Trinity Solutions Logo
Search Trinity Solutions
Trinity Solutions
| Home
Page		 | 3
Stage Model		 | Business
Case		 | Sales &
Marketing		 | Security
Issues		 | Legal
Issues		 | Government
Incentives		 | Future
Trends		 | Contact
Details		 |
 
Introduction
 
Threats
 
Solutions
 
Security Policy
 

Threats

There are various security threats than the organisation has to be aware of:
  • Virus
  • Trojan
  • Hacker
  • Denial of Service
  • Spoofing
  • Backdoors

Virus: A virus is a program / piece of software that secretly accompanies a computer program, which when downloaded replicates itself and inserts itself into other software applications or programs when executed. Recently, Virus hoaxes have emerged as an issue that must be taken seriously until the security administrator or the systems administrator can be positive that the scare is a hoax. See www.hoaxbusters.com for details.

At http://www.ciac.org, they have identified several hoaxes and explained how to identify a hoax. This type of virus is actually intended to clog the Internet by prompting users to send mails to all in their mailbox to warn them of the threat and very soon everybody else is doing the same. The 'virus' has worked without the hacker ever having even written a line of code! There is another type of virus known as a Worm: This type of virus does not attach itself to another program but replicates itself via the email system instead.

Trojan: A file is downloaded from an unreliable site or an email is received with a suspect attachment. This may contain a Trojan. A Trojan is a backdoor program that is used by a hacker to allow him to gain control of a machine.

Hacker: A word used to describe a computer user who seeks to violate secure computer access to benefit from it morally or financially.

Denial of Service attacks: A Denial of Service attack is an attack that is aimed at rendering a website unusable. This is done by bombarding the website with malformed IP packets which swamp the web server and cause it to be unable to accept any more connections. To the user, this makes the website unreachable and thus unusable. A variant of the DOS Attack is the Distributed Denial of Service (DDOS) Attack. Trojans are placed onto hundreds of machines, in order to gain control of them. These machines, known as zombies are activated by means of a signal and are ordered to start transmitting malformed packets to the intended victim web server. This has the effect of making the website unusable. The owners of the zombie machines are unaware that their machine has taken part in such an attack. Denial of services Attacks. In a typical attack a computer sends millions of access requests to a Web server, overloading the target computer. Each request will have a randomly chosen return address, leaving the victim unsure where the actual attack is coming from. (Gibson Research Corporation, 2002)

Spoofing: As described by Gollman, the hacker, who may be a legitimate user, runs a program that presents a fake login screen from the server. An unsuspecting user comes along and goes through the normal login procedure. When the user enters the login information a fake error message is shown. The spoofing program returns control to the OS which prompts with a genuine login request. The user repeats the procedure and enters the system without the knowledge that the password has been compromised. (Dieter Gollman, Wiley, 1999)

Backdoors: In a computer program there are many ways that the code running the program can be breached. Many programmers actually leave the code in such a way that they can enter into it themselves at a future date. This may not be for misuse, but for ease of access while fixing the program. One method of prevention is the use of passwords on all data storage and internal systems that will slow down a 'browsing' hacker.

The risks and threats above are meaningless if there is no security to the entrance of the building. Restricted access inside the building is also necessary where the organisations data is stored on a mainframe.


© Trinity Solutions 2002 ~ 2012