computer security.txt

1000 HOWTOs for various needs [WINDOWS]

                                  - 7 -

4.   REASONS FOR EXPOSURE

Concentration of data in one place

Instantaneous adjustment

Alteration without a trace

Lack of visible records

Complexity of the system

Networking

Technical persons can befuddle

General ignorance by non-techie and management

Detection problems

Lack of training

Security checks in programs not specified

Systems not documented

Limited staff resource for programming/management

No separation of duties

Possibility of enormous losses remaining undetected

Reluctance to report -   Embarrassment
                         Lack of sufficient evidence to prosecute
                         Cost to prosecute outweighs recovery
                         Company policy ("Press would have a field day")




























                                  - 8 -

5.   GENERAL SECURITY RULES (All Systems, big and small)

Disaster Recovery }      Backup    Backup    Backup
     Plan         }      Restore (test it to make sure it works)

Store your backup off-site (not in your car!)

Physical security 

Password for access control (don't stick your password on 
     the front of your machine!)

Access to menu only - not to system control level

Reasonableness tests

Balance checks (rounding: up, down, (out?); cross-calculations

Audit trails - all records (terminal i.d., user i.d., date and 
     time stamping, history record retention)

Fall-through coding (if it doesn't meet a condition, does it go to limbo)

Payroll/Accounts payable:  don't pay the same # twice

Fault tolerance level supported   (user friendly/hostile -
     balance between fault tolerance & productivity)

Call back or no answer on dial-up systems

UPS (Uninterrupted Power Supply, or allowance for graceful
     degradation) - or at least an automatic head parker

Logical view rights  (your user 'privileges' allows access only to the
     data you need to see, e.g., accounting clerks don't need to see
     production formulae)

Multi-user environment:  protection against deadly embrace

Automatic logoff on inactivity timer / Screen saver

Policy statement re purchasing/use/theft/illegal 
     software, etc.

Encryption (?) - don't lose the key!

Shielding ("Tempest" hardware for secure systems)

Educate users















                                  - 9 -

6.   VIRUSES

As in medicine, a virus needs an 'organism' to which it may attach itself,
and a virus is 'contagious'.  

In the case of computers, a virus is usually a destructive piece of code
which attaches to a working program, such as your word processor,
spreadsheet or CAD/CAM software.  Viruses are usually written to detect
any load of a computer file that has an extension of .EXE, .COM, .OVL,
.BIN - such extensions representing executable programs.  Often, the
virus loads itself into memory, then loads the program you just called, so
the virus is sitting at the front.  Then when you exit the program, the
virus code calls for the re-writing of the program back onto the disk -
with the virus still sitting at the front.  Other viruses simply go
straight into your boot sector, so they get loaded every time you turn on
your machine.  Some do both.  

However they 'hide', and whatever they attach to, they got to your machine
on an infected diskette.  If you are infected and then copy your software
to use on another machine, guess what happens?  Right!  That's where the
'contagious' element comes in.

In 1989, more viruses were discovered than in all previous years.  There
were over 110 at the end of the year, and 7 were discovered in December
alone.  Sources have been from as far away as Pakistan and Bulgaria.

Only .004% have reported infections, but most are not reported.  Consider
this:  if only 1% were infected, that would be 1/2 million units in the
U.S. alone.  At a cost ranging from $300 to $3,000 per unit to recover,
the problem starts to impact the economy as well as the productivity of
staff at your organization.  It cost one Texas company US$10M to shut
down their 3,000-unit network for 4 days to find 35 infected units.

One of the major problems with viruses is that 90% of the users who
recover are re-infected within 30 days.  One person at my organization
was re-infected 7 times in 2 months!   Most reinfections occur for one of
two reasons (not necessarily in this order):  your back-up was infected,
or it was a virus that hid in the boot sector on track 0, and track 0 is
not re-written by the standard "FORMAT" command (only a low-level format
will get rid of a track 0 virus).  Be careful of some new software as
well:  there has been more than one instance of shrink-wrapped software
being infected (software companies have disgruntled employees, too, it
seems).



6.1  HISTORY

1959 - Scientific American article about 'worms'
1963 - caught my first two frauds (Payroll & Accounts Payable)
1970 - Palo Alto lab - worm which directed activities
1982 - Anonymous Apple II worm
1984 - Scientific American CoreWare Series:  held contest to
       find the most clever/difficult to detect 'bug'
1987 - Apparent change from intellectual exercise to 
       dangerous activity.








                                 - 10 -

6.2  EFFECT

Massive destruction:     Reformatting
                         Programs erased
                         Data file(s) modified/erased

Partial/Selective destruction:  Modification of data/disk space
                         File allocation tables altered
                         Bad sectors created
                         If match with event, alter or delete

Random havoc:            Altering keystroke values
                         Directories wiped out
                         Disk assignments modified
                         Data written to wrong disk

Annoyance:               Message
                         Execution of RAM resident programs
                              suppressed
                         System suspension





6.3  WHY DO PEOPLE DO IT?

Financial gain
Publicity
Intellectual exercise
Terrorism/Fanaticism/Vandalism
Revenge
Just plain wierd





6.4  SYMPTOMS

Change in file size (Usually on .COM, .EXE
     .OVL, .BIN, .SYS or .BAT files)
Change in update time or date
Common update time or date
Decrease in available disk or memory space
Unexpected disk access
Printing and access problems
Unexpected system crashes
















                                 - 11 -


6.5  CONCERNS

Variety:  Virus vs Bug vs Worm vs Trojan Horse vs Superzapper
          vs Trap Doors vs Piggybacking vs Impersonation
          vs Wiretapping vs Emulation
Strains / Complexity / Growing Sophistication
Bulletin board use and free software
Largest threats from taking computer work home
Kids using same machine at home
Networked mainframe systems
Travel/airline computers (AA wiped out early 1989)
Work message systems (E-Mail)
POS terminals
Banking / Credit Cards / Money Machines
Income Tax records
Health records


     **************************************************************
     *    Global disaster may be on the way                       *
     *    No specific laws to deal with malicious programming     *
     *    No single national centre to gather data on infections  *
     **************************************************************







6.6  KNOWN VIRUS SOFTWARE

12 viruses (and their strains) account for 90% of all PC infections:
           _
          |_|  Pakistani Brain
          |_|  Jerusalem
          |_|  Alameda
          |_|  Cascade (1701/1704)
          |_|  Ping Pong
          |_|  Stoned
          |_|  Lehigh
          |_|  Den Zuk
          |_|  Datacrime (1280/1168)
          |_|  Fu Manchu
          |_|  Vienna (DOS 62)
          |_|  April First

















                                    - 12 -

6.7  QUICK GUIDE TO VIRUS NAMES (Cross referenced)

Name           Synonym-1      Synonym-2      Synonym-3      Synonym-4

1168           Datacrime-B
1184           Datacrime II
1280           Datacrime      Columbus Day   October 12th   Friday 13th
1536           Zero Bug
1701/1704      Cascade      Falling Letters  Falling Tears Autumn Leaves
1704           Cascade
1704           Cascade-B
1704           Cascade-C
1704           Cascade-D
1704 Format    1704           Blackjack      Falling Letters
1704           Blackjack      1704 Format    Falling Letters
1808           Jerusalem      Black Box/Hole Israeli   PLO  1808/1813
1813           Jerusalem      Black Box/Hole Israeli   PLO  1808/1813
2086           Fu Manchu
2930
3066           Traceback
3551           Syslock
3555
123nhalf
405
500 Virus      Golden Gate
512 Virus      Friday 13th    COM virus
648            Vienna         DOS 62         DOS 68         Austrian
AIDS           VGA2CGA        Taunt
AIDS Info Disk
Alabama
Alameda Virus  Yale           Merritt        Peking         Seoul
Alameda-B      Sacramento     Yale C
Alameda-C
Amstrad
Anti
Apple II GS    LodeRunner
April 1st      SURIV01        SURIV02
April 1st-B
Ashar
Austrian       648            Vienna         DOS 62         DOS 68
Australian     Stoned         New Zealand    Marijuana
Autumn Leaves  Cascade        1701/1704     Falling Letters Falling Tears
Basit virus    Brain          Pakistani Brain  Lehore
Black Box      Jerusalem      Israeli        Black Hole     1808/1803 PLO
Black Hole     Jerusalem      Black Box      Israeli        1808/1813 PLO
Black Hole     Russian
Blackjack      1704           1704 Format    Falling Letters
Bouncing Ball  Vera Cruz      Ping Pong      Bouncing Dot   Italian virus
Bouncing Dot   Italian virus  Bouncing Ball  Vera Cruz      Ping Pong
Brain-B        Brain-HD       Harddisk Brain Houston virus
Brain-C
Brain-HD       Harddisk Brain Houston virus  Brain-B