Network and System Security

Network and System Security means protecting your system from different kinds of attacks by unauthorized users. With the development of the Internet and the World Wide Web, it is a field that is gaining a lot of importance. In this post, we will discuss various threats to network security and how to protect our system from such threats.

1.      Worms

A worm is a program which simply creates copies of itself until the entire disk space in your system is filled up.

2.      Trojan Horses

These are harmless-looking applications such as text editors which actually perform malicious functions without your knowledge (for example, deleting/modifying other existing files)

3.      Spyware

This is a kind of software which may get installed on your PC without your consent, tracks your activity and reports this information to people who are willing to pay for it. Spyware mostly finds its way to a PC by getting downloaded along with another file, or from the Internet when you visit a webpage.

4.      Adware

Adware is a software that causes your computer to display unwanted pop-up ads. It reduces the performance of your computer, and is similar to spyware, with the difference that it may be installed with your consent. So it is important to go over the terms and conditions before you install any software on your PC.

5.      Spamming

This is a term used to describe the sending of e-mail in bulk by a known or unknown person. Spamming can also reduce system performance, and can even be used to spread computer viruses.

6.      Phishing and Pharming

These methods of attack rely on tricking users rather than using sophisticated technology.

1. Phishing: In this attack, an unidentified person uses an authentic-looking e-mail or website to extract sensitive personal information from another user. For example, you may receive an e-mail which seems to be from your bank, asking you to fill up your personal details by clicking on a link. But the link may take you to a fake website where all your details are obtained and later used for malicious purposes.
2. Pharming: This attack involves redirecting a website’s traffic to another authentic-looking, but bogus, website. The attacker convinces you that the site is real and then obtains all the information you provide to it.

7.      Snooping and Eavesdropping

1. Snooping: It refers to the unauthorized access of someone else’s information. It may or may not involve using sophisticated snooping software. Examples are monitoring of keystrokes pressed, secretly observing someone else’s computer activity and directly capturing his/her login ID and password.
2. Eavesdropping: Eavesdropping involves intercepting someone else’s data as it passes from one place to another. For example, intercepting someone else’s credit card number as it passes from the user’s system to the web server that requested it.

8.      Denial of Service (DoS) Attacks

In this kind of attack, the legitimate users are not allowed to use the resources, information or capabilities of the system. This attack, however, generally does not allow the attacker to access or modify data. For example, an attacker may flood the targeted system with a barrage of requests.

9.      Cookies

These are messages (pieces of information) sent by a web server to a web browser so that the web server can track users’ activity on a webpage. They can help webpages load faster, and can customize the page for users who have already visited them. As they are merely text files, they cannot act maliciously on systems. However, any information you provide freely to a website (including sensitive personal information) will most likely be stored in a cookie, unless you disable the cookie feature in your browser. If someone found out the encryption key to your cookies, he/she could get your personal details. Cookies a threat to security this way.

Preventive Measures

Having discussed about various threats to network and system security, the question arises as to how we deal with these threats. There are different methods to deal with different kinds of attacks, some of which are listed below:

General solutions:

• Be careful when downloading files on the Internet.
• Use a different way of writing e-mail addresses on the web. (For example, instead of “abc@xyz.com” you could write “abc AT xyz DOT com” or “abc    AT    xyz    DOT    com” with extra spaces.)
• Instead of clicking links in e-mails, type the URL of the concerned website in your web browser (the link may direct you to a bogus website).
• Disconnect from the Internet when away from home. Staying on the Internet increases the risk of certain infections and intrusions.

Solutions to Viruses, Adware, Spyware

1. Use antivirus and anti-spyware software.
2. Keep your system up-to-date.

   Solutions to Spam

1. Use anti-spam software.
2. Keep your e-mail address private.

 Solutions to Phishing and Pharming

1. Avoid opening e-mails from unknown sources.
2. Check the security guidelines of websites you often visit (so you can distinguish between legitimate and fake e-mails).

Solutions to Snooping, Eavesdropping and DoS attacks

1.   Protect your system by asking the user for a valid user-ID (authorization) and a valid password (authentication). Keep the passwords strong so that they cannot be easily guessed.
2. Install a firewall on your system. A firewall is a system (hardware or software) designed to prevent unauthorized access to or from a private network.

Solution to threats caused by Cookies:

1. Turn off the cookie feature in your web browser, to ensure the safety of your personal information when not needed. 

We saw a few ways in which a system may be compromised actively or passively and the way to counter them. Join me as I uncover more topics on yet another post on Information security!