Protecting Your Network from Security Risks and Threats
Terms and Techniques to Remember
Denial of Service
Impact caused by security risks and threats
When computers were large monolithic devices standing alone and loaded from verified software packs provided directly by commercial vendors, applications were validated before installation and only an administrator with proper permissions could add new programs. Today, always-on high-speed broadband connectivity is common, and even dial-up users are able to maintain a high degree of constant connectivity to the Internet. Users are beset by a constant stream of toolbar helpers, cursor animations, browser plug-ins, and other types of software they are prompted to install.
The term malware (short for "malicious software") has been commonly used to refer to the traditional threats posed by viruses, Trojan horses, and worms. Over the last few years, the risks introduced by a number of other types of programs, including spyware and adware, have been steadily increasing. Spyware programs can spontaneously pop up advertisements, hijack browser sessions, redirect browsers to select target sites, or compile tracking information on user browsing habits. They can make use of a user’s computer resources without his or her informed consent, or even log a user’s keystrokes and form data—including sensitive data such as credit card and personal information that might then be used for identity theft or other illegal actions.
Makers of these programs often package their wares in a bundle with other packages the user wants, such as in the case of Kazaa, a peer-to-peer file-sharing application. Packaged within Kazaa, users unknowingly agreed to allow Brilliant Digital Entertainment to make use of "unused" computer capacity when they selected to accept the very lengthy terms of service required to download and install Kazaa. Without realizing what they had done, these users had given an unknown company the right and ability to make use of their computer’s storage, CPU, memory, and network connectivity as this clandestine agency saw fit.
Although Symantec and other security providers have identified thousands of different security risks, most fall into a few general categories of operation. These can impact the performance or security of an infected host, posing an ever-expanding threat that must be addressed if a user is to maintain an acceptable level of operational capacity.
Symantec recognizes a number of different types of security risks present in the modern network environment. Although some of these risks are present only when a computer is actively connected to a network, it is important to remember that other vectors can be used to transfer security risks of many types. Technologies such as flash drives, floppy disks, portable hard drives, CD-ROM and DVD optical media, and wireless connectivity provide avenues for the introduction of undesirable software onto unprotected computers.
Spyware is software that has the capability to scan computers or monitor activity and relay information to other computers or locations in cyberspace. Among the information that can be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, and individual files or other personal documents. Spyware can also gather and distribute information related to the user’s computer, applications running on the computer, and Internet browser usage or other computing habits.
Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a computer known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user might unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware or from visiting a Web site that downloads the spyware with or without an End User License Agreement.
A survey in late 2004 examined the prevalence of spyware on consumer PCs. This survey found that more than two-thirds of all computers surveyed had some form of spyware present, commonly with multiple forms or variants present on a single computer. The burgeoning growth of these risks has reached such proportions that the Electronic Privacy Information Center (EPIC) has listed the need for antispyware, antivirus, and firewall software as the no. 3 item on their "Top Ten Consumer Privacy Resolutions."
Adware is designed to deliver advertising content to a user, often mining the user’s browsing habits to provide directed advertising of products or services the user is most likely to want. As a result of this practice, many users see this type of software as somewhat innocuous, without realizing that this information is being gathered and may be sent to other parties elsewhere without their consent. Spammers often buy lists compiled by such programs to target a flood of unsolicited email to the user’s address.
Browser-hijacking adware programs can redirect a user’s home page to a different site, intercept search engine, or browsing URLs, and redirect the user to alternate locations or otherwise attempt to control the user’s Web browser client. Programs such as Xupiter and CoolWebSearch are examples of this type of adware.
These are tools that a hacker or unauthorized user can use to attack, gain unauthorized access to, or perform identification or fingerprinting of your computer. Hack tools generally do the following:
Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system they are installed on.
Facilitate an attempt at disabling a target computer, preventing its normal use.
Facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt.
One example of a hack tool is a keystroke logger, a program that tracks and records individual keystrokes, and can send this information back to the hacker.
Mostly harmless, these programs generally create distractions by causing animated characters to wander around a user’s screen randomly or by interrupting normal operations to display a fake computer crash message. Such programs are typically benign but can cost a business a great deal of lost time trying to eliminate programs from infected hosts.
Dialers are a form of risk that intercept connectivity requests to a user’s normal ISP and instead dial on their own to connect a user to an alternate phone service. Often these numbers are long-distance calls, sometimes dialing numbers with exorbitant per-minute toll fees. Although decreasing in number due to the expansion of cable modem and DSL broadband connectivity, these programs can cost users money and effort, and can also endanger user information.
Remote access programs allow an unauthorized user or remote terminal to interact with a user’s desktop or other devices connected to a running computer. Some of these programs relay the desktop to a remote viewing client so that the originator can observe exactly what the user sees. Others actually allow the originator to take over a user’s console by entering keystrokes or moving the mouse as if the hacker were sitting at the compromised computer’s console.
A few of these programs can be used to surreptitiously access a computer’s attached devices, such as webcams and microphones, to better spy on users without alerting them to this behavior. Although there are a number of valid uses for remote access clients in the modern business environment, most of these programs hide their existence from the user and can present an extreme risk to users working with sensitive or protected information, trade secrets, or other similarly valued data.
Table 2-1 details some of the typical impacts caused by security risks.
Table 2-1 Typical Impacts Caused by Digital Infections
Computer slowdown. Computer instability.
Active conduit for download and installation of additional security risks.
Release of confidential, protected, or sensitive information.
Release of browser-tracking information, logged keystrokes, or other forms of data.
Violations of privacy policies or legal requirements.
Infections can allow programs to spread to other computers, mobile devices, or network file shares.
Infections can lead to data loss, corruption, or other forms of operational impairment to infected hosts.
In additional to legal issues surrounding violations of privacy laws, owners of infected hosts might find themselves liable for harm or loss caused by their infected computer’s actions.
Removal of infections can also cost time, personnel, and possible loss of critical data within an enterprise. Viruses, worms, and Trojan horses can add significantly to the total cost of ownership (TCO) of a company’s network.