Presentation on theme: "Management Information Systems Lection 07 Information security CLARK UNIVERSITY College of Professional and Continuing Education (COPACE)"— Presentation transcript:
Management Information Systems Lection 07 Information security CLARK UNIVERSITY College of Professional and Continuing Education (COPACE)
Information security Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Viruses One of the main types of leverage to the computer networks and systems is the computer virus. A computer virus is a program that can infect other programs by means of inclusion in them its body or elements, perhaps a modified copy, the latter preserves the ability to further multiplication.
Computer viruses In addition to infection, the virus just like any other program can perform other unauthorized activities, from quite harmless to extremely destructive.
Signs of infection the slowdown of the computer; the inability to boot the operating system; frequent «hangs» and failures of computer; termination of operation or malfunction of the previously successfully functioning programs; increasing the number of files on the disk; changing sizes of the files; periodic occurrence on the screen inappropriate system messages; reduction of free RAM; a marked increase while accessing to the hard drive; changing the date and time of file creation; the destruction of the file system (disappearance of files, distortion of catalogues, etc.); hard drive bulb blinks, when no program applies it.
Sources of the spread of computer viruses Internet Intranet E-mail Removable storage devices
Internet Hackers place viruses and other malicious programs on the web resources, mask them as useful and free software. In addition, scripts that run automatically when you open a web page can perform malicious actions on your computer, including changes in the system registry, stealing personal data and the installation of malicious software. By using network technologies, attackers implement attacks on the remote private computers and servers of companies. The result of such attacks may be the withdrawal of resources from the system or gaining full access to those resources.
Intranet Intranet is an internal network, specially designed for management of information systems within a company or a private home network. Intranet is a unified space for storage, exchange and access to information for all the computers on the network. So, if any of those computers in the network are infected, the other computers has a great risk of infection also. To avoid such situations it is necessary to protect not only the perimeter of the network, but each individual computer.
E-mail The user of the infected computer, unwittingly, sends emails to recipients who in turn send more infected emails and etc. There are cases, when the infected file falls into the mailing lists of commercial information of any large company. In this case, hundreds or even thousands of subscribers of such mailings suffer and then will send the infected files to tens of thousands of their customers. In addition to the threat of malicious programs there is a problem with an external junk mail advertising (spam). Although it is not a direct threat, spam increases the load of mail servers, creates additional traffic, pollutes the user mailbox, leads to a loss of working time and thereby causes significant financial damage.
Removable storage devices Removable storage devices are floppy disks, CD/DVD disks, flash cards, they are widely used for storing and transmitting information. When you open a file that contains malicious code from a removable device you can corrupt the data stored on your computer, as well as spread the virus to other drives of a computer or computer network.
Environment Network viruses are spread by various computer networks. File viruses infect mainly in executable files (BAT, COM and EXE). Sometimes they can be introduced in other files too, but if it is so, they will never receive control and lose the ability to reproduce. Boot viruses infect the boot sector of a disk or the sector, containing the program loading of the system disk (Master Boot Record). File-boot viruses infect both files and boot sectors.
Infection method Resident virus retains its resident part in RAM, which then intercepts the appeal of the operating system to the objects of the intrusion (files, boot sectors, etc.) and implements there. They are in RAM and active until shutdown or restarting the computer. Non-resident viruses do not infect the computer's memory and are active for a limited time.
Impact degree Not dangerous viruses dont disturb the work of the computer, but reduce the amount of free RAM and disk space, manifest themselves in any graphic or sound effects. Dangerous viruses can lead to a range of violations in the work of the computer. Very dangerous viruses can lead to loss of programs, destruction of data, deleting information in the system areas of the disk.
Algorithmic nature «Worms» are redistributed in computer networks, penetrate into the PC memory from the computer network, compute the addresses of the other computers and send them their copies. Sometimes they leave temporary files on the PC, sometimes they dont affect the resources of the computer except the RAM and CPU. Satellites break EXE-files by creating a COM copy. when you start the program firstly the COM file with the virus starts, which will start the EXE file. With this method of intrusion infected programs dont change. "Parasitic" viruses modify the contents of files or sectors on the disk.
Algorithmic nature "Polymorphic viruses are self-encrypting viruses or ghosts. It is enough difficult to find them because they dont have a signature, i.e., they do not contain any permanent section of code. In most cases, two samples of the same polymorphic virus will have no one match. This is achieved by encrypting the main body of the virus. Macro-viruses use the possibilities of macro-language, built-in different integrated software (text editors, spreadsheets, etc.). Currently, the most common macro viruses infect text files created in Microsoft Word.
Algorithmic nature "Stealth viruses represent perfect programs, which intercept treatment to the affected files or sectors of disks and place instead of them clean information. In addition, these viruses when accessing files, use enough original algorithms, allowing to deceive resident anti-virus monitors. Trojans are not able to seft-replicate, but they are very dangerous (destroy the boot sector and file system drive), spreading like useful software.
Spyware Spyware is a software that collects information about a particular user or organization without their knowledge. You can not guess even about the presence of such programs on your computer. The goals of spyware are: To trace user actions on a computer; To collect information about the contents of hard disks; more often only some folders and the system registry are scanned (in order to compile a list of installed software on your PC); To collect information on the quality of network communication, the way of connection, etc.
Adware It is the code included in software without the user's knowledge to display advertisements. Adware are embedded in the software distributed free. These programs often collect and send back to their developer personal information about the user, change browser settings (start page and search pages, security levels, etc.), as well as create the uncontrolled user traffic. All these activities lead to the disruption of information security and financial losses.
Jokes It is the software that does not cause direct harm, but display a message that the damage is already done, or will be caused under any conditions. These programs often warn the user of a non- existent dangers, for example, display a message about disk formatting (although no formatting is not actually happens), detects viruses in uninfected files, etc.
Rootkits They represent utilities used to conceal malicious activities. They mask malicious programs to avoid their detection by antivirus programs. Rootkits modify the OS on the computer and replace its main features to hide their own presence and actions of the attacker.
Antivirus Detectors can detect the files infected with one of the few known viruses. Doctors (phages) «treat» the infected programs or disks, biting the virus body from the infected programs, restoring the program in the condition it was in before infection.
Antivirus Auditors at first remember the information about the state of applications and system areas of the hard disk, and then compare their current state with the previous. If there are some inconsistencies it is reported to the user. Doctors are hybrids of auditors and doctors, they detect changes in files and system areas and automatically return them to their original state.
Antivirus Filters are resident in RAM, they intercept the viruses attempts to reproduce and make a damage, and report to the user. Vaccines modify programs and disks in such a way that it is not reflected on the programs, but the virus considers these programs or disks are already infected. These programs are highly inefficient.
Prevention of infection Back-up information Differentiation of access Check the arriving information
Actions in case of infection Don't hurry and make hasty decisions. All actions to detect the type of infection and the treatment of the computer should only be done when you boot your computer from protected from the recording disk. It should only use the programs (executable files) stored on that disk. If you are using the resident antivirus monitor, the presence of the virus in a program can be detected at a very early stage, when the virus had not even managed to infect other programs and spoil any of the files. In this case, you should restart the computer with the recovery disk and delete the infected program. Then start auditor and verify the changes in the files.
History of computer virology 1945 The birth of the term debugging 1949 J. Neumann has developed a mathematical theory of the creation of self-reproducing programs
History of computer virology 1960-s First viruses (copied themselves while the free space finished) Pervading Animal (Univax 1108) 1975 First network virus The Creeper (and antivirus The Reeper
History of computer virology 1979 First worm (by XEROX) Pervading Animal (Univax 1108) 1981 Elk Cloner (for Apple, through games) 1983 The birth of the term computer virus
History of computer virology 1986 First virus for IBM The Brain (Pakistan) 1988 Worm for APRANET 1989 First trojan AIDS 1993 SatanBag (Washington)
History of computer virology 1999 Melissa 2000 I love you 2003 Slammer
Viral trends in 2013 The antivirus is not enough Social engineering Sales of fake anti-virus programs Applications in social networks The infected sites hides behind proxy servers The number of viruses for Mac and smartphones will increase More spam