Write down all possible ways how your personal computer system could
be compromised. What are the possible attack vectors?


is a nice way of saying that someone or something has maliciously broken into
your computer without your knowledge or permission. It means that you cannot
trust the integrity of any file
on your computer (including program files, image files, operating system files,
etc.). You cannot find out what has been done to your computer files without an
exact “before the compromise” copy to compare your files against, and you
probably will never know what has been done with your personal information,
including your passwords or where your personal information has been sent.


A Compromised Computer is defined
as any computing resource whose confidentiality, integrity or availability has
been adversely impacted, either intentionally or unintentionally, by an
source.  A compromise can occur either through manual interaction by the
un trusted source or through automation.  Gaining unauthorized access to a
computer by impersonating a legitimate user or by conducting a brute-force
attack would constitute a compromise.  Exploiting a loophole in a
computer’s configuration would also constitute a compromise.  Depending on
the circumstances, a computer infected with a virus, worm, trojan or other
malicious software may be considered a compromise.  If the malicious
software is detected and removed by antivirus software in a timely manner, it
is probably not necessary to follow this process.  Some level of judgment
will need to be used in these situations.  Symptoms of a Compromised
Computer include, but are not limited to, the following:


The computer is experiencing unexpected and
unexplainable disk activity
The computer is experiencing unexpected and
unexplainable performance degradation
The computer’s logs (e.g. system logs, application
logs, etc.) contain suspicious entries that indicate repeated login
failures or connections to unfamiliar services
A complaint is received from a third-party regarding
suspicious activity originating from the computer

There are possible ways to compromise our personal computer system


Disconnect the computer from
the network

Contact the Information
Security Office

Notify users of the computer,
if any, of a temporary service interruption

Preserve any log information
not resident on the compromised computer

Wait for further instructions
from the Information Security Office





Disconnect the computer from the

Disconnecting the computer from the
network prevents a potentially untrusted source from taking further actions on
the compromised computer.  This also prevents any further leakage of
non-public information if that is a potential concern.  Shutting down the
computer would also have this effect but could destroy evidence that is
essential to investigating the compromise.  Similarly, rebuilding the
computer would destroy all evidence pertinent to an investigation.


Contact the Information Security

Prior to taking any additional
action on the compromised computer, the Information Security Office should be
contacted. Continuing to use the compromised computer or attempting to
investigate the compromise on your own could result in destruction of evidence
pertinent to an investigation. The Information Security Office can be contacted
by phone at 412-268-2044 or by email at [email protected] In the event that the Information Security Office is
unavailable to take your call, emergency contact information will be provided
in the voice message.


Notify users of the computer, if
any, of a temporary service interruption

If the compromised computer provides
some type of service, it is likely that users of this service will be impacted
by the interruption brought on by disconnecting the computer from the network.
These users should be notified in some manner of the interruption. Options for
notification may include an email to the user base or posting a notice to a
frequently visited web site. As stated previously, the details of a compromise
and the ensuing investigation should be kept confidential. Therefore, the
notification of service interruption should not indicate that there has been a


Preserve any log information not
resident on the compromised computer

All log files, pertaining to a
compromised computer, that are stored on a secondary computer or on some type
of external media should be preserved immediately. Preservation may include
making a copy of the log files and burning them to a CD. If there is no
immediate risk of the logs being deleted or overwritten, this step can occur
following Step 5. Log files stored locally on the compromised computer will be
collected as part of a forensic investigation coordinated by the Information Security
Office. This will help ensure that no evidence is destroyed or altered during
the collection process.




Wait for further instructions from
the Information Security Office

The Information Security Office will
conduct some preliminary investigation prior to determining the best course of
action for the Compromised Computer. While waiting further instructions, do not
share any details related to the compromise unless absolutely necessary.
Additionally, do not attempt to contact law enforcement officials. Such
communication must be coordinated with the Information Security Office and the
Office of General Counsel due to the potential legal implications of a
compromised computer.


Furthermore to protect our personal computer system


We can always install Operating
System updates

We can keep our installed
applications up-to-date

We cannot use the same password at
every site

We can Install and be sure to update your
anti-virus software

We can use a firewall

We can backup our data

We can enable the display of file extensions

We do not open attachments from people you do
not know

We can ignore emails that state you won a
contest or a stranger asking for assistance with their inheritance

We can watch out for online and phone support

We can ignore web pop ups that state your
computer is infected or has a problem



Attack Vector

An attack vector is
defined as the technique by means of which unauthorized access can be gained to
a device or a network by hackers for nefarious purposes. In other words, it is
used for assaulting or exploiting a network, computer or device. Attack vectors
help unauthorized elements to exploit the vulnerabilities in the system or
network, including the human elements.


An attack vector is a
path or means by which a hacker (or cracker) can gain access to a computer or
network server in order to deliver a payload or malicious outcome. Attack
vectors enable hackers to exploit system vulnerabilities, including the human


Attack vectors include
viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat
rooms, and deception. All of these methods involve programming (or, in a few
cases, hardware), except deception, in which a human operator is fooled into
removing or weakening system defenses.


To some extent, firewalls
and anti-virus software can block attack vectors. But no protection method is
totally attack-proof. A defense method that is effective today may not remain
so for long, because hackers are constantly updating attack vectors, and
seeking new ones, in their quest to gain unauthorized access to computers and

The most common
malicious payloads are viruses (which can function as their own attack
vectors), Trojan horse, worms, and spyware. If an attack vector is thought of
as a guided missile, its payload can be compared to the warhead in the tip of
the missile.




software (malware) designed to
damage, destroy, or deny service to the targeted systems.

common types of software attacks are viruses, worms, Trojan horses, logic
bombs, back doors, denial-of-service, alien software, phishing and pharming.






Segments of computer code that
performs unintended actions ranging from merely annoying to destructive. It is
a piece of self-replicating code embedded within another program (host). Viruses
associated with program files

disks, floppy disks, CD-ROMS


How viruses spread

or CDs


downloaded from Internet

Well-known viruses





Viruses today

antivirus software

people keep up-to-date



Destructive programs that replicate themselves without
requiring another program to provide a safe environment for replication.


through a computer network

security holes in networked computers

 Famous worms






Trojan horses.

progams that hide in other computer programs and reveal their designed behavior
only when they are activated.

program with benign capability
that masks a sinister purpose

Remote access Trojan: Trojan
horse that gives attack access to victim’s computer



RAT servers often found within
files downloaded from erotica/porn Usenet sites

Provide the attacker with
complete control of the victim’s system. Attackers usually hide these Trojan horses
in games and other small programs that unsuspecting users then execute on their




Logic bombs. Designed to activate and perform a destructive action at a
certain time.

Back doors or trap doors. Typically a password, known only to
the attacker, that allows access to the system without having to go through any

Denial-of-service. An attacker sends so many
information requests to a target system that the target cannot handle them
successfully and can crash the entire system.



Software Attacks




Pestware. Clandestine
software that uses up valuable system resources and can report on your Web
surfing habits and other personal information.

Adware. Designed to help
popup advertisements appear on your screen.

Spyware. Software that gathers user information through the user’s
Internet connection without their knowledge (i.e. keylogger, password capture).




Spamware. Designed to use
your computer as a launch pad for spammers.

Spam. Unsolicited
e-mail, usually for purposes of advertising.

Cookies. Small amount of information that Web sites store on your
computer, temporarily or more-or-less permanently


Web bugs. Small, usually invisible, graphic images that are added to a
Web page or e-mail.


Phishing. Uses deception to fraudulently acquire sensitive personal
information such as account numbers and passwords disguised as an
official-looking e-mail.

Pharming. Fraudulently acquires the Domain Name for a company’s Web
site and when people type in the Web site url they are redirected to a fake Web



Types of Attacks


Interruption – an asset is
destroyed, unavailable or unusable (availability)

Interception – unauthorized
party gains access to an asset(confidentiality)

Modification – unauthorized
party tampers (unauthorized alternation) with asset (integrity)

Fabrication – unauthorized
party inserts counterfeit (fraudulent imitation) object into the system (authenticity)

Denial – person denies
taking an action (authenticity)




Eavesdropping (secretly listen to a conversation)



Masquerade – one
entity pretends to be a different entity

Replay – passive
capture of information and its retransmission

Modification of messages -legitimate
message is altered

of service – prevents
normal use of resources. An intentional action designed to prevent legitimate
users from making use of a computer service. Goal of this attack is disrupt a
server’s ability to respond to its clients. About 4,000 Web sites attacked each


















Congratulations! You are elected member of the newly established
computer and data security team in ABC institution.

Make a list
of all possible risks that can have an impact on the security and stability of your
data and internal and external Information & Technology services.

Make a list
of recommendations to lower the risks.



Computer Security Risks
is any event or action that could cause a loss of or damage to computer
hardware, software, data, information, or processing capability.


Types of Computer
Security Risks

Internet and network attack

Unauthorized access and use

Hardware theft

Software theft

Information theft

System failure


Internet and network


Information transmitted
over networks has a higher degree of security risk than information kept on an
organization’s premises.




Back Doors

Denial of service



Malware (malicious software)
– which are program that act without a user’s knowledge and deliberately alter
the computer operation.

 Type of malware:

Computer viruses




Back door





a group of compromised computers connected to a
network such as the Internet that are used as part of a network that attacks
other networks, usually for nefarious purposes.


Back door

A program or set of instructions in a program that
allow users to bypass security controls when accessing a program, computer, or


Denial of service attacks or DoS attack

It  is an
assault whose purpose is to disrupt computer access to an Internet service such
as the Web or e-mail.



A technique intruders use to make their network or
Internet transmission appear legitimate to a victim computer or network.



Unauthorized Access and Use

Unauthorized access

The use of a computer or network without permission.

Unauthorized use

The use of a computer or its data for unapproved or
possibly illegal activities.



Hardware Theft and Vandalism

Hardware theft

Is the act of stealing computer equipment.


The act of defacing or destroying computer equipment.



Software Theft

Steals software media

Illegally copies a program

Intentionally erases programs

Illegally registers and/or activates a program


Information Theft

Occurs when someone steals personal or confidential

If stolen, the loss of information can cause as much
damage as (if not more than) hardware or software theft.



System Failure

A system failure is the prolonged malfunction of a

A variety of factors can lead to system failure,

• Aging hardware

• Natural disasters

 • Electrical
power problems

Noise, undervoltages, and overvoltages

• Errors in computer programs


to lower the risks

quality antivirus

real-time anti-spyware protection

anti-malware applications current


daily scans


image previews in Outlook

click on email links or attachments


a hardware-based firewall

DNS protection


Written by

I'm Colleen!

Would you like to get a custom essay? How about receiving a customized one?

Check it out