Professional Documents
Culture Documents
Basic Computer Security Tutorial
Basic Computer Security Tutorial
Date 9-07-04
The purpose of this tutorial is to provide basic security practices and information to help readers
secure their computers against viruses, worms, trojans, spyware, adware, and hackers. It will
provide information about security practices and how to implement them along with many tips
that will help readers understand how to operate their computer more securely and safely.
Security Measures
If you do not at least have a personal firewall and anti-virus protection then you should not
connect your computer to the internet. Not following these basic requirements is a perfect
formula for getting trojans, viruses, worms, and backdoors which can ruin your system causing
you to need to reformat your hard drive and re-install your operating system.
Security Requirements
1. Every computer that connects to the internet in any form MUST have a personal firewall.
2. Every computer must have virus protection and it must be kept current.
3. Only open e-mail attachments when you are sure the sender is really who it appears to be.
4. Only browse the internet with a safe browser or change your browser settings to make it
more secure.
5. Operate at least one anti-spyware/anti-adware program on your system.
6. Be very careful about downloading and installing programs from the internet, especially
free ones.
7. Keep your e-mail address confidential and NEVER post an email address in an unsecured
web page on the internet. This practice reduces spam and chance of getting virus or scam
emails. Use a different email address to give to those you are not sure you can trust. Be
aware of how retailers may use your e-mail. Some retailers that are very well known have
been known to sell email addresses.
8. Be wary of malicious hyperlinks. Malicious hyperlinks are web links that look like they
will take you to a particular site such as ebay.com but in reality they will take you to
another site. Manually type the address of the site you want to go to rather than clicking
on the link in an e-mail.
Security Recommendations
1. Educate yourself about internet threats and how computers work.
2. Encrypt any sensitive data that you store on your computer.
As the security field changes and computer intruders become more aggressive, it is becoming
increasingly necessary for all computer users to have at least a basic understanding of the
operation of computers. For example, they should know what a file is, that it requires a certain
amount of space to store, and that there are different file types associated with specific
applications that access them. For more help in this area, the Computer Technology
Documentation Project Basic Computer Section is worthwhile reading.
Biometrics is about verification and identification. It is about verifying the identity of an
individual based on measurable physiological and/or behavioral characteristics. Masquerade,
spoofing or impersonation — in which an individual claims to be someone else — is a
significant security threat. A key security service that addresses this threat in the world of
computers is authentication. Authentication verifies a user's identity. An individual can be
identified and authenticated by what he knows (password), or by what he owns (smart card) or
by his human characteristics (biometrics). Unlike a password or a PIN, a biometric trait cannot
be lost, stolen or recreated.
the worldwide annual cost of corporate fraud is $32 billion, according to Price Waterhouse.
So how does biometrics relate to e-commerce security? The pillars of e-commerce security are:
authentication
privacy (data confidentiality)
authorization (access control)
data integrity
non-repudiation
Biometrics techniques
Examples of biometrics techniques include fingerprints, facial recognition, retinal, iris scanning,
hand geometry and voice patterns.
Hand, face, and fingerprint authentication techniques are all user-friendly and accurate enough
for most PC-user authentication purposes. Hand authentication is gaining acceptance for physical
access and attendance checking, but it requires bulky reader hardware. Face identification
requires camera equipment for user identification; thus, it is not likely to become popular until
most PCs include cameras as standard equipment. This leaves fingerprint identification as the
most viable and established biometric technique for verifying the identity of a PC or network
user. And, in most cases, fingerprint authentication is the easiest and most economical biometric
PC user authentication technique to implement.
Voice recognition is however not a good choice for PC or network user authentication since:
A person's voice can be easily recorded and used for unauthorized PC or network access.
An illness such as a cold can change a person's voice, making absolute identification difficult or
impossible.
Accuracy: Retinal scanning and iris identification are both highly accurate ways of identifying
individuals; however, they are both expensive to implement and most organizations do not need
this level of accuracy. Hand, face, and fingerprint authentication techniques offer good accuracy
for a smaller investment in scanning hardware.
The advantage of using biometrics over other technologies in the areas of identification and
verification is that a biometrics technique cannot be easily transferred between individuals.
Further, it represents as unique an identifier as is possible at this time.
False acceptance rates (FAR), which specify the likelihood that an imposter may be falsely
accepted by the system.
False rejection rates (FRR), which specify the likelihood that a genuine user may be rejected
by the system.
The enrollment time is the time it takes to enroll (register) a user to the biometric system. The
enrollment time depends on a number of variables such as:
For example, performance parameters associated with the Digital Persona U.are.U vertical
fingerprint sensor (reader) are:
Performance parameters associated with the SecuGen EyeD Mouse (fingerprint reader) are:
on a portable card.
Storing the template on the biometric device has the advantage of fast access to the data. There is
no dependency on the network or another system to access the template. This method applies
well in situations when there are few users of the application. However, a device malfunction
would necessitate reinstallation of the template database or possibly re-enrollment of the user
base.
Storing the template on a card or a token has the advantage that the user carries his or her
template with them and can use it at any authorized reader position. Users might prefer this
method because they maintain control and ownership of their template. However, if the token is
lost or damaged, the user would need to re-enroll. If the user base does not object to storage of
the templates on the network, then an ideal solution would be to store the template on the token
as well as the network. If the token is lost or damaged, the user can provide acceptable identity
information to access the information based on the template that can be accessed on the network.
Challenges
A key challenge is to automate the verification process in a user-friendly manner. The user
interface associated with the biometrics reader needs to be very user friendly. Further, the
accuracy of biometric devices — the so-called error tolerance — is critical. Both key error
measures, the false accept rate and false reject rates, should be low. Some devices provide an
accuracy of 1 error for about 30,000 fingerprint impressions, while others may have an error rate
of 1 in 1 million impressions. Always check with the manufacturer of the biometric sensor on the
error rates.
Lack of standards especially related to the biometric application interface and independent
testing of biometric devices has been a challenge in this industry. The emergence of the bioAPI
framework will go a long way in addressing concerns related to the application interface
associated with biometric devices.
The scope of the bioAPI specification is to define the API and the Service Provider Interface for
a standard biometric technology interface. The API model includes three principal high-level
abstraction functions:
Enroll: A sample is captured from a device, processed into a usable form from which a
template is constructed, and returned to the application.
Verify: One or more samples are captured, processed into a usable form, and then matched
against an input template. The results of the comparison are returned.
Identify: One or more samples are captured, processed into a usable form, and matched
against a set of templates. A list is generated to show how close the samples compare against the top
candidates in the set.
ridge endings;
In an NT system for example, each time you log in, these minutiae points are recreated and
compared to the original, which is stored in the Security Account Manager (SAM) database. This
process is very quick. Normally you will be logged in faster than it would take you to type the 34
characters of a traditional text password.
With the advent of Automated Fingerprint Identification Systems (AFIS), a fingerprint can be
compared against every fingerprint in the entire database. No two fingerprints have been found
to have the same individual characteristics in the same unit relationship.
A fingerprint device is typically a self-contained sensor that supports two key functions:
the ability to communicate the digital image to the host processor via an interface such as
USB or serial.
plug-and-play;
support for Windows NT 4.0, Windows 2000, Windows 98 and 95 OSR 2.1 (USB)
The brain deals with visual information much as computer algorithms compress files. Because
everyone has two eyes, a nose and lips, the brain extracts only those features that typically show
deviations from the norm, such as the bridge of the nose or the upper cheekbones. The rest it fills
in. Facial recognition software today can instantly calculate an individual's eigenface from either
live video or a still digital image, and then search a database of millions in only a few seconds in
order to find similar or matching images. The challenge is to support rapid and accurate real-time
acquisition as well as its scalability to databases containing millions of faces.
Visionics is one of the leaders in facial recognition technology. Visionics develops and markets
pattern recognition software called FaceIt. FaceIt verifies a person's identity based on a set of 14
facial features that are unique to the individual and unaffected by the presence of facial hair or
changes in expression.
Viisage is another prominent biometrics vendor that specializes in facial recognition. For
example, in 1999 Viisage completed the development and deployed the world's first large-scale
drivers license face recognition system with complete database one to all search capabilities.
This system provides both duplicate identity fraud reduction and identity investigation
functionality. The system has been built to support growth to 20 million entries in the next 5
years.
“Early adopters and applications of facial recognition-based technology include ATM customer
ID verification; casino surveillance; airports; and Internet verification for e-commerce and home
workers.”
casino surveillance;
airports; and
Conclusion
Biometrics is the technology of the millennium. Incorporating biometrics identity verification
can substantially enhance authentication services. Today's biometrics technology is ready for
utilization in commercial, production and end-user environments
Computer security authentication means verifying the identity of a user logging onto a network.
Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the
user to the network. Computer security authentication includes verifying message integrity, e-
mail authentication and MAC (Message Authentication Code), checking the integrity of a
transmitted message. There are human authentication, challenge-response authentication,
password, digital signature, IP spoofing and biometrics.
Human authentication is the verification that a person initiated the transaction, not the computer.
Challenge-response authentication is an authentication method used to prove the identity of a
user logging onto the network. When a user logs on, the network access server (NAS), wireless
access point or authentication server creates a challenge, typically a random number sent to the
client machine. The client software uses its password to encrypt the challenge through an
encryption algorithm or a one-way hash function and sends the result back to the network. This
is the response.
Two- factor authentication requires two independent ways to establish identity and privileges.
The method of using more than one factor of authentication is also called strong authentication.
This contrasts with traditional password authentication, requiring only one factor in order to gain
access to a system. Password is a secret word or code used to serve as a security measure against
unauthorized access to data. It is normally managed by the operating system or DBMS.
However, a computer can only verify the legality of the password, not the legality of the user.
The two major applications of digital signatures are for setting up a secure connection to a
website and verifying the integrity of files transmitted. IP spoofing refers to inserting the IP
address of an authorized user into the transmission of an unauthorized user in order to gain
illegal access to a computer system.
Biometrics is a more secure form of authentication than typing passwords or even using smart
cards that can be stolen. However, some ways have relatively high failure rates. For example,
fingerprints can be captured from a water glass and fool scanners.
Any program which isn't being used, but which has a connection outside your network, should be
shut down and the 'service window' (port) closed at the firewall. Every port which isn't
specifically in use should be shut down. Admittedly, this is a 'paranoia' position - the rationale
for shutting them down being that a closed port is safer than an open one, regardless of how good
the program is.
Vulnerabilities are reported to organisations on the Internet which make a point of informing the
companies or groups who write those programs, and distributing the modifications that these
companies or groups produce to patch the vulnerabilities.
Every so often someone in your company should go to those sites, read their reports for your
programs, and install the patches. Once a month is common, but you need to determine your own
balance between security and convenience.
6.3. Monitoring
How do you know if someone has broken into your system? The only way to know for sure is to
monitor it.
The tripwire: On a read-only medium (like a write-protected floppy), store a program and
a small database. The program checks every file in the database to find out when it was
last changed, and sends the user the list of all the files which have changed since it first
ran. To prevent false reporting, the database should only include files which should never
be changed.
If any of the files have been changed, you may have been broken into. (Or your system
administrator installed a new version of the operating system and forgot to warn whoever
does the monitoring!)
The sniffer: This tool checks all the traffic which goes through the network, looking for
suspicious activity. It's usually installed on the firewall, or on a special box just to one
side or the other of the firewall - though it would be more useful on the outside.
It doesn't attempt to block any activity, only to report it when it finds it.
The honeypot: One for special circumstances - this system has most of the useful
programs (like directory listers or file removers or editors) removed and replaced with
special programs that shut the computer down as soon as they're run. The shutdown
prevents the intruder from further intrusion, and also from modifying the honeypot's logs.
Log analysis: This is difficult - most intruders will be careful to wipe traces of their
activity out of the logs. I don't recommend its use by laymen, and include it here only
because it is an important tool for more experienced administrators.
Most operating systems keep a set of logs of their network activity. This usually consists
of things like 'opened this port', 'sent mail to this person', 'closed the port'. The content of
the mail is not kept, but the fact of its being sent is. This sort of information is a useful
tool for intrusion analysis (and for checking whether the system is running correctly).
Log analysis involves whoever does the monitoring going through the logs and looking
for strange occurrences. Logs look something like this:
You're not expected to understand what this is! It's an attempt by my computer to get an
IP address (a number address) from the master computer on our home network. Log
analysis involves reading a lot of stuff like this, knowing what's normal and what isn't,
and dealing with the abnormalities.
Which is why I don't recommend it for laymen.
Let the experts take your computer off the network, reboot it, and take a look at the logs.
They will hopefully be able to figure out what type of attack it was.
If you chose to preserve the evidence, make sure your computer experts know this before
they change anything.
Let the experts check your files for damage. They may recommend reinstalling the
operating system, they may recommend restoring your data from your latest backup. Ask
them for the pros and cons of each option they offer, and each recommendation they
make. It's your data, but you hired them for their knowledge. So lean towards their
advice, but you make the decision.
Security through obscurity is weak. A hidden thing is more secure than a highly visible one, but
don't trust hiding on its own to protect your data. A hidden safe is more secure than a sock under
the floorboards.