not familiar with the attack’s mechanism, its actual danger level, or how to prevent it.
The first step in understanding computer and network security is to formulate a realistic assessment of the threats to those systems. The general population tends to have two extreme attitudes about computer security. The first group assumes there is no real threat. Subscribers to this theory believe that there is little real danger to computer systems and that much of the negative news is simply unwarranted panic. They often think that taking only minimal security precautions should ensure the safety of their systems. They tend to have a reactive approach to security. The second group tends to overestimate the dangers. The people in this group are prone to assume that talented hackers exist in great numbers and all are imminent threats to your system. They may believe that any teenager with a laptop can traverse highly secure systems at will. This viewpoint has been fostered by a number of movies that depict computer hacking in a somewhat glamorous light.
Most attacks can be categorized as one of three broad classes:
1) Malware: malware is a generic term for software that has a malicious purpose. It includes virus attacks, Trojan horses, and spyware. This is the most prevalent danger to your system.
2) Intrusions: this group of attacks includes any attempt to gain unauthorized access to your system.
3) Denial of Service (DoS) attacks: these are designed to prevent legitimate access to your system.
Networks and the Internet
Getting computers to communicate seems like something that would be really hard to do, but once you have an understanding of how it works its fairly simple. Your computer will need a NIC (Network Interface Card) to get on the internet with. Most computers have the NIC built in and communicates with a wireless network. You can also you the port that looks like a telephone connection except a little bigger and its called the external jack.
Media Access Control (MAC) Addresses is a unique address for a NIC. Every NIC in the world has a unique address that is represented by a six-byte hexadecimal number. An IP address is an identifier for a computer or device that is on a TCP/IP Network. In these networks the messages are routed based on the IP address for the specific destination. On a computer there are usually two ports that look like phone jacks. One is called a RJ 11 and its for the standard jack. The one that is a little bigger a RJ 45 and it usually used with a CAT-5 cable.
Everyone wonders how the internet actually works. It actually works the same way as your local network just with millions of more computers. The way an IP address works is the same way you get letters in the mail everyone has their own address. An example of and IP address is (107.22.98.198) each number must be between 0 and 255. There are two types of IP addresses which are public and private. The public IP is for computers that are connected to the internet. There are no two IP addresses that are the same on a public network. On a private network like one for a private company does not have to be different. You can assign the IP addresses at random as long as the computers wont be connected to other computers worldwide.
The most basic ways to protect your computer from viruses or other bad things is to have your firewall set correctly. This is basically a barrier between your computer and the rest of the internet. Windows XP and many Linux distributions already have this basic packet-filtering software included in the operating system. The other common type that is used is a proxy server. Sometimes the same machine is used as a proxy server and a firewall. A proxy network simply hides your entire network from the rest of the outside internet.
Understanding the exact way how networking works along with all of its components is a hard thing to do with out being around them a lot and having a lot of computer knowledge. The understanding of how the internets works is a complicated process that takes much time too. The internet is a great thing and benefits many people in many different ways, from looking up the weather or findings a new car the internet can be used for pretty much everything.
DIFFERENT TYPES OF COMPUTER NETWORKS
Personal area network
A personal area network (PAN) is a computer network used for communication among computer devices close to one person. Some examples of devices that are used in a PAN are printers, fax machines, telephones, PDAs and scanners. The reach of a PAN is typically about 20-30 feet, but this is expected to increase with technology improvements.
Local area network
A local area network (LAN) is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport. Current wired LANs are most likely to be based on Ethernet technology.
Campus area network
A campus area network (CAN) is a computer network made up of an interconnection of local area networks (LANs) within a limited geographical area. It can be considered one form of a metropolitan area network, specific to an academic setting.
In the case of a university campus-based campus area network, the network is likely to link a variety of campus buildings including; academic departments, the university library and student residence halls. A campus area network is larger than a local area network but smaller than a wide area network (WAN) (in some cases).
Metropolitan area network
A metropolitan area network (MAN) is a network that connects two or more local area networks or campus area networks together but does not extend beyond the boundaries of the immediate town/city. Routers, switches and hubs are connected to create a metropolitan area network.
Wide area network
A wide area network (WAN) is a computer network that covers a broad area. Less formally, a WAN is a network that uses routers and public communications links Contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs), which are usually limited to a room, building, campus or specific metropolitan area respectively. The largest and most well-known example of a WAN is the Internet. A WAN is a data communications network that covers a relatively broad geographic area and that often uses transmission facilities provided by common carriers, such as telephone companies.
Global area network
A global area networks (GAN) specification is in development by several groups, and there is no common definition. In general, however, a GAN is a model for supporting mobile communications across an arbitrary number of wireless LANs, satellite coverage areas, etc. The key challenge in mobile communications is "handing off" the user communications from one local coverage area to the next.
Virtual private network
javascript:;
A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when this is the case. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate the traffic of different user communities over an underlying network with strong security features.
Internetwork
Internetworking involves connecting two or more distinct computer networks or network segments via a common routing technology. The result is called an internetwork (often shortened to internet). Two or more networks or network segments connected using devices that operate at layer 3 (the 'network' layer) of the OSI Basic Reference Model, such as a router. Any interconnection among or between public, private, commercial, industrial, or governmental networks may also be defined as an internetwork.
Intranet
An intranet is a set of networks, using the Internet Protocol and IP-based tools such as web browsers and file transfer applications, that is under the control of a single administrative entity. That administrative entity closes the intranet to all but specific, authorized users. Most commonly, an intranet is the internal network of an organization. A large intranet will typically have at least one web server to provide users with organizational information.
Extranet
An extranet is a network or internetwork that is limited in scope to a single organization or entity but which also has limited connections to the networks of one or more other usually, but not necessarily, trusted organizations or entities (e.g., a company's customers may be given access to some part of its intranet creating in this way an extranet, while at the same time the customers may not be considered 'trusted' from a security standpoint).
Internet
. It consists of a worldwide interconnection of governmental, academic, public, and private networks based upon the networking technologies of the Internet Protocol Suite. It is the successor of the Advanced Research Projects Agency Network (ARPANET) developed by DARPA of the U.S. Department of Defense. The Internet is also the communications backbone underlying the World Wide Web (WWW). The 'Internet' is most commonly spelled with a capital 'I' as a proper noun, for historical reasons and to distinguish it from other generic internetworks.
Participants in the Internet use a diverse array of methods of several hundred documented, and often standardized, protocols compatible with the Internet Protocol Suite and an addressing system (IP Addresses) administered by the Internet Assigned Numbers Authority and address registries. Service providers and large enterprises exchange information about the reachability of their address spaces through the Border Gateway Protocol (BGP), forming a redundant worldwide mesh of transmission paths.
Resources
http://www.fbi.gov/cyberinvest/computer_intrusions.htm
http://en.wikipedia.org/wiki/Computer_network
By Samantha Wheelbarger
+ Network Basics
By Lindsay Frahm
Getting two or more computers to communicate and transmit data is a process that is simple in concept, but complex in application. Consider all the factors involved. First, you will need to physically connect the computers. This connection requires either a cable that plugs into your computer or is accomplished by infrared light. The cable is then plugged either directly into another computer or is plugged into a router switch or a hub that will, in turn, connect to several other computers.
There is a card in most modern computers called a Network Interface Card or simply a NIC. If the connection is through a cable, the part of the NIC that is external to the computer has a connection slot that looks like a telephone jack, only slightly bigger. Of course, wireless networks, which are being used with greater frequency, also use a NIC but, rather than having a lost for a cable to connect to, the wireless network simply uses infrared signals to transmit to a nearby wireless router or hub.
A MAC (media access control) address is a unique address for a NIC. Every NIC in the world has a unique address that is represented by a six-byte hexadecimal number. There is a protocol that is used to convert IP addresses to MAC addresses. This protocol is the Address Resolution Protocol or ARP. Therefore, when you type in a Web address, the DNS (domain name server) protocol is used to translate that into an IP address. The ARP protocol will then translate that IP address into a specific MAC address of an individual NIC.
How does a URL get translated into an IP address? How does the computer know what IP goes with what URL? There are servers set up just to do this task. They are called DNS servers. DNS stands for Domain Name Server. DNS translates domain names into IP addresses. Domain names are easy to remember because they are alphabetic, but the Internet is really based on IP addresses. Thus, every time you use a domain name, a DNS server must translate the name into the corresponding IP address. If you are on a corporate network, you probably have a DNS server on your network. If not, then your ISP has one. These servers maintain a table of IP-to-URL entries.
As mentioned, cables are one of the ways that computers are connected to each other. The cable connection used with hard-wired NICs is an RJ 45 connection. In contrast to the computer’s RJ 45 jacks, standard telephone lines use RJ 11 jacks. The biggest difference between jacks involves the number of wires in a connector, also called the terminator. Phone lines have four wires, whereas RJ 45 connectors have 8. If you look on the back of most computers or the connection area of a laptop, you will probably find three ports that, at first glance, look like phone jacks. Two of the three ports are probably for a traditional modem and telephone and accept a standard RJ 11 jack. The other port is larger and accepts an RJ 45 jack. Not all computers come with a NIC, but most modern computers do. Additionally, many modern computers no longer contain an internal modem, in which case there would not be an RJ 11 jack.
What Is Footprinting?
Chapter 3: Assessing a Target System
By: Skyler, Autumn and Brianna
There are many hackers out in the world today. Hackers learn about target systems in order to gain access to a particular system. Many hackers use a number of network utilities, Web sites and programs as a learning tool. However, one of the secrets to preventing your computer from getting attacked is to know actually what is available for those hackers and another secret is many security-savvy network administrators will frequently use these tools to assess their own systems which is called auditing. When a hacker is examing a potential target system this is called foot printing.
What exacting is the first step in hacking. The hacker must know about the operating system, any software running on it, what security measures are in effect, and they must know as much as they can about the network.
Basic Reconnaissance:
Reconnaissance is when you find out general informative on the target system. Back in the days people had to use command prompts or a Linux/Unix shell to gather this information. However now days this information can be found on web servers like Nslookup, Whois,and Arin.
Netcraft:
Netcraft is a Web site that gathers information about Web servers, which the information needed to access a target system. This Web site provides an online utility that will tell you what Web server software is running, what operating systems it is using, and other important information. It crazy what you can find on a web site like this, and the information is so readily available. Some web sites even offer step by step instuctions on how to find the weakness of the operating system making it easier to hack in to. However most software venders find out about this flaw and fix the code with is called patching. Therefore it is very important that people update their systems in order to protect against easy hacking.
Tracing the IP Address:
When you access the internet, your computer sends information to the web site your are trying to access. However, that is not the only web site receiving information from your computer but many others are to. You can protect your computer by using a Visualware software found on their web site to trace the IP address. Tracing the IP address will allow you to know exactly were your information is going.
Social Engineering:
One of the most common applications for using the information gained from reconnaissance work is social engineering. Social engineering is a non-technical way of intruding on a system.. An example of this is dumpster diving, some people dumpster dive for peoples unwanted items while others use the opportunity just to gain personal information about whoever they are tying to get to or hack into their computer. Many people throw away IP addresses, passwords, or even a map of their network. Most hackers try to get an authorized user of the system to give away to their user name and password.
Scanning:
After the hacker has obtained a visual route of the target system they can now scan they system for flaws and vulnerabilities. The hacker can use a number of free utilities available on the internet like Nmap, Hping2, Netcat, Ping, Traceroute. The most commonly used site is Nmap or know as “Network Mapper”. Nmap is the most flexible scanning tool available today. It uses IP packets in a novel way to determine what hosts are available on a network, what operating systems are running, and what firewalls are in use. By doing all this this process is called Network mapping which is a process used to discover the topology of the network.
Port Scanning:
Once the IP address of a target system is known the next step is port scanning and network scanning. Such scanning is the process of sending packets to each port on a target system to see what ports are open. A system has 65,535 port numbers which are potential ways to gain access.
NetBrute:
NetBrute scans for open ports and also allows the hacker to gain access to shared folders allowing the hacker to upload a Trojan horse, virus, key logger, or other device.
Cerberus Internet Scanner:
This site allows the hacker to find information on anyone.
Vulnerability Scanning:
A vulnerability scanner, or security scanner, will remotely audit a network and dertermine whether someone (or something, such as a worm) may break into it or misuse it in someway. This will allow a hacker to connect to target system and check for vulnerabilities.
Saint:
Saint is a network vulnerability assessment scanner that takes a preventing approach to securing computer networks. Saint can help you in many ways:
Prioritized vulnerabilitie let you focus your resources on the most critical security issues.
Fast assessment results help you identify problems quickly.
Highly configurable scans increase the efficiency of our network security programs.
Computer Security Fundamentals by Chuck Eastton
Google images
Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting to learn as much as you can about a system, it's remote access capabilities, its ports and services, and the aspects of its security.
In order to perform a successful hack on a system, it is best to know as much as you can, if not everything, about that system. While there is nary a company in the world that isn't aware of hackers, most companies are now hiring hackers to protect their systems. And since footprinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personal, can find out anything they want about you.
In this talk, I will explain what the many functions of footprinting are and what they do. I'll also footprint everyone's favorite website, just to see how much info we can get on Grifter
Perform a footprint analysis
The attacker first identifies the various domain names that he's interested in exploiting. He then performs a footprint analysis of the target to gather as much information as possible through publicly available sources. The footprint analysis gives the hacker an indication of how large the target might be, how many potential entry points exist, and what, if any, security mechanisms might exist to thwart the attack. During a footprint analysis, the hacker attempts to discover all potentially related information that may be usefull during the attack. This information includes:
Company names
Domain names
Business subsidiaries
Internet Protocol (IP) networks
Phone numbers
Why is the home computer a popular target for hackers?
The Your home computer is a popular target for intruders. Why? Because intruders want what you've stored there. They look for credit card numbers, bank account information, and anything else they can find. By stealing that information, intruders can use your money to buy themselves goods and services. Why are intruders paying attention to home computers? Home computers are typically not very secure and are easy to break into. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target. No matter how a home computer is connected to the Internet, intruders' attacks are often successful. Many home computer owners don't realize that they need to pay attention to computer security.
Resources
http://www.startekgrp.com/whitepapers/Thinking_like_a_hacker.pdf
http://www.besttestcenter.com/HelpFiles.asp?id=23
http://www.armor2net.com/knowledge/hackers_target.htm
By Samantha Wheelbarger
Malware
This is about different types of harmful things that can harm your computer. The first is viruses. These can harm your computer pretty badly. This is a program that can self replicate. These viruses can spread in two ways. The first way is to simply can your computer for connections in a network, then copy itself to other machines which your computer has access. This is the biggest way it can spread through the computer. It uses it to get in your email contacts. Also uses programs like Microsoft outlook to attack, to spread the virus. There are several different viruses out there. One is the sobig virus. This was most harmful in 2003. It spread in an interesting way. It used more than one mechanism to infect new machines. It was in the non virus virus. This one was mainly a hoax. There are several ways to avoid viruses. One is to use a virus scanner. Macaffe and Norton can help really well. Another is if your not sure of the attachment, do not open it. Do not believe security alerts that are sent to you. Trojan horses: this is a term for a program that has a bad purpose. These come from websites that have harmful software. It will delete files also open a backdoor for a hacker to use.
The buffer overflow attack: a buffer overflow attack is when someone puts more data than a buffer is designed to hold. Any network that communicates with the internet has to take in data.
Spyware: this one uses the internet to see where you logged on a site. They use this to spy on your site logins and things you do on a computer.
Malware
By Lindsay Frahm
Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.
Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs.
Computer Viruses
Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.[1] The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer
Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. This module, however, is not called by a finder module. The virus loads the replication module into memory when it is executed instead and ensures that this module is executed each time the operating system is called to perform a certain operation. the replication module can be called, for example, each time the operating system executes a file. In this case the virus infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. A fast infector, for instance, can infect every potential host file that is accessed. This poses a special problem when using anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. Some slow infectors, for instance, only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably and will, at most, infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach, however, does not seem very successful.
Anti-virus software and other preventive measures
Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.
Resources
http://en.wikipedia.org/wiki/Virus_signature
http://www.howstuffworks.com/virus.htm
http://www.symantec.com/security_response/index.jsp
By Samantha Wheelbarger
DoS
Denial of service attacks or DoS are one of the most common attacks on the internet so it is prudent for you to understand how it works and how to defend yourself against it. This attack does not attempt to intrude on you system or to obtain sensitive information, it simply aims to prevent legitimate users from accessing the system. This type of attack is fairly easy to execute. The basic concept requires a minimum of technical skill. It is based on the fact that any device has operational limits. Any computer system, Web server, or network can only handle a finite load.
A workload for a computer system may be defined by the number of simultaneous users, the size of files, the speed of data transmission, or the amount of data stored. If you exceed any of those limits, the excess load will stop type system from responding. For example, if you can flood a Web server with more requests than it can process, it will be overloaded and will no longer be able to respond to further requests. This really underlies the DoS attack. Simply overload the system with requests, and it will no longer be able to respond to legitimate users attempting to access the Web server. Generally, the methods used for DoS attacks are significantly more sophisticated than simply pinging a system from the command prompt. A hacker for example might develop a small virus whose sole purpose is to initiate a ping flood of the target system. This sort of DoS is easy to do, and it can be hard to stop.
A DoS that is launched from several different machines is called a Distributed Denial of Service (DDoS). Like many other security issues, you will find that hackers have at their disposal a vast array of tools with which to work. DoS is no different. While it is certainly will beyond the scope of this paper to begin to categorize all of these tools. Among such tools are TFN and Stacheldraht are common in which a hacker would use to perform a DoS attack.
TFN or Tribal Flood network is not a virus, but rather attack tools that can be used to perform a DDoS. TFN2K is a newer version of TFN that supports both Windows NT and Unix platforms and is easily ported to additional platforms. It has some features that make detection more difficult than its predecessor, including sending decoy information to avoid being traced. Experts at using TFN2K can use the resources of a number of agents to coordinate an attack against one or more targets. Additionally, TFN and TFN2K can perform various attacks such as UDP flood attacks, ICMP flood attacks, and TCP SYN flood attacks.
Stacheldraht, which is German for “barbed wire,” is a DDoS attack tool that combines features of the Trinoo DDoS tool (another common tool) with the source code from the TFN DDoS attack tool. Like TFN2K, it adds encryption of communication between the attacker and the Stacheldraht masters. It also adds an automatic updating of the agents. Stacheldraht can perform a variety of attacks including UDP flood, ICMP flood, TCP SYN flood, and Smurf attacks. It also detects and automatically enables source address forgery.
What is a denial-of-service (DoS) attack?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.
The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
Types of DoS Attacks:
Ping Attacks
The ping of death attack, or PoD, can cripple a network based on a flaw in the TCP/IP system. The maximum size for a packet is 65,535 bytes. If one were to send a packet larger than that, the receiving computer would ultimately crash from confusion.
Sending a ping of this size is against the rules of the TCP/IP protocol, but hackers can bypass this by cleverly sending the packets in fragments. When the fragments are assembled on the receiving computer, the overall packet size is too great. This will cause a buffer overlflow and crash the device.
Smurf / Smurfing
When conducting a smurf attack, attackers will use spoof their IP address to be the same as the victim’s IP address. This will cause great confusion on the victim’s network, and a massive flood of traffic will be sent to the victim’s networking device, if done correctly.
Fraggle
A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.
If indeed you think you are being plagued by a fraggle attack, simply block the echo port, located at port 7. You may also wish to block port 19, which is another commonly used fraggle exploitable port. This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.
SYN Flood
The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below. The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.
Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.
Teardrop
In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously won’t know how to handle the request. Older versions of operating systems will simply just crash when this occurs.
Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.
Distributed Denial of Service
This is by far the most deadly of all denial of service attacks, since an easy fix is hard to come by. Instead of just installing the latest hardware and software, network administrators will usually need extra help with these types of attacks.
A distributed denial of service attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.
Resources
http://learn-networking.com/network-security/how-to-prevent-denial-of-service-attacks
http://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.webopedia.com/TERM/D/DoS_attack.html
By Samantha Wheelbarger
DoS
By Lindsay Frahm
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the IAB's Internet Proper Use Policy, and also violate the Acceptable Use Policies of virtually all Internet Service Providers. They also commonly constitute violations of the laws of individual nations.
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.
A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:
Consumption of computational resources, such as bandwidth, disk space, or processor time
Disruption of configuration information, such as routing information.
Disruption of state information, such as unsolicited resetting of TCP sessions.
Disruption of physical network components.
Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
A DoS attack may include execution of malware intended to:
Max out the processor's usage, preventing any work from occurring.
Trigger errors in the microcode of the machine.
Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
Exploits errors in the operating system to cause resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
Crash the operating system itself.
iFrame (D)DoS, in which an HTML document is made to visit a webpage with many KB's of information many times, until they achieve the amount of visits to where bandwidth limit is exceeded.
Definition of CyberSecurity
Cyber security is defined as measures taken to protect a computer or computer system, as on the Internet, against unauthorized access or attack. This definition to me is quite accurate. The way I see it cyber security should be defined as the protection against online viruses, worms, and cookies. I do not know a lot about the topic but I know I do some things to protect against hackers and viruses. I have passwords on all of my online activities, from my face book to my hotmail inbox. As well I have an anti virus system set up on my computer. There are many different virus protection systems from Norton anti virus to Symantec anti virus systems. I personally use the Norton system because it is the only one I know and it came installed in my computer.
Cyber is a prefix derived from the word “cybernetics” and has acquired the general meaning of “through the use of a computer”. Cybernetics is the theory of communication and control of regulatory feedback that studies communication and control in living beings and in the machines built by humans, and is the precursor of complexity thinking in the investigation of dynamic systems, using feedback and control concepts. The “cyber-” prefix is often used synonymously with “cyberspace”. Security” is a vast topic that includes the security of countries from military or terrorist attack, the security of computers from crackers, home security from burglars and other intruders, financial security from economic collapse, and many other related situations.
In our context, we must be concerned with two different concepts of security: one technical, and one that encompasses the security of entire nations. Joining the two words together again, cyber security is concerned with making cyberspace safe from threats, namely cyber-threats. The notion of “cyber-threats” is rather vague and implies the malicious use of information and communication technologies either as a target or as a tool by a wide range of malevolent actors. As commonly used, the term “cyber security” refers to three things. A set of activities and other measures, technical and non-technical, intended to protect computers, computer networks, related hardware and devices software, and the information they contain and communicate, including software and data, as well as other elements of cyberspace, from all threats, including threats to the national security, The degree of protection resulting from the application of these activities and measures. The associated field of professional endeavour, including research and analysis, aimed at implementing and those activities and improving their quality.
Everyone has their confidentiality and all the different programs that are in place are preventing people from getting into confidential information. Cyber security is a huge deal in our world today and everyone needs to do their part to keep themselves and the people close to them safe from all the nasty things that are our there on the internet. The definition of cyber security is a hard complex one but I hope this information helps you understand it a little better.
CyberSecurity Past and Present
Cyber security wasn’t always a huge problem in our world but over the past few years it has come to our attention and it is becoming a huge problem. Contrary to widespread belief, concerns about cyber security are not a phenomenon of the 1990s. Viruses and worms have been part of the background noise of cyberspace since its earliest days. In the 1986 movie War Games, a young teenager hacks his way into the computer that handles command and control for the US nuclear arsenal. The famous Cuckoo’s Egg incident in the mid-1980s raised awareness that foreign spies had found new ways to obtain highly classified information. The numbers are telling: According to statistics, there were 21’000 reported virus incidents in 2000. Three years later, the number was more than six times higher.
In 2002, the worldwide damage done by worms and viruses was estimated at US$45 billion; August 2003 alone saw costs of almost the same magnitude. The issue of cyber security was catapulted onto the security political agendas when it was persuasively linked to both terrorism and critical infrastructure protection. Not only are information systems exposed to failures, they are also potentially attractive targets for malicious attacks. The CI delivers a range of services that individuals, and society as a whole, depend on. Any damage to or interruption of the CI causes ripples across the technical and societal systems, a principle that has held true in the past, and even more so today due to much greater interdependencies. Attacking infrastructure therefore has a “force multiplier” effect that allows even a relatively small attack to achieve a much greater impact. For this reason, CI structures and networks have historically proven to be appealing targets for a whole array of actors.
The cyber security debate as we know it today originated in the US in the mid-1990s, from where it subsequently spread to other developed countries and manifested itself on security policy agendas in a variety of forms. The topic is a product of two recent developments: On the one hand, it is inextricably linked to the so-called information revolution, which is about the dynamical evolution and propagation of information and communication technologies into all aspects of life and the integration of these technologies into a multimedia system of communication with global reach. Certain characteristics of this technological development, especially the obvious and inherent insecurity of digital networks, have had a decisive impact on how we perceive and react to cyber-threats. All of us now no that cyber security is becoming a problem and we are all doing things to protect us. We install security devices on our computers to protect from internet hackers, and we all have passwords and all those things to help protect us as well. To me I don’t think this is a huge problem because it has not affected me that much but to others it is a huge problem, especially for the government and major corporations.
What is Cybercrime?
Online activities are just as vulnerable to crime and can compromise personal safety just as effectively as common everyday crimes. Lawmakers, law enforcement, and individuals need to know how to protect themselves and the persons for which they are responsible. You can see by the explanations of various cybercrimes below that the crimes have existed long before computers and the internet were made available to the general public. The only difference involves the tools used to commit the crime.
Types of Cybercrime
Assault by Threat – threatening a person with fear for their lives or the lives of their families or persons whose safety they are responsible for (such as employees or communities) through the use of a computer network such as email, videos, or phones.
Child Pornography – the use of computer networks to create, distribute, or access materials that sexually exploit underage children.
Cyber Contraband – transferring illegal items through the internet (such as encryption technology) that is banned in some locations.
Cyberlaundering – electronic transfer of illegally-obtained monies with the goal of hiding its source and possibly its destination.
Cyberstalking – express or implied physical threats that creates fear through the use of computer technology such as email, phones, text messages, webcams, websites or videos.
Cyberterrorism – premeditated, usually politically-motivated violence committed against civilians through the use of, or with the help of, computer techology.
Cybertheft – using a computer to steal. This includes activities related to: breaking and entering, DNS cache poisoning, embezzlement and unlawful appropriation, espionage, identity theft, fraud, malicious hacking, plagiarism, and piracy. Examples include:
1. Advertising or soliciting prostitution through the internet. It is against the law to access prostitution through the internet (including in the state of Nevada in the United States) because the process of accessing the internet crosses state and sometimes national borders. This is a violation of the federal Digital Millennium Copyright Act http://www.copyright.gov/legislation/dcma.pdf.
2. Drug Sales. Both illegal and prescription drug sales through the internet are illegal except as a customer through a state licensed pharmacy based in the United States http://www.fda.gov.
3. Computer-based fraud. Fraud is different from theft because the victim voluntarily and knowingly gives the money or property to the criminal but would not have if the criminal did not misrepresent themselves or their offering. Fraud is a lie. If someone leads you on or allows you to believe something that is false to benefit them, they are lying and this is fraud. You become a victim when you voluntarily surrender monies or property based on their misrepresentation or lie. Losing money from computer crime can be especially devastating because often it is very difficult to get the money back. Examples are: scams and altering data to get a benefit, suchas removing arrest records from the police station server, changing grades on the school computer system or deleting speeding tickets from driving records.
4. Online Gambling. Gambling over the internet is a violation of American law because the gambling service providers require electronic payment for gambling through the use of credit cards, debit cards, electronic fund transfers which is illegal with the Unlawful Internet Gambling Enforcement Act http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=f:h4411eh.txt.pdf.
Cybertresspass – someone accesses a computer’s or network’s resources without the authorization or permission of the owner but does not alter, disturb, misuse, or damage the data or system. This is hacking for the purpose of entering an electronic network without permission. Examples might include:
1. Using a wireless internet connection at a hotel at which you are staying and accessing the hotel’s private files without disturbing them because they are available.
2. Reading email, files, or noting which programs are installed on a third-party's computer system without permission just for fun, because you can. This is sometimes called Snooping.
Cybervandalism - Damaging or destroying data rather than stealing or misusing them (as with cybertheft) is called cybervandalism. This can include a situation where network services are disrupted or stopped. This deprives the computer/network owners and authorized users (website visitors, employees) of the network itself and the data or information contained on the network. Examples:
* Entering a network without permission and altering, destroying, or deleting data or files.
* Deliberately entering malicious code (viruses, Trojans) into a computer network to monitor, follow, disrupt, stop, or perform any other action without the permission of the owner of the network.
* Attacking the server of the computer network (DDoS attack) so the server does not perform properly or prevents legitimate website visitors from accessing the network resources with the proper permissions.
Resources
http://www.brighthub.com/internet/security-privacy/articles/3435.aspx
http://www.brighthub.com/internet/security-privacy/articles/8821.aspx
http://java.dzone.com/news/fisl-2009-day-3
By Samantha Wheelbarger
Types of Hackers and what they try to Accomplish
- Hacktivists, Hacktivism is generally considered to involve the use of computer attacks for political, social, or religious purposes. Hacktivists are motivated by a wide range of social and political causes and use hacking techniques against a target’s Internet site with the intent of disrupting normal operations but not causing serious damage. Web “sit-ins” and virtual blockades, automated email bombs, web hacks and defacements of websites, computer break-ins, and computer viruses and worms
- Cracker, “Black Hat Hacker”: Someone who usually illegally attempts to break into or otherwise subvert the security of a program, system, or network, often with malicious intent. Hackers themselves like to distinguish between this type of hacker
- Sneakers, or “White Hat Hackers”, which is someone who attempts to break into systems or networks in order to help the owners of the system by making them aware of security flaws in it.
In the debate over cyber-threats, hacking is considered a method used not only by technologically apt individuals, but also by malicious actors with truly bad intent, such as terrorists or actors operating on behalf of hostile foreign states. Members of the last two hacker groups in particular have the knowledge, skills, and tools to attack the information infrastructure, even though they generally lack the motivation to cause violence or severe economic or social harm. The most frequently discussed topic in connection with cyberspace today is cyber-crime. Unlike traditional crimes, cyber-crimes are global crimes committed by perpetrators with coordination from two or more countries. Most of these crimes are becoming more sophisticated by the day.
Incidents of “phishing”, which involves the sending of false emails purportedly from banks or other institutions to their customers to trick them into giving out their account details, have increased significantly during the past couple of years. Issues of identity theft and authentication on the Internet are impeding e-commerce across the globe. Regular attempts of DDOS attacks are causing enough losses to business establishments to be more than a mere nuisance. It is becoming a huge problem with banks because with these people impersonating bank employees and getting banking information causes a huge problem with peoples financial well being.
These people do not care who they are taking from, and all they care about is making money and making it easy. All they need is to get from a few people and they can be set for life. People have to be very careful about who they give their information to, because as of now no one is completely safe from this crime. People need to become more aware of what can be happening to them so they can become safer and be able to sleep easy at night knowing that all of their money is safe, as long as all of their personal information on the internet. This is not something that I worry about a whole lot because I have never been affected by it but by reading up on the issue of cyber security is definitely something I will take into account in the future.
HACKERS
Hacker is a person who breaks into computers, usually by gaining access to administrative controls. The subculture that has evolved around hackers is often referred to as the computer underground. They tend to be in different groups depending on their way of doing it. Instead of a hacker – cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat (ethical hacking), grey hat, black hat and script kiddie.
White Hat
A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This type of hacker enjoys learning and working with computer systems, and consequently gains a deeper understanding of the subject. Such people normally go on to use their hacking skills in legitimate ways, such as becoming security consultants. The word 'hacker' was originally used to describe people such as these. White hat hackers, also known as "ethical hackers," are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a company's information systems are secure. Such people are employed by companies where these professionals are sometimes called "sneakers."
Grey Hat
A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted. A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts illegally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. Grey hackers use their skills in
order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment they cross that boundary, they become black hackers.
Black Hat
A black hat hacker is someone who subverts computer security without authorization or uses technology (usually a computer or the Internet) for vandalism (malicious destruction), credit card fraud, identity theft, intellectual property theft, or other types of crime. A black hat is the villain or bad guy, especially in a western movie in which such a character would wear a black hat in contrast to the hero's white hat. The phrase is often used figuratively, especially in computing slang, where it refers to a hacker who breaks into networks or computers, or creates computer viruses.
Some examples are: cracking bank accounts in order to make transferences to their own accounts, stealing information to be sold in the black market, or attacking the computer network of an organization for money.
Script Kiddie
A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others. These are the outcasts of the hacker community. In hacker culture, a script kiddie, occasionally script bunny, skiddie, skid, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. While a hacker will take pride in the quality of an attack - leaving no trace of an intrusion, for example - a script kiddy may aim at quantity, seeing the number of attacks that can be mounted as a way to obtain attention and notoriety. Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers.
Hacktivist
A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hactivism involves website defacement or denial-of-service attacks. In more extreme cases, hactivism is used as tool for Cyberterrorism. Hacktivism is "the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.
Resources
http://en.wikipedia.org/wiki/Hacker
http://en.wikipedia.org/wiki/White_hat
http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci550928,00.html
By Samantha Wheelbarger
How To Become a Hacker
By Lindsay Frahm
What Is a Hacker?
The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.
There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.
The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.
There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them.
If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.
The Hacker Attitude
1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.
But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.
Or, as the following modern Zen poem has it:
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.
So, if you want to be a hacker, repeat the following things until you believe them:
1. The world is full of fascinating problems waiting to be solved.
Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.
If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.
(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.)
2. No problem should ever have to be solved twice.
Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.
To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.
(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)
3. Boredom and drudgery are evil.
Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.
To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).
(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)
4. Freedom is good.
Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.
(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)
Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.
5. Attitude is no substitute for competence.
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.
Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.
If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.
Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.
The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.
This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:
1. Learn how to program.
This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.
I used to recommend Java as a good language to learn early, but this critique has changed my mind (search for “The Pitfalls of Java as a First Programming Language” within it). A hacker cannot, as they devastatingly put it “approach problem-solving like a plumber in a hardware store”; you have to know what the components actually do. Now I think it is probably best to learn C and Lisp first, then Java.
If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.
C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.
Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.
LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)
It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.
But be aware that you won't reach the skill level of a hacker or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.
I can't give complete instructions on how to learn to program here — it's a complex skill. But I can tell you that books and courses won't do it — many, maybe most of the best hackers are self-taught. You can learn language features — bits of knowledge — from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.
Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.
Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more … and repeat until your writing begins to develop the kind of strength and economy you see in your models.
Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic…
2. Get one of the open-source Unixes and learn to use and run it.
I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.
Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.
Under Mac OS X it's possible, but only part of the system is open source — you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.
Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)
So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.
For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.
To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation.
During the first ten years of this HOWTO's life, I reported that from a new user's point of view, all Linux distributions are almost equivalent. But in 2006-2007, an actual best choice emerged: Ubuntu. While other distros have their own areas of strength, Ubuntu is far and away the most accessible to Linux newbies.
You can find BSD Unix help and resources at www.bsd.org.
A good way to dip your toes in the water is to boot up what Linux fans call a live CD, a distribution that runs entirely off a CD without having to modify your hard disk. This will be slow, because CDs are slow, but it's a way to get a look at the possibilities without having to do anything drastic.
I have written a primer on the basics of Unix and the Internet.
I used to recommend against installing either Linux or BSD as a solo project if you're a newbie. Nowadays the installers have gotten good enough that doing it entirely on your own is possible, even for a newbie. Nevertheless, I still recommend making contact with your local Linux user's group and asking for help. It can't hurt, and may smooth the process.
3. Learn how to use the World Wide Web and write HTML.
Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.
This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)
But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge — very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).
To be worthwhile, your page must have content — it must be interesting and/or useful to other hackers. And that brings us to the next topic…
4. If you don't have functional English, learn it.
As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.
Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).
Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.
Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to.
Port Scanning
Port scanning is the process of sending packets to each port on a target system to see what ports it has open. A computer system has 65,535 port numbers, with one TCP port and one UDP port for each number. Each one of these ports is a potential way to enter a system. Each port has an associated service that may be exploitable or contain vulnerabilities. Thus, viewing the ports tells you what sort of software is running. If someone has port 80 open, then he or she is open, that discovery probably indicates a network administrator who is not particularly security conscious and may have left all default setting on all of his or her systems. This deduction gives you valuable clues as to the kind of target you are examining.
There are several tools on the internet available for download for port scanning. Using information obtained from your port scan you should be able to tell whether a system is using NetBIOS because such a system will have ports 137, 138, and 139 open. If a system is running an SQL server, then it may have port 118 open. This information can be used by a hacker to begin to explore possible flaws or vulnerabilities in the service running on a given port number. Therefore, this information is quite important from a security perspective. If you are scanning you own machine and see ports that are open (ones that you do not use), than close them. All firewalls give you the option of blocking ports. That function is the most essential purpose of any firewall. A basic rule of thumb in security is that any port that you are not actively using should be blocked.
Port Scanning
A port scanner is a software application designed to probe a network host for open ports. This is often used by administrators to verify security policies of their networks and by hackers to identify running services on a host with the view to compromising it. To portscan a host is to scan for listening ports on a single target host. To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service, for example, an SQL based computer worm may port sweep looking for hosts listening on TCP/UDP port 1433.
Port scanning types
TCP scanning
The simplest port scanners use the operating system's network functions and is generally the next option to go to when SYN is not a feasible option. Nmap calls this mode connect scan, named after the Unix connect system call. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. This scan mode has the advantage that the user does not require special privileges. However, using the OS network functions prevents low-level control, so this scan type is less commonly used.
SYN scanning
SYN scan is another form of TCP scanning. Rather than use the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as "half-open scanning", because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed.
The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection while some services can be crashed with a connect scan. However, the RST during the handshake can cause problems for some network stacks, particularly simple devices like printers. There are no conclusive arguments either way.
UDP scanning
UDP scanning is also possible, although there are technical challenges. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP rate limiting.
An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response. For example, sending a DNS query to port 53 will result in a response, if a DNS server is present. This method is much more reliable at identifying open ports. However, it is limited to scanning ports for which an application specific probe packet is available. Some tools (e.g. nmap) generally have probes for less than 20 UDP services, while some commercial tools (e.g. nessus) have as many as 70. In some cases, a service may be listening on the port, but configured not to respond to the particular probe packet.
To cope with the different limitations of each approach, some scanners offer a hybrid method. For example, using nmap with the -sUV option will start by using the ICMP port unreachable method, marking all ports as either "closed" or "open|filtered". The open|filtered ports are then probed for application responses and marked as "open" if one is received.
ACK scanning
ACK scanning is one of the more unique scan types, as it does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This is especially good when attempting to probe for the existence of a firewall and its rulesets. Simple packet filtering will allow established connections (packets with the ACK bit set) whereas a more sophisticated stateful firewall might not.
Window scanning
Rarely used because of its outdated nature, window scanning is fairly untrustworthy in determining whether a port is opened or closed. It generates the same packet as an ACK scan, but checks whether the window field of the packet has been modified. When the packet reaches its destination, a design flaw attempts to create a window size for the packet if the port is open, flagging the window field of the packet with 1's before it returns to the sender.
While this method has been phased out almost completely, using this scanning technique with systems that no longer support this implementation returns 0's for the window field, labeling open ports as closed.
FIN scanning
Since SYN scans are not surreptitious enough, firewalls are generally scanning for and blocking packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand. This is typical behavior due to the nature of TCP, and is in some ways an inescapable downfall. Systems vulnerable to this type of scan are most Unix and NT systems. Microsoft is immune in that it is not bias in the port state and will send a RST packet regardless of the port being open or closed.
Resources
http://en.wikipedia.org/wiki/Port_scanner#Port_scanning_types
http://netsecurity.about.com/cs/hackertools/a/aa121303.htm
http://www.auditmypc.com/freescan/readingroom/port_scanning.asp
By Samantha Wheelbarger
Assessing A Computer System
There are several different topics overlooked by those new to this topic. These topics are disaster recovery, access rights, and other policies. There are six p’s that separate security. They are: patch, ports, protect, policies, probe, and physical. The most important to me is the protect part. Without protection on your computer the things like viruses and other bad things will get in your computer. One way to avoid it is to surf safely. Stay off of sites that can harm your computer. Like say there’s a site that is advertising a free computer or something in those guidelines. It’s more likely a virus in that site or some kind of spyware. Most sites like that are fake and are trying to infect your computer. Also sites with downloads and any kind of skype can harm your computer.
All communication takes place via some port. Any port you do not explicitly need should be shutdown. This means that those unused services and individual workstations should be shut down. Windows XP and Linux have built in port filtering capability. You should also shut down any unused router ports in your network. If your network is part of a larger WAN. Then it is likely you have a router connecting you to the WAN. Every open port is a possible avenue of entry for a virus or intruder. Therefore, every port you can close is one less opportunity for such attacks to affect your system. Shutting down unneeded ports and services as an essential and very basic part of computer security. Any port that is open is a possible avenue for a hacker or virus to get to your machine. So a common rule is if you don’t need it, shut it down and block it.
Protecting is the next phase of assessing a system’s security. This means, at a minimum, a firewall between your network and the outside world. Another thing to consider is using a intrusion detections system on the firewall an Web servers. An IDS is secure network without one. However, they are the only way to know of impending attacks, and there are free, open source IDSs available. For that reason, most experts highly recommend them. The firewall and IDS will provide basic security to your networks perimeter, but you also need virus scanning. Each and every machine, including servers, must have a virus scanner that is updated regularly. The point has already been made that a virus infection is the greatest threat to most networks. As also previously discussed, it is probably prudent to consider anti-spyware software on all of your systems. This will prevent users of your network from inadvertently running spyware on the network.
It is absolutely essential that any organization have clearly written policies on computer security. Those policies be strongly enforced by management. Those policies should cover acceptable use of organizational computers, the Internet, e-mail and any other aspect of the system. Policies should prohibit the installation of any software on the systems. Only IT personnel should install software and only after they have verified its safety.
The Best Ways to Protect your Computer
There are different types of anti virus software that a person can use to protect his/her PC. But there is no anti virus software that protects your PC from all threats. Therefore a person cannot rely on his/her anti virus software to protect his PC. You also have to take some measures to make sure you Computer stays safe.
1. Never download any file which you think has adware,viruses or spy ware etc. If it is very important than scan it using an anti virus software. And then open it.
2. Make sure that all software in your computer is always fully updated. Especially your anti virus Software. Unupdated can be vulnerable to viruses.
3. Scan your PC at least once a day to make sure your PC isn't effected by Computer threats.
How to Protect Your Computer
The same advice parents might deliver to young drivers on their first solo journey applies to everyone who wants to navigate safely online. A special agent in our Cyber Division offered the following:
- "Don't drive in bad neighborhoods."
- "If you don't lock your car, it's vulnerable; if you don't secure your computer, it's vulnerable."
- "Reduce your vulnerability and you reduce the threat."
Below are some key steps to protecting your computer from intrusion:
- Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
- Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users' knowledge. Most types of antivirus software can be set up to update automatically.
- Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It's like buying groceries—shop where you trust.
- Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
- Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don't know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
- Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being "always on" renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker's connection—be it spyware or a botnet that employs your computer's resources to reach out to other unwitting users.
Resources
http://www.fbi.gov/cyberinvest/protect_online.htm
http://forums.cnet.com/5208-6122_102-0.html?threadID=299121
By Samantha Wheelbarger
Encryption
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
Three Types of Encryption
Different software products operate with encryption in different ways. Three basic types of encryption may be considered: manual, semi-transparent and transparent.
Manual Encryption
Manual encryption is completely provided by the user (via the relevant software, of course): he has to manually select the objects for encryption (usually files or folders) and then run some special command/ menu item to encrypt or decrypt these objects. Thus, manual encryption systems demand the user's active participation, and he must strictly remember to encrypt his private data before he leaves this data outside of his personal control. This is risky from a security point of view - risking human error (forgetfulness). Nevertheless, manual (file) encryption, from a technical point of view, has a potential advantage: it can operate easily and reliably - more reliably than any other type of encryption software.
Transparent Encryption
Transparent encryption is almost a complete contrast to Manual encryption. In this case, decryption/ encryption is performed at a low level, permanently, during ALL read/write operations, so that encrypted data of any type (including executable programs) is always stored on the disk in encrypted form. The theft or loss of a notebook/ disk/ floppy disk, a sudden power/ software/ hardware failure/ breakdown does not threaten loss of data - it is always stored on the transparently encrypted volumes in encrypted form. From the point of general security principles, complete low-level transparent encryption is the most secure type imaginable, being easiest - imperceptible - for the user to manage, but it has a couple of disadvantages: it can't be "mobile" - i.e. can not transport encrypted data from computer to computer, (except via encrypted diskettes); it is very difficult to implement (engineer) correctly; and it generally doesn't fit into system architectures based on multi-user sharing of resources, as in networks. Nevertheless, when properly engineered, it is unbeatable for the protection of data on local work stations and stand-alone or mobile (laptop) machines.
Semi-Transparent Encryption
Semi-Transparent, or "On-the-fly", encryption operates not permanently, but before/after access is made to confidential objects or during some read/write operations. The most widespread example is ciphering during Copy/Move to a "secret" volume/folder; deciphering a file before opening it via standard Windows applications (Word, Excel, etc) and enciphering it after the application is finished; and deciphering specified folders/files at startup of the computer and enciphering them again at shutdown. Semi-Transparent encryption graduates from manual/file encryption. The typical great weakness of many of these encryption products is that they can cause degradation of the computer systems efficiency and a sudden/ emergency loss of data when the amounts to be encrypted are too great. The problem of developers is to find an optimal trade off between simplicity, security, effectiveness and reliability, and most developers get into a mess here. By the way, the semi-transparent features of F-Cryprite are based not on any doubtful programming tricks, but on the encryption speed of the SVC algorithm (which is essentially higher than any "open" operation in Windows): thus F-Cryprite's efficiency is absolutely uninfluenced by the total amount of data to be encrypted!
Resources
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212062,00.html
http://en.wikipedia.org/wiki/Encryption
By Samantha Wheelbarger
++Chapter 7: Encryption++
By: Autumn, Brianna, and Skylar
Your computer is an important part of your life. It helps you with things in everyday life. But do you know what danger your computer is in and how easy it is to lose data.
As defined encryption is the act of encrypting a message. This usually involves altering a message so that it cannot be read without the key and the decryption algorithm. If you have the best firewall, very tight security policies, hardened operating systems, virus scanners, anti-spyware, and every other computer security angle covered but send your data in raw, plain text, then your simply are not secure. There are two forms of encryption:
· Single key encryption/Symmetric key encryption
· Public key encryption/Asymmetric key encryption
Single key encryption is a method in which the same key is used to both encrypt and decrypt a message. Public key encryption is a method that uses two keys. One is publicly distributed and is used to encrypt messages and the other is kept private and is used to decrypt the messages.
As defined cryptography is the art of writing in or deciphering secret code. Decryption is defined as breaking encryption and discovering the underlying message. There are two types of cryptography: transposition and substitution.
1. Transposition involves simply rearranging the letters of a message, as is done in and anagram.
2. Substitution is replacing each letter in the alphabet with a different letter or number.
According to research encryption is probably as old as written communication. The idea of encryption can be fairly easy. Messages must be changed in a way that the message cannot be easily read by the enemy, but they can be easily decoded by the intended recipient. Caesar cipher is the oldest method of encryption. Caesar cipher simply shifts each character by a given number of characters. Here is an example:
If the text is: A cat
You choose to shift by two letters, then the message becomes: C ecv.
If you choose to shift by three letters the messages becomes: D fdw.
Substitution alphabet is the characters used to replace plain text in a substitution or multi-substitution encryption algorithm. Mono-alphabet substitution is a primitive encryption algorithm in which there is one single substitute character for all plain text characters. Multi-alphabet substitution is a primitive encryption algorithm in which there are multiple substitute characters for all plain text characters.
Phil Zimmermann invented PGP which is Pretty Good Privacy. It is a system that is thought to be secure by most experts and is more than ten years old. Before Mr. Zimmermann came up with PGP he had been a software engineer for twenty years and had experienced forms of cryptography. Three important facts to know about Pretty Good Privacy are:
1. A public key encryption
2. Considered quite secure
3. Available free of charge
A virtual private network is a network that is constructed by using public wires to connect nodes. There are three different protocols that are used to create VPN’s. They are:
§ Point to Point Tunneling Protocol—is the oldest protocol used and it is used in virtual private networks.
§ Layer 2 Tunneling Protocol—is used to create virtual private networks and is a successor to Point to point tunneling protocol.
§ Internet Protocol Security—is critical for securing virtual private networks.
In conclusion sending responsive data is unwise. The most important thing to remember is that, it’s not your computer or network that will be compromised, but rather your data.
Sources:
Easttom, Chuck. Computer Security Fundamentals. New Jersey: Pearson Education, Inc., Upper
Saddle River, 2006 (166-183).
Espionage
Espionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, as the legitimate holder of the information may change plans or take other countermeasures once it is known that the information is in unauthorized hands. See clandestine HUMINT for the basic concepts of such information collection, and subordinate articles such as clandestine HUMINT operational techniques and clandestine HUMINT asset recruiting for discussions of the "tradecraft" used to collect this information.
Industrial espionage is an attempt to gain access to information about a company’s plans, products, clients or trade secrets. In most cases, such conduct, especially when it involves accessing trade secrets is illegal. Sometimes rival companies will search through public records in order to make guesses about a company’s actions. However, when the search goes from the public to the private, industrial espionage is an illegal act and punishable with jail time and financial penalties.
Although the Mission Impossible type of industrial espionage does exist, more frequently spying on another company is fairly mundane. Frequently, spies gain access to private information by finding someone who works for the spied upon company. If this person can be bribed, coerced or blackmailed to get such information, then this is essentially industrial espionage.
Different Types of Espionage
Industrial espionage or corporate espionage
The term is distinct from legal and ethical activities such as examining corporate publications, websites, patent filings, and the like to determine the activities of a corporation (this is normally referred to as competitive intelligence). Theoretically the difference between espionage and legal information gathering is clear. In practice, it is quite difficult to sometimes tell the difference between legal and illegal methods. Especially if one starts to consider the ethical side of information gathering, the border becomes even more blurred and elusive of definition.
Industrial espionage describes activities such as theft of trade secrets, bribery, blackmail, and technological surveillance. As well as spying on commercial organizations, governments can also be targets of commercial espionage—for example, to determine the terms of a tender for a government contract so that another tenderer can underbid.
Resources
http://en.wikipedia.org/wiki/Industrial_espionage
http://en.wikipedia.org/wiki/Espionage
http://www.wisegeek.com/what-is-industrial-espionage.htm
By Samantha Wheelbarger
Chapter 9: Industrial Espionage in Cyberspace
By: Autumn, Brainna, and Skylar
What comes to your mind when you hear the word espionage? People can probably come up with many ideas of what that word can mean. For example you could have visions of a well-dressed man who drinks martinis, shaken but not stirred, traveling to glamorous locations with equally glamorous travel companions.
As defined espionage is the act of illicitly gaining confidential information. Industrial espionage is the use of spying techniques to find out key information that is of economic value. Assets are funds or property available for payment of debts. Companies spend billons of dollars every year on research and development. Asset identification is the process of listing the assets that you believe support your organization. The list should consist of things that impact direct day-to-day operations as well as those that are tied to your company’s services or products.
For example, if a company spends $200,000 researching a process that will in turn generate $1 million in revenue, than that data is worth at least $1.2 million. There is a simple equation that describe this: VI (value of information) = C (Cost to produce) + VG (value gained).
The data stored in computer systems is very important and has very high value for two reasons:
1. There is a great deal of time and effort that goes into creating and analyzing the data.
2. Data often has intrinsic value, apart from the time and effort spent acquiring those facts.
Espionage can happen in two different ways. The first way is as low-technology avenue would be for current or former employees o simply take the data and the second is technology-oriented method is for the individuals to use spyware, which includes the use of cookies and key loggers.
Espionage can be a dangerous matter but we have to take the steps to protect ourselves from it. According to computer security expert Andrew Briney he places people as the number one issue in computer security. There are eleven steps that you can use to. Here are examples of a few:
1. Always use all reasonable network security: firewalls, intrusion-detection software, anit-spyware, patching and updating the operating system, and proper usage policies.
2. Set up a system for those employees with access to the most sensitive data in which there is a rotation or a separation of duties.
3. Do not allow employees to take documents home.
4. Shred documents and melt old disks/tape backups/CDs.
Unfortunately, following these rules will not make you totally immune to corporate espionage.
Many conclusions can be determined from the examination of industrial espionage. The first conclusion is that it does indeed occur and the second thing is this brief study of industrial espionage is that there are a variety of methods by which espionage can take place. The most important thing to remember is you want to know the best way to protect your company and your-self.
Sources:
Easttom, Chuck. Computer Security Fundamentals. New Jersey: Pearson Education, Inc., Upper
Saddle River, 2006 (219-234).
Cyberterrorism
Chapter 10 Cyber Terrorism and Information Warfare
By Autumn, Brianna, and Skyler
What is cyber terrorism? According to the FBI, cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by sub-national groups or clandestine agents. Cyber terrorism is simply the use of computers and the Internet connectivity between them in order to launch a terrorist attack. In short, cyber terrorism is just another form of terrorism – it is only a milieu of the attack that has changed. In cyber terrorism there is no loss of life, like in a bomb attack, however, significant economic damage, disruptions in communications, disruptions in supply lines, and general degradation of the national infrastructure are all quite possible via the Internet.
Economic Attacks: there are a variety of ways that a cyber attack can cause economic damage. Lost files and lost records are one way. In addition to simply destroying economically valuable data, there are other ways to cause economic disruption. Some of those ways include stealing credit cards, transferring money from accounts, and fraud.
Military Operations Attack: when computer security and national defense are mentioned together, the obvious thought that comes to mind is the possibility of some hacker breaking into ultra-secure systems at the Department of Defense, Central Intelligence Agency (CIA), or the National Security Agency (NSA). However, such an intrusion into one of the most secure systems in the world is very unlikely – not impossible, but very unlikely. The most likely outcome of such an attack would be that the attacker is promptly captured. Such systems are hyper-secure and intruding upon them is not as easy as some movies might suggest.
General Attacks: what might be more threatening is a general and unfocused attack with no specific target. Consider the various virus attacks of late 2003 and early 2004; these attacks were not aimed at a specific target. However, the shear volume of virus attacks and network traffic did cause significant economic damage.
Information Warfare: information warfare certainly predates the advent of the modern computer and, in fact, may be as old as conventional warfare. In essence, information warfare is any attempt to manipulate information in pursuit of a military or political goal. Propaganda: computers and the Internet are very effective tools that can be used in the dissemination of propaganda. Many people now use the Internet as a secondary news source, and some even use it as their primary news source. Information Control: since World War II, control of information has been an important part of political and military conflicts. Disinformation: another category of information warfare that is closely related to propaganda is disinformation. It is a given that a military opponent is attempting to gather information about the troop movements, military strength, supplies, and so forth. A prudent move would be to set up systems that had incorrect information and were just secure enough to be credible, but not secure enough to be unbreakable.
Defense Against Cyber Terrorism: there are recommendations for preparing for and protecting systems against cyber terrorism. Many recommend a Manhattan Project level government program designed to prepare for and defend against cyber warfare. Major academic institutions must begin dedicated research and academic programs that are devoted solely to computer security. Computer crime must be treated far more seriously, with stronger punishments and more active investigation of suspected crimes. It is unreasonable to ask every police department to have a computer-crime specialist on staff. An emergency reporting system may need to be implemented so that security professionals from various industries have a single source where they can report attacks on their systems and can view the issues with which other security professionals are dealing.
Computer Security Fundamentals By Chuck Easttom
Google Images
Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism. Cyberterrorism can also be defined much more generally, for example, as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” This broad definition was created by Kevin G. Coleman of the Technolytics Institute
Cyber terrorism takes many forms. One of the more popular is to threaten a large bank. The terrorists hack into the system and then leave an encrypted message for senior directors, which threatens the bank. In essence, the message says that if they do not pay a set amount of money, then the terrorists will use anything from logic bombs to electromagnetic pulses and high-emission radio frequency guns to destroy the banks files. What adds to the difficulty to catch the criminals is that the criminals may be in another country. A second difficulty is that most banks would rather pay the money than have the public know how vulnerable they are. Here are some examples of cyber-terroism in its many forms:
Case 1:
Cyber-terrorists often commit acts of terrorism simply for personal gain. Such a group, known as the Chaos Computer Club, was discovered in 1997. They had created an Active X Control for the Internet that can trick the Quicken accounting program into removing money from a user's bank account. This could easily be used to steal money from users all over the world that have the Quicken software installed on their computer. This type of file is only one of thousands of types of viruses that can do everything from simply annoy users, to disable large networks, which can have disastrous, even life and death, results.
Case 2:
Cyber-terrorist are many times interested in gaining publicity in any possible way. For example, information warfare techniques like Trojan horse viruses and network worms are often used to not only do damage to computing resources, but also as a way for the designer of the viruses to "show off." This is a serious ethical issue because many people are affected by these cases. For one, the viruses can consume system resources until networks become useless, costing companies lots of time and money. Also, depending on the type of work done on the affected computers, the damage to the beneficiaries of that work could be lethal. Even if the person never meant to harm someone with their virus, it could have unpredictable effects that could have terrible results.
Case 3:
In one of its more unusual forms, cyber-terrorism can be used for an assassination. In one case, a mob boss was shot but survived the shooting. That night while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was dead a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the "accident". There are many ethical issues involved in a case like this. Most obviously, a man was killed by the hackers' actions. Also, the life of the nurse was probably ruined, along with the reputation of the hospital and all its employees. Thus, there are often more stakeholders in a terrorist situation that the immediate recipient of the terrorism.
Case 4:
Terrorism can also come in the form of disinformation. Terrorists can many times say what they please without fear of reprisal from authorities or of accountability for what they say. In a recent incident, the rumor that a group of people were stealing people's kidneys for sale was spread via the Internet. The rumor panicked thousands of people. This is an ethical issue similar to screaming 'Fire' in a crowded theater. In case like this, the number of people affected is unlimited. Thousands of people were scared by this and could have suffered emotionally.
Case 5:
Minor attacks come in the form of "data diddling", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords. Hackers may even prevent users who should have access from gaining access to the machine. Ethical issues in this case include things like invasion of privacy and ownership conflicts. It could be even more serious if, for instance, the person who needed access to the machine was trying to save someone's life in a hospital and couldn't access the machine. The patient could die waiting for help because the computer wouldn't allow the necessary access for the doctor to save his or her life.
Resources
http://csciwww.etsu.edu/gotterbarn/stdntppr/cases.htm
http://en.wikipedia.org/wiki/Cyberterrorism
By Samantha Wheelbarger
Chapter 11 Cyber Detective
By Autumn, Brianna, and Skyler
In the preceding chapters we have examined many facets of computer security. Three of those issues lead us to the content of this chapter. The first is identity theft, the second is hacking, and the third is investigating potential employees for sensitive positions.
In order for a criminal to perpetrate identity theft they have to take a small amount of information they can find on their target and use that to garner even more information. Perhaps a discarded credit card receipt, or utility bill becomes the starting point from which the perpetrator finds enough information to assume the victim’s identity.
Hackers, at least skilled hackers, will want information about a target person, organization, and system in order to assist in compromising security. Whether the perpetrator is attempting to use social engineering, or simply trying to guess a password, having information about the target will facilitate the task. Once you realize how easy it is to gain personal information about someone, you will realize why security experts are so adamant that you must not use passwords that are in any way associated with you, your profession, your hobbies, or anything that might be traced back to you.
Finally, when you are hiring employees that might have access to sensitive data, simply calling the references they provide is not an adequate method of checking into their background. And hiring a private investigator may be impractical.
This may surprise some readers, but network administrators are of particular significance to be investigated before hiring. Most companies perform the same cursory check of network administrators as they do of any other person. That usually consists of verifying degrees and certifications and calling references. With some companies it might include a credit check and a local criminal background check. However, a network administrator should be more thoroughly investigated. The reason is quite simple, regardless of how tight your security is, it cannot keep out the person who sets it up and maintains it.
The Internet can be a valuable investigative tool. It can be used to find out about potential employees, baby sitters, etc. Much of the information on the Internet is also free. Many states have court records online, and there are many other resources you can use to find information.
General Searches: sometimes you simply want to find an address, phone number, or e-mail address for a person. Or perhaps that is the starting point for a more thorough investigation. There are a number of absolutely free services on the Web that will allow you to perform this sort of search. Some sites are better than others, and obviously the more common the name you are searching for the harder it will be to find the right person. For example, if you search the name John Smith in California, you might have a tough time dealing with all the results you get.
Court Records and Criminal Checks: a number of states are now putting a variety of court records online. Everything from general court documents to specific records of criminal history and even lists of pedophiles. This sort of information can be critical before you hire an employee, use a babysitter, or send your child to little league.
Sex Offender Registries: first, you should become familiar with online sex offender registries. The FBI maintains a rather exhaustive list of individual state registries. You can access this information at www.fbi.gov/hq/cid/cac/registry.htm. Every state has an online registry listed on this Web site. Obviously some states have done a better job of making accurate information public, than have others.
Civil Court Records: there are a variety of crimes, as well as civil issues, a person might be involved in that would make them unsuitable for a particular job. If you are hiring a person to work in your human resources department and oversee equal opportunity issues, knowing if they had been involved in domestic violence, racially motivated graffiti, or other similar issues, might affect your employment decision.
We have seen in this chapter that the Internet can be a valuable resource for any sort of investigation. It is also one of the tools used by hackers and identity thieves to gain information on their targets. It can also be a tool use to research a future employee or business partner or just to get information for anything that you might want to know about. If you see strange data that is not accurate it can be an indication that you have become a victim of identity theft.
Computer Security Fundamentals By Chuck Easttom
Google Images
What is identity theft?
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft.
The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector.
Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.
How do thieves steal an identity?
Identity theft starts with the misuse of your personally identifying information such as your name and Social Security number, credit card numbers, or other financial account information. For identity thieves, this information is as good as gold.
Skilled identity thieves may use a variety of methods to get hold of your information, including:
1. Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
2. Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
3. Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
4. Changing Your Address. They divert your billing statements to another location by completing a change of address form.
5. Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.
6. Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. For more information about pretexting, click here.
How can you find out if your identity was stolen?
The best way to find out is to monitor your accounts and bank statements each month, and check your credit report on a regular basis. If you check your credit report regularly, you may be able to limit the damage caused by identity theft. For more information, visit the Detect Identity Theft section.
Unfortunately, many consumers learn that their identity has been stolen after some damage has been done.
* You may find out when bill collection agencies contact you for overdue debts you never incurred.
* You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan.
* You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.
It's impossible for you to keep all your information private. Every time you go to a doctor, your insurance card and drivers license is photocopied and available to anyone who opens your folder. At a restaurant, your credit card is taken away and returned some time later, with copies easily made. If you write checks to pay your credit cards, you may write your credit card number on the check, which is seen by any number of people who handle the check. You can't eliminate opportunities for identity theft, but you can make it much harder for the thief.
1. Put a password on your credit card accounts. Use a password that is different from your mother's maiden name. Your mother's maiden name can be found on your credit report, and other people can obtain a copy of this report just by saying you are going to rent some property from them.
2. Who needs to know? Always question the information-gathering and handling practices of merchants, creditors, government agencies, employers, educational institutions, and others-ask yourself if they really have a valid need for the information they are requesting. Don't automatically fill out every blank on every application.
3. Keep your numbers to yourself. Don't put credit card numbers on checks or envelopes. Don't give account numbers over the phone unless you made the call. Always tear up or shred pre-approved credit card applications before throwing them away.
4. Check your statement. Check your billing statements each month for fraudulent charges and report them immediately. If you do not receive your statement on time, someone may be using a fraudulent change of address. Call the creditor first and then the post office to see if a change of address has been filed in your name.
5. Ask for a credit report. Under federal law you are entitled to a free credit report from each of the three main credit bureaus – Equifax, Experian, and TransUnion. Ask for a copy of your credit report once a year from www.annualcreditreport.com to check for changed addresses and fraudulent account information. Unless you’ve had your identity stolen in the past 2 years, there is no need to purchase automatic credit monitoring services if you obtain your free copies every year.
Resources
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html#Howdothievesstealanidentity
http://militaryfinance.umuc.edu/id_theft/id_prevent.html
By Samantha Wheelbarger
Application Development Security
The nature of being a software engineer Computer software engineers applies the principles of computer science and mathematical analysis to the design, development, testing, and evaluation of the software and systems that make computers work. The tasks performed by these workers evolve quickly, reflecting new areas of specialization or changes in technology, as well as the preferences and practices of employers.
Software engineers can be involved in the design and development of many types of software, including computer games, word processing and business applications, operating systems and network distribution, and compilers, which convert programs to machine language for execution on a computer.
Computer software engineers begin by analyzing users’ needs, and then design, test, and develop software to meet those needs. During this process they create the detailed sets of instructions, called algorithms that tell the computer what to do. They also may be responsible for converting these instructions into a computer language, a process called programming or coding, but this usually is the responsibility of computer programmers.
Computer systems software engineers coordinate the construction, maintenance, and expansion of an organization’s computer systems. Working with the organization, they coordinate each department’s computer needs ordering, inventory, billing, and payroll recordkeeping, for example and make suggestions about its technical direction. They also might set up the organization’s intranets networks that link computers within the organization and ease communication among various departments.
Systems software engineers also work for companies that configure, implement, and install the computer systems of other organizations. These workers may be members of the marketing or sales staff, serving as the primary technical resource for sales workers. They also may help with sales and provide customers with technical support. Since the selling of complex computer systems often requires substantial customization to meet the needs of the purchaser, software engineers help to identify and explain needed changes. In addition, systems software engineers are responsible for ensuring security across the systems they are configuring.
Computer software engineers often work as part of a team that designs new hardware, software, and systems. A core team may comprise engineering, marketing, manufacturing, and design people, who work together to release a product.
The software development life cycles are a model that is followed consisting of:
System/Information Engineering and Modeling is as software is always of a large system (or business), work begins by establishing the requirements for all system elements and then allocating some subset of these requirements to software.
Software requirement analysis is this process is also known as feasibility study. In this phase, the development team visits the customer and studies their system. They investigate the need for possible software automation in the given system.
System analysis and design is software development process, the software's overall structure and its nuances are defined.
Code generation is the design must be translated into a machine-readable form. The code generation step performs this task
Testing involves once the code is generated, the software program testing begins. Different testing methodologies are available to unravel the bugs that were committed during the previous phases.
Maintenance requires software to undergo change once it is delivered to the customer.
Firewalls
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
The Different Types of Firewalls
Network-Level Firewalls
The first generation of firewalls (c. 1988) worked at the network level by inspecting packet headers and filtering traffic based on the IP address of the source and the destination, the port and the service. Some of these primeval security applications could also filter packets based on protocols, the domain name of the source and a few other attributes.
Network-level firewalls are fast, and today you'll find them built into most network appliances, particularly routers. These firewalls, however, don't support sophisticated rule-based models. They don’t understand languages like HTML and XML, and they are capable of decoding SSL-encrypted packets to examine their content. As a result, they can’t validate user inputs or detect maliciously modified parameters in an URL request. This leaves your network vulnerable to a number of serious threats.
Circuit-Level Firewalls
These applications, which represent the second-generation of firewall technology, monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on specified session rules and may be restricted to recognized computers only. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets.
Application-Level Firewalls
Recently, application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address.
If that sounds too good to be true, it is. The downside to deep packet inspection is that the more closely a firewall examines network data flow, the longer it takes, and the heavier hit your network performance will sustain. This is why the highest-end security appliances include lots of RAM to speed packet processing. And of course you'll pay for the added chips.
Statefull Multi-level Firewalls
SML vendors claim that their products deploy the best features of the other three firewall types. They filter packets at the network level and they recognize and process application-level data, but since they don't employ proxies, they deliver reasonably good performance in spite of the deep packet analysis. On the downside, they are not cheap, and they can be difficult to configure and administer.
Drawbacks to Using Firewalls
Although firewalls have their strengths, and are an invaluable information security resource, there are some attacks that the firewalls cannot protect against, such as eavesdropping or interception of e-mail. Furthermore, whereas firewalls provide a single point of security and audit, this also becomes a single point of failure ? which is to say, firewalls are a last line of defense. This means that if an attacker is able to breach the firewall, he or she will have gained access to the system, and may have an opportunity to steal data that is stored in that system, or to create other havoc within the system. Firewalls may keep the bad guys out, but what if the bad guys are inside? In the case of dishonest or disgruntled employees, firewalls will not provide much protection. Finally, as mentioned in the discussion of packet filtering, firewalls are not foolproof - IP spoofing can be an effective means of circumvention, for example.
For optimal protection against the variety of security threats that exist, firewalls should be used in conjunction with other security measures such as anti-virus software and encryption packages. As well, a well-thought out and consistently implemented security policy is vital to attaining optimal effectiveness of any security software.
Resources
http://www.networksecurityjournal.com/features/types-of-firewalls-052507/
http://www.howstuffworks.com/firewall.htm
http://wiki.answers.com/Q/What_are_different_types_of_firewalls
By Samantha Wheelbarger