Internet Security Analysis

Top Threats

Category Threat Definition Behavior Prevention
Denial of Service

Flooding-

Buffer Overflow Attacks
SYN Attack
Teardrop Attack
Smurf Attack

 

 

 A Denial of Service (DoS) attack is an attack in which a third party purposely floods a network or website with traffic in order to prevent legitimate access. DoS attacks can affect a variety of systems, from email and network infrastructures to public websites. On the Internet, a denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy programming and files in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss. However, these attacks can cost the target person or company a great deal of time and money. Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
  • Install and maintain anti-virus software
  • Install a firewall, and configure it to restrict traffic coming into and leaving your computer
  • Follow good security practices for distributing your email address Applying email filters may help you manage unwanted traffic.
Malicious Code Viruses, Worms, Trojan Horses A Virus is a malicious or harmful code that is usually disguised in order to trigger an unexpected event for the code’s recipient. In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.
  1. Install the current version of an anti-virus software program such as Norton AntiVirus or McAfee VirusScan, and keep the virus information file up to date so that the software can recognize new viruses as they appear. Usually, you can automate the process of updating the virus information so that your anti-virus software will maintain itself once you install and configure it properly.
  2. Keep up with your Operating Sytem Updates. For Windows users this means doing your Windows Updates. For Macintosh users, this means checking your Software Updater. So many viruses come in through security holes or vulnrabilites in your OS. The makers of the OS (e.g. Microsoft) are always finding new holes that need to be plugged up. By keeping up with your updates, you are severly limiting the number of viruses that can even make it to your computer, much less do any harm.
  3. Exercise reasonable caution when opening e-mail attachments, even if they seem to come from a friend of yours - in fact, especially if they seem to come from a friend, since most recent viruses have exploited the power of some e-mail programs by sending themselves to everyone in an infected machine's address book. If you're not expecting to receive an attachment from someone or if the nature of the message seems odd (the dean will not be sending you her favorite list of jokes), then don't open the attachment until you have confirmed that it is legitimate.
  4. Turn off File Sharing. If you don't need to have file sharing turned on, then turn it off. As long as your computer has file and printer sharing enabled, it is more vulnerable to various kinds of intrusion over the network, including virus infection. There have been instances in the past in which users with outdated anti-virus software and unprotected shared folders have had their computers infected by viruses within minutes of attaching their computers to ResNet at the beginning of the fall semester. These infections could have been prevented if File Sharing had been turned off and if the student had up-to-date anti-virus software installed.
Spyware

Pop-Up Advertising

Identity Theft

Routing of HTTP

Web-Browsing Monitering

Software that performs certain tasks on your computer, typically without your consent. This may include giving you advertising or collecting personal information about you. Learn more about the symptoms of spyware and other unwanted software and how you can help protect your computer.

Windows-based computers can rapidly accumulate a great many spyware components. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic -- slowing down legitimate uses of these resources. Stability issues -- application or system crashes -- are also common. Spyware which interferes with the networking software commonly causes difficulty connecting to the Internet.

Spyware infection is the most common reason that Windows users seek technical support -- whether from computer manufacturers, Internet service providers, or other sources. In many cases, the user has no awareness of spyware and assumes that the system performance, stability, and/or connectivity issues relate to hardware, to Windows installation problems, or to a virus. Some owners of badly infected systems resort to buying an entire new computer system because the existing system "has become too slow". For badly infected systems, a clean reinstall may be required to restore the system to a working order;a time-consuming project even for experienced users.

Update your software:

If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated.

Adjust Internet Explorer security settings:

You can adjust your Internet Explorer Web browser's security settings to determine how much—or how ittle—information you are willing to accept from a Web site. Microsoft recommends that you set the security settings for the Internet zone to Medium or higher.

Use a firewall:

While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers.

Surf and download more safely:

The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:

Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.

Read all security warnings, license agreements, and privacy statements associated with any software you download.

Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window.

Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.

Download and install antispyware protection:

Microsoft currently offers antispyware beta software for download; more information is available on our Microsoft Windows AntiSpyware (Beta) site.

The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus

Version 6.01 November 28, 2005 Copyright (C) 2005, SANS Institute

Introduction

The SANS Top 20 Internet Security Vulnerabilities

Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists.

This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape and the vulnerabilities that attackers target. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list.

We have made a best effort to make this list meaningful for most organizations. Hence, the Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.

The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical vulnerabilities and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document -- your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to top20@sans.org.

Read the full and detailed article at the SANS Institute

Resources:

WhatIs.Com , US-Cert , IT Toolbox , Williamette , Wikipedia , SANS Instiute

Return To WDC Home