Silicon Goblin Technologies Home
Services
Policies
Legal/copyrights
Contact
Links
Adult Literacy
Samples
Presentations

Home > Presentations > 2004 - Safe Computing > Types of security issues in computing > Infiltration

Infiltration (people breaking in)

Infiltration is a generic term for people breaking into computers, or gaining access they normally shouldn't be permitted. Whether this is an outsider "hacking" into your machine from a remote location, or someone physically gaining access when they shouldn't, it can lead to a complete compromise of your system and total data exposure or loss.

Physical access

Physical access is often overlooked as a danger to computers security. If someone can sit down at your computer and get their hands on it, it doesn't matter what kind of internal security you have on it; a skilled attacker can bypass just about any defenses that are in place, and even a casual snooper can look around on an unattended machine and cause various problems.

Even with a password-secured machine that is shut down, or on but locked in software, an attacker can almost always trivially boot a floppy disk or CD of their own which contains low-level tools for accessing your computer's hard disk, wiping out passwords and data, giving themselves access to it, or even just copying things they might be looking for. Even if the BIOS is set to not allow booting of external media, a screwdriver to open the case can be all that's needed to get inside the machine and reset the BIOS. Essentially, if an attacker can get their hands on your computer, it doesn't matter what kind of other security you have on it.

Best practices: physical access

Limit physical access to your computers as much as possible - especially those with sensitive data on them. Either keep them out in the open in a monitored space that's impossible to sit at without being seen, or put them behind lock and key. A locked office can be sufficient for preventing MOST types of unauthorized physical access (although you must account for all of the existing keys - custodial staff and landlords and physical plant personnel typically have keys too, and they're only as secure as they're kept). A locked physical cage for the computer is another way to help prevent unauthorized access, preventing bootable media from being inserted in the drives, or access to the machine's internals.

Another possible technique is to only use removable media for data storage, and to remove said media whenever the machine is left for the night or unattended. Zip drives and other high-capacity media can sometimes serve adequately this way in certain situations; this means if someone gets physical access to your machine, they still don't have your data. It's like taking your valuables with you when you leave the house.

Breaking passwords

Many security systems rely on passwords; some common places for passwords include logging onto a computer, using email, accessing online accounts or secure web pages, and accessing file storage areas.

Strong passwords can be an important part of system security; a strong passwords is, for all intents and purposes, unbreakable and forces a would-be intruder to seek another method of access. Weak passwords, however, are among the most common security holes of any kind, and most passwords are weak.

Weak passwords are guessable passwords. It is important to recognize that most password-guessing attacks are "brute-force" and done by computer programs, not someone sitting and typing at a keyboard trying passwords one at a time. These programs can check hundreds or thousands of passwords per minute (depending on the host computer's speed), and are amazingly sophsticated.

Guessable passwords are passwords based on words, numbers, names, or personal information. The best passwords are long (eight characters at a minimum), contain letters, numbers, and symbols, and are completely random. Examples:

Weak passwords

  • password
  • rover
  • r0v3r
  • test
  • 1234
  • admin
  • nimda

Strong passwords

  • h7%a69l2
  • ngh*!7h5
  • t#*:86gq

Note: DO NOT USE ANY OF THE ABOVE PASSWORDS! They're not secret anymore since they're on this webpage. Make up your own.

Red Hat has a good article on password security.

Best practices: passwords

  1. Always use strong passwords.
  2. Never write your password down on paper. Memorize it by typing it hundreds of times, if necessary. A strong password written on a sticky taped to your monitor or in your desk drawer is a VERY WEAK password.
  3. Never share your passwords. Loose lips sink ships.
  4. Age your passwords. Expire them after six months or a year and make new ones.

Unrestricted network access / wardriving

If you have a network and someone can gain unauthorized access to it without your knowledge, they have a platform from which they can launch all kinds of attacks and probes to get at your data, and it can be difficult to detect. Properly securing any network you run is essential to prevent easy abuse.

Most successful attacks against computer systems are launched from within a protected network, not outside of it.

A network that anybody can join just by plugging an ethernet cable into a router (which is often out of sight or in another room) or, worse, by just being in wireless range, is completely vulnerable. Securing a network is usually a specialized task left to a dedicated staff member or IT support professional, and it can be complicated, but with the proliferation of inexpensive wireless routers at department stores, it's becoming a more widespread problem.

A properly secured network should NEVER allow an unrecognized computer to connect; the best policy for most LANs is to restrict IP addresses (NOT run a DHCP server) and require passwords for access.

For wireless routers, either turn off SSIDs in the router configuration, require a WEP password, or both.

Best Practices for network access

  • Only allow recognized and known computers to connect
  • Use fixed IP addresses when possible
  • Password-protect and/or hide wireless networks
  • Turn file sharing off on all computers that don't need it

Viruses and worms

Viruses are pieces of (usually malicious) program code that can be attached to documents such as emails and Microsoft Word documents; they are dormant until activated by a host program, such as an email reader that causes them to run, or Microsoft Word running Word macro viruses. There are thousands of viruses out in the "wild" in the computer world, and some have had worldwide impact calculated in the tens of billions of dollars. Nearly all of them exist in and for Microsoft Windows; they are much rarer on operating systems like Mac OS and Linux.

Worms are more insidious, as they can move and propagate on their own; they typically take advantage of insecure networks to send copies of themselves to remote machines and spread independently; infected machines may have data corrupted or destroyed, sent or copied to other machines, or be themselves turned into "zombie machines" used to attack other machines. Some notable worms of the recent past include (links to Wikipedia):

Again, most worms exploit security holes in Microsoft Windows operating systems and software.

Three specific Windows programs with a history of poor security that have allowed viruses and worms to spread wildly are Microsoft Outlook and Outlook Express (email), Microsoft Internet Explorer (web browser), and Microsoft Word (word processor). Many viruses are written specifically for these programs because they are so widely used and often poorly secured, particularly on older computers. And Windows itself is a frequent target for worms as vulnerabilities are discovered.

Using antivirus utilities such as Norton Antivirus or ClamWin can help reduce the risk of infections if you use Windows; they are presently not needed as much on Mac OS and Linux because of architectual differences, but it is always good to be paranoid. They need to be aggressively kept up-to-date with "live updates" that download new virus definitions as they emerge.

Best practices for viruses and worms

  • Consider alternatives to vulnerable software and systems. For web browsing, FireFox is an excellent, secure and free alternative to Internet Explorer. Thunderbird is a free and secure mail client as an alternative to Outlook. OpenOffice and AbiWord are free and secure alternatives to Microsoft Office and Microsoft Word (respectively).
  • If you must use insecure software, secure it properly. Never open email attachments from untrusted sources, and be sure your mail client doesn't open them for you without asking (as some versions of Outlook do). Configure Microsoft Word not to run macro code without prompting. And keep your Internet Explorer security settings on "high" and be sure you are current with all of your Windows patches and security updates.
  • Use a hardware firewall to block off all ports not explicitly needed; most consumer routers are also firewalls. Don't rely soley on software firewalls; they can still be disabled from inside if a breach occurs.
  • Use antivirus software and keep your virus definitions aggressively up-to-date.
  • Windows users should see Microsoft's "Security At Home: Viruses and Worms" page and check it frequently.

Next: Eavesdropping