...to the Computer Security Problem Donald L. Brinkley and Roger R. Schell This essay provides an overview of the vulnerabilities and threats to information security in computer systems. It begins with a historical presentation of past experiences with vulnerabilities in communication security along with present and future computer security experiences. The historical perspective demonstrates that misplaced confidence in the security of a system is worse than having no confidence at all in its security. Next, the essay describes four broad areas of computer misuse: (1) theft of computational resources, (2) disruption of computational services, (3) unauthorized disclosure of information in a computer, and (4) unauthorized modification of information in a computer. Classes of techniques whereby computer misuse results in the unauthorized disclosure and modification of information are then described and examples are provided. These classes are (1) human error, (2) user abuse of authority, (3) direct probing, (4) probing with malicious software, (5) direct penetration, and (6) subversion of security mechanism. The roles of Trojan horses, viruses, worms, bombs, and other kinds of malicious software are described and examples provided. In the past few decades, we have seen the implementation of myriads of computer systems of all sizes and their interconnection over computer networks. These systems handle and are required to protect credit data, justice information, computer vote tabulation...
Words: 13185 - Pages: 53
...An Overview of Computer Viruses in a Research Environment Matt Bishop Department of Mathematics and Computer Science Dartmouth College Hanover, NH 03755 ABSTRACT The threat of attack by computer viruses is in reality a very small part of a much more general threat, specifically attacks aimed at subverting computer security. This paper examines computer viruses as malicious logic in a research and development environment, relates them to various models of security and integrity, and examines current research techniques aimed at controlling the threats viruses in particular, and malicious logic in general, pose to computer systems. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken. 1. Introduction A computer virus is a sequence of instructions that copies itself into other programs in such a way that executing the program also executes that sequence of instructions. Rarely has something seemingly so esoteric captured the imagination of so many people; magazines from Business Week to the New England Journal of Medicine [39][48][60][72][135], books [20][22][31][40][50][67][83][90][108][124], and newspaper articles [85][91][92][94][114][128] have discussed viruses, applying the name to various types of malicious programs. As a result, the term “computer virus” is often misunderstood. Worse, many who do understand it do not understand protection in computer systems, for example believing...
Words: 12539 - Pages: 51
...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations...
Words: 93588 - Pages: 375
...About two hundred years before, the word "computer" started to appear in the dictionary. Some people even didn't know what is a computer. However, most of the people today not just knowing what is a computer, but understand how to use a computer. Therefore, computer become more and more popular and important to our society. We can use computer everywhere and they are very useful and helpful to our life. The speed and accuracy of computer made people felt confident and reliable. Therefore, many important information or data are saved in the computer. Such as your diary, the financial situation of a oil company or some secret intelligence of the military department. A lot of important information can be found in the memory of computer. So, people may ask a question: Can we make sure that the information in the computer is safe and nobody can steal it from the memory of the computer? Physical hazard is one of the causes of destroying the data in the computer. For example, send a flood of coffee toward a personal computer. The hard disk of the computer could be endangered by the flood of coffee. Besides, human caretaker of computer system can cause as much as harm as any physical hazard. For example, a cashier in a bank can transfer some money from one of his customer's account to his own account. Nonetheless, the most dangerous thief are not those who work with computer every day, but youthful amateurs who experiment at night ---...
Words: 2167 - Pages: 9
...threats to worry about in regards to protecting one’s computer system, whether it is for a personal or professional computer, it is very important to get some type of security protection. There are a lot of choices out there in terms of what brand and what level of security an individual is looking for. The best option to defend a computer system from various threats is an all-in-one computer security system, such as Norton 360 and McAfee Total Protection. One problem an individual needs to care about is identity theft. Identity theft can range from a stealing a person’s name, email address, physical address, credit card information, account numbers, documents, and even passwords. Other threats or aggravations to worry about are spyware, adware, pop-ups, spam, viruses, and worms. Keeping the computer system and the data limited protected within the computer is vital. The all-in-one computer security systems are current in a way that it protects one’s computer from all the threats previously stated, spyware, viruses, and identity theft all-in-one package without the user having to worry about anything. An included feature is filter protection for any incoming and outgoing email for any virus and spam threats. Another threat that these all-in-one computer security systems are effective is they help protect one’s computer from hackers, and come with a built-in firewall that helps keeps all these threats away. These security systems are automatically scan for any threats and notify the...
Words: 435 - Pages: 2
...Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 2 General Security Concepts “The only real security that a man can have in this world is a reserve of knowledge, experience and ability.” —HENRY FORD In this chapter, you will learn how to ■ Define basic terms associated with computer and information security ■ Identify the basic approaches to computer and information security ■ Distinguish among various methods to implement access controls ■ Describe methods used to verify the identity and authenticity of an individual ■ Describe methods used to conduct social engineering ■ Recognize some of the basic models used to implement security in operating systems 20 P:\010Comp\BaseTech\619-8\ch02.vp Wednesday, November 09, 2011 2:01:20 PM I n Chapter 1, you learned about some of the various threats that we, as security professionals, face on a daily basis. In this chapter, you start exploring the field of computer security. Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 ■ Basic Security Terminology The term hacking has been used frequently in the media. A hacker was once considered an individual who understood the technical aspects of computer operating systems and networks. Hackers were individuals...
Words: 16889 - Pages: 68
...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or...
Words: 4896 - Pages: 20
...Abstract Now that personal computers are pretty much a must have in every household, school, or business cyber-criminals have moved from just being a hacker for fun into an estimated multi-million dollar world of computer crimes. New revenue streams have been realized and viruses in choice Computer crimes encompass unauthorized or illegal activities perpetrated via computer as well as the theft of computers and other technological hardware. As firms of all sizes, industrial orientation, and geographic location increasingly rely on computers to operate, concerns about computer crime have also risen, in part because the practice appears to be thriving despite the concerted efforts of both the law enforcement and business communities to stop it. But computer experts and business consultants alike note that both international corporations and modest family-owned businesses can do a great deal to neutralize computer "viruses" and other manifestations of computer crime. “http://rahimimohammad.blogspot.com/p/law-for-computer-crimesand-economic.html” Many analysts believe, however, that small business owners are less likely to take steps to address the threat of computer crime than are larger firms. Indeed, many small businesses admit that they are passive about the threat because of costs associated with implementing safeguards and the perception that computer "hackers" and other threats are far more likely to pick on bigger companies. But as Tim McCollum flatly stated in Nation's Business...
Words: 4313 - Pages: 18
...on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. 1 This complimentary description was often extended to the verb form “hacking,” which was used to deIBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001 scribe the rapid crafting of a new program or the making of changes to existing, usually complicated software. As computers became increasingly available at universities, user...
Words: 6482 - Pages: 26
...Chapter 2. Security in the Microsoft Windows Operating System ONE OF THE MORE DIFFICULT TASKS when securing any computer system or network is identifying where to start. There are many components in any computing environment. Each component is a potential point of attack. Since the operating system provides the ability for software and hardware to interact it is a good starting point for securing an entire environment. On any computer, the operating system enables software to access physical resources. For example, it is the operating system that governs how any application actually reads from, or writes to, a physical disk. Consequently, the operating system is a prime candidate for attack and a valuable resource to protect. From an attacker's point of view, a compromised operating system provides easy access to protected information. Compromising operating system controls gives the attacker the ability to remove evidence of attacks and "clean up" any leftover log entries or other traces of the attack. A secure operating system is the basis of a secure environment. In this chapter you will learn about the Windows operating system architecture and controls to ensure system security. You will also learn how attackers search for, find, and exploit operating system vulnerabilities. With the knowledge of how attackers operate you'll be able to identify and implement the right controls to secure your environment. Chapter 2 Topics In this chapter, the following topics and concepts are presented:...
Words: 6274 - Pages: 26
...Information Systems Security By: Jessica Burnheimer, Kathleen Cline, Brian Weiss Outline for Group paper I. Introduction II. Issues concerning Information Systems Security A. Define IS security B. Why IS security is necessary? C. History and Back round of IS security D. Current issues concerning IS security 1.) Spamming 2.) Hacking 3.) Jamming 4.) Malicious software 5.) Sniffing 6.) Spoofing 7.) Identity Theft III. Solutions to contemporary IS security issues A. Solutions for “Spamming” B. Solutions for “Hacking” C. Solutions for “Jamming” D. Solutions for “Malicious Software” E. Solutions for “Sniffing” F. Solutions for “Spoofing” G. Solutions for “Identity Theft” IV. The Future of Information Systems Security A. New technologies and techniques effecting the future of Information Systems Security B. Tips and information regarding maintaining a Secure Information System C. How security issues will continue to shape Information Systems Management V. Conclusion Abstract The purpose of this paper is to discuss the pressing issues pertaining to Information Systems security. We will be covering the history of Information Systems Security, the current security issues, and why it is important to be knowledgeable in Information Systems security. Also, we will cover some solutions to the issues that...
Words: 4780 - Pages: 20
...Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have...
Words: 93564 - Pages: 375
...Privacy and Security Table of Contents Introduction 3 Why Protection 4 Computer Virus 4 How Viruses Infect Computer 5 How People Hack Computer Systems 6 How to Keep Computers Safe from Online Predators 7 Conclusion 10 REFERENCES 11 Introduction The role of computer systems is very vital in our daily lives. Since computers help us to deal with approximately all the major functions of our lives as well as are so inevitable that spending even a day or two away from the computer can leave us feeling powerless. In this prospect, many people control their routine lives by means of their personal computers. However, at the present computer security has become a very critical issue. Additionally, security refers to the technique to discover as well as stop illicit utilization of our secret information or computer. In this scenario, some preventive measures enable us to stop criminal users (as well known as "intruders") from accessing and using some part of our computer system. In addition, recognition of such intrusions helps us in deciding whether or not somebody tried to gain access into our computer system, if they were successful in their attempt, as well as what they could have acquired from the system (ComputerSecurityService, 2011), (Armor2net Software Ltd., 2004) and (Norton, 2001). In addition, the term “computer security” is very commonly used, though; the information and data saved on a computer are in danger...
Words: 2264 - Pages: 10
...or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. scribe the rapid crafting of a new program or the making of changes to existing, usually complicated software. As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed the computers to play games, draw pictures, or to help them with the more mundane aspects of their daily work, once computers were available for use, there was never a lack of individuals wanting to use them. Because of this increasing popularity of computers and their continued high cost, access to them was usually restricted. When refused access to the computers, some users would...
Words: 6481 - Pages: 26
...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud...
Words: 4790 - Pages: 20
