IT Lecture Notes -

Threats to Data
Deliberate threats Accidental threats Technical failure threats
Deliberate Threats

Threats	Description, Prevention/Cure
Viruses / worms	To be technically correct, viruses are not seen much nowadays: the real threat is worms. The difference is that viruses attach themselves to legitimate objects such as programs and documents and that is how they are spread. Worms are self-contained and travel by themselves, usually using email as a means of delivery. Old fashioned viruses started as relatively harmless pranks that put messages on your screen or made windows run away from the mouse - that sort of thing. They rapidly became malicious and deleted or damaged files and systems. The 'payload' of modern worms tends to be purely criminal: they try to steal credit card numbers, plant keyboard scanners in your system, steal documents etc. One even encrypts the contents of your hard disk and demands a ransom before it is unlocked. The other motive of virus/worm writers tends to be political: using malicious tools to attack rival political, religious or social groups. It was rumoured that one of the first steps America took in the first Gulf war was to infect the Irqai telecommunications and electricity supply control systems with potent viruses to cause havoc. Prevention and cure: up-to-date virus scanners will detect incoming nasties and scan for those already resident.
Theft of computers and data	Theft involves physical access to equipment. This is much harder to organise than remote theft of data, such as credit card numbers or banking details. Nevertheless, actual theft is not uncommon and should be guarded against. A little care and thought can prevent 99% of the danger of theft. - locked doors - bars on windows - alarms - good security measures (don't let the public or untrusted people near a computer) - video surveillance - security cables or cradles to bolt down or tie computers to furniture - locks on computer cases so they can't be opened and hard disks removed - don't store important/secret data on local hard disks - save them to the file server - use RAID 5
Espionage	- commercial rivals may want to steal your valuable data or plans. - political rivals may want to find your country's weak points. - set up auditing so you know what data is being accessed by whom and when so you can trace who did what. - glue up USB ports to prevent portable mass-storage devices being plugged in. - monitor email to detect large data exports. - also see "Hackers" below. (The only real difference between 'hackers' and 'spies' is motive)
"Hackers"	- passwords required to enter or change the PC's BIOS - passwords required to enter a network - passwords required to start the operating system - passwords required to enter major software packages (e.g. payroll) - encrypted (encoded) data files (using RSA Public Key Encryption software such as Pretty Good Privacy or 'PGP' which is essentially unbreakable). Every time you connect to a "Secure Site" on the internet, you are using RSA encryption. - local firewalls (software that monitors internet communications and uncovers unauthorised attempts to get information into or from your computer) e.g. Zone Alarm Pro. - locked floppy disk drives so hackers can't insert disks with hacking tools into servers. Servers are vulnerable to direct running of hacking tools; workstations tend not to be so open to attack. That is why fileservers are jealously protected from people. Here's an article about the how easy it is to hack important systems because of lax security. It suggests databases need to be encrypted.
"Disgruntled employees"	- only give employees access to data they actually need to do their work. Even 'gruntled' employees can make mistakes (see 'Incompetent employees below), but damage can be limited if they don't have access to every bit of data. - after firing someone do let not him access his computer again. They could steal valuable company data to sell it to competitors, or they could cause malicious damage in revenge. Network access should be revoked before they are told of their dismissal.
Denial of Service attacks	A way of attacking a web server is to send it millions of fake requests for information (e.g. a simple 'Ping' which just asks the server to respond). Sending enough such messages will tie up the server, forcing it to reply to so many requests that it cannot perform its usual functions. In extreme cases, a server could be so overloaded that it crashes. This is a Denial of Service (DOS) attack. One computer, however, usually cannot send enough requests to bring down a server: many computers are required to cooperatively bombard the target to bring it down. How does a hacker find lots of accomplices? Well, usually they can't because they're usually antisocial geeks with no friends. So, they spread a Trojan Horse (see below) that infects other computers which then become 'zombies' that can be ordered by the hacker to attack a particular target simultaneously. This becomes a Distributed Denial of Service (DDOS) attack. If it's a sensitive target, like the government, and the federal police follow the attacks to their source, it's the hapless unwittingly-infected citizen who is arrested; not the hacker, who is safely well removed from the whole affair.
Trojans	A Trojan Horse is malicious software that gets into a system by appearing to be some else that is actually desirable (e.g. 'free software', naked pictures, serial numbers for warez). Once infected by a Trojan, it burrows into the depths of your system and actively hides itself from detection: some even try to disable your antivirus and firewall protection. They carry out nefarious deeds such as: - installing keyboard loggers, which record when you type in bank account details, passwords, credit card numbers etc. When the log is full, the trojan uses its built-in email software to "phone home" and pass your sensitive information to the hacker. - acting as a spam distributor: when the spam is detected, your ISP account gets cancelled, not the hacker's! - participating in distributed denial of service attacks. Using a good firewall can detect and prevent trojans trying to communicate with the outside world.

Accidental Threats to data
Threat	Prevention/Cure
Incompetent employees	Data damage or loss is often caused by idiots who shouldn't have been let loose in the first place. Whether you lose data through deliberate nastiness or complete stupidity, the result is the same. - train employees properly so they know how to protect data and not make mistakes - have proper documentation about software and procedures - only give people access to the data they need to do their job. - set up transaction tracking so each bit of business is recorded somewhere safe. If the worst happens you can reload all the transactions as if they were happening for the first time. - set up auditing so you know what data is being accessed by whom and when so you can trace who did what damage.
"Misplaced" data	Have you ever saved something and then not been able to find it? A good filenaming and storage procedure prevents those problems. If everyone on a team knows where to save files and what filenaming scheme to follow there is less time wasting and annoyance. A simple filename scheme you should use is 'incremental naming'. Save your first document as "essay1.doc". The next time you add to it, save it as "essay2.doc". Every time you revise it, save with a different name. This has many benefits: if you realise you've messed everything up you can revert to the previous version you have built-in authentication for VCE in case of disk failure you have multiple backups. One problem of saving a file with the same name is that it uses the same area of disk as the previous saved file. This make undeletion of old versions very hard, if not impossible. On floppy disk, this constant re-use of the same part of the disk can lead to premature disk failure just where the most important file is. when the document is finished you can delete the previous drafts
"Natural" disasters	Fire, flood, earthquake, falling elephants. You can at least do something about the first disaster... it's called a...

Technical Failure causing threats to data
Threats	Prevention/Cure
Hardware failure (e.g. hard disk crash, file server failure)	Hardware will fail. It's a fact of life. Hardware with moving parts will fail more often. That's another fact of life. Don't be surprised when it happens: be prepared to recover and move on! - backup! - redundant (backup) hardware (e.g. RAID 1 storage where the PC has 2 hard disks and data is simultaneously written to both disks) - use RAID 5** - keep computers comfortable: airconditioning (PCs hate heat and humidity), dust and smoke free environment, no dropping or jarring PCs, no liquids near PCs, no plugging/unplugging of components while the PC is running (except for "hotswap" devices). - Uninterruptible power supplies (UPS) ensure that when the electricity dies or fluctuates dangerously, your PC or fileserver can survive long enough to be shut down cleanly. UPSs also offer filtering to remove power surges and troughs. UPSs often also provide a phone line passthrough to protect your modem and PC from lightning damage. - A surge filter is cheap insurance to prevent damaging power spikes frying all your electronic components
Operating system failure	Believe it or not, Windows is not perfect (I can hear the gasps of disbelief from here). Yes, you poor deluded lamb, Windows has been known to crash. When it does crash, it can do nasty things to your computer. Having a good collection of utilities to clean up the mess can be valuable. Examples include Norton Utilities, Fix-It, Nuts and Bolts.
Software failure	No software is perfect. There are bugs in even the best-written programs. A bug can destroy or corrupt data. - have backups handy - test software thoroughly before relying on it - test software with your hardware in case the software is incompatible

Back to the IT Lecture Notes index

Last changed: August 23, 2007 1:21 PM

IT Lecture notes copyright © Mark Kelly 2001-