INTRO TO I.T.

NETWORKS AND INTERNET

Introduction

To manage network security, you will need knowledge of how computer networks operate. Those readers who already have a strong working knowledge of network operation may choose to skim or perhaps give it a quick read as review. For others new to computer networking, study will give you a basic introduction to how networks and the internet work. This understanding of networks and internet will be crucial to your comprehension of later topics presented.

We will try to understand that how will examine the basic model of network and the underlying technologies that allow networks to communicate. This information will be the foundation on which all of the other materials in this course are build. You will be able to practice using some utilities i.e. IPCongfig, tracery, & ping.

The OSL Model

Let’s begin with the OSI model or open system interconnect model. This model is a description of how networks communicate. It describes the various protocols, activities and it delineates how the protocols and activities related to each other. This model is divided into seven layers which is shown in following. It was original developed by the International Standards Organization (ISO).

Layer	Description	Protocols
Application	This layer interfaces directly to the application and performs common application services for the application processes.	Non
Presentation	The presentation layer relieve the application layer of concern regarding syntactical differences in data representation within the end-user system	POP, SMTP, DNS, FTP, Telnet, ARP
Session	The session layer provides the3 mechanism for managing the dialogue between end-user application processes	NetBIOS
Transport	This layer provides end-to-end communication control	TCP
Network	This layer routes the information in the network	IP, ICMP
Data Link	This layer describes the logical organization of data bits transmitted on a particular medium. Data Link is divided into two sub-layers: the Media Access Control layer (MAC) and Logical Link Control layer (LLC)	SLIP, PPP
Physical	This layer describes the physical properties of the various communications media, as well as the electrical properties and interpretation of the exchanged signals. In other words, the physical layer is the actual NIC, Ethernet Cable and so forth.	None

Many networking students memorize this mode. It is good to at least memorize the name of the seven layers and in general understand what they each do. Form a security perspective, the more you understand about network communications, the more sophisticated your defense can be. The most important thing for you to understand is that it describes a hierarchical model of communication. A layer will interact directly with the layer above or below it.

Network Basics

Getting two or more computers and a process to transfer data that is simple in concept but complex in. Consider all the factors involved. First, you'll need to physically connect to the computer. This connection is accomplished by either your computer or plug in a cable to infrared light. The cable is then plugged either directly into another computer or is plugged into a router which ort a hub that will, in turn, connect to several other computers.

Most modern computers have a card called a network interface card or a NIC. The connection is via a cable, so the computer has a connection slot that looks like a telephone jack, just a little bigger that looks part of the NIC that is external. Of course wireless network, which is a slot for a cable to connect to, the wireless network simply uses infrared signals to transmit to a nearby wireless router or hub.

Media Access Control (MAC) Addresses

MAC addresses are an interesting topic. (The data link layer of the OSI model of Mac you can feel Layer). A MAC address is a unique address for a NIC. Every NIC in the world has a unique address represented by a six byte hexadecimal number. MAC addresses is a protocol that is used to change the IP addresses. This protocol is the Address Resolution Protocol or ARP. Therefore, when you type in a Web address, the DNS (Domain Name Server) protocol is used to translate that into a IP address. The ARP protocol will then translate that IP address into a specific MAC address of an individual NIC.

DNS Servers

How does a URL get translated into a IP address? IP is the URL that the computer how to do? Servers have been set up to perform this task. There are only set up servers to do the job. DNS stands for Domain Name Server (or System or Service). DNS translates domain names (www.example.com) into IP address (199.246.58.4). To remember domain names are alphabetic, because they are easy, but the Internet is really based on IP addresses. Thus, every time you use a domain name, a DNS server must translate the name into the corresponding IP address. If you are on corporate network, you probably have a DNS server on your network. If not, those, you ISP have one. These servers maintain a table of IP-to URL entries.

From time to time there are transfers of DNS data, called zone transfers, that allow one DNS server to send its changes to another. Across the Internet, there are root DNS server that are maintained with centralized data for all registered URL/IP addresses. The DNS system is, in fact, its own network. If one DNS server does not know how to translate a particular domain name, it asks another one and so on until the correct IP address is returned.

Primary DNS is the name given to the server or service that holds the authoritative information for a domain. Actually, a DNS server ( the computer / software) is not specifically “primary” or “Secondary”. A DNS server can be primary for one zone (domain) and secondary for another. By definition, a primary DNS server hold the master copy of the data for a zone and secondary servers have copies of this data that they synchronize with the primary server through zone transfers at intervals or when prompted by the primary server.

The physical connection: Local Network

Cable is a way through which more than one computes connected. The cable connection used with hard-wired NICs us an RJ-45 connection. (RJ is short for “Registered Jack”, which is an international industry standard). In contrast to the computer’s RJ 45 jacks, standard telephonic lines use RJ 11 jacks. The biggest different between jack involves the number of wires in the connector, also called the terminator. Phone lines have four wires, whereas RJ 45 connectors has eight.

If you look on the back side of computers or laptop, you will mostly find three ports that, at first glance, look as phone jacks two of the three ports are probably for a traditional modern and telephone and accept a standard RJ-11 jack. One port is used for RJ 45 connector. Not all computers come with a NIC, most modern computer do. Additionally, many modern computers no longer contain an internal modern, in which case there would not be an RJ 11 jack.

This standard connector jack must be crimped on the end of the cable. The cable used in most networks today is a category 5 cables – or CAT 5, as it is commonly known. (Not that CAT-6 cable is becoming more prevalent with high – speed networks).

Category	Specifications	Uses
1	Low-speed analog (less than 1 MHz)	Telephone, doorbell
2	Analog line (less than 10 MHz)	Telephone
3	Up to 16 MHz or 10 MBps (megabits per second)	Voice transmissions
4	Up to 20 MHz / 16 MBps	Data lines, Ethernet networks
5	100 MHz / 100 MBps	Most common types network cable
6	250 MHz / 1000 MBps	Very high-speed networks

The type of cable used in connecting computers is also often referred to as shielded twisted pair cable (UTP). In UTP, the wires in the cable are in pairs, twist together without any additional shielding. As you can see in above mentioned table, each subsequent category of cable is somewhat faster and more robust than the last. It should be noted that, although CAT-4 can be used for networks, it is most never used for that purpose simply because it is slower, less reliable and oldest technology. You will usually see CAT – 5 cables and it is also increase upto CAT – 6.

Notice the speeds listed in table, such as MBps. This speed stands for megabits per second. Ultimately, everything in computer is stored in binary format using a 1 or 0. These units are called bits. It takes eight bits, or one byte, to represent a single character such as a letter, number or carriage return. It follows, then, that CAT – 5 cable can transmit up to 100,000,000 bits per second. This is known as the bandwidth of the cable. Remember, though, that this is the maximum that can be transmitted “across the wire” at any given second. If multiple users are on a network and all of them are sending data, the traffic generated is going to quickly use up all of the bandwidth. Simple scanned-in photos can easily reach two megabytes or much more. Steaming media, such as video is perhaps the most demanding on bandwidth.

If you simply want to connect two computers to each other, you can have the cable go directly from one computer to the other. But what do you do if you wish to connect more than one computer? What if 100 computers need to be connected on a network? There are three devices that can help you accomplish this task: the hub, the switch, and the router. These devices each use CAT – 5 or CAT – 6 cable with RJ – 45 connectors.

1. The Hub
the simplest connection device is the HUB. A hub is a small, box-shaped electronic device into which you can plug network cable. It will have four or more (typically 24) RJ 45 jack him, met each port. This is as a center as many ports can connect to the computer. You can also connect on hub to another; this strategy is referred to as “stacking” hub. Very cheap and easy plug-in cable to connect --- centers. However, however, hubs have a downside. If you send a packet from one computer to another, a copy of that packet is actually send out from every port on the hub. All of these copies lead to a great deal of unnecessary network traffic. There is no way of knowing where the center, because it is a very simple device occurs, a packet should be. Therefore, it simply sends copies of the packet out of all of its ports.

2. The Switch
The next connection device option is known as Switch. A switch is basically an intelligent hub. However, a switch receive a packet, it will send that packet only out the port for the computer to which it needs to go. A switch builds a table based on MAC addresses and uses that to determine where a packet is being sent. How this determination is made is explained in the Data Transmission section below.

3. The Router
Finally, if you want to connect two or more networks together, you use a router. A router is similar in concept to a hub or switch, as it does relay packets; yet, it is far more sophisticated. You can program most routers and control how they relay pockets. How your router vendor programs such details are different form. However, you should be aware that most routers are programmable, allowing you to change how they route traffic. Moreover, unlike using a hub or switch, a router connected to two networks are still separate networks. In short, the three basic connection devices are the hub, switch and router all of which connect category 5 or category 6 cable using RJ 45 connectors.

HOW DO LEGAL ISSUES IMPACT NETWORK SECURITY

An increasing number of legal issues effect how one approaches computer security. If your company is publicly traded, the company, a government agency or both in the business, may be legal barriers for the safety of your network. Even if your network is not legally bound to these security guidelines, it is useful to understand the various laws impacting computer security you may choose to apply them to your on security standards.

The effect is an ancient law that states that computer security Computer Security Act of 1987. This requires government agencies to identify sensitive systems, develop computer security training, and develop computer security plans. This law was vague mandate ordering federal agencies in the Stats to establish security measures, but it does not specify any standards.

It established a legal mandate for legislation paves the way for future guidelines and regulations impose certain criteria. It also helped define terms, such as what information is considered “sensitive” this quote is found in the legislation itself.

The term "sensitive information" means any information, damage, may affect the conduct to misuse or unauthorized access to or modification of negative national or federal programs or the privacy to which individuals are entitled under law of a state, but which has not been specifically authorized under criteria established by executive order to be kept sect in the interest of national defense or foreign policy..

This definition should be kept in mind, for it is not just social security information or medical history that must be secured. When considering what information needs to be secure, simply ask the question; Would the unauthorized access or modification this information adversely affect your institution? The answer is yes, then you must consider that the information is sensitive and needs security precaution.

Security must be applied to the system is a more specific law OMB Circular. This document requires that agencies of the state establish security programs containing specified elements. It also describes requirements for developing standards for computer systems & for records held by government agencies.

Most states have specific laws regarding computer security, such as legislation like the cyber-crimes. If you are responsible for network security, you might find yourself part of criminal investigation. It may be investigating a hacking incident or employee misuse of computer resources A list of computer crime laws (by a state) can be found at information system of the state.

Online Security Resources

When you move out into the professional world, you will have frequent need for additional security resources. Appendix B includes a more complete list of resources, but this section highlights a few of the most important once and those you may find useful now.

CERT

CERT is stands for Computer Emergency Response Team. This group is sponsored by Carnegie-Meilon University CERT was the first computer incident response team and it is still one of the most respected in the industry. Anyone interested in network security should visit the site routinely.

Microsoft Security Advisor

Because so many computers today run Microsoft operating system, another good resource is the Microsoft Security Advisor Website: www.microsoft .com/security/default.mspx. This site shows a portal to all Microsoft security information, tools & updates. If you use any Microsoft software, then it is advised that you visit this web site regularly.

F - Secure

The F – Secure corporation maintains a website at www.f-secure.com. Among other things, this site is a repository for detailed information on the virus. Here you will not only find notifications about a particular virus but you will find detailed information about the virus. This information includes how the virus spreads; ways to recognize the virus; & frequently, specific tools for cleaning an infected system of a particular virus.

SANS Institute

The SANS instituted website (www.sans.org) is a vast repository of security-related documentation. On this site you will find detailed documentation on all aspects of protecting your computer you can imagine in practice. Sans Institute has also published a number of sponsorship and information about those projects in the security research projects.

SECURITY DEVICES

To knowing the titles used for the people involved in breaching security. It would also be beneficial for you to start with a basic understanding of the security devices involved in stopping these individuals. You are probably familiar with some of these and most of them will be discussed at much greater length in subsequent.

Firewall:

The most basic security device is the firewall. A firewall is a bridge between a network and the outside world. Sometimes a firewall takes the form of a stand – alone server, sometimes a router, and sometimes software running on a machine. Whatever the actual form, a firewall Selects people that from where they are access and as well as exiting the network.

Proxy Server

A proxy server uses a firewall to hide the internal network’s IP (Internet Protocol) address and present a single IP address (its own) to the outside world. A proxy server is a server that it’s between a client application, i.e. a Web Browser and a real server. It stops all application to see the server itself. If it doesn’t forwards the request to the main server. Proxy server has two main purposes: to improve performance and filter requests.

Intrusion Detection System (IDS)

Firewalls & proxy server guard the perimeter, they don’t interfere in network access people that from where they are accessing. These two ways of safe guards are augmented by Intrusion Detection System. The IDS monitors the traffic that from where these are coming on site. It also point out the person that who are damaged your system security.

Activities

The last set of terms that you need to be familiar with delving deeper into the security are the names given to the activities involved in either breaching security or preventing a security breach. These terms also used throughout text.

Phreaking

Another type of specialty hacking involves breaking into telephone systems. Phreaking is sub-branch of the hacking. The Dictionary of New Hacker actually defines phreaking as “The action of using mischievous and mostly illegal ways in order to not pay for some sort of telecommunication bill, order, transfer, and other services.” Phreaking requires a rather significant knowledge of telecommunication & many Phreakers have some professional experience working for a phone company or other telecommunication business. This type of activity is often dependent upon specific technology required to compromise phone systems more than simply knowing certain techniques, i.e. there are many devices used to compromise telephone system. Telephonic systems are dependent on frequencies. Machines that record & duplicate frequencies are essential to phone phreaking.

Authentication

It is to security devices discussed above. There are specific security activities. Authentication is the most basic security activity. If this was the case, the process of determining the weather would have been more credible.

. When you log in with your username and security code. You will be granted access.

Auditing

Another crucial safeguard is auditing. Auditing is the process of reviewing logs, records and procedures to determine whether these item most standards. These activity will mentioned in different places.

Network Security Paradigms

Taking the approach to your security affects all subsequent security decisions and sets the tone for the entire organization's network security infrastructure. Network Security sample rate may be either protective measures Scope (parameter, layered) or system is so active.

Perimeter Security

In a perimeter security approach, most security efforts are focused on the network frame. This may include the possibility of reduced network firewalls to make non-authorized access, proxy servers and keyword policy or any technology or method. Little or no effort is made to secure the system within the network. In this approach, the circle is safe, but the various systems within that circle are often weak.

The perimeter approach is clearly flawed. So why do some companies use it? If a small organization is a budget constraint or an inexperienced network administrator, they can use it. This method might be adequate for small organizations that do not store sensitive data but it rarely works in a larger corporation setting.

Layered Security

A layered security approach individual systems within the network that is not only safe, secure area. All servers, workstations, routers and hubs within the network are secured. One way to accomplish this is to divide the network into sections and secure each segment as if it were a separate network so that if there is perimeter security neither compromised, nor all internal system are affected. Layered security is the preferred method whenever possible.

Proactive Versus Reactive

You should also measure your security approach by how proactive and / or reactive it is. This done by gauging how much of the system’s security infrastructure and policy are dedicated to preventive measures as opposed to how much are devoted to simply responding to an attack after it has occurred A passive security approach does little or nothing to prevent an attack. A dynamic or active defense is one in which measures are taken to prevent attacks from occurring.

One example of a proactive defense in the use of IDS, which works to detect attempts to circumvent security measures. This system is the system administrator can tell you that trying to break security, even if not successful attempt. IDS can also be used to detect various techniques that intruders use to assess a target system, thus alerting a network administrator to the potential for an attempted breach before the attempt is even initiated.

Hybrid Security Method

In the real world, network security is usually a combination of approaches and not focused completely in on paradigm or another. The two categories also combine. One can have a network that is predominantly passive, but layered, or one that is primarily perimeter but proactive. It can be helpful to consider approaches to computer security along a Cartesian coordinate system, with the x axis representing the level of passive-active approaches and the y axis to reflect the range covering the perimeter defense.

The most desirable hybrid approach is a layered paradigm that is dynamic, which would be located in the upper right-hand quadrant. In this system, there would be perimeter security as well as layered internal security. The intrusion detection system to make a more complete security solution that would give a level of dynamic activities.

BASIC SECURITY TERMINOLOGY

The security and hacking term are merely an introduction to computer security terminology, but they are excellent starting point to help you prepare for learning more about computer security. Additional terms will be introduced throughout the text and listed in the Glossary.

The computer security takes its vocabulary from both the professional security community & the hacker community. As we explore these terms, you will see that there is a great deal of overlap. However, most hacker terminology is concerned with the activity (phreaking) or the person performing the activity (sneaker). In contrast, security professionals’ terminology describes defensive barrier devices, procedures & policies. This is quite logical because hacking is an offensive activity centered around attackers and attack methodologies, whereas security is a defensive activity concerning itself with defensive barriers and procedure.

People

There are many titles used for those individuals who set their web sites on breaching computer security systems. We describe some of the most common names. These are the terms that we will use throughout this text.

Hackers

You probably have heard the term hacker used in movies and news broadcasts. Most people use it to describe any person who breaks in to a system. In the hacking community, however, a hacker is an expert on a particular system or systems who wants to learn more about the system. Hackers feel that looking at a system’s flaws in the best way to learn about that system. i.e someone well-versed in Windows O/S who works to understand that system by learning its weaknesses and flaw would be a hacker.

This process does indeed often mean seeing whether a flaw can be exploited to gain access to a system. This “exploiting” part of the process is where hackers differentiate themselves into the groups.

Ø White hat hackers, upon finding vulnerability in a system, will report the vulnerability to the vendor of that system. If they discovered some flaw in Red Had Linuxtm, they would then e-mail the Red Hat company (probably anonymously) & explain exactly what the flaw is and how it was exploited.

Ø Black hat Hackers are the people normally depicted in the media. Once they gain access to a system, their goal is to cause some type of harms. They might steal data, erase files or deface web sites. Black hat hackers are sometimes referred to crackers.

Ø Gray hat hackers, are typically law-abiding citizens, but in some cases will venture into illegal activities. They may do so for a wide variety of reasons. Commonly, gray hat hackers conduct illegal activities for reasons they feel are ethical, such as hacking into a system belonging to a corporation that the hackers feels is engaged in unethical activities.

Regardless of how hackers view themselves, intruding on any system without permission is illegal. This means that, technically speaking, all hackers, regardless of the color of the metaphorical hat they may wear, are in violation of the law. However, many people feel that white hat hackers actually perform a service by finding flaws and informing vendors before those flaws are exploited by less ethically inclined individuals.

Script Kiddies

So what is term for someone who calls themselves a hacker, but lacks the expertise? The most common term for this sort of person is Script kiddy (Glossary of hacker terminology). The name come from the fact that the Internet is full of utilities and script that one can download to perform some hacking tasks. Someone who downloads such a tool without really understanding the target system would be considered a script kiddy.

Ethical Hackers:

Sneakers when and why would someone give permission to another party to hack his system? The most common answer is in order to assess vulnerabilities of their systems. This employee, commonly called a sneaker, legally breaks into a system in order to access security deficiencies. This started in a movie in 90’s about this subject. There are consultants who perform work of this type and you can even find firms that specialize in this very activities as more and more companies or forms are soliciting these services to assess their vulnerabilities.

Anyone hired to assess the system vulnerabilities should be both technically proficient and ethical. It is best to run a criminal background check and avoid those people with problem pasts. These are plenty of legitimate security professionals available who know and understand hacker skills, but have never committed security crimes. If you take the argument that hiring convicted hackers means hiring talented people in question is not conclusion, you would surmise that, obviously, the person in question is not as a good a hacker as they would like to think because they were caught. Most importantly, giving a person with a criminal background access to your systems is on par with hiring a person with multiple DWI convictions to be your driver. In both cases, you are inviting problems and perhaps assuming significant civil liabilities.

Also, some review of their qualifications is clearly in order. Just as there are people who claim to be highly skilled hackers but are not, there are those who will claim to be skilled sneakers who lack the skills truly needed. You would not want to inadvertently hire a script kiddy who thinks she is a sneaker. Such a person might then pronounce you system to be sound, when in fact it was simply a lack of skills that prevented the script kiddy from successfully breaching your security.

COMPROMISING SYSTEM SECURITY

Now that we have examined the three broad classes of attack. It is an appropriate time to ask? What are the most likely attacks and what are your vulnerabilities? This section covers the basics of what threats are possible and which are most likely to cause you or your organization. The most likely threat to individuals and large organization is the computer virus. In the first nine days of September 2003, the F-Secure security information Website listed 20 new viruses. This is a fairly common monthly statistic. In a month, new virus will be generated & old viruses are still there. All the major anti – viruses software vendors have released protection for the SoBig virus; today alone I receive several e-mails which that virus as an attachment. Therefore, even when a virus is known and there is protection against it, it can continue to thrive because many people do not update their protection or clean their system regularly.

The most common attacks are unauthorized usage of computer system. Unauthorized usage includes everything from Denial of Service attacks to outright intrusion of system. It also includes internal employees misusing system resource. A recent survey by the Computer Security Institute of 223 computer professionals showed over 445 million in losses due to computer security breaches. In 75% of cases, an internet connection was the point the attacks, while 33% of professionals cited the location as their internal systems. A rather astonishing 78% of those surveyed detected employee abuse of systems / internet (Computer Security Institute). This statistic means that, in any organization, one of the chief dangers might be its own employees.

In addition to the negative effects of employees misusing system resources, you need to also consider the possibility of an outright attack by an employee. An “insider” attacks can cause considerably more damage than your typical internet-based attacks because the employee haws more familiarity with the organization as a whole.

IDENTIFYING TYPES OF THREATS

There is one of three broad classes of threats which are attacks.

§ Malware:
Malware is a term which is used for software that has used for multiple purposes. It includes various types of virus attacks. It is most dangerous for your system or network system.

§ Intrusions:
this type of attack destroy your unauthorized access of your system.

§ Denial of Service (DoS) Attacks:
these are designed to stop legitimate computer access.

This section offers a broad description of each type of attack.

Malware

Malware is a generic for software that has a malicious purpose. This section discusses three types of malware: viruses, Trojan horses and spy ware. Trojan horses and viruses are the most widely encountered.

According to Symantec (creator of Anti-Virus and other software products), a virus is “a small program which is hide in itself, usually without knowledge”. A computer virus is similar to a biological virus in that both replicate and spread. The email is most common way for virus spreading to everywhere. Some virus can’t damage the system usually but it cause of system slowdown or shutdown.

The Trojan horse receives its name from an ancient tale. In this tale, the city of Troy was besieged for an extended period of time, but the attacker could not gain entrance. Therefore, they constructed huge wooden horses and let it in front of the gates to Troy one night. The next morning, the residents of Troy saw the horse and assumed it to be a gift, consequently rolling the wooden horse into the city. Unbeknownst to them, several soldiers where hidden inside the horse. That evening, the soldiers left the horse, open the city gates & let their fellow attackers in the city. An electronic Trojan horse works in the same manner, appearing to be benign software but secretly downloaded a virus.

Spyware is an other category of Malware, which is literally spies that what you are done on your computer system. Spyware is a text file of cookies which creates and store on your computer system, which is downloaded through web site. This file is recognized you and return by you to web site. That file can able you to access different pages on site.

A key logger is other form of spyware, which records all the key strokes by you. Some key loggers also take screen shot of your computer. Data is then either stored for later retrieval by the person who installed the key logger or is sent immediately back via e-mail. This action has legitimate purpose such as an employer wants to track the activities of computer of any employee of his organization as well as it is used for illegal / unethical purposes.

Compromising System Security

We will now look at attacks that breach your system security. This activity is commonly referred to as hacking, although that is not the tem hackers themselves use. We will delve into appropriate terminology shortly; however, it should be noted at this point that cracking is a appropriate word for, intruding onto a system without permission, usually with malevolent intent. Any attack that is designed to breach your security, either vis some operating system flaw or any other means, can be classified as cracking. Simply put, hacking may or may not be for malevolent purposes. Cracking is hacking conducted for malicious purposes.

Social engineering is a technique for breaching system security by exploiting human nature rather than technology. Social engineering uses standard con artist techniques to get users to offer up the3 information needed to gain access a target. This method works is rather simple. The perpetrator obtains preliminary information about a target organization and leverages it to gain extra information from the system.

Following is an example of social engineering in action. Armed with the name of a system administrator, you might call someone in the accounting department of a business and claim to be one of the company technical support panel. Mentioning the system administrator name would help validate that claim, allow to you ask question in an attempt to ascertain more details of specifications of the system. A savvy intruder might even get the accounting person to say a username and keyword. As you see, this method is based on how well the prospective intruder can manipulate people and computer skill.

Denial of Service Attacks

In this addition to the various forms of malware and cracking attacks, there are attacks that prevent legitimate user from accessing their own system. This type of attack is called Denial of Service (DoS). In these attacks the attacker doesn’t actually access the system, but rather simply blocks access from legitimate users. One common way to prevent legitimate service is to flood the targeted system with so many unreal connection requests that the system cannot respond to legitimate request.

INTRODUCTION TO CYBER CRIME AND SECURITY

After this article you will be able to do following:

Ø Identify the top threats to computer network: intrusion, Denial of Service attacks and malware.

Ø Assess the likelihood of an attack on your personal computer and network.

Ø Define key terms such as cracker, sneaker, firewall & authentication.

Ø Compare and contrast perimeter and layered approaches to network security.

Ø Use online resources to secure your network.

INTRODUCTION

It’s hard to find a facet of modern life that does not involve a computer system on some level. The following are just a few examples that illustrate this point.

§ Financial transactions----including online banking. ATMs and debit cards ---- are a pervasive part of modern commerce system.

§ Some small and large businessman automatic checkout.

§ You may be taking this class online or perhaps you registered for it online. You may have online order this book.

§ There is even widespread discussion of eventually online voting.

Because so much of our business is transacted online, a great deal of individual or personal information of any one is stored in computers. Medical record, tax record, academic record and more are all stored in database. Whether this level of technology in our daily lives is to our advantage or not is question that is beyond the scope of this book. The fact is that our lives are inextricably intertwined with computer system. This leads to several important questions.

How is information safeguarded?

What are the vulnerabilities to these systems?

What steps are taken to ensure that these systems and data are safe?

FYl: Online Banking
A recent study found that 28% consumer’s access their primary banking institution by phone, the internet or at branches at least three times in a week (Online Banking Report). These consumers use online banking to view statements and checks, pay bills, balance, transfer of money.

Recent news stories do not offer encouraging answers to these questions. The electronic media often gives a great deal of attention to dramatic virus attacks, hackers and other interesting phenomena of Internet. Virus attacks news, often becomes lead stories on national networks. Even the most technically native person cannot go more than a few weeks without hearing of some new virus or hacking incident, such as the dramatic attack in Feb 2003, when a hacker was able to get some millions of credit cards numbers.

In spite of daily horror stories, however, many people (including some law enforcement professionals and trained computer professional) lack an adequate understanding for the reality of these threats. Attention is often focused on the most dramatic computer security breaches (intrusions), which do not necessarily give an accurate picture of the most plausible

FYl: Online Shopping
The commerce department reports show a rapid increase in online retail sales in just a few years. Since the year 2018, when sales were approximately 27. 3 million, online sales increased by nearly 325% to approximately 88.3 million in 2019. At the time of this writing, sales for 2020 were projected to approximately 109.9 million.

threat scenarios. Clearly, may people are aware of the attacks that can be executed against a target system. Unfortunately, they are often not familiar with the attack’s mechanism, its actual danger level or how to prevent it.

This article outlines current dangers, describes the most common types of attacks on your personal computer and network, teaches you how to speak the lingo of both hackers and security professionals and outlines the broad strokes of what is necessary to secure your computer as well as network.

How Seriously Should You Take Threats to Network Security

The first step in understanding computer and network security is to formulate a realistic assessment of the threats to those systems. The general population tends to have two extreme attitudes about computer security. The first group assumes there is no real threat. Subscribers to this theory believe that there is little real danger to computer system and that much of the negative news is simply unwarranted panic. They often think that taking only minimal security precautions should ensure the safety of their systems. The prevailing sentiment of these individuals is, “If our computer / organization have not been attack so far, we must be secure,” they tend to have a reactive approach to security. They will wait until after an incident occurs to address security issues --- the proverbial “closing the barn door after the horse has already gotten out.” If you are fortunate, the incident will have only minor impact on you or your organization and will serve as much needed wake up call. If you are unfortunate, then your organizations may face serious and possible catastrophic consequences. For example there are organizations that did not have an effective network security system in place when the virus attacked they system. One of those companies estimated that lost productivity through downtime of the systems cost over 100,000/-.

The second extreme attitude toward the dangers to commuter and network security is one that tends to overestimate the dangers. The people in this group are prone to assume that talented hackers exist in great numbers and all are imminent threats to your system. They may believe that any teenager with a laptop can traverse highly secure systems at will. This viewpoint has, unfortunately, been fostered by a number of movies that depict computer hacking in a somewhat glamorous light. Such as world view makes excellent movie plots, but it is simply unre3alistic. The reality is that many people who call themselves hackers are less knowledgeable than they think. They have ascertained a few buzzwords from the Internet and are convinced of their own digital supremacy, but they are not able to affect any real compromises to even moderately secure system.

Both extremes of attitudes regarding the dangers to computer systems are inaccurate. It is certainly true that there are people who have both the comprehension of computer systems and the skills to compromise the security of many, if not most, system. However, it is also true that many who call themselves hackers are not as skilled as they claim. As with any field of human endeavor, the majority of hackers are, by definition, mediocre. Often, the people who most loudly declare their cyber prowess are usually those with the least actual skill. The truly talented hacker is no more common than the truly talented concert pianist. Consider how many people take lessons at some point in their lives; then consider how many of those mind that even those who do possess the requisite skill also need the motivation to expend the time and effort to compromises your system. This does not mean that unskilled hackers are no threat at all, but rather they are much less of a threat than administrators, the hackers themselves, might think. Additionally, the greatest threat to any system is not hackers, by rather virus attacks and Denial of Service attack.

A more balanced view and therefor, a better way to assess the threat level to your system is to weigh the attractiveness of your system to potential intruders against the security measures in place.