Defending Information Networks in Cyberspace: Some Notes on Security Needs

Abstract

Key Terms in this Chapter

Cyberspace: a) The electronic system of interlinked networks of computers, bulletin boards, etc. that is thought of as being a boundless environment providing access to information, interactive communication, and, in science fiction, a form of virtual reality; b) The global computer networks that facilitate communications among individuals and organizations; c) The electronic medium of computer networks, in which online communication takes place.

Botnet: a) A ro bot net work (ro BOT NET work) or a network of compromised computer systems linked together for a common purpose. Criminals distribute malicious software (also known as malware) that can turn a given computer into a bot (also known as a zombie) and typically use bots to infect large numbers of computers which form a network, or a botnet . Further, they use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If a computer becomes part of a botnet, it might slow down and the owner might inadvertently be helping criminals; b) Also called a “zombie army,” a botnet is a large number of compromised computers that are used to generate spam, relay viruses or flood a network or Web server with excessive requests to cause it to fail (see denial of service attack). The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. There is a thriving botnet business selling lists of compromised computers to hackers and spammers

Virus: a) A type of malware, which spreads in an automated fashion between vulnerable computers, much like a biological virus does with living creatures; b) Computer viruses are small programs or scripts that can negatively affect the health of your computer. These malicious little programs can create files, move files, erase files, consume your computer's memory, and cause your computer not to function correctly. Some viruses can duplicate themselves, attach themselves to programs, and travel across networks. In fact opening an infected e-mail attachment is the most common way to get a virus.

Distributed Denial of Service Attack (DDoS): An attack, often orchestrated by a botnet, which targets websites or computer servers with floods of requests, in order to overwhelm the targeted system and drive it offline; Denial of service (DoS) attacks may be initiated from a single machine, but they typically use many computers to carry out an attack. Since most servers have firewalls and other security software installed, it is easy to lock out individual systems. Therefore, distributed denial of service (DDoS) attacks are often used to coordinate multiple systems in a simultaneous attack. A distributed denial of service attack tells all coordinated systems to send a stream of requests to a specific server at the same time. These requests may be a simple ping or a more complex series of packets. If the server cannot respond to the large number of simultaneous requests, incoming requests will eventually become queued. This backlog of requests may result in a slow response time or a no response at all. When the server is unable to respond to legitimate requests, the denial of service attack has succeeded. DoS attacks are a common method hackers use to attack websites. Since flooding a server with requests does not require any authentication, even a highly secured server is vulnerable. However, a single system is typically not capable of carrying out a successful DoS attack. Therefore, a hacker may create a botnet to control multiple computers at once. A botnet can be used to carry out a DDoS attack, which is far more effective than an attack from a single computer.

Malvertisement: A malicious advertisement, placed by cyber criminals, which redirects visitors to malware. These advertisements are often placed into legitimate online advertising networks and may be displayed on unwitting third-party websites. (MALicious adVERTISING) Placing malicious ads on Web sites that lead users to harmful sites. Malvertisements are not only found on suspicious Web sites, but wind up on reputable, highly trafficked sites.

Cybercrime: a) Also referred to as computer crime, or computer-based criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing money from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet; b) Crimes perpetrated over the Internet, typically having to do with online fraud.

Malware: Also referred to as malicious software, or software which is installed without authorization upon a victim computer that has a malicious or criminal purpose; it comes in many forms and can be any program or source code producing output that the computer owner does not need, want, or expect. For example, malware can be a remote access Trojan horse that can not only open a back door to a remote computer but also control someone’s computer or network from a remote location. Malware includes viruses, worms, Trojan horses (that can, for example, spy on the system and display ads when the user least expects it), and malicious active content arriving through email or Web pages visited. These forms of malware normally run without the knowledge and permission of the user.

Threats: a) The danger or the possibility of an attack or an incident on a computer system; b) An object, person, or other entity that represents a constant danger to an asset; c) A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm; d) A possible danger that might exploit a vulnerability.

Defense in-Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls. Using multiple systems to resist attackers. For example, if an external firewall is breached, an internal intrusion detection system can sound an alarm. If systems are breached and data can be stolen, keeping all vital records encrypted on disk and encrypted during transmission prevents attackers from using it even if they get it.

Hackers: a) This term originally referred to a computer enthusiast, or computerphile, who enjoys computer technology and programming to the point of examining the code of operating systems to figure out how they work. A hacker can “hack” his or her way through the security levels of a computer system or network. This can be as simple as figuring out somebody else's password or as complex as writing a custom program to break another computer's security software; b) Synonymous with cracker . A person who gains or attempts to gain unauthorized access to computers or computer networks and tamper with operating systems, application programs, and databases. Crackers are the reason software manufacturers release periodic “security updates” to their programs.

Defensive Security: a) Security policies intended to withstand or deter aggression or attack; b) Security performed so as to avoid risk, danger, or cybercrime threats like espionage, sabotage, or attack.