Wednesday, August 5, 2009

Understanding Internet Security Threats

by: Ki Grinsing

Understanding The Internet Security Threats That Are Commonly Introduced Into The Wild Internet

When we are surfing the internet at home or at the office, the computer is exposed to the wild internet where many types of threats might cause the computer to function incorrectly. Unlike a large scale network infrastructure of a corporate that has proper information security management, your computers at home might be vulnerable to the threats.

Definitions of Programmed Threats

Computers are designed to execute instructions one after another. These instructions usually do something useful—calculate values, maintain databases, and communicate with users and with other systems. Sometimes, however, the instructions executed can be damaging or malicious in nature. When the damage happens by accident, we call the code involved a software bug. Bugs are perhaps the most common cause of unexpected program behavior.

But if the source of the damaging instructions is an individual who intended that the abnormal behavior occur, we call the instructions malicious code, or a programmed threat. Some people use the term malware to describe malicious software.

There are many different kinds of programmed threats. Experts classify threats by the way they behave, how they are triggered, and how they spread. In recent years, occurrences of these programmed threats have been described almost uniformly by the media as computer viruses and (in the more technical media) worms. However, viruses and worms make up only a small fraction of the malicious code that has been devised. Saying that all programmed data loss is caused by viruses is as inaccurate as saying that all human diseases are caused by viruses.

Experts who work in this area have formal definitions of all of these types of software. However, not all the experts agree on common definitions. Thus, we'll consider the following practical definitions of malicious software:

Security tools and toolkits

Usually designed to be used by security professionals to protect their sites, these can also be used by unauthorized individuals to probe for weaknesses. rootkits are a special case: these are prepackaged attack toolkits that also install back doors into your system once they have penetrated superuser account security.

Back doors

Sometimes called trap doors, these allow unauthorized access to your system. Back doors , also called trap doors, are pieces of code written into applications or operating systems to grant programmers access to programs without requiring them to go through the normal methods of access authentication. Back doors and trap doors have been around for many years. They're typically written by application programmers who need a means of debugging or monitoring code that they are developing.

Most back doors are inserted into applications that require lengthy authentication procedures or long setups requiring a user to enter many different values to run the application. When debugging the program, the developer may wish to gain special privileges or avoid all the necessary setup and authentication steps. The programmer also may want to ensure that there is a method of activating the program should something go wrong with the authentication procedure that is being built into the application. The back door is code that either recognizes some special sequence of input, or is triggered by being run from a certain user ID. It then grants special access.

Back doors become threats when they're used by unscrupulous programmers to gain unauthorized access. They are also a problem when the initial application developer forgets to remove a back door after the system has been debugged and some other individual discovers the door's existence.

Logic bombs

Hidden features in programs that go off after certain conditions are met. Logic bombs are programmed threats that lie dormant in commonly used software for an extended period of time until they are triggered, at which point, they perform a function that is not the intended function of the program in which they are contained. Logic bombs usually are embedded in programs by software developers who have legitimate access to the system.

Trojan horses

Programs that appear to have one function but actually perform another function (like the Greek horse that was given to the city of Troy near the end of the Trojan War—a horse that appeared to be an idol, but was actually a troop carrier). Analogous to their namesake, modern-day Trojan horses resemble a program that the user wishes to run—e.g., login, a game, a spreadsheet, or an editor. While the program appears to be doing what the user wants, it actually is doing something else unrelated to its advertised purpose, and without the user's knowledge. For example, the user may think that the program is a game. While it is printing messages about initializing databases and asking questions such as "What do you want to name your player?" and "What level of difficulty do you want to play?", the program may actually be deleting files, reformatting a disk, or posting confidential documents to a web site in Argentina. All the user sees, until it's too late, is the interface of a program that the user is trying to run. Trojan horses are, unfortunately, sometimes used as jokes within some environments. They are often planted as cruel tricks on hacker web sites and circulated among individuals as shared software.

Viruses

A true virus is a sequence of code that is inserted into other executable code so that when the regular program is run, the viral code is also executed. The viral code causes a copy of itself to be inserted in one or more other programs. Viruses are not distinct programs—they cannot run on their own, and some host program, of which they are a part, must be executed to activate them.

Worms.

Worms are Programs that propagate from computer to computer on a network, without necessarily modifying other programs on the target machines. Worms are programs that can run independently and travel from machine to machine across network connections; worms may have portions of themselves running on many different machines. They do not change other programs, although they may carry other code that does (for example, a true virus).