Computer Security - Part 1

Computer Security - Part 1

Computer security covers protecting computer systems - cellphones, workstations, servers, networks or any other hardware, software and data from loss, disruption or other attacks. Cybersecurity is the more recent name for Computer Security as the name describes more fully the span of coverage of the term.

Controlling physical access to a system is the first level protection and includes network protection measures as well as protection from malicious persons with access.

Vulnerabilities include any flaw or weakness in a system be it at the operating system level or within the applications on that system and Exploits are those methods which can be used to take advantage of a vulnerability.

Short list of Exploits:

Backdoors, RootKit, Worm, Trojans, Viruses, DDoS, physical access, eavesdropping, phishing, social engineering, privilege escalation, tampering and spoofing, keylogging, Spyware, Botnet, & Cryptomalware.

Each of these affords the attacker specific or combined methods of attack each with various levels or directions of penetration into a system or network. Targeted compromise of a system or network are briefly described below, but further description and investigation of each will be left to the reader’s responsibility.

Trojan Horse (Trojan):

These are malicious programs which lead the user into believing it’s purpose is that of something else. The name Trojan Horse comes from the ancient Greek story where a Trojan Horse allowed the Greeks to invade Troy. Beware Greeks bearing gifts.

Today most trojans are spread through various methods of Social Engineering to dupe the user into installing the malware. Sometimes these are as simple as browsing a web page which contains an executable embedded in through a banner advertisement that requires absolutely no interaction.

Much like any of the exploits described here, once the trojan is in place on the user’s system, the attacker can perform reconnaissance, disable/remove any program (including anti-virus), remote control, data damage/destruction, malware distribution/installation locally, network or globally, data exfiltration or encryption via crypto-malware (aka ransomware).

Ransomware:

Cryptomalware is a form of ransomeware which leaves the user wondering if there is anything they can do to avoid becoming infected or losing their data; This is especially troublesome given the nature of these attacks and the global connectivity of the Internet.

This malware generally has targeted Microsoft Windows systems as they have been the easiest to infect, but has been infecting other systems such as Android, Linux & Mac OSX. One particularly widespread version is known as Cryptolocker which is spread through infected email attachments or existing botnets. Once the software is activated, it encrypts all mounted drives on a system including network mount points. The private key used for the encryption is maintained by the malware Command and Control Server(s) and demands for the user to pay in lower traceability currency bitcoin.

The best method to avoid this disastrous infection is to make frequent backups to offline or remote storage (such as SpiderOak, Carbonite, etc.). Other helpful ways to avoid this cryptoware is to use a secured Virtual Machine running a secure Linux distribution with very limited or no access to the host operating system, file system or network file system.

Continued in parts 2-9

Source: https://en.wikipedia.org/wiki/Computer_security