Management Information Systems

Lection 07Information security

CLARK UNIVERSITY

College of Professional and Continuing Education (COPACE)

Information security

• Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Viruses

• One of the main types of leverage to the computer networks and systems is the computer virus.

• A computer virus is a program that can infect other programs by means of inclusion in them its body or elements, perhaps a modified copy, the latter preserves the ability to further multiplication.

Computer viruses

• In addition to infection, the virus just like any other program can perform other unauthorized activities, from quite harmless to extremely destructive.

Signs of infection• the slowdown of the computer;• the inability to boot the operating system;• frequent «hangs» and failures of computer;• termination of operation or malfunction of the previously

successfully functioning programs;• increasing the number of files on the disk;• changing sizes of the files;• periodic occurrence on the screen inappropriate system messages;• reduction of free RAM;• a marked increase while accessing to the hard drive;• changing the date and time of file creation;• the destruction of the file system (disappearance of files, distortion of

catalogues, etc.);• hard drive bulb blinks, when no program applies it.

Sources of the spread of computer viruses

• Internet• Intranet• E-mail• Removable storage devices

Internet

• Hackers place viruses and other malicious programs on the web resources, mask them as useful and free software. In addition, scripts that run automatically when you open a web page can perform malicious actions on your computer, including changes in the system registry, stealing personal data and the installation of malicious software.

• By using network technologies, attackers implement attacks on the remote private computers and servers of companies. The result of such attacks may be the withdrawal of resources from the system or gaining full access to those resources.

Intranet

• Intranet is an internal network, specially designed for management of information systems within a company or a private home network.

• Intranet is a unified space for storage, exchange and access to information for all the computers on the network.

• So, if any of those computers in the network are infected, the other computers has a great risk of infection also. To avoid such situations it is necessary to protect not only the perimeter of the network, but each individual computer.

E-mail• The user of the infected computer, unwittingly, sends emails

to recipients who in turn send more infected emails and etc. • There are cases, when the infected file falls into the mailing

lists of commercial information of any large company. In this case, hundreds or even thousands of subscribers of such mailings suffer and then will send the infected files to tens of thousands of their customers.

• In addition to the threat of malicious programs there is a problem with an external junk mail advertising (spam). Although it is not a direct threat, spam increases the load of mail servers, creates additional traffic, pollutes the user mailbox, leads to a loss of working time and thereby causes significant financial damage.

Removable storage devices

• Removable storage devices are floppy disks, CD/DVD disks, flash cards, they are widely used for storing and transmitting information.

• When you open a file that contains malicious code from a removable device you can corrupt the data stored on your computer, as well as spread the virus to other drives of a computer or computer network.

Classifications of computer virusesEnvironment

Boot viruses File viruses

File-boot viruses

Network viruses

Impact degree

Not dangerous (jokes) Dangerous

Very dangerous

Algorithmic nature

Replicators (worms)

Invisible (stelth)

Mutants Trojan

Parasitic

Infection method

Resident Nonresident

Environment

• Network viruses are spread by various computer networks.

• File viruses infect mainly in executable files (BAT, COM and EXE). Sometimes they can be introduced in other files too, but if it is so, they will never receive control and lose the ability to reproduce.

• Boot viruses infect the boot sector of a disk or the sector, containing the program loading of the system disk (Master Boot Record).

• File-boot viruses infect both files and boot sectors.

Infection method

• Resident virus retains its resident part in RAM, which then intercepts the appeal of the operating system to the objects of the intrusion (files, boot sectors, etc.) and implements there. They are in RAM and active until shutdown or restarting the computer.

• Non-resident viruses do not infect the computer's memory and are active for a limited time.

Impact degree

• Not dangerous viruses don’t disturb the work of the computer, but reduce the amount of free RAM and disk space, manifest themselves in any graphic or sound effects.

• Dangerous viruses can lead to a range of violations in the work of the computer.

• Very dangerous viruses can lead to loss of programs, destruction of data, deleting information in the system areas of the disk.

Algorithmic nature

• «Worms» are redistributed in computer networks, penetrate into the PC memory from the computer network, compute the addresses of the other computers and send them their copies. Sometimes they leave temporary files on the PC, sometimes they don’t affect the resources of the computer except the RAM and CPU.

• Satellites break EXE-files by creating a COM copy. when you start the program firstly the COM file with the virus starts, which will start the EXE file. With this method of intrusion infected programs don’t change.

• "Parasitic" viruses modify the contents of files or sectors on the disk.

Algorithmic nature

• "Polymorphic“ viruses are self-encrypting viruses or “ghosts”. It is enough difficult to find them because they don’t have a signature, i.e., they do not contain any permanent section of code. In most cases, two samples of the same polymorphic virus will have no one match. This is achieved by encrypting the main body of the virus.

• Macro-viruses use the possibilities of macro-language, built-in different integrated software (text editors, spreadsheets, etc.). Currently, the most common macro viruses infect text files created in Microsoft Word.

Algorithmic nature

• "Stealth” viruses represent perfect programs, which intercept treatment to the affected files or sectors of disks and “place” instead of them clean information. In addition, these viruses when accessing files, use enough original algorithms, allowing to deceive resident anti-virus monitors.

• Trojans are not able to seft-replicate, but they are very dangerous (destroy the boot sector and file system drive), spreading like useful software.

Spyware

Spyware is a software that collects information about a particular user or organization without their knowledge. You can not guess even about the presence of such programs on your computer.The goals of spyware are:• To trace user actions on a computer;• To collect information about the contents of hard disks; more

often only some folders and the system registry are scanned (in order to compile a list of installed software on your PC);

• To collect information on the quality of network communication, the way of connection, etc.

Adware

• It is the code included in software without the user's knowledge to display advertisements.

• Adware are embedded in the software distributed free. These programs often collect and send back to their developer personal information about the user, change browser settings (start page and search pages, security levels, etc.), as well as create the uncontrolled user traffic. All these activities lead to the disruption of information security and financial losses.

Jokes

• It is the software that does not cause direct harm, but display a message that the damage is already done, or will be caused under any conditions.

• These programs often warn the user of a non-existent dangers, for example, display a message about disk formatting (although no formatting is not actually happens), detects viruses in uninfected files, etc.

Rootkits

• They represent utilities used to conceal malicious activities.

• They mask malicious programs to avoid their detection by antivirus programs.

• Rootkits modify the OS on the computer and replace its main features to hide their own presence and actions of the attacker.

Antivirus

• “Detectors” can detect the files infected with one of the few known viruses.

• “Doctors” (phages) «treat» the infected programs or disks, “biting” the virus body from the infected programs, restoring the program in the condition it was in before infection.

Antivirus

• “Auditors” at first remember the information about the state of applications and system areas of the hard disk, and then compare their current state with the previous. If there are some inconsistencies it is reported to the user.

• “Doctors” are hybrids of auditors and doctors, they detect changes in files and system areas and automatically return them to their original state.

Antivirus

• Filters are resident in RAM, they intercept the viruses attempts to reproduce and make a damage, and report to the user.

• “Vaccines” modify programs and disks in such a way that it is not reflected on the programs, but the virus considers these programs or disks are already infected. These programs are highly inefficient.

Prevention of infection

• Back-up information • Differentiation of access• Check the arriving information

Actions in case of infection• Don't hurry and make hasty decisions.• All actions to detect the type of infection and the

treatment of the computer should only be done when you boot your computer from protected from the recording disk. It should only use the programs (executable files) stored on that disk.

• If you are using the resident antivirus monitor, the presence of the virus in a program can be detected at a very early stage, when the virus had not even managed to infect other programs and spoil any of the files. In this case, you should restart the computer with the recovery disk and delete the infected program.

• Then start auditor and verify the changes in the files.

History of computer virology

1945• The birth of the term “debugging”1949• J. Neumann has developed a mathematical

theory of the creation of self-reproducing programs

History of computer virology

1960-s• First viruses (copied themselves while the free

space finished)• Pervading Animal (Univax 1108)1975• First network virus “The Creeper” (and

antivirus “The Reeper”

History of computer virology

1979• First worm (by XEROX)• Pervading Animal (Univax 1108)1981• Elk Cloner (for Apple, through games)1983• The birth of the term “computer virus”

History of computer virology

1986• First virus for IBM “The Brain” (Pakistan)1988• Worm for APRANET1989• First trojan AIDS1993• “SatanBag” (Washington)

History of computer virology

1999• “Melissa”2000• “I love you”2003• “Slammer”

Viral trends in 2013• The antivirus is not enough• Social engineering • Sales of fake anti-virus programs• Applications in social networks• The infected sites hides behind proxy

servers• The number of viruses for Mac and

smartphones will increase• More spam