Transcript Management Information Systems

CLARK UNIVERSITY
College of Professional and Continuing Education
(COPACE)
Management Information Systems
Lection 07
Information security
Information security
• Information security is the practice of
defending information from unauthorized
access, use, disclosure, disruption,
modification, perusal, inspection, recording or
destruction.
Viruses
• One of the main types of leverage to the
computer networks and systems is the
computer virus.
• A computer virus is a program that can infect
other programs by means of inclusion in them
its body or elements, perhaps a modified
copy, the latter preserves the ability to further
multiplication.
Computer viruses
• In addition to infection, the virus just like any
other program can perform other
unauthorized activities, from quite harmless
to extremely destructive.
Signs of infection
•
•
•
•
•
•
•
•
•
•
•
•
the slowdown of the computer;
the inability to boot the operating system;
frequent «hangs» and failures of computer;
termination of operation or malfunction of the previously
successfully functioning programs;
increasing the number of files on the disk;
changing sizes of the files;
periodic occurrence on the screen inappropriate system
messages;
reduction of free RAM;
a marked increase while accessing to the hard drive;
changing the date and time of file creation;
the destruction of the file system (disappearance of files,
distortion of catalogues, etc.);
hard drive bulb blinks, when no program applies it.
Sources of the spread of computer
viruses
•
•
•
•
Internet
Intranet
E-mail
Removable storage devices
Internet
• Hackers place viruses and other malicious programs on
the web resources, mask them as useful and free
software. In addition, scripts that run automatically
when you open a web page can perform malicious
actions on your computer, including changes in the
system registry, stealing personal data and the
installation of malicious software.
• By using network technologies, attackers implement
attacks on the remote private computers and servers of
companies. The result of such attacks may be the
withdrawal of resources from the system or gaining full
access to those resources.
Intranet
• Intranet is an internal network, specially designed
for management of information systems within a
company or a private home network.
• Intranet is a unified space for storage, exchange
and access to information for all the computers
on the network.
• So, if any of those computers in the network are
infected, the other computers has a great risk of
infection also. To avoid such situations it is
necessary to protect not only the perimeter of
the network, but each individual computer.
E-mail
• The user of the infected computer, unwittingly, sends
emails to recipients who in turn send more infected
emails and etc.
• There are cases, when the infected file falls into the
mailing lists of commercial information of any large
company. In this case, hundreds or even thousands of
subscribers of such mailings suffer and then will send the
infected files to tens of thousands of their customers.
• In addition to the threat of malicious programs there is a
problem with an external junk mail advertising (spam).
Although it is not a direct threat, spam increases the load
of mail servers, creates additional traffic, pollutes the user
mailbox, leads to a loss of working time and thereby
causes significant financial damage.
Removable storage devices
• Removable storage devices are floppy disks,
CD/DVD disks, flash cards, they are widely
used for storing and transmitting information.
• When you open a file that contains malicious
code from a removable device you can corrupt
the data stored on your computer, as well as
spread the virus to other drives of a computer
or computer network.
Classifications of computer viruses
Environment
Boot viruses
File-boot
viruses
Impact degree
File viruses
Network
viruses
Not dangerous
(jokes)
Dangerous
Very
dangerous
Algorithmic
nature
Replicators
(worms)
Mutants
Invisible
(stelth)
Parasitic
Trojan
Infection
method
Resident
Nonresident
Environment
• Network viruses are spread by various computer
networks.
• File viruses infect mainly in executable files (BAT,
COM and EXE). Sometimes they can be
introduced in other files too, but if it is so, they
will never receive control and lose the ability to
reproduce.
• Boot viruses infect the boot sector of a disk or
the sector, containing the program loading of the
system disk (Master Boot Record).
• File-boot viruses infect both files and boot
sectors.
Infection method
• Resident virus retains its resident part in RAM,
which then intercepts the appeal of the
operating system to the objects of the
intrusion (files, boot sectors, etc.) and
implements there. They are in RAM and active
until shutdown or restarting the computer.
• Non-resident viruses do not infect the
computer's memory and are active for a
limited time.
Impact degree
• Not dangerous viruses don’t disturb the work
of the computer, but reduce the amount of
free RAM and disk space, manifest themselves
in any graphic or sound effects.
• Dangerous viruses can lead to a range of
violations in the work of the computer.
• Very dangerous viruses can lead to loss of
programs, destruction of data, deleting
information in the system areas of the disk.
Algorithmic nature
• «Worms» are redistributed in computer networks,
penetrate into the PC memory from the computer
network, compute the addresses of the other
computers and send them their copies. Sometimes
they leave temporary files on the PC, sometimes they
don’t affect the resources of the computer except the
RAM and CPU.
• Satellites break EXE-files by creating a COM copy. when
you start the program firstly the COM file with the virus
starts, which will start the EXE file. With this method of
intrusion infected programs don’t change.
• "Parasitic" viruses modify the contents of files or
sectors on the disk.
Algorithmic nature
• "Polymorphic“ viruses are self-encrypting viruses or
“ghosts”. It is enough difficult to find them because
they don’t have a signature, i.e., they do not contain
any permanent section of code. In most cases, two
samples of the same polymorphic virus will have no
one match. This is achieved by encrypting the main
body of the virus.
• Macro-viruses use the possibilities of macro-language,
built-in different integrated software (text editors,
spreadsheets, etc.). Currently, the most common
macro viruses infect text files created in Microsoft
Word.
Algorithmic nature
• "Stealth” viruses represent perfect programs,
which intercept treatment to the affected files or
sectors of disks and “place” instead of them
clean information. In addition, these viruses
when accessing files, use enough original
algorithms, allowing to deceive resident anti-virus
monitors.
• Trojans are not able to seft-replicate, but they are
very dangerous (destroy the boot sector and file
system drive), spreading like useful software.
Spyware
Spyware is a software that collects information about a
particular user or organization without their knowledge.
You can not guess even about the presence of such
programs on your computer.
The goals of spyware are:
• To trace user actions on a computer;
• To collect information about the contents of hard disks;
more often only some folders and the system registry
are scanned (in order to compile a list of installed
software on your PC);
• To collect information on the quality of network
communication, the way of connection, etc.
Adware
• It is the code included in software without the
user's knowledge to display advertisements.
• Adware are embedded in the software
distributed free. These programs often collect
and send back to their developer personal
information about the user, change browser
settings (start page and search pages, security
levels, etc.), as well as create the uncontrolled
user traffic. All these activities lead to the
disruption of information security and financial
losses.
Jokes
• It is the software that does not cause direct
harm, but display a message that the damage
is already done, or will be caused under any
conditions.
• These programs often warn the user of a nonexistent dangers, for example, display a
message about disk formatting (although no
formatting is not actually happens), detects
viruses in uninfected files, etc.
Rootkits
• They represent utilities used to conceal
malicious activities.
• They mask malicious programs to avoid their
detection by antivirus programs.
• Rootkits modify the OS on the computer and
replace its main features to hide their own
presence and actions of the attacker.
Antivirus
• “Detectors” can detect the files infected with
one of the few known viruses.
• “Doctors” (phages) «treat» the infected
programs or disks, “biting” the virus body
from the infected programs, restoring the
program in the condition it was in before
infection.
Antivirus
• “Auditors” at first remember the information
about the state of applications and system
areas of the hard disk, and then compare their
current state with the previous. If there are
some inconsistencies it is reported to the user.
• “Doctors” are hybrids of auditors and doctors,
they detect changes in files and system areas
and automatically return them to their
original state.
Antivirus
• Filters are resident in RAM, they intercept the
viruses attempts to reproduce and make a
damage, and report to the user.
• “Vaccines” modify programs and disks in such
a way that it is not reflected on the programs,
but the virus considers these programs or
disks are already infected. These programs are
highly inefficient.
Prevention of infection
• Back-up information
• Differentiation of access
• Check the arriving information
Actions in case of infection
• Don't hurry and make hasty decisions.
• All actions to detect the type of infection and the
treatment of the computer should only be done when
you boot your computer from protected from the
recording disk. It should only use the programs
(executable files) stored on that disk.
• If you are using the resident antivirus monitor, the
presence of the virus in a program can be detected at a
very early stage, when the virus had not even managed
to infect other programs and spoil any of the files. In
this case, you should restart the computer with the
recovery disk and delete the infected program.
• Then start auditor and verify the changes in the files.
History of computer virology
1945
• The birth of the term “debugging”
1949
• J. Neumann has developed a mathematical
theory of the creation of self-reproducing
programs
History of computer virology
1960-s
• First viruses (copied themselves while the free
space finished)
• Pervading Animal (Univax 1108)
1975
• First network virus “The Creeper” (and
antivirus “The Reeper”
History of computer virology
1979
• First worm (by XEROX)
• Pervading Animal (Univax 1108)
1981
• Elk Cloner (for Apple, through games)
1983
• The birth of the term “computer virus”
History of computer virology
1986
• First virus for IBM “The Brain” (Pakistan)
1988
• Worm for APRANET
1989
• First trojan AIDS
1993
• “SatanBag” (Washington)
History of computer virology
1999
• “Melissa”
2000
• “I love you”
2003
• “Slammer”
Viral trends in 2013
•
•
•
•
•
The antivirus is not enough
Social engineering
Sales of fake anti-virus programs
Applications in social networks
The infected sites hides behind proxy
servers
• The number of viruses for Mac and
smartphones will increase
• More spam