Write down all possible ways how your personal computer system could
be compromised. What are the possible attack vectors?
is a nice way of saying that someone or something has maliciously broken into
your computer without your knowledge or permission. It means that you cannot
trust the integrity of any file
on your computer (including program files, image files, operating system files,
etc.). You cannot find out what has been done to your computer files without an
exact “before the compromise” copy to compare your files against, and you
probably will never know what has been done with your personal information,
including your passwords or where your personal information has been sent.
A Compromised Computer is defined
as any computing resource whose confidentiality, integrity or availability has
been adversely impacted, either intentionally or unintentionally, by an
source. A compromise can occur either through manual interaction by the
un trusted source or through automation. Gaining unauthorized access to a
computer by impersonating a legitimate user or by conducting a brute-force
attack would constitute a compromise. Exploiting a loophole in a
computer’s configuration would also constitute a compromise. Depending on
the circumstances, a computer infected with a virus, worm, trojan or other
malicious software may be considered a compromise. If the malicious
software is detected and removed by antivirus software in a timely manner, it
is probably not necessary to follow this process. Some level of judgment
will need to be used in these situations. Symptoms of a Compromised
Computer include, but are not limited to, the following:
The computer is experiencing unexpected and
unexplainable disk activity
The computer is experiencing unexpected and
unexplainable performance degradation
The computer’s logs (e.g. system logs, application
logs, etc.) contain suspicious entries that indicate repeated login
failures or connections to unfamiliar services
A complaint is received from a third-party regarding
suspicious activity originating from the computer
There are possible ways to compromise our personal computer system
Disconnect the computer from
Contact the Information
Notify users of the computer,
if any, of a temporary service interruption
Preserve any log information
not resident on the compromised computer
Wait for further instructions
from the Information Security Office
Disconnect the computer from the
Disconnecting the computer from the
network prevents a potentially untrusted source from taking further actions on
the compromised computer. This also prevents any further leakage of
non-public information if that is a potential concern. Shutting down the
computer would also have this effect but could destroy evidence that is
essential to investigating the compromise. Similarly, rebuilding the
computer would destroy all evidence pertinent to an investigation.
Contact the Information Security
Prior to taking any additional
action on the compromised computer, the Information Security Office should be
contacted. Continuing to use the compromised computer or attempting to
investigate the compromise on your own could result in destruction of evidence
pertinent to an investigation. The Information Security Office can be contacted
by phone at 412-268-2044 or by email at [email protected] In the event that the Information Security Office is
unavailable to take your call, emergency contact information will be provided
in the voice message.
Notify users of the computer, if
any, of a temporary service interruption
If the compromised computer provides
some type of service, it is likely that users of this service will be impacted
by the interruption brought on by disconnecting the computer from the network.
These users should be notified in some manner of the interruption. Options for
notification may include an email to the user base or posting a notice to a
frequently visited web site. As stated previously, the details of a compromise
and the ensuing investigation should be kept confidential. Therefore, the
notification of service interruption should not indicate that there has been a
Preserve any log information not
resident on the compromised computer
All log files, pertaining to a
compromised computer, that are stored on a secondary computer or on some type
of external media should be preserved immediately. Preservation may include
making a copy of the log files and burning them to a CD. If there is no
immediate risk of the logs being deleted or overwritten, this step can occur
following Step 5. Log files stored locally on the compromised computer will be
collected as part of a forensic investigation coordinated by the Information Security
Office. This will help ensure that no evidence is destroyed or altered during
the collection process.
Wait for further instructions from
the Information Security Office
The Information Security Office will
conduct some preliminary investigation prior to determining the best course of
action for the Compromised Computer. While waiting further instructions, do not
share any details related to the compromise unless absolutely necessary.
Additionally, do not attempt to contact law enforcement officials. Such
communication must be coordinated with the Information Security Office and the
Office of General Counsel due to the potential legal implications of a
Furthermore to protect our personal computer system
We can always install Operating
We can keep our installed
We cannot use the same password at
We can Install and be sure to update your
We can use a firewall
We can backup our data
We can enable the display of file extensions
We do not open attachments from people you do
We can ignore emails that state you won a
contest or a stranger asking for assistance with their inheritance
We can watch out for online and phone support
We can ignore web pop ups that state your
computer is infected or has a problem
An attack vector is
defined as the technique by means of which unauthorized access can be gained to
a device or a network by hackers for nefarious purposes. In other words, it is
used for assaulting or exploiting a network, computer or device. Attack vectors
help unauthorized elements to exploit the vulnerabilities in the system or
network, including the human elements.
An attack vector is a
path or means by which a hacker (or cracker) can gain access to a computer or
network server in order to deliver a payload or malicious outcome. Attack
vectors enable hackers to exploit system vulnerabilities, including the human
Attack vectors include
viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat
rooms, and deception. All of these methods involve programming (or, in a few
cases, hardware), except deception, in which a human operator is fooled into
removing or weakening system defenses.
To some extent, firewalls
and anti-virus software can block attack vectors. But no protection method is
totally attack-proof. A defense method that is effective today may not remain
so for long, because hackers are constantly updating attack vectors, and
seeking new ones, in their quest to gain unauthorized access to computers and
The most common
malicious payloads are viruses (which can function as their own attack
vectors), Trojan horse, worms, and spyware. If an attack vector is thought of
as a guided missile, its payload can be compared to the warhead in the tip of
software (malware) designed to
damage, destroy, or deny service to the targeted systems.
common types of software attacks are viruses, worms, Trojan horses, logic
bombs, back doors, denial-of-service, alien software, phishing and pharming.
Segments of computer code that
performs unintended actions ranging from merely annoying to destructive. It is
a piece of self-replicating code embedded within another program (host). Viruses
associated with program files
disks, floppy disks, CD-ROMS
How viruses spread
downloaded from Internet
people keep up-to-date
Destructive programs that replicate themselves without
requiring another program to provide a safe environment for replication.
through a computer network
security holes in networked computers
progams that hide in other computer programs and reveal their designed behavior
only when they are activated.
program with benign capability
that masks a sinister purpose
Remote access Trojan: Trojan
horse that gives attack access to victim’s computer
RAT servers often found within
files downloaded from erotica/porn Usenet sites
Provide the attacker with
complete control of the victim’s system. Attackers usually hide these Trojan horses
in games and other small programs that unsuspecting users then execute on their
Logic bombs. Designed to activate and perform a destructive action at a
Back doors or trap doors. Typically a password, known only to
the attacker, that allows access to the system without having to go through any
Denial-of-service. An attacker sends so many
information requests to a target system that the target cannot handle them
successfully and can crash the entire system.
software that uses up valuable system resources and can report on your Web
surfing habits and other personal information.
Adware. Designed to help
popup advertisements appear on your screen.
Spyware. Software that gathers user information through the user’s
Internet connection without their knowledge (i.e. keylogger, password capture).
Spamware. Designed to use
your computer as a launch pad for spammers.
e-mail, usually for purposes of advertising.
Cookies. Small amount of information that Web sites store on your
computer, temporarily or more-or-less permanently
Web bugs. Small, usually invisible, graphic images that are added to a
Web page or e-mail.
Phishing. Uses deception to fraudulently acquire sensitive personal
information such as account numbers and passwords disguised as an
Pharming. Fraudulently acquires the Domain Name for a company’s Web
site and when people type in the Web site url they are redirected to a fake Web
Types of Attacks
Interruption – an asset is
destroyed, unavailable or unusable (availability)
Interception – unauthorized
party gains access to an asset(confidentiality)
Modification – unauthorized
party tampers (unauthorized alternation) with asset (integrity)
Fabrication – unauthorized
party inserts counterfeit (fraudulent imitation) object into the system (authenticity)
Denial – person denies
taking an action (authenticity)
Eavesdropping (secretly listen to a conversation)
Masquerade – one
entity pretends to be a different entity
Replay – passive
capture of information and its retransmission
Modification of messages -legitimate
message is altered
of service – prevents
normal use of resources. An intentional action designed to prevent legitimate
users from making use of a computer service. Goal of this attack is disrupt a
server’s ability to respond to its clients. About 4,000 Web sites attacked each
Congratulations! You are elected member of the newly established
computer and data security team in ABC institution.
Make a list
of all possible risks that can have an impact on the security and stability of your
data and internal and external Information & Technology services.
Make a list
of recommendations to lower the risks.
Computer Security Risks
is any event or action that could cause a loss of or damage to computer
hardware, software, data, information, or processing capability.
Types of Computer
Internet and network attack
Unauthorized access and use
Internet and network
over networks has a higher degree of security risk than information kept on an
Denial of service
Malware (malicious software)
– which are program that act without a user’s knowledge and deliberately alter
the computer operation.
Type of malware:
a group of compromised computers connected to a
network such as the Internet that are used as part of a network that attacks
other networks, usually for nefarious purposes.
A program or set of instructions in a program that
allow users to bypass security controls when accessing a program, computer, or
Denial of service attacks or DoS attack
It is an
assault whose purpose is to disrupt computer access to an Internet service such
as the Web or e-mail.
A technique intruders use to make their network or
Internet transmission appear legitimate to a victim computer or network.
Unauthorized Access and Use
The use of a computer or network without permission.
The use of a computer or its data for unapproved or
possibly illegal activities.
Hardware Theft and Vandalism
Is the act of stealing computer equipment.
The act of defacing or destroying computer equipment.
Steals software media
Illegally copies a program
Intentionally erases programs
Illegally registers and/or activates a program
Occurs when someone steals personal or confidential
If stolen, the loss of information can cause as much
damage as (if not more than) hardware or software theft.
A system failure is the prolonged malfunction of a
A variety of factors can lead to system failure,
• Aging hardware
• Natural disasters
Noise, undervoltages, and overvoltages
• Errors in computer programs
to lower the risks
real-time anti-spyware protection
anti-malware applications current
image previews in Outlook
click on email links or attachments
a hardware-based firewall