SabaragamuwaUniversity of Sri LankaFacultyof Applied SciencesDepartmentof Computing and Information Systems IS 42261 ComputerSystem Security Assignment W.I.S.Fernando 12/AS/CI/013 EP 1518 Task 01 – Write down all possible ways how your personal computer systemcould becompromised. Inhere I describes ways of personal computer can be compromised. · Whenplugging a pen drive or CD/DVD drive auto run function or double click and openit.
In there mostly viruses are spread through that. Viruses areprograms and have malicious code written by attacker or buy from dark web.Viruses are doesn’t work on the Linux operating system. Most of attackers are writethere viruses to .exe file when open it using double click on it. Many type ofviruses have now.
Eg – ILOVEU, MyDOOM,. Also when auto run function enable CD/DVD input to driver, all files areopen. In that case can spread viruses. · When surf on the Internet untrusted linksare follow and then redirect to unwanted or misuse sites.
Most of the people doing thatwork. Through that you waste your time and you don’t know you on the untrustedpersons hand. Also, they collect your data and behaviors. Phishing andransomware spread like that. Finally, your data loosing and you have to pay fordecrypt your data. · When installing pirates and crackedsoftware. Pirates software installationmostly do in 3rd class countries and personal computers.
Those are created from cracker by modifyingcode or adding patches to that software. All the vendors are tell use originalone. Finally you don’t know when you connect to the Internet your data downloadto another computer or you act as a bot. · When windows Firewall is stopped (NotConnected). Firewall is a network securitysystem that monitors and controls incoming and outgoing network traffic basedon predetermined security rules. Basically operating system have a firewall.Most of the people turn off the firewall because of limitation of file sharing.Through that can open only wanted port numbers and Services.
· When Stopping Operating system latestupdate installation process. All operating system givessecurity updates and other necessary updates timely manner. As a example last year happened wannacryattacks after that all operating system give a security updates. OS update mustdo from vendor. Not through 3rd party vendor. Some time that can bereason for hack you. · When Stopping Virus guard signatureupdating process. Mostof personal computers use virus guards.
Virus guard update from remote server.Through that give a signature update. When create a patch, Virus guard vendorrelease a update. Virus guard have many rules. But we active little bit.
Beforeopen a external pluging thing, must scan it. If not you catch by viruses. · When Sharing a file and give everyone canaccess feature.
In everyone feature through can haveaccess to that share file. Some time Your needed data will be own to other. · User accounts didn’t added any password orauthentication method. Authentication is very important.Mostly use username password concept.
But now fingerprint, Patter drawing, Eyescanning techniques are added to computers. If not use any authenticationmethod you personal computer can access every time without yout acknowledgment. · For user account to added simple, commonand dictionary-based password.Don’tadd any username and password as common thing. It can be very easy to hacker toenter to your pc. · Doesn’t installed any anti-virus software. In this case your computer caninfected with viruses. Surfing on the Internet viruses can auto download toyour pc.
So Internet security guard is important. · When connect to public unknown open WLAN. The Internet is important. Throughthe wireless LAN access people want to access the Internet. When accessingpublic WLAN accessing most of people connect to it because of that will be aopen network.
So hackers are easy to access anyone pc from it. · When you open unwanted ports on yourmachine. When accessing the servicesthrough the Internet open necessary port. As a example if you don’t want sshservice block that port. If not intruder can remotely access your machine.· Unknown scripting running on machine. Scripts are another dangerousthings. Through that can occur cross site scripting attacks.
Run only knowingscripts on your machine. In here web browser updating is important. · Chatting with unknown persons and collectsome of personal information from it. In chatting with unknown personswill collect your personal data and then analyze your usernames and passwordthrough that hack your account. Onlyaccept your friends requested and chat with knowing people.
· Passwords are writing down on papers. Password write down on papersbecause of forgotten problem and misplace that paper can be own to hacker.Dumster diving is another passive technique to attack your computer. · Keystroke logging software or hardwaredevice install on machine. Have software and hardware keyloggers. So youhave a idea of your installed software on your pc. Also keyboard and mouseconnection check.· Public Ip addresses and router user nameand password find by third party people.
Throughthe public Ip address anyone can access your system. So, hide your public IPand remove routers default username and passwords.· When you open untrusted email or followspam mail. When you open a unwanted mail you redirectedto untrusted web site and can be phishing you. · Internet browser settings may not besecure. Browser cache is store in secure.Also other certificate must be trusted. Also PCs time and date must be correctif not that certificate can be expiere.
· When you using a untrusted proxy for theInternet surfing. When blocking site accessingsometime using 3rd party untrusted proxies. So in here can be getyour personal data. · Frequently unclear cache on machine, caseof save passwords and username auto save.
· Someimportant file can run any user without administrator privileges. · Backupfiles are not encrypted on hard disk. · Whenwe installing 3rd party software then our machine help to DOS/DDOSattack without your knowledge. What are the possible attackvectors?Email attachments, pop-up windows,deception, chat rooms, viruses and instant messages , Bot nets, Scripts,malicious code, Fake URLs, Open networks, open ports Task 02 – Congratulations! You are elected member of the newly establishedcomputer and data security team in ABC institution.1) Make a list of all possible risks that can have an impact on the securityand stability of your data andinternal and external Information & Technology services.
2) Make a list of recommendations to lower the risks. v Anyonecan easily enter in to the server room. Server room access is limitation to relatedpersons. Add authentication methods. CCTV camera installation and 24 hourscontinuously backup data. v Hasn’tdrawing of Infrastructure of the network system.
v Document all the data of networkinfrastructure, server details, Operating system key details and store secureplace. when happen a device failure can find model number details easily. v Anyonecan easily plug to switches and routers why Devices are locating in lowerdistance from floor and hasn’t Racks. Networkdevices are locate on wall mount racks and on near beam. v BackupHard disks are not encrypted. Some of encryption methods use when datais backup in servers. Because those data have more important details.
If gotsomeone can’t easily decrypt it and can’t read it. v Backupsare do in office hours. Backups aren’t do in office hours.Because that is the reason for the Slow down the network.
Schedule automaticbackup in after office hours. And take latest 3 backups on encrypted hard disk. v Backupsare store in normal machine. Backups must be store on anothermachine. Because those are important. Anyone who doesn’t access machineselected and store on it. v Firewallrules are not update frequently and Firewall hasn’t much off rules.
Firewall rule update and take backupfrequently. v Hasn’tany virus filters. Install Virus guard like eset end point.Through that can monitor and add rules to all machine on network. v Easilyspread worms through the network. Addmalware, virus filters and other malicious files filtering tools.
A computerworm is a standalone malware computer program that replicates itself in orderto spread to other computers. Often, it uses a computer network to spreaditself, relying on security failures on the target computer to access it. v USBdevices/ drivers wasn’t disable so anyone can plug and play option. Through the plug and play devices anddrivers auto paly option enable viruses can be spread. So use virus guardand rules are updated to disable. v Administratoror root password is enable on basic services.
Disable root user access from sshand other services user account access is limitation and privilege limitation. v Twofactor authentication methods aren’t install in the system. When the server access use two factorauthentication like username password and code send to mobile. v Usingpublic IP addresses on the network anyone can easily access the network fromthe outside.Hidethe public key address. v Companywebsite can attack in to SQL Injection attack. Use a web application firewall, Limitdatabase privileges by context, Avoid constructing SQL queries with user input,Continuously monitor SQL statements from database-connected applications.
v EveryPC hasn’t virus guards. Every PC install virus guard andcentralized updated all machine install virus guards. v Companyemployees hasn’t much knowledge about the computer security risk and projectingmethods from it. Conducting security related sessionson company and give knowledge to employees. v Virussignature isn’t frequently update.Buypopular, frequently updated virus guard.
v Operatingsystem update installation do uniquely not using centralize server. Use centralized server to windowsupdate (WSUS). If not, taketoo much data and bandwidth. v Hasn’tindividual machine monitoring mechanism.
Usecentralized monitoring tools. Like : SolarWind, OpenNMSv Insufficientpolicies.InDomain add sufficient domain security policies using group policies. v Installedpirates and cracked software and operating system on the PC. Buy OEM versions and Server access toCAL from vendors. From that they give frequently security updates. v Anyonecan install software on the PCs. Only permission give to administratorto install software on the pc.
v PCscan ping outside of the network. Block the ICMP on the network and thenlimit the ping from outside. v Haven’tany log file management software or system. Maintain the log management system likesnmp. v Haven’tany intruders detection system.
InstallIDS or IPS on the system. Eg- snort v Anyonecan connect to the office WLAN. Hide the SSID or add WPS passwordto WLAN connecting. v RetirePersons accounts still on the domain. Remove the retire persons accounton Active directory. And take backup of files and encrypt all the data.
v Retirepersons under company domain mail address still working. If retire person still have office365 orGsuite account under worked company disable and backup mail using outlook orthunderbird. v Forthe Administrator / root account password as use week username and password.Usestrong username and password for the root/ administrator account. v Password,Username are write down on notebooks cause of forgot problem.
It is very help for attackers. Ifsometime missing it write down password, it can be belong to the attacker. Soattacker easily attack to the system. So, use random password and store inpassword store system or secure place. v Backuppower isn’t there. If power cut is happenedenough power isn’t there. So network isdown and anyone can work on the network. So use generator.
v Backupswitches and routers aren’t there. Suddenly happened a power leakage and burnt router. Somust have a backup routers and switches .v Firewall,routers, switches backup file haven’t. If sometime corrupted a file onfirewall or any device on the network or newly installation of router orfirewall must have to configure the setting. So using backup file quicklyinstall and can up the system.
v ITstaff members are get relationships with other company staff members. Add boundaries and connections arelimited and ethical and trusted peoples are recruit to the company. v Socialmedia, downloading things isn’t limitation. On office time social media, news, gossipsearch limitation.
Also torrent download and youtube video watching limitation. v Whenfile sharing with others give permission to everyone option. Only share files with needed persons. v Whenserver accessing to related person that will have permission to others.
Only give related person toaccessing the server. Sometime SAP system on the server. In here necessaryprivileges provide to them.
v Whenconnect to LAN from outside of the organization use 3rd party VPNsoftware. Use trusted VPN connections. Eg-openvpn v Whenfile sharing on LAN doesn’t use any file encryption method.
When sharing file on network use cryptographictechniques to hide and unreadable to others. v Openmost of services and ports on the server machine. Open necessary ports and services on theservers. So that is lead to hack the system. Hackers are log in to the systemthrough that open ports. So usingfirewall blocks that’s open ports and disable unwanted services. v Innetwork switch not added port security option. Addport security on CISCO switches .
v InRouter login passwords aren’t encrypted and anyone can get login password andchange it. Encryptthe router enable password in CISCO. v Hardware/software Keylogers can easily install and thief usersidentities easily.
Monitorthe hardware and softwares installed on system. v Usersessions and administrator/root sessions store. Doesn’tstore anytime root/administrator password and save password option.v Botnet attacks can happen through fakesoftware installation and users behaviors analyze without user Knowledgment. Installedonly trusted softwares. v Doesn’tblock any adware. Usefirewall to block adware.
References http://searchsecurity.techtarget.com/definition/attack-vectorhttps://www.techopedia.com/definition/15793/attack-vectorhttps://www.solarwindsmsp.com/blog/top-10-cyberattack-vectors-and-how-mitigate-them-part-1 https://eforensicsmag.com/attack-vector/https://www.bitsighttech.com/blog/attack-vectors-types-of-security-breaches