Scribd
Upload
9 views

System Security

Uploaded by

zufallsreise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

System Security

Uploaded by

zufallsreise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Intruders in System Security

In system security, intruders refer to unauthorized entities (individuals, systems, or


automated programs) that attempt to gain access to a computer system, network, or resources,
often with malicious intent. Intruders exploit vulnerabilities, weak security measures, or social
engineering techniques to bypass defenses and compromise the confidentiality, integrity, or
availability of systems and data.

Types of Intruders in System Security

Outsiders:
Description: External entities with no legitimate access to the system.

Insiders:
Description: Authorized users who misuse their access privileges, either maliciously or
unintentionally.

Automated Intruders (Malicious Software):


Description: Malware programs designed to intrude into systems without human
intervention.

Advanced Persistent Threats (APTs):


Description: Well-funded and organized attackers (often nation-states or criminal groups)
that gain long-term, covert access to a system.

Objectives of Intruders

Data Theft:
Stealing confidential information such as personal details, financial records, or trade
secrets.

System Disruption:
Causing downtime or interrupting services (e.g., Distributed Denial-of-Service attacks).

Resource Exploitation:
Using the system's resources for personal gain (e.g., cryptocurrency mining or launching further
attacks).

Espionage:
Collecting sensitive information for intelligence purposes.

Sabotage:
Intentionally harming a system's functionality or reputation.

Intruders in system security represent a significant threat to individuals and organizations.


Effective defense requires proactive measures, regular monitoring, and robust incident response
strategies to minimize risks and mitigate damages.

A computer virus is a type of malicious software (malware) designed to spread between


computers and interfere with normal operations. It attaches itself to legitimate files or programs,
replicates, and can cause damage to data, software, or even hardware. A virus typically requires
human interaction (e.g., opening an infected file) to activate and spread.

Characteristics of a Virus

1. Replication:
o A virus replicates itself by attaching to other programs, files, or boot sectors.
2. Activation Trigger:
o It activates when the infected file is executed or opened.
3. Payload:
o Viruses often carry a payload, which may corrupt files, delete data, or crash
systems.

Types of Viruses

1. File Infector Viruses:


o Attach themselves to executable files (.exe or .com files).
o Spread when the infected file is executed.
o Example: CIH (Chernobyl virus).
2. Boot Sector Viruses:
o Infect the boot sector of storage devices (e.g., hard drives, USB drives).
o Spread when the system boots from an infected device.
o Example: Michelangelo virus.
3. Macro Viruses:
o Target macros in applications like Microsoft Word or Excel.
o Spread when opening infected documents.
o Example: Melissa virus.
4. Polymorphic Viruses:
o Change their code with each replication to evade detection by antivirus software.
o Example: Storm Worm.
5. Resident Viruses:
o Install themselves into a computer's memory and operate independently of the
host file.
o Example: Jerusalem virus.
6. Multipartite Viruses:
o Combine characteristics of file infector and boot sector viruses, spreading through
multiple attack vectors.
o Example: Ghostball virus.
7. Stealth Viruses:
o Hide their presence by tampering with system files and antivirus software.
o Example: Frodo virus.

Related Threats of Viruses

Viruses can cause a wide range of problems, depending on their purpose and payload. Below
are some of the key threats associated with computer viruses:

1. Data Loss or Corruption:


o Viruses can delete or modify important files, leading to the loss or corruption of
data.
o Example: Viruses that overwrite system files can render a computer inoperable.
2. System Performance Issues:
o Infected systems may experience slower performance, crashes, or frequent errors.
3. Unauthorized Access:
o Some viruses create backdoors for hackers to access infected systems.
o Example: Viruses paired with Trojan payloads.
4. Financial Loss:
o Viruses can disrupt business operations, causing downtime and financial losses.
5. Spreading Malware:
o Infected systems can be used to distribute additional malware, like ransomware or
spyware.
6. Identity Theft:
o Some viruses capture sensitive user information, such as login credentials or
financial details.
7. Network Disruption:
o Viruses spreading across networks can overwhelm systems and disrupt business
or communication.
8. Hardware Damage:
o Though rare, some viruses are designed to damage hardware by interfering with
firmware or overloading components.

A firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predefined security rules. Its primary purpose is to act as a
barrier between trusted internal networks (like a private LAN) and untrusted external networks
(like the internet), preventing unauthorized access while allowing legitimate communication.

Key Functions of a Firewall:

1. Traffic Filtering:
o Allows or blocks data packets based on security rules.
2. Network Segmentation:
o Separates networks to contain potential breaches.
3. Monitoring:
o Logs network activity for auditing and troubleshooting.
4. Threat Prevention:
o Protects against malware, hackers, and other cyber threats.

Types of Firewalls

1. Packet-Filtering Firewalls:
o Operate at the network layer (Layer 3) of the OSI model.
o Analyze incoming and outgoing packets based on IP addresses, ports, and
protocols.
o Do not inspect packet contents, making them fast but limited in security.
o Example: Blocking traffic from a specific IP address.
2. Stateful Inspection Firewalls:
o Operate at the transport layer (Layer 4).
o Maintain a state table to track active connections and ensure that packets are part
of a valid session.
o Offer better security than packet-filtering firewalls.
o Example: Allowing responses to an outgoing request but blocking unsolicited
packets.
3. Proxy Firewalls:
o Operate at the application layer (Layer 7).
o Act as an intermediary between internal and external networks, inspecting
application-specific traffic (e.g., HTTP, FTP).
o Can provide deep packet inspection and block malicious content.
o Example: A web proxy firewall filtering malicious websites.
4. Next-Generation Firewalls (NGFWs):
o Combine traditional firewall functions with additional features like:
 Deep packet inspection (DPI).
 Intrusion prevention systems (IPS).
 Application awareness.
o Operate across multiple OSI layers.
o Example: Detecting and blocking specific application-layer attacks.
5. Network Address Translation (NAT) Firewalls:
o Mask internal IP addresses by translating them into a single public IP address.
o Provide basic security by preventing direct access to internal devices.
o Example: Home routers often use NAT firewalls.
6. Web Application Firewalls (WAFs):
o Focus specifically on protecting web applications.
o Protect against attacks like SQL injection, cross-site scripting (XSS), and
distributed denial-of-service (DDoS).
o Operate at the application layer.
o Example: Cloudflare WAF for securing websites.
7. Cloud Firewalls:
o Delivered as a cloud-based service.
o Scalable and suitable for protecting cloud infrastructures.
o Example: AWS Firewall Manager for securing Amazon Web Services
environments.
8. Host-Based Firewalls:
o Installed on individual devices to protect against threats at the device level.
o Control traffic entering and leaving a specific host.
o Example: Windows Defender Firewall.

Firewall Design Principles

The effectiveness of a firewall depends on how well it is designed and implemented. Below are
the key principles of firewall design:

1. Default Deny Policy:


o The firewall should block all traffic by default and only allow explicitly permitted
traffic.
o Example: Only allowing specific IP addresses to access internal servers.
2. Least Privilege:
o Grant the minimum level of access required for users or applications to perform
their functions.
o Example: Allowing access to a specific port for a specific service, like HTTP on
port 80.
3. Segmentation:
o Use firewalls to segment networks and create zones (e.g., DMZ, internal network,
and external network).
o Example: Placing public-facing servers in a demilitarized zone (DMZ) while
securing the internal network.
4. Layered Defense:
o Firewalls should be part of a broader defense-in-depth strategy that includes
intrusion detection systems, encryption, and endpoint security.
o Example: Combining a stateful inspection firewall with an intrusion prevention
system (IPS).
5. Logging and Monitoring:
o Firewalls should log all activities for auditing and troubleshooting purposes.
o Example: Recording failed connection attempts to identify potential intrusions.
6. Minimizing Complexity:
o Keep firewall rules simple and well-documented to reduce configuration errors.
o Example: Using a centralized firewall management system for consistent
policies.
7. Scalability:
o Design firewalls to handle increasing amounts of traffic without compromising
performance.
o Example: Using cloud-based firewalls for scalable security.
8. Update and Patch Regularly:
o Ensure that firewall software and firmware are up-to-date to protect against newly
discovered vulnerabilities.
o Example: Updating firewall firmware to address zero-day exploits.

You might also like