M_5(A) Mitigating Risk When Connecting to the Internet
Threats and Risks on the Internet
- Categories of risk:
- Hackers
- Malware (viruses, Trojan horses, worms)
- Personal attacks (harassment, fraud, identity theft, data theft)
- Email attacks (phishing, spam, email viruses)
- Hackers and predators:
- Objective: Gain access to a computer system or network to cause harm or steal data.
- Methods:
- Malware
- Exploiting vulnerabilities in system and application software
- Exploiting poorly configured and insecure networks
- Gaining private credentials through social engineering
- Hacker motivations:
- White hat hackers: Ethical hackers who aim to improve security.
- Black hat hackers: Malicious hackers with criminal intent.
- Grey hat hackers: Hackers who sometimes violate laws but without malicious intent.
- Cyberterrorists: Hackers with political or ideological motivations.
- Sponsored hackers: Hackers funded by organizations or governments.
- Hacktivists: Hackers promoting a political agenda.
- Script kiddies: Inexperienced hackers using pre-made tools.
- Hobbyists: Hackers who hack for fun or challenge.
- Common motivations for hackers:
- Personal agenda
- Financial gain
- Sponsored or cyberwarfare
- Corporate espionage
- Organizational agendas
- Resource theft
- Hacker attacks:
- Motivation and technology determine the attack choice.
- Attack method fits vulnerabilities of the targeted system.
- Types of attack methods:
- Password attacks (brute force, dictionary, hash injection)
- Backdoor attack
- Man-in-the-middle (MitM) attack
- Denial of service (DoS) attack (ping flood, Distributed DoS attack)
- Malware:
- Umbrella term covering many types of harmful software.
- Developed for the purpose of causing harm.
- May remain dormant before activating.
- Early forms included hoaxes and pranks.
- Common forms of malware:
- Viruses:
- Malicious programs that spread by attaching to files, often requiring macros to execute.
- Worms:
- Self-sufficient programs that replicate themselves from one computer to another without aid.
- Exploit operating system or system software vulnerabilities.
- Trojans:
- Disguised malware that appears desirable to trick users into downloading.
- Not technically viruses.
- Rootkits:
- Hidden malware placed on a target computer to perform malicious activities undetected, like stealing data or keylogging.
- Spyware:
- Malware that collects and transmits information about user activities, such as browsing habits and personal data (PII).
- Ransomware:
- Malware that disables access to a computer's data until a ransom is paid.
- Malware Types:
- Virus:
- Replicates: Able to self-replicate
- Host Required: Needs a host program to propagate
- User Intervention: Needs to be activated or executed by a user
- Trojan Horse:
- Replicates: Does not replicate itself
- Host Required: Does not need a host program
- User Intervention: User must execute program in which the Trojan horse is hidden
- Worms:
- Replicates: Self-replicate without user intervention
- Host Required: Self-contained and does not need a host
- User Intervention: Replicates and activates without requiring user intervention
- Common malware delivery types:
- Peer-to-peer (P2P) sharing networks
- Network shares
- Email
- Web browsing
- Protecting a network from hackers and malware:
- Ensure software is current with all patches and service packs.
- Install a trusted anti-malware package.
Vulnerabilities and Exploits
- To defend systems and networks, administrators and users should know about:
- Software vulnerabilities
- Hardware vulnerabilities
- Malware threats
- Port vulnerabilities
- End-user vulnerabilities
- Physical security vulnerabilities
- Personal attacks:
- Protecting against personal attacks and data theft depends on personal browsing habits.
- Fraud:
- Primary trap on bad e-commerce sites.
- Ways to spot fraudulent sites:
- Browser alerts
- Suspicious domain name
- No contact information
- Cyberstalking:
- Harassment via repeated electronic communication.
- Includes offensive emails, spamming, impersonation, hate sites, false dating ads, and physical tracking.
- To prevent cyberstalking:
- Don’t give out personal information except to known contacts.
- Use filtering features in email and firewalls.
- Contact the police if it becomes a serious problem.
- Stop all communication with the harasser.
- Block the cyberstalker from social networking sites and only add trusted friends.
- Identity theft:
- Occurs when a thief assumes all or some of a victim’s identity.
- Uses personal or financial information without permission.
- Use caution regarding to whom and why personal information is given.
- Keep documents containing PII locked up.
Email Attacks
- Email provides a gateway into a network through user accounts.
- Personal methods to prevent email attacks include not:
- Opening unsolicited emails or attachments
- Sending personal information
- Giving your email address to strangers
- Replying to spam
- Forwarding chain letters
- Technical methods of preventing email attacks:
- Email checkers or filters for:
- Email tracking
- Keyword filtering
- Legal disclaimers
- Email blocking
- Message priority
- Message archiving
- Online risks and threats:
- Keep applications and operating systems updated.
- Use trusted antivirus/anti-spyware applications and keep them updated.
- Protect portable devices from theft with passwords and data encryption.
- Secure wireless access points and gateway devices.
- Use properly configured firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and routers.
- Encrypt data at rest and in transit.
Website Hosting
- External web hosting:
- Offered by web hosting providers:
- Disk storage space
- Available bandwidth
- Technical support
- Post Office Protocol version 3 (POP3) email accounts
- Email forwarding
- Email auto-responders
- Email aliases
- File Transfer Protocol (FTP) access
- Password protection
- Internal web hosting:
- Web server with redundant drives and hardware to ensure uptime
- High-speed internet connection to handle bandwidth requirements
- Adequate disk storage to hold the site
- Physical and logical security measures
- IT personnel who can manage the programming, maintenance, and security of the site
- Strong backup procedures including considerations for offsite backup storage
- Whois (private or public)
- When signing up for a domain, you use an authorized domain registrar.
- Internet Corporation of Assigned Names and Numbers (ICANN) is the governing body for all domain names.
- Keeps a record of every domain name, who owns it, and how and where it is being used.
- Often referred to as Whois data because you can search for a domain owner and contact information from ICANN registration records
- Registrars offer private settings to provide more protection of personal data.
Domain Name Server
- Domain Name System (DNS):
- Standard name resolution strategy used on networks today.
- Works on all operating system platforms.
- Function of DNS is to resolve host names.
- Most internal networks and the internet use DNS naming.
- You need to plan and design the DNS namespace to be used.
- First, choose the top-level domain name that will be used to host the organization’s name on the internet.
- Second, choose the second-level domain name that identifies the actual organization (google.com, for example). Referred to as parent domain name and is the domain name used on the internet.
- Common DNS attacks:
- DoS attacks
- Footprinting
- Address spoofing
- Redirection
Best Practices for Connecting to the Internet
- Keep all applications current.
- Use trusted anti-malware software and keep it current.
- Use perimeter security, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
- Secure backups on removable media.
- Use secure passwords.
- Report cybercrime to the police.
- Protect personal information on social networking sites.
- Use data encryption.