Principles of Computer science Security
Nowadays it is impossible to say that a computer science system is 100% insurance, the global connectivity of this ample system and extends the field of possible threats. The computer science security is the one in charge of which the resources of the information system are used as it was decided, and that the access and modification of the information are only possible for the users who are credited and within the limits of its authorization.
Objectives of the computer science security
- To locate the threats of computer science security.
- To endorse the correct operation of the resources of the system.
- In case of problems to diminish the losses and to give the possibility of one complete recovery of the data.
- To make sure that the legal frame is fulfilled.
Software and threats in computer science security
The threats of software in computer science security talk about to the malicious source code that it has as objective to damage the system or to obtain an operation of which he is not the one that was decided.
Next we observed the following malicios types of software
A Backdoor or back door is a somewhat special sequence within our source code, through her we will be able to accede to the system with privileges of root without passing through login or authentication. In many occasions the programmers place the back doors strategically, being conscious of the danger that he has.
Applications search a backdoor:
Through command line interpreter it allows to open ports TCP/UDP in a HOST (being the service of netcat to listening), in addition we will be able to associate a shell to a port in particular (to remotely connect for example to the interpreter bash of Linux) and to force connections UDP/TCP in this way (useful to realise escaneos of ports or transferences of archives bit to bit between two or more equipment).
It contains characteristics as:
¢ Registry of the pulsations of the keyboard (Keylogging)
¢ Injection of keys of remote way
¢ Remote execution of applications
¢ Navigation by the files and directories of the servant
¢ Extinguished of the system
¢ To open/to close the tray of the CD
It is a species of computer science Robot able to execute themselves by itself and to work of automatic and independent way. At present their means and its route of viralizaci³n are them surroundings HTTP (of webpages).
Sometimes we unloaded files as cracks that have access to your local area network, through bootnet it will be possible there to be expanded to hard disks and other means.
When we spoke of exploit we talked about to the tool that allows search us of vulnerabilities or to the program that allows the advantage of this vulnerability to be able to attack the system. One says generally that exploit is obtained when this he is able to scale the privileges of the system until arriving at the control taking from the same.
Usually they are realised in language C.
Examples of exploit:
A tool that is used to develop and to execute exploits against a remote machine. Initially it was created in the programming language of scripting Perl, but at present the Metasploit Framework has been rewritten in Ruby.
*Detecta networks and ARP: a module of information harvesting
*Falso SMB servant: a SMB servant who executes in any agent level0
*Nessus exit interpreter: an import module
to *Conectar proxy: proxy TCP for proxy HTTP CONNECT
* To send e-mail HTML: a help module
One is a software in a set of computers that work to attract the attention of the attackers, becoming to happen through vulnerable or weak. This tool studies to the attacking machines and it tracks them. (As putting a decoy and hoping that somebody comes to attack to collect).
Some Honeypots simulates nonexistent operating systems (of low interaction) and others if they are real S.O (of high interaction).
Keylogger or recording of keys, he is a type of software whose mission is to pick up in log all the pulsations realised in the keyboard of the infected machine.
Some Trojans include keyloggers in addition to captures of Webcams, screenshots and other fatal contents. In this case log of the keyboard gathered by keylogger of the infected machine will be sent automatically to an account of mail previously formed in the remote installation of the Trojan.
Example of Trojan with keyloggers:
Douglas to keylogger
* detailed Registry of tasks
* Possibility of remote access
* Protection of the information that is registered by means of password
* Self-protection before a possible deprived of authority desinstalaci³n
* Automatic starting and home along with the operating system
* Camouflaged and invisible for the user
Perfect to keylogger
* It installs numerous archives in the system. While more archives install major amount of malicious applications will be able to be executed and to take the control on the system.
* Guard a registry of the pressed keys and keeps an exhaustive registry from all of them, being able to be between this content: passwords, emails, account numbers¦ etc.
* It remains of way resident in the memory of the system, hoping and camouflaged in background to avoid to be detected or to be eliminated by some anti spyware.
* Stealthy and hidden associated with file names of common processes of Windows.
Operation of a vulnerability in software within servers DNS or in the one of the teams of the own users, of this form requests DNS to a different machine of destiny will be redirected. Therefore, a user who introduces a certain name of domain that has been redirigido, will accede within his navigating Web to the destiny page that the attacker has specified for that name of domain.
Crime that consists of the impersonation of identity of a webpage.
Thanks to the techniques or abilities that we can use to deceive or to swindle through social engineering in Internet, we will secure deprived information of the users, who create to be acceding to the official page of the company when simply they are being redirected to another identical Web cloned previously. Its aims to obtain passwords, account numbers¦ etc.
They are false anti-virus. They deceive the user doing to them to think that its system will be protected¦ but exactly he is quite the opposite.
Created tool in order to camouflage themselves to itself and to hide other processes, services, applications, files, directories, keys of the registry, and ports that allow the intruder to maintain the access to a system to execute code remotely or to extract information. They exist rootkits for an ample variety of operating systems.
* Analysis and listing of the hidden processes.
* Very useful for the discovery of rootkits.
* Stable, safe, fast and effective.
* good Experience of user with a simple and intuitive graphical interface.
* Update manual.
This malware propagates by the AUTORUN.INF in USB pendrives.
Technique of listening of the traffic of packages that circulates around an internal or external network (by Internet).
The way to act is to try to capture, to store and to interpret the packages of data that travel by the network, later to be able to come to the analysis.
In order to prevent before the possible listening with the traffic with network the best thing it is encriptar the information before being sent.
Examples of sniffer:
Malicious Software that settles of stealthy way in the system with the purpose of to spy on to the victim and all activities as: passwords, data, messages, file of navigation, unloadings¦ etc
This type of programs has a considerable consumption of bandwidth, reason why the speed and the operation of the network can turns affected.
The way to settle is by means of virus, e-mail.
Some examples of spy spyware are: Gator, or Bonzi Buddy.
A worm is malware that owns the property to clone itself to itself. Unlike the virus, the worms do not need to modify the program files, but with the simple fact to reside in the memory already it can be duplicated. In addition another clear difference between both is that the worms cause problems in the network, since usually they consume a constant bandwidth, whereas the virus normally only infects and corrupts the files of the computer that attack.
If we did not control it the worms can arrive to consume all the resources of our system or to stay as processes zombies, until the point to prevent that other processes can be executed of natural way. Its method of propagation is through Internet: Smtp, IRC, P2P among others.
* automatic Home, intuitive and friendly interface.
* It allows to protect the configuration bases with password.
* Powerful log to viewer: the registries can be saved.
* Possibility of modifying the file of Windows registry, of changing the appearance of the writing-desk, of turning the screen, of realising recordings of video or sound, of extinguishing and of reinitiating the system, to visualize webcam remotely and even to obtain pressed keys
* To inject processes, to protect the servant by password avoiding the manipulation of the remote system by another user who owns the client of the SubSeven and other functions that allow the installation of the servant of invisible form for the system that is going to be controlled by the client.
The provided tools of computer science security are recommended for an suitable use, within the article include some links, although referring to Trojans, worms and other similars connections for reasons than more obvious have not been introduced.
In order to finalize I mention Eugene H. Spafford: the only system that is totally safe is that one that is dull and disconnected, kept in a titanium safe that is buried in cement, surrounded by nerve gas and a group of guards strongly armed. Even so, it would not bet my life in it
If you liked this article comp¡rtelo please.
I hope that this article serves to you as help,
By scar Carrillo